CfnInsight

class aws_cdk.aws_securityhub.CfnInsight(scope, id, *, filters, group_by_attribute, name)

Bases: CfnResource

The AWS::SecurityHub::Insight resource creates a custom insight in AWS Security Hub .

An insight is a collection of findings that relate to a security issue that requires attention or remediation. For more information, see Insights in AWS Security Hub in the AWS Security Hub User Guide .

Tags aren’t supported for this resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-insight.html

CloudformationResource:

AWS::SecurityHub::Insight

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

cfn_insight = securityhub.CfnInsight(self, "MyCfnInsight",
    filters=securityhub.CfnInsight.AwsSecurityFindingFiltersProperty(
        aws_account_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        aws_account_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        company_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_associated_standards_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_security_control_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_security_control_parameters_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_security_control_parameters_value=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_status=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        confidence=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        created_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        criticality=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        description=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        finding_provider_fields_confidence=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        finding_provider_fields_criticality=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        finding_provider_fields_related_findings_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        finding_provider_fields_related_findings_product_arn=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        finding_provider_fields_severity_label=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        finding_provider_fields_severity_original=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        finding_provider_fields_types=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        first_observed_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        generator_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        keyword=[securityhub.CfnInsight.KeywordFilterProperty(
            value="value"
        )],
        last_observed_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        malware_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        malware_path=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        malware_state=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        malware_type=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        network_destination_domain=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        network_destination_ip_v4=[securityhub.CfnInsight.IpFilterProperty(
            cidr="cidr"
        )],
        network_destination_ip_v6=[securityhub.CfnInsight.IpFilterProperty(
            cidr="cidr"
        )],
        network_destination_port=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        network_direction=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        network_protocol=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        network_source_domain=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        network_source_ip_v4=[securityhub.CfnInsight.IpFilterProperty(
            cidr="cidr"
        )],
        network_source_ip_v6=[securityhub.CfnInsight.IpFilterProperty(
            cidr="cidr"
        )],
        network_source_mac=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        network_source_port=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        note_text=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        note_updated_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        note_updated_by=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        process_launched_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        process_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        process_parent_pid=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        process_path=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        process_pid=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        process_terminated_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        product_arn=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        product_fields=[securityhub.CfnInsight.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        product_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        recommendation_text=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        record_state=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        region=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        related_findings_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        related_findings_product_arn=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_application_arn=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_application_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_ec2_instance_iam_instance_profile_arn=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_ec2_instance_image_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_ec2_instance_ip_v4_addresses=[securityhub.CfnInsight.IpFilterProperty(
            cidr="cidr"
        )],
        resource_aws_ec2_instance_ip_v6_addresses=[securityhub.CfnInsight.IpFilterProperty(
            cidr="cidr"
        )],
        resource_aws_ec2_instance_key_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_ec2_instance_launched_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        resource_aws_ec2_instance_subnet_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_ec2_instance_type=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_ec2_instance_vpc_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_iam_access_key_created_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        resource_aws_iam_access_key_principal_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_iam_access_key_status=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_iam_access_key_user_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_iam_user_user_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_s3_bucket_owner_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_aws_s3_bucket_owner_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_container_image_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_container_image_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_container_launched_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        resource_container_name=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_details_other=[securityhub.CfnInsight.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        resource_id=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_partition=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_region=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_tags=[securityhub.CfnInsight.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        resource_type=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        sample=[securityhub.CfnInsight.BooleanFilterProperty(
            value=False
        )],
        severity_label=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        severity_normalized=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        severity_product=[securityhub.CfnInsight.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        source_url=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        threat_intel_indicator_category=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        threat_intel_indicator_last_observed_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        threat_intel_indicator_source=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        threat_intel_indicator_source_url=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        threat_intel_indicator_type=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        threat_intel_indicator_value=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        title=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        type=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        updated_at=[securityhub.CfnInsight.DateFilterProperty(
            date_range=securityhub.CfnInsight.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        user_defined_fields=[securityhub.CfnInsight.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        verification_state=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        vulnerabilities_exploit_available=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        vulnerabilities_fix_available=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        workflow_state=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        workflow_status=[securityhub.CfnInsight.StringFilterProperty(
            comparison="comparison",
            value="value"
        )]
    ),
    group_by_attribute="groupByAttribute",
    name="name"
)
Parameters:
  • scope (Construct) – Scope in which this resource is defined.

  • id (str) – Construct identifier for this resource (unique in its scope).

  • filters (Union[IResolvable, AwsSecurityFindingFiltersProperty, Dict[str, Any]]) – One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters. You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.

