CfnInsightPropsMixin
- class aws_cdk.mixins_preview.aws_securityhub.mixins.CfnInsightPropsMixin(props, *, strategy=None)
Bases:
MixinThe
AWS::SecurityHub::Insightresource creates a custom insight in Security Hub .An insight is a collection of findings that relate to a security issue that requires attention or remediation. For more information, see Insights in Security Hub in the Security Hub User Guide .
Tags aren’t supported for this resource.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-insight.html
- CloudformationResource:
AWS::SecurityHub::Insight
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins cfn_insight_props_mixin = securityhub_mixins.CfnInsightPropsMixin(securityhub_mixins.CfnInsightMixinProps( filters=securityhub_mixins.CfnInsightPropsMixin.AwsSecurityFindingFiltersProperty( aws_account_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], aws_account_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], company_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_associated_standards_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_parameters_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_parameters_value=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_status=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], confidence=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], created_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], criticality=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], description=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_confidence=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], finding_provider_fields_criticality=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], finding_provider_fields_related_findings_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_related_findings_product_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_severity_label=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_severity_original=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_types=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], first_observed_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], generator_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], keyword=[securityhub_mixins.CfnInsightPropsMixin.KeywordFilterProperty( value="value" )], last_observed_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], malware_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], malware_path=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], malware_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], malware_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_destination_domain=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_destination_ip_v4=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_destination_ip_v6=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_destination_port=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], network_direction=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_protocol=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_source_domain=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_source_ip_v4=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_source_ip_v6=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_source_mac=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_source_port=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], note_text=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], note_updated_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_updated_by=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], process_launched_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], process_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], process_parent_pid=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], process_path=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], process_pid=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], process_terminated_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], product_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], product_fields=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], product_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], recommendation_text=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], record_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], region=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], related_findings_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], related_findings_product_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_application_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_application_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_iam_instance_profile_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_image_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_ip_v4_addresses=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], resource_aws_ec2_instance_ip_v6_addresses=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], resource_aws_ec2_instance_key_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_launched_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], resource_aws_ec2_instance_subnet_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_vpc_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_access_key_created_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], resource_aws_iam_access_key_principal_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_access_key_status=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_access_key_user_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_user_user_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_s3_bucket_owner_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_s3_bucket_owner_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_container_image_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_container_image_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_container_launched_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], resource_container_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_details_other=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_partition=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_region=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_tags=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], sample=[securityhub_mixins.CfnInsightPropsMixin.BooleanFilterProperty( value=False )], severity_label=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], severity_normalized=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], severity_product=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], source_url=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_category=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_last_observed_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], threat_intel_indicator_source=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_source_url=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_value=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], title=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], updated_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], user_defined_fields=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], verification_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], vulnerabilities_exploit_available=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], vulnerabilities_fix_available=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], workflow_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], workflow_status=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )] ), group_by_attribute="groupByAttribute", name="name" ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::SecurityHub::Insight.- Parameters:
