CfnAutomationRuleV2
- class aws_cdk.aws_securityhub.CfnAutomationRuleV2(scope, id, *, actions, criteria, description, rule_name, rule_order, rule_status=None, tags=None)
Bases:
CfnResourceCreates a V2 automation rule.
This API is in private preview and subject to change.
- See:
- CloudformationResource:
AWS::SecurityHub::AutomationRuleV2
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub cfn_automation_rule_v2 = securityhub.CfnAutomationRuleV2(self, "MyCfnAutomationRuleV2", actions=[securityhub.CfnAutomationRuleV2.AutomationRulesActionV2Property( type="type", # the properties below are optional external_integration_configuration=securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty( connector_arn="connectorArn" ), finding_fields_update=securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property( comment="comment", severity_id=123, status_id=123 ) )], criteria=securityhub.CfnAutomationRuleV2.CriteriaProperty( ocsf_finding_criteria=securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty( composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty( boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty( value=False ) )], date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.DateFilterProperty( date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" ) )], map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.MapFilterProperty( comparison="comparison", key="key", value="value" ) )], number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty( eq=123, gte=123, lte=123 ) )], operator="operator", string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.StringFilterProperty( comparison="comparison", value="value" ) )] )], composite_operator="compositeOperator" ) ), description="description", rule_name="ruleName", rule_order=123, # the properties below are optional rule_status="ruleStatus", tags={ "tags_key": "tags" } )
- Parameters:
scope (
Construct) – Scope in which this resource is defined.id (
str) – Construct identifier for this resource (unique in its scope).actions (
Union[IResolvable,Sequence[Union[IResolvable,AutomationRulesActionV2Property,Dict[str,Any]]]]) – A list of actions to be performed when the rule criteria is met.criteria (
Union[IResolvable,CriteriaProperty,Dict[str,Any]]) – The filtering type and configuration of the automation rule.description (
str) – A description of the V2 automation rule.rule_name (
str) – The name of the V2 automation rule.rule_order (
Union[int,float]) – The value for the rule priority.rule_status (
Optional[str]) – The status of the V2 automation rule.tags (
Optional[Mapping[str,str]]) – A list of key-value pairs associated with the V2 automation rule.
Methods
- add_deletion_override(path)
Syntactic sugar for
addOverride(path, undefined).- Parameters:
path (
str) – The path of the value to delete.- Return type:
None
- add_dependency(target)
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.
- Parameters:
target (
CfnResource)- Return type:
None
- add_depends_on(target)
(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
- Parameters:
target (
CfnResource)- Deprecated:
use addDependency
- Stability:
deprecated
- Return type:
None
- add_metadata(key, value)
Add a value to the CloudFormation Resource Metadata.
- Parameters:
key (
str)value (
Any)
- See:
- Return type:
None
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- add_override(path, value)
Adds an override to the synthesized CloudFormation resource.
To add a property override, either use
addPropertyOverrideor prefixpathwith “Properties.” (i.e.Properties.TopicName).If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.
To include a literal
.in the property name, prefix with a\. In most programming languages you will need to write this as"\\."because the\itself will need to be escaped.For example:
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")
would add the overrides Example:
"Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... }
The
valueargument toaddOverridewill not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.- Parameters:
path (
str) –The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.
value (
Any) –The value. Could be primitive or complex.
- Return type:
None
- add_property_deletion_override(property_path)
Adds an override that deletes the value of a property from the resource definition.
- Parameters:
property_path (
str) – The path to the property.- Return type:
None
- add_property_override(property_path, value)
Adds an override to a resource property.
Syntactic sugar for
addOverride("Properties.<...>", value).- Parameters:
property_path (
str) – The path of the property.value (
Any) – The value.
- Return type:
None
- apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)
Sets the deletion policy of the resource based on the removal policy specified.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:- Parameters:
policy (
Optional[RemovalPolicy])apply_to_update_replace_policy (
Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: truedefault (
Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.
- See:
- Return type:
None
- get_att(attribute_name, type_hint=None)
Returns a token for an runtime attribute of this resource.
Ideally, use generated attribute accessors (e.g.
resource.arn), but this can be used for future compatibility in case there is no generated attribute.- Parameters:
attribute_name (
str) – The name of the attribute.type_hint (
Optional[ResolutionTypeHint])
- Return type:
- get_metadata(key)
Retrieve a value value from the CloudFormation Resource Metadata.
- Parameters:
key (
str)- See:
- Return type:
Any
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- inspect(inspector)
Examines the CloudFormation resource and discloses attributes.
- Parameters:
inspector (
TreeInspector) – tree inspector to collect and process attributes.- Return type:
None
- obtain_dependencies()
Retrieves an array of resources this resource depends on.