  • group_by_attribute (str) – The grouping attribute for the insight’s findings. Indicates how to group the matching findings, and identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.

  • name (str) – The name of a Security Hub insight.

Methods

add_deletion_override(path)

Syntactic sugar for addOverride(path, undefined).

Parameters:

path (str) – The path of the value to delete.

Return type:

None

add_dependency(target)

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

add_depends_on(target)

(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

Parameters:

target (CfnResource) –

Deprecated:

use addDependency

Stability:

deprecated

Return type:

None

add_metadata(key, value)

Add a value to the CloudFormation Resource Metadata.

Parameters:
  • key (str) –

  • value (Any) –

See:

Return type:

None

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

add_override(path, value)

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with “Properties.” (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example:

cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")

would add the overrides Example:

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

Parameters:
  • path (str) –

    • The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.

  • value (Any) –

    • The value. Could be primitive or complex.

Return type:

None

add_property_deletion_override(property_path)

Adds an override that deletes the value of a property from the resource definition.

Parameters:

property_path (str) – The path to the property.

Return type:

None

add_property_override(property_path, value)

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).

Parameters:
  • property_path (str) – The path of the property.

  • value (Any) – The value.

Return type:

None

apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

Parameters:
  • policy (Optional[RemovalPolicy]) –

  • apply_to_update_replace_policy (Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: true

  • default (Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options

Return type:

None

get_att(attribute_name, type_hint=None)

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

Parameters:
  • attribute_name (str) – The name of the attribute.

  • type_hint (Optional[ResolutionTypeHint]) –

Return type:

Reference

get_metadata(key)

Retrieve a value value from the CloudFormation Resource Metadata.

Parameters:

key (str) –

See:

Return type:

Any

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

inspect(inspector)

Examines the CloudFormation resource and discloses attributes.

Parameters:

inspector (TreeInspector) – tree inspector to collect and process attributes.

Return type:

None

obtain_dependencies()

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.

Return type:

List[Union[Stack, CfnResource]]

obtain_resource_dependencies()

Get a shallow copy of dependencies between this resource and other resources in the same stack.

Return type:

List[CfnResource]

override_logical_id(new_logical_id)

Overrides the auto-generated logical ID with a specific ID.

Parameters:

new_logical_id (str) – The new logical ID to use for this stack element.

Return type:

None

remove_dependency(target)

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

replace_dependency(target, new_target)

Replaces one dependency with another.

Parameters:
Return type:

None

to_string()

Returns a string representation of this construct.

Return type:

str

Returns:

a string representation of this resource

Attributes

CFN_RESOURCE_TYPE_NAME = 'AWS::SecurityHub::Insight'
attr_insight_arn

The ARN of a Security Hub insight.

CloudformationAttribute:

InsightArn

cfn_options

Options for this resource, such as condition, update policy etc.

cfn_resource_type

AWS resource type.

creation_stack

return:

the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.

filters

One or more attributes used to filter the findings included in the insight.

group_by_attribute

The grouping attribute for the insight’s findings.

logical_id

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Returns:

the logical ID as a stringified token. This value will only get resolved during synthesis.

name

The name of a Security Hub insight.

node

The tree node.

ref

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

Static Methods

classmethod is_cfn_element(x)

Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.

Parameters:

x (Any) –

Return type:

bool

Returns:

The construct as a stack element or undefined if it is not a stack element.

classmethod is_cfn_resource(x)

Check whether the given object is a CfnResource.

Parameters:

x (Any) –

Return type:

bool

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.