props (
Union[CfnInsightMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['filters', 'groupByAttribute', 'name']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
AwsSecurityFindingFiltersProperty
- class CfnInsightPropsMixin.AwsSecurityFindingFiltersProperty(*, aws_account_id=None, aws_account_name=None, company_name=None, compliance_associated_standards_id=None, compliance_security_control_id=None, compliance_security_control_parameters_name=None, compliance_security_control_parameters_value=None, compliance_status=None, confidence=None, created_at=None, criticality=None, description=None, finding_provider_fields_confidence=None, finding_provider_fields_criticality=None, finding_provider_fields_related_findings_id=None, finding_provider_fields_related_findings_product_arn=None, finding_provider_fields_severity_label=None, finding_provider_fields_severity_original=None, finding_provider_fields_types=None, first_observed_at=None, generator_id=None, id=None, keyword=None, last_observed_at=None, malware_name=None, malware_path=None, malware_state=None, malware_type=None, network_destination_domain=None, network_destination_ip_v4=None, network_destination_ip_v6=None, network_destination_port=None, network_direction=None, network_protocol=None, network_source_domain=None, network_source_ip_v4=None, network_source_ip_v6=None, network_source_mac=None, network_source_port=None, note_text=None, note_updated_at=None, note_updated_by=None, process_launched_at=None, process_name=None, process_parent_pid=None, process_path=None, process_pid=None, process_terminated_at=None, product_arn=None, product_fields=None, product_name=None, recommendation_text=None, record_state=None, region=None, related_findings_id=None, related_findings_product_arn=None, resource_application_arn=None, resource_application_name=None, resource_aws_ec2_instance_iam_instance_profile_arn=None, resource_aws_ec2_instance_image_id=None, resource_aws_ec2_instance_ip_v4_addresses=None, resource_aws_ec2_instance_ip_v6_addresses=None, resource_aws_ec2_instance_key_name=None, resource_aws_ec2_instance_launched_at=None, resource_aws_ec2_instance_subnet_id=None, resource_aws_ec2_instance_type=None, resource_aws_ec2_instance_vpc_id=None, resource_aws_iam_access_key_created_at=None, resource_aws_iam_access_key_principal_name=None, resource_aws_iam_access_key_status=None, resource_aws_iam_access_key_user_name=None, resource_aws_iam_user_user_name=None, resource_aws_s3_bucket_owner_id=None, resource_aws_s3_bucket_owner_name=None, resource_container_image_id=None, resource_container_image_name=None, resource_container_launched_at=None, resource_container_name=None, resource_details_other=None, resource_id=None, resource_partition=None, resource_region=None, resource_tags=None, resource_type=None, sample=None, severity_label=None, severity_normalized=None, severity_product=None, source_url=None, threat_intel_indicator_category=None, threat_intel_indicator_last_observed_at=None, threat_intel_indicator_source=None, threat_intel_indicator_source_url=None, threat_intel_indicator_type=None, threat_intel_indicator_value=None, title=None, type=None, updated_at=None, user_defined_fields=None, verification_state=None, vulnerabilities_exploit_available=None, vulnerabilities_fix_available=None, workflow_state=None, workflow_status=None)
Bases:
objectA collection of filters that are applied to all active findings aggregated by Security Hub .
You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.
- Parameters:
aws_account_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The AWS account ID in which a finding is generated.aws_account_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the AWS account in which a finding is generated.company_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the findings provider (company) that owns the solution (product) that generates findings.compliance_associated_standards_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.compliance_security_control_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The unique identifier of a control across standards. Values for this field typically consist of an AWS service and a number, such as APIGateway.5.compliance_security_control_parameters_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of a security control parameter.compliance_security_control_parameters_value (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The current value of a security control parameter.compliance_status (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.confidence (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – A finding’s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.created_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .criticality (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.description (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A finding’s description.finding_provider_fields_confidence (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.finding_provider_fields_criticality (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.finding_provider_fields_related_findings_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The finding identifier of a related finding that is identified by the finding provider.finding_provider_fields_related_findings_product_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The ARN of the solution that generated a related finding that is identified by the finding provider.finding_provider_fields_severity_label (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The finding provider value for the severity label.finding_provider_fields_severity_original (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The finding provider’s original value for the severity.finding_provider_fields_types (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – One or more finding types that the finding provider assigned to the finding. Uses the format ofnamespace/category/classifierthat classify a finding. Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identificationsfirst_observed_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
generator_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers’ solutions, this generator can be called a rule, a check, a detector, a plugin, etc.id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The security findings provider-specific identifier for a finding.keyword (
Union[IResolvable,Sequence[Union[IResolvable,KeywordFilterProperty,Dict[str,Any]]],None]) – This field is deprecated. A keyword for a finding.last_observed_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
malware_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the malware that was observed.malware_path (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The filesystem path of the malware that was observed.malware_state (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The state of the malware that was observed.malware_type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The type of the malware that was observed.network_destination_domain (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The destination domain of network-related information about a finding.network_destination_ip_v4 (
Union[IResolvable,Sequence[Union[IResolvable,IpFilterProperty,Dict[str,Any]]],None]) – The destination IPv4 address of network-related information about a finding.network_destination_ip_v6 (