This assembles dependencies on resources across stacks (including nested stacks) automatically.
- Return type:
List[Union[Stack,CfnResource]]
- obtain_resource_dependencies()
Get a shallow copy of dependencies between this resource and other resources in the same stack.
- Return type:
List[CfnResource]
- override_logical_id(new_logical_id)
Overrides the auto-generated logical ID with a specific ID.
- Parameters:
new_logical_id (
str) – The new logical ID to use for this stack element.- Return type:
None
- remove_dependency(target)
Indicates that this resource no longer depends on another resource.
This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.
- Parameters:
target (
CfnResource)- Return type:
None
- replace_dependency(target, new_target)
Replaces one dependency with another.
- Parameters:
target (
CfnResource) – The dependency to replace.new_target (
CfnResource) – The new dependency to add.
- Return type:
None
- to_string()
Returns a string representation of this construct.
- Return type:
str- Returns:
a string representation of this resource
Attributes
- CFN_RESOURCE_TYPE_NAME = 'AWS::SecurityHub::AutomationRuleV2'
- actions
A list of actions to be performed when the rule criteria is met.
- attr_created_at
The timestamp when the V2 automation rule was created.
- CloudformationAttribute:
CreatedAt
- attr_rule_arn
The ARN of the V2 automation rule.
- CloudformationAttribute:
RuleArn
- attr_rule_id
The ID of the V2 automation rule.
- CloudformationAttribute:
RuleId
- attr_updated_at
The timestamp when the V2 automation rule was updated.
- CloudformationAttribute:
UpdatedAt
- cdk_tag_manager
Tag Manager which manages the tags for this resource.
- cfn_options
Options for this resource, such as condition, update policy etc.
- cfn_resource_type
AWS resource type.
- creation_stack
return:
the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.
- criteria
The filtering type and configuration of the automation rule.
- description
A description of the V2 automation rule.
- logical_id
The logical ID for this CloudFormation stack element.
The logical ID of the element is calculated from the path of the resource node in the construct tree.
To override this value, use
overrideLogicalId(newLogicalId).- Returns:
the logical ID as a stringified token. This value will only get resolved during synthesis.
- node
The tree node.
- ref
Return a string that will be resolved to a CloudFormation
{ Ref }for this element.If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through
Lazy.any({ produce: resource.ref }).
- rule_name
The name of the V2 automation rule.
- rule_order
The value for the rule priority.
- rule_status
The status of the V2 automation rule.
- stack
The stack in which this element is defined.
CfnElements must be defined within a stack scope (directly or indirectly).
- tags
A list of key-value pairs associated with the V2 automation rule.
Static Methods
- classmethod is_cfn_element(x)
Returns
trueif a construct is a stack element (i.e. part of the synthesized cloudformation template).Uses duck-typing instead of
instanceofto allow stack elements from different versions of this library to be included in the same stack.- Parameters:
x (
Any)- Return type:
bool- Returns:
The construct as a stack element or undefined if it is not a stack element.
- classmethod is_cfn_resource(x)
Check whether the given object is a CfnResource.
- Parameters:
x (
Any)- Return type:
bool
- classmethod is_construct(x)
Checks if
xis a construct.Use this method instead of
instanceofto properly detectConstructinstances, even when the construct library is symlinked.Explanation: in JavaScript, multiple copies of the
constructslibrary on disk are seen as independent, completely different libraries. As a consequence, the classConstructin each copy of theconstructslibrary is seen as a different class, and an instance of one class will not test asinstanceofthe other class.npm installwill not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of theconstructslibrary can be accidentally installed, andinstanceofwill behave unpredictably. It is safest to avoid usinginstanceof, and using this type-testing method instead.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsConstruct.
AutomationRulesActionV2Property
- class CfnAutomationRuleV2.AutomationRulesActionV2Property(*, type, external_integration_configuration=None, finding_fields_update=None)
Bases:
objectAllows you to configure automated responses.
- Parameters:
type (
str) – Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.external_integration_configuration (
Union[IResolvable,ExternalIntegrationConfigurationProperty,Dict[str,Any],None]) – The settings for integrating automation rule actions with external systems or service.finding_fields_update (
Union[IResolvable,AutomationRulesFindingFieldsUpdateV2Property,Dict[str,Any],None]) – Specifies that the automation rule action is an update to a finding field.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub automation_rules_action_v2_property = securityhub.CfnAutomationRuleV2.AutomationRulesActionV2Property( type="type", # the properties below are optional external_integration_configuration=securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty( connector_arn="connectorArn" ), finding_fields_update=securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property( comment="comment", severity_id=123, status_id=123 ) )
Attributes
- external_integration_configuration
The settings for integrating automation rule actions with external systems or service.