AwsSecurityFindingFiltersProperty

class CfnInsight.AwsSecurityFindingFiltersProperty(*, aws_account_id=None, aws_account_name=None, company_name=None, compliance_associated_standards_id=None, compliance_security_control_id=None, compliance_security_control_parameters_name=None, compliance_security_control_parameters_value=None, compliance_status=None, confidence=None, created_at=None, criticality=None, description=None, finding_provider_fields_confidence=None, finding_provider_fields_criticality=None, finding_provider_fields_related_findings_id=None, finding_provider_fields_related_findings_product_arn=None, finding_provider_fields_severity_label=None, finding_provider_fields_severity_original=None, finding_provider_fields_types=None, first_observed_at=None, generator_id=None, id=None, keyword=None, last_observed_at=None, malware_name=None, malware_path=None, malware_state=None, malware_type=None, network_destination_domain=None, network_destination_ip_v4=None, network_destination_ip_v6=None, network_destination_port=None, network_direction=None, network_protocol=None, network_source_domain=None, network_source_ip_v4=None, network_source_ip_v6=None, network_source_mac=None, network_source_port=None, note_text=None, note_updated_at=None, note_updated_by=None, process_launched_at=None, process_name=None, process_parent_pid=None, process_path=None, process_pid=None, process_terminated_at=None, product_arn=None, product_fields=None, product_name=None, recommendation_text=None, record_state=None, region=None, related_findings_id=None, related_findings_product_arn=None, resource_application_arn=None, resource_application_name=None, resource_aws_ec2_instance_iam_instance_profile_arn=None, resource_aws_ec2_instance_image_id=None, resource_aws_ec2_instance_ip_v4_addresses=None, resource_aws_ec2_instance_ip_v6_addresses=None, resource_aws_ec2_instance_key_name=None, resource_aws_ec2_instance_launched_at=None, resource_aws_ec2_instance_subnet_id=None, resource_aws_ec2_instance_type=None, resource_aws_ec2_instance_vpc_id=None, resource_aws_iam_access_key_created_at=None, resource_aws_iam_access_key_principal_name=None, resource_aws_iam_access_key_status=None, resource_aws_iam_access_key_user_name=None, resource_aws_iam_user_user_name=None, resource_aws_s3_bucket_owner_id=None, resource_aws_s3_bucket_owner_name=None, resource_container_image_id=None, resource_container_image_name=None, resource_container_launched_at=None, resource_container_name=None, resource_details_other=None, resource_id=None, resource_partition=None, resource_region=None, resource_tags=None, resource_type=None, sample=None, severity_label=None, severity_normalized=None, severity_product=None, source_url=None, threat_intel_indicator_category=None, threat_intel_indicator_last_observed_at=None, threat_intel_indicator_source=None, threat_intel_indicator_source_url=None, threat_intel_indicator_type=None, threat_intel_indicator_value=None, title=None, type=None, updated_at=None, user_defined_fields=None, verification_state=None, vulnerabilities_exploit_available=None, vulnerabilities_fix_available=None, workflow_state=None, workflow_status=None)

Bases: object

A collection of filters that are applied to all active findings aggregated by AWS Security Hub .

You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.

Parameters:
  • aws_account_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The AWS account ID in which a finding is generated.

  • aws_account_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the AWS account in which a finding is generated.

  • company_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the findings provider (company) that owns the solution (product) that generates findings.

  • compliance_associated_standards_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

  • compliance_security_control_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The unique identifier of a control across standards. Values for this field typically consist of an AWS service and a number, such as APIGateway.5.

  • compliance_security_control_parameters_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of a security control parameter.

  • compliance_security_control_parameters_value (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The current value of a security control parameter.

  • compliance_status (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.

  • confidence (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – A finding’s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

  • created_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • criticality (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

  • description (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – A finding’s description.

  • finding_provider_fields_confidence (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

  • finding_provider_fields_criticality (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

  • finding_provider_fields_related_findings_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The finding identifier of a related finding that is identified by the finding provider.

  • finding_provider_fields_related_findings_product_arn (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The ARN of the solution that generated a related finding that is identified by the finding provider.

  • finding_provider_fields_severity_label (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The finding provider value for the severity label.

  • finding_provider_fields_severity_original (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The finding provider’s original value for the severity.

  • finding_provider_fields_types (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding. Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

  • first_observed_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • generator_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers’ solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

  • id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The security findings provider-specific identifier for a finding.

  • keyword (Union[IResolvable, Sequence[Union[IResolvable, KeywordFilterProperty, Dict[str, Any]]], None]) – This field is deprecated. A keyword for a finding.

  • last_observed_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • malware_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the malware that was observed.

  • malware_path (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The filesystem path of the malware that was observed.

  • malware_state (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The state of the malware that was observed.

  • malware_type (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The type of the malware that was observed.

  • network_destination_domain (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The destination domain of network-related information about a finding.

  • network_destination_ip_v4 (Union[IResolvable, Sequence[Union[IResolvable, IpFilterProperty, Dict[str, Any]]], None]) – The destination IPv4 address of network-related information about a finding.

  • network_destination_ip_v6 (Union[IResolvable, Sequence[Union[IResolvable, IpFilterProperty, Dict[str, Any]]], None]) – The destination IPv6 address of network-related information about a finding.

  • network_destination_port (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The destination port of network-related information about a finding.

  • network_direction (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – Indicates the direction of network traffic associated with a finding.

  • network_protocol (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The protocol of network-related information about a finding.