Union[IResolvable,Sequence[Union[IResolvable,IpFilterProperty,Dict[str,Any]]],None]) – The destination IPv6 address of network-related information about a finding.network_destination_port (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The destination port of network-related information about a finding.network_direction (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Indicates the direction of network traffic associated with a finding.network_protocol (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The protocol of network-related information about a finding.network_source_domain (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The source domain of network-related information about a finding.network_source_ip_v4 (
Union[IResolvable,Sequence[Union[IResolvable,IpFilterProperty,Dict[str,Any]]],None]) – The source IPv4 address of network-related information about a finding.network_source_ip_v6 (
Union[IResolvable,Sequence[Union[IResolvable,IpFilterProperty,Dict[str,Any]]],None]) – The source IPv6 address of network-related information about a finding.network_source_mac (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The source media access control (MAC) address of network-related information about a finding.network_source_port (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The source port of network-related information about a finding.note_text (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The text of a note.note_updated_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – The timestamp of when the note was updated.note_updated_by (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The principal that created a note.process_launched_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that identifies when the process was launched. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
process_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the process.process_parent_pid (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The parent process ID. This field accepts positive integers betweenOand2147483647.process_path (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The path to the process executable.process_pid (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The process ID.process_terminated_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that identifies when the process was terminated. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
product_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider’s product (solution that generates findings) is registered with Security Hub.product_fields (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – A data type where security findings providers can include additional solution-specific details that aren’t part of the definedAwsSecurityFindingformat.product_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the solution (product) that generates findings.recommendation_text (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The recommendation of what to do about the issue described in a finding.record_state (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The updated record state for the finding.region (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The Region from which the finding was generated.related_findings_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The solution-generated identifier for a related finding.related_findings_product_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The ARN of the solution that generated a related finding.resource_application_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The ARN of the application that is related to a finding.resource_application_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the application that is related to a finding.resource_aws_ec2_instance_iam_instance_profile_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The IAM profile ARN of the instance.resource_aws_ec2_instance_image_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The Amazon Machine Image (AMI) ID of the instance.resource_aws_ec2_instance_ip_v4_addresses (
Union[IResolvable,Sequence[Union[IResolvable,IpFilterProperty,Dict[str,Any]]],None]) – The IPv4 addresses associated with the instance.resource_aws_ec2_instance_ip_v6_addresses (
Union[IResolvable,Sequence[Union[IResolvable,IpFilterProperty,Dict[str,Any]]],None]) – The IPv6 addresses associated with the instance.resource_aws_ec2_instance_key_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The key name associated with the instance.resource_aws_ec2_instance_launched_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – The date and time the instance was launched.resource_aws_ec2_instance_subnet_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The identifier of the subnet that the instance was launched in.resource_aws_ec2_instance_type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The instance type of the instance.resource_aws_ec2_instance_vpc_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The identifier of the VPC that the instance was launched in.resource_aws_iam_access_key_created_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – The creation date/time of the IAM access key related to a finding.resource_aws_iam_access_key_principal_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the principal that is associated with an IAM access key.resource_aws_iam_access_key_status (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The status of the IAM access key related to a finding.resource_aws_iam_access_key_user_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – This field is deprecated. The username associated with the IAM access key related to a finding.resource_aws_iam_user_user_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of an IAM user.resource_aws_s3_bucket_owner_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The canonical user ID of the owner of the S3 bucket.resource_aws_s3_bucket_owner_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The display name of the owner of the S3 bucket.resource_container_image_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The identifier of the image related to a finding.resource_container_image_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the image related to a finding.resource_container_launched_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that identifies when the container was started. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
resource_container_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the container related to a finding.resource_details_other (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – The details of a resource that doesn’t have a specific subfield for the resource type defined.resource_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The canonical identifier for the given resource type.resource_partition (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The canonical AWS partition name that the Region is assigned to.resource_region (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The canonical AWS external Region name where this resource is located.resource_tags (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – A list of AWS tags associated with a resource at the time the finding was processed.resource_type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Specifies the type of the resource that details are provided for.sample (