- finding_fields_update
Specifies that the automation rule action is an update to a finding field.
- type
Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
AutomationRulesFindingFieldsUpdateV2Property
- class CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property(*, comment=None, severity_id=None, status_id=None)
Bases:
objectAllows you to define the structure for modifying specific fields in security findings.
- Parameters:
comment (
Optional[str]) – Notes or contextual information for findings that are modified by the automation rule.severity_id (
Union[int,float,None]) – The severity level to be assigned to findings that match the automation rule criteria.status_id (
Union[int,float,None]) – The status to be applied to findings that match automation rule criteria.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub automation_rules_finding_fields_update_v2_property = securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property( comment="comment", severity_id=123, status_id=123 )
Attributes
- comment
Notes or contextual information for findings that are modified by the automation rule.
- severity_id
The severity level to be assigned to findings that match the automation rule criteria.
- status_id
The status to be applied to findings that match automation rule criteria.
BooleanFilterProperty
- class CfnAutomationRuleV2.BooleanFilterProperty(*, value)
Bases:
objectBoolean filter for querying findings.
- Parameters:
value (
Union[bool,IResolvable]) – The value of the boolean.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub boolean_filter_property = securityhub.CfnAutomationRuleV2.BooleanFilterProperty( value=False )
Attributes
CompositeFilterProperty
- class CfnAutomationRuleV2.CompositeFilterProperty(*, boolean_filters=None, date_filters=None, map_filters=None, number_filters=None, operator=None, string_filters=None)
Bases:
objectEnables the creation of filtering criteria for security findings.
- Parameters:
boolean_filters (
Union[IResolvable,Sequence[Union[IResolvable,OcsfBooleanFilterProperty,Dict[str,Any]]],None]) – Enables filtering based on boolean field values.date_filters (
Union[IResolvable,Sequence[Union[IResolvable,OcsfDateFilterProperty,Dict[str,Any]]],None]) – Enables filtering based on date and timestamp fields.map_filters (
Union[IResolvable,Sequence[Union[IResolvable,OcsfMapFilterProperty,Dict[str,Any]]],None]) – Enables the creation of filtering criteria for security findings.number_filters (
Union[IResolvable,Sequence[Union[IResolvable,OcsfNumberFilterProperty,Dict[str,Any]]],None]) – Enables filtering based on numerical field values.operator (
Optional[str]) – The logical operator used to combine multiple filter conditions.string_filters (
Union[IResolvable,Sequence[Union[IResolvable,OcsfStringFilterProperty,Dict[str,Any]]],None]) – Enables filtering based on string field values.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub composite_filter_property = securityhub.CfnAutomationRuleV2.CompositeFilterProperty( boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty( value=False ) )], date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.DateFilterProperty( date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" ) )], map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.MapFilterProperty( comparison="comparison", key="key", value="value" ) )], number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty( eq=123, gte=123, lte=123 ) )], operator="operator", string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.StringFilterProperty( comparison="comparison", value="value" ) )] )
Attributes
- boolean_filters
Enables filtering based on boolean field values.
- date_filters
Enables filtering based on date and timestamp fields.
- map_filters
Enables the creation of filtering criteria for security findings.
- number_filters
Enables filtering based on numerical field values.
- operator
The logical operator used to combine multiple filter conditions.
- string_filters
Enables filtering based on string field values.
CriteriaProperty
- class CfnAutomationRuleV2.CriteriaProperty(*, ocsf_finding_criteria=None)
Bases:
objectThe filtering type and configuration of the automation rule.
- Parameters:
ocsf_finding_criteria (
Union[IResolvable,OcsfFindingFiltersProperty,Dict[str,Any],None]) – The filtering conditions that align with OCSF standards.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub criteria_property = securityhub.CfnAutomationRuleV2.CriteriaProperty( ocsf_finding_criteria=securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty( composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty( boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty( value=False ) )], date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.DateFilterProperty( date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" ) )], map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.MapFilterProperty( comparison="comparison", key="key", value="value" ) )], number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty( eq=123, gte=123, lte=123 ) )], operator="operator", string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.StringFilterProperty( comparison="comparison", value="value" ) )] )], composite_operator="compositeOperator" ) )
Attributes
- ocsf_finding_criteria
The filtering conditions that align with OCSF standards.
DateFilterProperty
- class CfnAutomationRuleV2.DateFilterProperty(*, date_range=None, end=None, start=None)
Bases:
objectA date filter for querying findings.