  • network_source_domain (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The source domain of network-related information about a finding.

  • network_source_ip_v4 (Union[IResolvable, Sequence[Union[IResolvable, IpFilterProperty, Dict[str, Any]]], None]) – The source IPv4 address of network-related information about a finding.

  • network_source_ip_v6 (Union[IResolvable, Sequence[Union[IResolvable, IpFilterProperty, Dict[str, Any]]], None]) – The source IPv6 address of network-related information about a finding.

  • network_source_mac (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The source media access control (MAC) address of network-related information about a finding.

  • network_source_port (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The source port of network-related information about a finding.

  • note_text (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The text of a note.

  • note_updated_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – The timestamp of when the note was updated.

  • note_updated_by (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The principal that created a note.

  • process_launched_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that identifies when the process was launched. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • process_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the process.

  • process_parent_pid (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The parent process ID. This field accepts positive integers between O and 2147483647 .

  • process_path (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The path to the process executable.

  • process_pid (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – The process ID.

  • process_terminated_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that identifies when the process was terminated. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • product_arn (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider’s product (solution that generates findings) is registered with Security Hub.

  • product_fields (Union[IResolvable, Sequence[Union[IResolvable, MapFilterProperty, Dict[str, Any]]], None]) – A data type where security findings providers can include additional solution-specific details that aren’t part of the defined AwsSecurityFinding format.

  • product_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the solution (product) that generates findings.

  • recommendation_text (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The recommendation of what to do about the issue described in a finding.

  • record_state (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The updated record state for the finding.

  • region (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The Region from which the finding was generated.

  • related_findings_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The solution-generated identifier for a related finding.

  • related_findings_product_arn (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The ARN of the solution that generated a related finding.

  • resource_application_arn (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The ARN of the application that is related to a finding.

  • resource_application_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the application that is related to a finding.

  • resource_aws_ec2_instance_iam_instance_profile_arn (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The IAM profile ARN of the instance.

  • resource_aws_ec2_instance_image_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The Amazon Machine Image (AMI) ID of the instance.

  • resource_aws_ec2_instance_ip_v4_addresses (Union[IResolvable, Sequence[Union[IResolvable, IpFilterProperty, Dict[str, Any]]], None]) – The IPv4 addresses associated with the instance.

  • resource_aws_ec2_instance_ip_v6_addresses (Union[IResolvable, Sequence[Union[IResolvable, IpFilterProperty, Dict[str, Any]]], None]) – The IPv6 addresses associated with the instance.

  • resource_aws_ec2_instance_key_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The key name associated with the instance.

  • resource_aws_ec2_instance_launched_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – The date and time the instance was launched.

  • resource_aws_ec2_instance_subnet_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The identifier of the subnet that the instance was launched in.

  • resource_aws_ec2_instance_type (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The instance type of the instance.

  • resource_aws_ec2_instance_vpc_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The identifier of the VPC that the instance was launched in.

  • resource_aws_iam_access_key_created_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – The creation date/time of the IAM access key related to a finding.

  • resource_aws_iam_access_key_principal_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the principal that is associated with an IAM access key.

  • resource_aws_iam_access_key_status (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The status of the IAM access key related to a finding.

  • resource_aws_iam_access_key_user_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – This field is deprecated. The username associated with the IAM access key related to a finding.

  • resource_aws_iam_user_user_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of an IAM user.

  • resource_aws_s3_bucket_owner_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The canonical user ID of the owner of the S3 bucket.

  • resource_aws_s3_bucket_owner_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The display name of the owner of the S3 bucket.

  • resource_container_image_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The identifier of the image related to a finding.

  • resource_container_image_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the image related to a finding.

  • resource_container_launched_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that identifies when the container was started. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • resource_container_name (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The name of the container related to a finding.

  • resource_details_other (Union[IResolvable, Sequence[Union[IResolvable, MapFilterProperty, Dict[str, Any]]], None]) – The details of a resource that doesn’t have a specific subfield for the resource type defined.

  • resource_id (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The canonical identifier for the given resource type.

  • resource_partition (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The canonical AWS partition name that the Region is assigned to.

  • resource_region (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The canonical AWS external Region name where this resource is located.

  • resource_tags (Union[IResolvable, Sequence[Union[IResolvable, MapFilterProperty, Dict[str, Any]]], None]) – A list of AWS tags associated with a resource at the time the finding was processed.

  • resource_type (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – Specifies the type of the resource that details are provided for.

  • sample (Union[IResolvable, Sequence[Union[IResolvable, BooleanFilterProperty, Dict[str, Any]]], None]) – Indicates whether or not sample findings are included in the filter results.