Union[IResolvable,Sequence[Union[IResolvable,BooleanFilterProperty,Dict[str,Any]]],None]) – Indicates whether or not sample findings are included in the filter results.severity_label (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The label of a finding’s severity.severity_normalized (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – Deprecated. The normalized severity of a finding. Instead of providingNormalized, provideLabel. The value ofNormalizedcan be an integer between0and100. If you provideLabeland don’t provideNormalized, thenNormalizedis set automatically as follows. -INFORMATIONAL- 0 -LOW- 1 -MEDIUM- 40 -HIGH- 70 -CRITICAL- 90severity_product (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – Deprecated. This attribute isn’t included in findings. Instead of providingProduct, provideOriginal. The native severity as defined by the AWS service or integrated partner product that generated the finding.source_url (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A URL that links to a page about the current finding in the security findings provider’s solution.threat_intel_indicator_category (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The category of a threat intelligence indicator.threat_intel_indicator_last_observed_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that identifies the last observation of a threat intelligence indicator. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
threat_intel_indicator_source (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The source of the threat intelligence.threat_intel_indicator_source_url (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The URL for more details from the source of the threat intelligence.threat_intel_indicator_type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The type of a threat intelligence indicator.threat_intel_indicator_value (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The value of a threat intelligence indicator.title (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A finding’s title.type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A finding type in the format ofnamespace/category/classifierthat classifies a finding.updated_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) –A timestamp that indicates when the security findings provider last updated the finding record. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
user_defined_fields (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.verification_state (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The veracity of a finding.vulnerabilities_exploit_available (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector.vulnerabilities_fix_available (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter findings by this field only if you use Security Hub and Amazon Inspector.workflow_state (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The workflow state of a finding. Note that this field is deprecated. To search for a finding based on its workflow status, useWorkflowStatus.workflow_status (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The status of the investigation into a finding. Allowed values are the following. -NEW- The initial state of a finding, before it is reviewed. Security Hub also resets the workflow status fromNOTIFIEDorRESOLVEDtoNEWin the following cases: -RecordStatechanges fromARCHIVEDtoACTIVE. -Compliance.Statuschanges fromPASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE. -NOTIFIED- Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. If one of the following occurs, the workflow status is changed automatically fromNOTIFIEDtoNEW: -RecordStatechanges fromARCHIVEDtoACTIVE. -Compliance.Statuschanges fromPASSEDtoFAILED,WARNING, orNOT_AVAILABLE. -SUPPRESSED- Indicates that you reviewed the finding and don’t believe that any action is needed. The workflow status of aSUPPRESSEDfinding does not change ifRecordStatechanges fromARCHIVEDtoACTIVE. -RESOLVED- The finding was reviewed and remediated and is now considered resolved. The finding remainsRESOLVEDunless one of the following occurs: -RecordStatechanges fromARCHIVEDtoACTIVE. -Compliance.Statuschanges fromPASSEDtoFAILED,WARNING, orNOT_AVAILABLE. In those cases, the workflow status is automatically reset toNEW. For findings from controls, ifCompliance.StatusisPASSED, then Security Hub automatically sets the workflow status toRESOLVED.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins aws_security_finding_filters_property = securityhub_mixins.CfnInsightPropsMixin.AwsSecurityFindingFiltersProperty( aws_account_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], aws_account_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], company_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_associated_standards_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_parameters_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_parameters_value=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], compliance_status=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], confidence=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], created_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], criticality=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], description=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_confidence=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], finding_provider_fields_criticality=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], finding_provider_fields_related_findings_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_related_findings_product_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_severity_label=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_severity_original=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], finding_provider_fields_types=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], first_observed_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], generator_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], keyword=[securityhub_mixins.CfnInsightPropsMixin.KeywordFilterProperty( value="value" )], last_observed_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], malware_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], malware_path=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], malware_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], malware_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_destination_domain=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_destination_ip_v4=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_destination_ip_v6=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_destination_port=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], network_direction=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_protocol=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_source_domain=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_source_ip_v4=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_source_ip_v6=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], network_source_mac=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], network_source_port=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], note_text=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], note_updated_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_updated_by=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], process_launched_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], process_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], process_parent_pid=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], process_path=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], process_pid=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], process_terminated_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], product_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], product_fields=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], product_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], recommendation_text=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], record_