- Parameters:
date_range (
Union[IResolvable,DateRangeProperty,Dict[str,Any],None]) – A date range for the date filter.end (
Optional[str]) – A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see Timestamps .start (
Optional[str]) –A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see Timestamps .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub date_filter_property = securityhub.CfnAutomationRuleV2.DateFilterProperty( date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )
Attributes
- date_range
A date range for the date filter.
- end
A timestamp that provides the end date for the date filter.
For more information about the validation and formatting of timestamp fields in AWS Security Hub , see Timestamps .
- start
A timestamp that provides the start date for the date filter.
For more information about the validation and formatting of timestamp fields in AWS Security Hub , see Timestamps .
DateRangeProperty
- class CfnAutomationRuleV2.DateRangeProperty(*, unit, value)
Bases:
objectA date range for the date filter.
- Parameters:
unit (
str) – A date range unit for the date filter.value (
Union[int,float]) – A date range value for the date filter.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub date_range_property = securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 )
Attributes
- unit
A date range unit for the date filter.
- value
A date range value for the date filter.
ExternalIntegrationConfigurationProperty
- class CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty(*, connector_arn=None)
Bases:
objectThe settings for integrating automation rule actions with external systems or service.
- Parameters:
connector_arn (
Optional[str]) – The ARN of the connector that establishes the integration.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub external_integration_configuration_property = securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty( connector_arn="connectorArn" )
Attributes
- connector_arn
The ARN of the connector that establishes the integration.
MapFilterProperty
- class CfnAutomationRuleV2.MapFilterProperty(*, comparison, key, value)
Bases:
objectA map filter for filtering AWS Security Hub findings.
Each map filter provides the field to check for, the value to check for, and the comparison operator.
- Parameters:
comparison (
str) – The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, useCONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, useEQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, useNOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, useNOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .key (
str) – The key of the map filter. For example, forResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field.value (
str) – The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag calledDepartmentmight beSecurity. If you providesecurityas the filter value, then there’s no match.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub map_filter_property = securityhub.CfnAutomationRuleV2.MapFilterProperty( comparison="comparison", key="key", value="value" )
Attributes
- comparison
The condition to apply to the key value when filtering Security Hub findings with a map filter.
To search for values that have the filter value, use one of the following comparison operators:
To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match.To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values.To search for values that don’t have the filter value, use one of the following comparison operators:
To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag.To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters.You can’t have both a
CONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .
- key
The key of the map filter.
For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field.
- value
The value for the key in the map filter.
Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there’s no match.
NumberFilterProperty
- class CfnAutomationRuleV2.NumberFilterProperty(*, eq=None, gte=None, lte=None)
Bases:
objectA number filter for querying findings.
- Parameters:
eq (
Union[int,float,None]) – The equal-to condition to be applied to a single field when querying for findings.gte (
Union[int,float,None]) – The greater-than-equal condition to be applied to a single field when querying for findings.lte (
Union[int,float,None]) – The less-than-equal condition to be applied to a single field when querying for findings.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub number_filter_property = securityhub.CfnAutomationRuleV2.NumberFilterProperty( eq=123, gte=123, lte=123 )
Attributes
- eq
The equal-to condition to be applied to a single field when querying for findings.
- gte
The greater-than-equal condition to be applied to a single field when querying for findings.
- lte
The less-than-equal condition to be applied to a single field when querying for findings.
OcsfBooleanFilterProperty
- class CfnAutomationRuleV2.OcsfBooleanFilterProperty(*, field_name, filter)
Bases:
objectEnables filtering of security findings based on boolean field values in OCSF.
- Parameters:
field_name (
str) – The name of the field.filter (
Union[IResolvable,BooleanFilterProperty,Dict[str,Any]]) – Enables filtering of security findings based on boolean field values in OCSF.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub ocsf_boolean_filter_property = securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty( value=False ) )
Attributes
- field_name
The name of the field.
- filter
Enables filtering of security findings based on boolean field values in OCSF.
OcsfDateFilterProperty
- class CfnAutomationRuleV2.OcsfDateFilterProperty(*, field_name, filter)
Bases:
objectEnables filtering of security findings based on date and timestamp fields in OCSF.
- Parameters:
field_name (
str) – The name of the field.filter (
Union[IResolvable,DateFilterProperty,Dict[str,Any]]) – Enables filtering of security findings based on date and timestamp fields in OCSF.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub ocsf_date_filter_property = securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.DateFilterProperty( date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" ) )
Attributes
- field_name
The name of the field.
- filter
Enables filtering of security findings based on date and timestamp fields in OCSF.