  • severity_label (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The label of a finding’s severity.

  • severity_normalized (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – Deprecated. The normalized severity of a finding. Instead of providing Normalized , provide Label . The value of Normalized can be an integer between 0 and 100 . If you provide Label and don’t provide Normalized , then Normalized is set automatically as follows. - INFORMATIONAL - 0 - LOW - 1 - MEDIUM - 40 - HIGH - 70 - CRITICAL - 90

  • severity_product (Union[IResolvable, Sequence[Union[IResolvable, NumberFilterProperty, Dict[str, Any]]], None]) – Deprecated. This attribute isn’t included in findings. Instead of providing Product , provide Original . The native severity as defined by the AWS service or integrated partner product that generated the finding.

  • source_url (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – A URL that links to a page about the current finding in the security findings provider’s solution.

  • threat_intel_indicator_category (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The category of a threat intelligence indicator.

  • threat_intel_indicator_last_observed_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that identifies the last observation of a threat intelligence indicator.

  • threat_intel_indicator_source (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The source of the threat intelligence.

  • threat_intel_indicator_source_url (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The URL for more details from the source of the threat intelligence.

  • threat_intel_indicator_type (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The type of a threat intelligence indicator.

  • threat_intel_indicator_value (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The value of a threat intelligence indicator.

  • title (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – A finding’s title.

  • type (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – A finding type in the format of namespace/category/classifier that classifies a finding.

  • updated_at (Union[IResolvable, Sequence[Union[IResolvable, DateFilterProperty, Dict[str, Any]]], None]) – A timestamp that indicates when the security findings provider last updated the finding record. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • user_defined_fields (Union[IResolvable, Sequence[Union[IResolvable, MapFilterProperty, Dict[str, Any]]], None]) – A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

  • verification_state (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The veracity of a finding.

  • vulnerabilities_exploit_available (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector.

  • vulnerabilities_fix_available (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter findings by this field only if you use Security Hub and Amazon Inspector.

  • workflow_state (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The workflow state of a finding. Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus .

  • workflow_status (Union[IResolvable, Sequence[Union[IResolvable, StringFilterProperty, Dict[str, Any]]], None]) – The status of the investigation into a finding. Allowed values are the following. - NEW - The initial state of a finding, before it is reviewed. Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases: - RecordState changes from ARCHIVED to ACTIVE . - Compliance.Status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE . - NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. If one of the following occurs, the workflow status is changed automatically from NOTIFIED to NEW : - RecordState changes from ARCHIVED to ACTIVE . - Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE . - SUPPRESSED - Indicates that you reviewed the finding and don’t believe that any action is needed. The workflow status of a SUPPRESSED finding does not change if RecordState changes from ARCHIVED to ACTIVE . - RESOLVED - The finding was reviewed and remediated and is now considered resolved. The finding remains RESOLVED unless one of the following occurs: - RecordState changes from ARCHIVED to ACTIVE . - Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE . In those cases, the workflow status is automatically reset to NEW . For findings from controls, if Compliance.Status is PASSED , then Security Hub automatically sets the workflow status to RESOLVED .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