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], region=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], related_findings_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], related_findings_product_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_application_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_application_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_iam_instance_profile_arn=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_image_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_ip_v4_addresses=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], resource_aws_ec2_instance_ip_v6_addresses=[securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )], resource_aws_ec2_instance_key_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_launched_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], resource_aws_ec2_instance_subnet_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_ec2_instance_vpc_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_access_key_created_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], resource_aws_iam_access_key_principal_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_access_key_status=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_access_key_user_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_iam_user_user_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_s3_bucket_owner_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_aws_s3_bucket_owner_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_container_image_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_container_image_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_container_launched_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], resource_container_name=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_details_other=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_id=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_partition=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_region=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], resource_tags=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], sample=[securityhub_mixins.CfnInsightPropsMixin.BooleanFilterProperty( value=False )], severity_label=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], severity_normalized=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], severity_product=[securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )], source_url=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_category=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_last_observed_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], threat_intel_indicator_source=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_source_url=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], threat_intel_indicator_value=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], title=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], type=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], updated_at=[securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], user_defined_fields=[securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )], verification_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], vulnerabilities_exploit_available=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], vulnerabilities_fix_available=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], workflow_state=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )], workflow_status=[securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )] )
Attributes
- aws_account_id
The AWS account ID in which a finding is generated.
- aws_account_name
The name of the AWS account in which a finding is generated.
- company_name
The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance_associated_standards_id
The unique identifier of a standard in which a control is enabled.
This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.
- compliance_security_control_id
The unique identifier of a control across standards.
Values for this field typically consist of an AWS service and a number, such as APIGateway.5.
- compliance_security_control_parameters_name
The name of a security control parameter.
- compliance_security_control_parameters_value
The current value of a security control parameter.
- compliance_status
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations.
Contains security standard-related finding details.
- confidence
A finding’s confidence.
Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
- created_at
A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- criticality
The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
- description
A finding’s description.
- finding_provider_fields_confidence
The finding provider value for the finding confidence.
Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
- finding_provider_fields_criticality
The finding provider value for the level of importance assigned to the resources associated with the findings.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
The finding identifier of a related finding that is identified by the finding provider.
The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding_provider_fields_severity_label
The finding provider value for the severity label.
- finding_provider_fields_severity_original
The finding provider’s original value for the severity.
- finding_provider_fields_types
One or more finding types that the finding provider assigned to the finding.
Uses the format of
namespace/category/classifierthat classify a finding.Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
- first_observed_at
A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- generator_id
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
In various security findings providers’ solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
- id
The security findings provider-specific identifier for a finding.
- keyword
This field is deprecated.
A keyword for a finding.
- last_observed_at
A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- malware_name
The name of the malware that was observed.
- malware_path
The filesystem path of the malware that was observed.
- malware_state
The state of the malware that was observed.
- malware_type
The type of the malware that was observed.
- network_destination_domain
The destination domain of network-related information about a finding.
- network_destination_ip_v4
The destination IPv4 address of network-related information about a finding.
- network_destination_ip_v6
The destination IPv6 address of network-related information about a finding.
- network_destination_port
The destination port of network-related information about a finding.
- network_direction
Indicates the direction of network traffic associated with a finding.
- network_protocol
The protocol of network-related information about a finding.
- network_source_domain
The source domain of network-related information about a finding.
- network_source_ip_v4
The source IPv4 address of network-related information about a finding.
- network_source_ip_v6
The source IPv6 address of network-related information about a finding.
- network_source_mac
The source media access control (MAC) address of network-related information about a finding.
- network_source_port
The source port of network-related information about a finding.
- note_text
The text of a note.
- note_updated_at
The timestamp of when the note was updated.
- note_updated_by
The principal that created a note.
- process_launched_at
A timestamp that identifies when the process was launched.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- process_name
The name of the process.