OcsfFindingFiltersProperty
- class CfnAutomationRuleV2.OcsfFindingFiltersProperty(*, composite_filters=None, composite_operator=None)
Bases:
objectSpecifies the filtering criteria for security findings using OCSF.
- Parameters:
composite_filters (
Union[IResolvable,Sequence[Union[IResolvable,CompositeFilterProperty,Dict[str,Any]]],None]) – Enables the creation of complex filtering conditions by combining filter criteria.composite_operator (
Optional[str]) – The logical operators used to combine the filtering on multipleCompositeFilters.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub ocsf_finding_filters_property = securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty( composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty( boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty( value=False ) )], date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.DateFilterProperty( date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" ) )], map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.MapFilterProperty( comparison="comparison", key="key", value="value" ) )], number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty( eq=123, gte=123, lte=123 ) )], operator="operator", string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.StringFilterProperty( comparison="comparison", value="value" ) )] )], composite_operator="compositeOperator" )
Attributes
- composite_filters
Enables the creation of complex filtering conditions by combining filter criteria.
- composite_operator
The logical operators used to combine the filtering on multiple
CompositeFilters.
OcsfMapFilterProperty
- class CfnAutomationRuleV2.OcsfMapFilterProperty(*, field_name, filter)
Bases:
objectEnables filtering of security findings based on map field values in OCSF.
- Parameters:
field_name (
str) – The name of the field.filter (
Union[IResolvable,MapFilterProperty,Dict[str,Any]]) – Enables filtering of security findings based on map field values in OCSF.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub ocsf_map_filter_property = securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.MapFilterProperty( comparison="comparison", key="key", value="value" ) )
Attributes
- field_name
The name of the field.
- filter
Enables filtering of security findings based on map field values in OCSF.
OcsfNumberFilterProperty
- class CfnAutomationRuleV2.OcsfNumberFilterProperty(*, field_name, filter)
Bases:
objectEnables filtering of security findings based on numerical field values in OCSF.
- Parameters:
field_name (
str) – The name of the field.filter (
Union[IResolvable,NumberFilterProperty,Dict[str,Any]]) – Enables filtering of security findings based on numerical field values in OCSF.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub ocsf_number_filter_property = securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty( eq=123, gte=123, lte=123 ) )
Attributes
- field_name
The name of the field.
- filter
Enables filtering of security findings based on numerical field values in OCSF.
OcsfStringFilterProperty
- class CfnAutomationRuleV2.OcsfStringFilterProperty(*, field_name, filter)
Bases:
objectEnables filtering of security findings based on string field values in OCSF.
- Parameters:
field_name (
str) – The name of the field.filter (
Union[IResolvable,StringFilterProperty,Dict[str,Any]]) – Enables filtering of security findings based on string field values in OCSF.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub ocsf_string_filter_property = securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty( field_name="fieldName", filter=securityhub.CfnAutomationRuleV2.StringFilterProperty( comparison="comparison", value="value" ) )
Attributes
- field_name
The name of the field.
- filter
Enables filtering of security findings based on string field values in OCSF.
StringFilterProperty
- class CfnAutomationRuleV2.StringFilterProperty(*, comparison, value)
Bases:
objectA string filter for filtering AWS Security Hub findings.
- Parameters:
comparison (
str) –The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, useEQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, usePREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn’t match.CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, useNOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, useNOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don’t start with the filter value, usePREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface. -ResourceType PREFIX AwsIam-ResourceType PREFIX AwsEc2-ResourceType NOT_EQUALS AwsIamPolicy-ResourceType NOT_EQUALS AwsEc2NetworkInterfaceCONTAINSandNOT_CONTAINSoperators can be used only with automation rules V1.CONTAINS_WORDoperator is only supported inGetFindingsV2,GetFindingStatisticsV2,GetResourcesV2, andGetResourceStatisticsV2APIs. For more information, see Automation rules in the AWS Security Hub User Guide .value (
str) – The string filter value. Filter values are case sensitive. For example, the product name for control-based findings isSecurity Hub. If you providesecurity hubas the filter value, there’s no match.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub string_filter_property = securityhub.CfnAutomationRuleV2.StringFilterProperty( comparison="comparison", value="value" )
Attributes
- comparison
The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront.To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012.To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn’t match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront.To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012.To search for values that don’t start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title.You can’t have both a
CONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters.You can combine
PREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules V1.CONTAINS_WORDoperator is only supported inGetFindingsV2,GetFindingStatisticsV2,GetResourcesV2, andGetResourceStatisticsV2APIs. For more information, see Automation rules in the AWS Security Hub User Guide .
- value
The string filter value.
Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there’s no match.