aws_security_finding_filters_property = securityhub.CfnInsight.AwsSecurityFindingFiltersProperty(
    aws_account_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    aws_account_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    company_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    compliance_associated_standards_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    compliance_security_control_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    compliance_security_control_parameters_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    compliance_security_control_parameters_value=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    compliance_status=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    confidence=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    created_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    criticality=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    description=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    finding_provider_fields_confidence=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    finding_provider_fields_criticality=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    finding_provider_fields_related_findings_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    finding_provider_fields_related_findings_product_arn=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    finding_provider_fields_severity_label=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    finding_provider_fields_severity_original=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    finding_provider_fields_types=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    first_observed_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    generator_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    keyword=[securityhub.CfnInsight.KeywordFilterProperty(
        value="value"
    )],
    last_observed_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    malware_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    malware_path=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    malware_state=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    malware_type=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    network_destination_domain=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    network_destination_ip_v4=[securityhub.CfnInsight.IpFilterProperty(
        cidr="cidr"
    )],
    network_destination_ip_v6=[securityhub.CfnInsight.IpFilterProperty(
        cidr="cidr"
    )],
    network_destination_port=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    network_direction=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    network_protocol=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    network_source_domain=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    network_source_ip_v4=[securityhub.CfnInsight.IpFilterProperty(
        cidr="cidr"
    )],
    network_source_ip_v6=[securityhub.CfnInsight.IpFilterProperty(
        cidr="cidr"
    )],
    network_source_mac=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    network_source_port=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    note_text=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    note_updated_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    note_updated_by=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    process_launched_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    process_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    process_parent_pid=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    process_path=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    process_pid=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    process_terminated_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    product_arn=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    product_fields=[securityhub.CfnInsight.MapFilterProperty(
        comparison="comparison",
        key="key",
        value="value"
    )],
    product_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    recommendation_text=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    record_state=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    region=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    related_findings_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    related_findings_product_arn=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_application_arn=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_application_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_ec2_instance_iam_instance_profile_arn=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_ec2_instance_image_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_ec2_instance_ip_v4_addresses=[securityhub.CfnInsight.IpFilterProperty(
        cidr="cidr"
    )],
    resource_aws_ec2_instance_ip_v6_addresses=[securityhub.CfnInsight.IpFilterProperty(
        cidr="cidr"
    )],
    resource_aws_ec2_instance_key_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_ec2_instance_launched_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    resource_aws_ec2_instance_subnet_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_ec2_instance_type=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_ec2_instance_vpc_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_iam_access_key_created_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    resource_aws_iam_access_key_principal_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_iam_access_key_status=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_iam_access_key_user_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_iam_user_user_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_s3_bucket_owner_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_aws_s3_bucket_owner_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_container_image_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_container_image_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_container_launched_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    resource_container_name=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_details_other=[securityhub.CfnInsight.MapFilterProperty(
        comparison="comparison",
        key="key",
        value="value"
    )],
    resource_id=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_partition=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_region=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    resource_tags=[securityhub.CfnInsight.MapFilterProperty(
        comparison="comparison",
        key="key",
        value="value"
    )],
    resource_type=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    sample=[securityhub.CfnInsight.BooleanFilterProperty(
        value=False
    )],
    severity_label=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    severity_normalized=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    severity_product=[securityhub.CfnInsight.NumberFilterProperty(
        eq=123,
        gte=123,
        lte=123
    )],
    source_url=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    threat_intel_indicator_category=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    threat_intel_indicator_last_observed_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    threat_intel_indicator_source=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    threat_intel_indicator_source_url=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    threat_intel_indicator_type=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    threat_intel_indicator_value=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    title=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    type=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    updated_at=[securityhub.CfnInsight.DateFilterProperty(
        date_range=securityhub.CfnInsight.DateRangeProperty(
            unit="unit",
            value=123
        ),
        end="end",
        start="start"
    )],
    user_defined_fields=[securityhub.CfnInsight.MapFilterProperty(
        comparison="comparison",
        key="key",
        value="value"
    )],
    verification_state=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    vulnerabilities_exploit_available=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    vulnerabilities_fix_available=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    workflow_state=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )],
    workflow_status=[securityhub.CfnInsight.StringFilterProperty(
        comparison="comparison",
        value="value"
    )]
)

Attributes

aws_account_id

The AWS account ID in which a finding is generated.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-awsaccountid

aws_account_name

The name of the AWS account in which a finding is generated.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-awsaccountname

company_name

The name of the findings provider (company) that owns the solution (product) that generates findings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-companyname

compliance_associated_standards_id

The unique identifier of a standard in which a control is enabled.

This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-complianceassociatedstandardsid

compliance_security_control_id

The unique identifier of a control across standards.

Values for this field typically consist of an AWS service and a number, such as APIGateway.5.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-compliancesecuritycontrolid

compliance_security_control_parameters_name

The name of a security control parameter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-compliancesecuritycontrolparametersname

compliance_security_control_parameters_value

The current value of a security control parameter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-compliancesecuritycontrolparametersvalue

compliance_status

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations.

Contains security standard-related finding details.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-compliancestatus

confidence

A finding’s confidence.

Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-confidence

created_at

A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-createdat

criticality

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-criticality

description

A finding’s description.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-description

finding_provider_fields_confidence

The finding provider value for the finding confidence.

Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldsconfidence

finding_provider_fields_criticality

The finding provider value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldscriticality

The finding identifier of a related finding that is identified by the finding provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldsrelatedfindingsid

The ARN of the solution that generated a related finding that is identified by the finding provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldsrelatedfindingsproductarn

finding_provider_fields_severity_label

The finding provider value for the severity label.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldsseveritylabel

finding_provider_fields_severity_original

The finding provider’s original value for the severity.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldsseverityoriginal

finding_provider_fields_types

One or more finding types that the finding provider assigned to the finding.