- process_parent_pid
The parent process ID.
This field accepts positive integers between
Oand2147483647.
- process_path
The path to the process executable.
- process_pid
The process ID.
- process_terminated_at
A timestamp that identifies when the process was terminated.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- product_arn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider’s product (solution that generates findings) is registered with Security Hub.
- product_fields
A data type where security findings providers can include additional solution-specific details that aren’t part of the defined
AwsSecurityFindingformat.
- product_name
The name of the solution (product) that generates findings.
- recommendation_text
The recommendation of what to do about the issue described in a finding.
- record_state
The updated record state for the finding.
- region
The Region from which the finding was generated.
The solution-generated identifier for a related finding.
The ARN of the solution that generated a related finding.
- resource_application_arn
The ARN of the application that is related to a finding.
- resource_application_name
The name of the application that is related to a finding.
- resource_aws_ec2_instance_iam_instance_profile_arn
The IAM profile ARN of the instance.
- resource_aws_ec2_instance_image_id
The Amazon Machine Image (AMI) ID of the instance.
- resource_aws_ec2_instance_ip_v4_addresses
The IPv4 addresses associated with the instance.
- resource_aws_ec2_instance_ip_v6_addresses
The IPv6 addresses associated with the instance.
- resource_aws_ec2_instance_key_name
The key name associated with the instance.
- resource_aws_ec2_instance_launched_at
The date and time the instance was launched.
- resource_aws_ec2_instance_subnet_id
The identifier of the subnet that the instance was launched in.
- resource_aws_ec2_instance_type
The instance type of the instance.
- resource_aws_ec2_instance_vpc_id
The identifier of the VPC that the instance was launched in.
- resource_aws_iam_access_key_created_at
The creation date/time of the IAM access key related to a finding.
- resource_aws_iam_access_key_principal_name
The name of the principal that is associated with an IAM access key.
- resource_aws_iam_access_key_status
The status of the IAM access key related to a finding.
- resource_aws_iam_access_key_user_name
This field is deprecated.
The username associated with the IAM access key related to a finding.
- resource_aws_iam_user_user_name
The name of an IAM user.
- resource_aws_s3_bucket_owner_id
The canonical user ID of the owner of the S3 bucket.
- resource_aws_s3_bucket_owner_name
The display name of the owner of the S3 bucket.
- resource_container_image_id
The identifier of the image related to a finding.
- resource_container_image_name
The name of the image related to a finding.
- resource_container_launched_at
A timestamp that identifies when the container was started.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- resource_container_name
The name of the container related to a finding.
- resource_details_other
The details of a resource that doesn’t have a specific subfield for the resource type defined.
- resource_id
The canonical identifier for the given resource type.
- resource_partition
The canonical AWS partition name that the Region is assigned to.
- resource_region
The canonical AWS external Region name where this resource is located.
- resource_tags
A list of AWS tags associated with a resource at the time the finding was processed.
- resource_type
Specifies the type of the resource that details are provided for.
- sample
Indicates whether or not sample findings are included in the filter results.
- severity_label
The label of a finding’s severity.
- severity_normalized
Deprecated. The normalized severity of a finding. Instead of providing
Normalized, provideLabel.The value of
Normalizedcan be an integer between0and100.If you provide
Labeland don’t provideNormalized, thenNormalizedis set automatically as follows.INFORMATIONAL- 0LOW- 1MEDIUM- 40HIGH- 70CRITICAL- 90
- severity_product
Deprecated. This attribute isn’t included in findings. Instead of providing
Product, provideOriginal.The native severity as defined by the AWS service or integrated partner product that generated the finding.
- source_url
A URL that links to a page about the current finding in the security findings provider’s solution.
- threat_intel_indicator_category
The category of a threat intelligence indicator.
- threat_intel_indicator_last_observed_at
A timestamp that identifies the last observation of a threat intelligence indicator.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- threat_intel_indicator_source
The source of the threat intelligence.
- threat_intel_indicator_source_url
The URL for more details from the source of the threat intelligence.
- threat_intel_indicator_type
The type of a threat intelligence indicator.