Uses the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-findingproviderfieldstypes

first_observed_at

A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-firstobservedat

generator_id

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.

In various security findings providers’ solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-generatorid

id

The security findings provider-specific identifier for a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-id

keyword

This field is deprecated.

A keyword for a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-keyword

last_observed_at

A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-lastobservedat

malware_name

The name of the malware that was observed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-malwarename

malware_path

The filesystem path of the malware that was observed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-malwarepath

malware_state

The state of the malware that was observed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-malwarestate

malware_type

The type of the malware that was observed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-malwaretype

network_destination_domain

The destination domain of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networkdestinationdomain

network_destination_ip_v4

The destination IPv4 address of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networkdestinationipv4

network_destination_ip_v6

The destination IPv6 address of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networkdestinationipv6

network_destination_port

The destination port of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networkdestinationport

network_direction

Indicates the direction of network traffic associated with a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networkdirection

network_protocol

The protocol of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networkprotocol

network_source_domain

The source domain of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networksourcedomain

network_source_ip_v4

The source IPv4 address of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networksourceipv4

network_source_ip_v6

The source IPv6 address of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networksourceipv6

network_source_mac

The source media access control (MAC) address of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networksourcemac

network_source_port

The source port of network-related information about a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-networksourceport

note_text

The text of a note.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-notetext

note_updated_at

The timestamp of when the note was updated.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-noteupdatedat

note_updated_by

The principal that created a note.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-noteupdatedby

process_launched_at

A timestamp that identifies when the process was launched.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processlaunchedat

process_name

The name of the process.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processname

process_parent_pid

The parent process ID.

This field accepts positive integers between O and 2147483647 .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processparentpid

process_path

The path to the process executable.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processpath

process_pid

The process ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processpid

process_terminated_at

A timestamp that identifies when the process was terminated.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processterminatedat

product_arn

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider’s product (solution that generates findings) is registered with Security Hub.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-productarn

product_fields

A data type where security findings providers can include additional solution-specific details that aren’t part of the defined AwsSecurityFinding format.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-productfields

product_name

The name of the solution (product) that generates findings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-productname

recommendation_text

The recommendation of what to do about the issue described in a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-recommendationtext

record_state

The updated record state for the finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-recordstate

region

The Region from which the finding was generated.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-region

related_findings_id

The solution-generated identifier for a related finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-relatedfindingsid

related_findings_product_arn

The ARN of the solution that generated a related finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-relatedfindingsproductarn

resource_application_arn

The ARN of the application that is related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceapplicationarn

resource_application_name

The name of the application that is related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceapplicationname

resource_aws_ec2_instance_iam_instance_profile_arn

The IAM profile ARN of the instance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instanceiaminstanceprofilearn

resource_aws_ec2_instance_image_id

The Amazon Machine Image (AMI) ID of the instance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instanceimageid

resource_aws_ec2_instance_ip_v4_addresses

The IPv4 addresses associated with the instance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instanceipv4addresses

resource_aws_ec2_instance_ip_v6_addresses

The IPv6 addresses associated with the instance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instanceipv6addresses

resource_aws_ec2_instance_key_name

The key name associated with the instance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instancekeyname

resource_aws_ec2_instance_launched_at

The date and time the instance was launched.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instancelaunchedat

resource_aws_ec2_instance_subnet_id

The identifier of the subnet that the instance was launched in.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instancesubnetid

resource_aws_ec2_instance_type

The instance type of the instance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instancetype

resource_aws_ec2_instance_vpc_id

The identifier of the VPC that the instance was launched in.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsec2instancevpcid

resource_aws_iam_access_key_created_at

The creation date/time of the IAM access key related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsiamaccesskeycreatedat

resource_aws_iam_access_key_principal_name

The name of the principal that is associated with an IAM access key.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsiamaccesskeyprincipalname

resource_aws_iam_access_key_status

The status of the IAM access key related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsiamaccesskeystatus

resource_aws_iam_access_key_user_name

This field is deprecated.