- threat_intel_indicator_value
The value of a threat intelligence indicator.
- title
A finding’s title.
- type
A finding type in the format of
namespace/category/classifierthat classifies a finding.
- updated_at
A timestamp that indicates when the security findings provider last updated the finding record.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- user_defined_fields
A list of name/value string pairs associated with the finding.
These are custom, user-defined fields added to a finding.
- verification_state
The veracity of a finding.
- vulnerabilities_exploit_available
Indicates whether a software vulnerability in your environment has a known exploit.
You can filter findings by this field only if you use Security Hub and Amazon Inspector.
- vulnerabilities_fix_available
Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
You can filter findings by this field only if you use Security Hub and Amazon Inspector.
- workflow_state
The workflow state of a finding.
Note that this field is deprecated. To search for a finding based on its workflow status, use
WorkflowStatus.
- workflow_status
The status of the investigation into a finding. Allowed values are the following.
NEW- The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from
NOTIFIEDorRESOLVEDtoNEWin the following cases:RecordStatechanges fromARCHIVEDtoACTIVE.Compliance.Statuschanges fromPASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
If one of the following occurs, the workflow status is changed automatically from
NOTIFIEDtoNEW:RecordStatechanges fromARCHIVEDtoACTIVE.Compliance.Statuschanges fromPASSEDtoFAILED,WARNING, orNOT_AVAILABLE.SUPPRESSED- Indicates that you reviewed the finding and don’t believe that any action is needed.
The workflow status of a
SUPPRESSEDfinding does not change ifRecordStatechanges fromARCHIVEDtoACTIVE.RESOLVED- The finding was reviewed and remediated and is now considered resolved.
The finding remains
RESOLVEDunless one of the following occurs:RecordStatechanges fromARCHIVEDtoACTIVE.Compliance.Statuschanges fromPASSEDtoFAILED,WARNING, orNOT_AVAILABLE.
In those cases, the workflow status is automatically reset to
NEW.For findings from controls, if
Compliance.StatusisPASSED, then Security Hub automatically sets the workflow status toRESOLVED.
BooleanFilterProperty
- class CfnInsightPropsMixin.BooleanFilterProperty(*, value=None)
Bases:
objectBoolean filter for querying findings.
- Parameters:
value (
Union[bool,IResolvable,None]) – The value of the boolean.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins boolean_filter_property = securityhub_mixins.CfnInsightPropsMixin.BooleanFilterProperty( value=False )
Attributes
DateFilterProperty
- class CfnInsightPropsMixin.DateFilterProperty(*, date_range=None, end=None, start=None)
Bases:
objectA date filter for querying findings.
- Parameters:
date_range (
Union[IResolvable,DateRangeProperty,Dict[str,Any],None]) – A date range for the date filter.end (
Optional[str]) –A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
start (
Optional[str]) –A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins date_filter_property = securityhub_mixins.CfnInsightPropsMixin.DateFilterProperty( date_range=securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )
Attributes
- date_range
A date range for the date filter.
- end
A timestamp that provides the end date for the date filter.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
- start
A timestamp that provides the start date for the date filter.
For more information about the validation and formatting of timestamp fields in Security Hub , see Timestamps .
DateRangeProperty
- class CfnInsightPropsMixin.DateRangeProperty(*, unit=None, value=None)
Bases:
objectA date range for the date filter.
- Parameters:
unit (
Optional[str]) – A date range unit for the date filter.value (
Union[int,float,None]) – A date range value for the date filter.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins date_range_property = securityhub_mixins.CfnInsightPropsMixin.DateRangeProperty( unit="unit", value=123 )
Attributes
- unit
A date range unit for the date filter.
- value
A date range value for the date filter.
IpFilterProperty
- class CfnInsightPropsMixin.IpFilterProperty(*, cidr=None)
Bases:
objectThe IP filter for querying findings.
- Parameters:
cidr (
Optional[str]) – A finding’s CIDR value.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins ip_filter_property = securityhub_mixins.CfnInsightPropsMixin.IpFilterProperty( cidr="cidr" )
Attributes
KeywordFilterProperty
- class CfnInsightPropsMixin.KeywordFilterProperty(*, value=None)
Bases:
objectA keyword filter for querying findings.
- Parameters:
value (
Optional[str]) – A value for the keyword.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins keyword_filter_property = securityhub_mixins.CfnInsightPropsMixin.KeywordFilterProperty( value="value" )
Attributes
MapFilterProperty
- class CfnInsightPropsMixin.MapFilterProperty(*, comparison=None, key=None, value=None)
Bases:
objectA map filter for filtering Security Hub findings.
Each map filter provides the field to check for, the value to check for, and the comparison operator.
- Parameters:
comparison (
Optional[str]) – The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, useCONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, useEQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, useNOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, useNOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the Security Hub User Guide .key (
Optional[str]) – The key of the map filter. For example, forResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field.value (
Optional[str]) – The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag calledDepartmentmight beSecurity. If you providesecurityas the filter value, then there’s no match.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins map_filter_property = securityhub_mixins.CfnInsightPropsMixin.MapFilterProperty( comparison="comparison", key="key", value="value" )
Attributes
- comparison
The condition to apply to the key value when filtering Security Hub findings with a map filter.
To search for values that have the filter value, use one of the following comparison operators:
To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match.To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values.To search for values that don’t have the filter value, use one of the following comparison operators:
To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag.To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters.You can’t have both a
CONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the Security Hub User Guide .
- key
The key of the map filter.
For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field.
- value
The value for the key in the map filter.
Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there’s no match.
NumberFilterProperty
- class CfnInsightPropsMixin.NumberFilterProperty(*, eq=None, gte=None, lte=None)
Bases:
objectA number filter for querying findings.
- Parameters:
eq (
Union[int,float,None]) – The equal-to condition to be applied to a single field when querying for findings.gte (
Union[int,float,None]) – The greater-than-equal condition to be applied to a single field when querying for findings.lte (
Union[int,float,None]) – The less-than-equal condition to be applied to a single field when querying for findings.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins number_filter_property = securityhub_mixins.CfnInsightPropsMixin.NumberFilterProperty( eq=123, gte=123, lte=123 )
Attributes
- eq
The equal-to condition to be applied to a single field when querying for findings.
- gte
The greater-than-equal condition to be applied to a single field when querying for findings.
- lte
The less-than-equal condition to be applied to a single field when querying for findings.
StringFilterProperty
- class CfnInsightPropsMixin.StringFilterProperty(*, comparison=None, value=None)
Bases:
objectA string filter for filtering Security Hub findings.
- Parameters:
comparison (
Optional[str]) –The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, useEQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, usePREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn’t match.CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, useNOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, useNOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don’t start with the filter value, usePREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface. -ResourceType PREFIX AwsIam-ResourceType PREFIX AwsEc2-ResourceType NOT_EQUALS AwsIamPolicy-ResourceType NOT_EQUALS AwsEc2NetworkInterfaceCONTAINSandNOT_CONTAINSoperators can be used only with automation rules V1.CONTAINS_WORDoperator is only supported inGetFindingsV2,GetFindingStatisticsV2,GetResourcesV2, andGetResourceStatisticsV2APIs. For more information, see Automation rules in the Security Hub User Guide .value (
Optional[str]) – The string filter value. Filter values are case sensitive. For example, the product name for control-based findings isSecurity Hub. If you providesecurity hubas the filter value, there’s no match.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins string_filter_property = securityhub_mixins.CfnInsightPropsMixin.StringFilterProperty( comparison="comparison", value="value" )
Attributes
- comparison
The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront.To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012.To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn’t match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront.To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012.To search for values that don’t start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title.You can’t have both a
CONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters.You can combine
PREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules V1.CONTAINS_WORDoperator is only supported inGetFindingsV2,GetFindingStatisticsV2,GetResourcesV2, andGetResourceStatisticsV2APIs. For more information, see Automation rules in the Security Hub User Guide .
- value
The string filter value.
Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there’s no match.