The username associated with the IAM access key related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsiamaccesskeyusername

resource_aws_iam_user_user_name

The name of an IAM user.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawsiamuserusername

resource_aws_s3_bucket_owner_id

The canonical user ID of the owner of the S3 bucket.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawss3bucketownerid

resource_aws_s3_bucket_owner_name

The display name of the owner of the S3 bucket.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceawss3bucketownername

resource_container_image_id

The identifier of the image related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcecontainerimageid

resource_container_image_name

The name of the image related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcecontainerimagename

resource_container_launched_at

A timestamp that identifies when the container was started.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcecontainerlaunchedat

resource_container_name

The name of the container related to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcecontainername

resource_details_other

The details of a resource that doesn’t have a specific subfield for the resource type defined.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcedetailsother

resource_id

The canonical identifier for the given resource type.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceid

resource_partition

The canonical AWS partition name that the Region is assigned to.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcepartition

resource_region

The canonical AWS external Region name where this resource is located.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourceregion

resource_tags

A list of AWS tags associated with a resource at the time the finding was processed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcetags

resource_type

Specifies the type of the resource that details are provided for.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcetype

sample

Indicates whether or not sample findings are included in the filter results.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-sample

severity_label

The label of a finding’s severity.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-severitylabel

severity_normalized

Deprecated. The normalized severity of a finding. Instead of providing Normalized , provide Label .

The value of Normalized can be an integer between 0 and 100 .

If you provide Label and don’t provide Normalized , then Normalized is set automatically as follows.

  • INFORMATIONAL - 0

  • LOW - 1

  • MEDIUM - 40

  • HIGH - 70

  • CRITICAL - 90

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-severitynormalized

severity_product

Deprecated. This attribute isn’t included in findings. Instead of providing Product , provide Original .

The native severity as defined by the AWS service or integrated partner product that generated the finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-severityproduct

source_url

A URL that links to a page about the current finding in the security findings provider’s solution.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-sourceurl

threat_intel_indicator_category

The category of a threat intelligence indicator.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatorcategory

threat_intel_indicator_last_observed_at

A timestamp that identifies the last observation of a threat intelligence indicator.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatorlastobservedat

threat_intel_indicator_source

The source of the threat intelligence.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatorsource

threat_intel_indicator_source_url

The URL for more details from the source of the threat intelligence.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatorsourceurl

threat_intel_indicator_type

The type of a threat intelligence indicator.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatortype

threat_intel_indicator_value

The value of a threat intelligence indicator.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatorvalue

title

A finding’s title.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-title

type

A finding type in the format of namespace/category/classifier that classifies a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-type

updated_at

A timestamp that indicates when the security findings provider last updated the finding record.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-updatedat

user_defined_fields

A list of name/value string pairs associated with the finding.

These are custom, user-defined fields added to a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-userdefinedfields

verification_state

The veracity of a finding.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-verificationstate

vulnerabilities_exploit_available

Indicates whether a software vulnerability in your environment has a known exploit.

You can filter findings by this field only if you use Security Hub and Amazon Inspector.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-vulnerabilitiesexploitavailable

vulnerabilities_fix_available

Indicates whether a vulnerability is fixed in a newer version of the affected software packages.

You can filter findings by this field only if you use Security Hub and Amazon Inspector.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-vulnerabilitiesfixavailable

workflow_state

The workflow state of a finding.

Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-workflowstate

workflow_status

The status of the investigation into a finding. Allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

  • RecordState changes from ARCHIVED to ACTIVE .

  • Compliance.Status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .

  • NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

If one of the following occurs, the workflow status is changed automatically from NOTIFIED to NEW :

  • RecordState changes from ARCHIVED to ACTIVE .

  • Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE .

  • SUPPRESSED - Indicates that you reviewed the finding and don’t believe that any action is needed.

The workflow status of a SUPPRESSED finding does not change if RecordState changes from ARCHIVED to ACTIVE .

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

The finding remains RESOLVED unless one of the following occurs:

  • RecordState changes from ARCHIVED to ACTIVE .

  • Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE .

In those cases, the workflow status is automatically reset to NEW .

For findings from controls, if Compliance.Status is PASSED , then Security Hub automatically sets the workflow status to RESOLVED .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-workflowstatus

BooleanFilterProperty

class CfnInsight.BooleanFilterProperty(*, value)

Bases: object

Boolean filter for querying findings.

Parameters:

value (Union[bool, IResolvable]) – The value of the boolean.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-booleanfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

boolean_filter_property = securityhub.CfnInsight.BooleanFilterProperty(
    value=False
)

Attributes

value

The value of the boolean.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-booleanfilter.html#cfn-securityhub-insight-booleanfilter-value

DateFilterProperty

class CfnInsight.DateFilterProperty(*, date_range=None, end=None, start=None)

Bases: object

A date filter for querying findings.

Parameters:
  • date_range (Union[IResolvable, DateRangeProperty, Dict[str, Any], None]) – A date range for the date filter.

  • end (Optional[str]) – A timestamp that provides the end date for the date filter. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

  • start (Optional[str]) – A timestamp that provides the start date for the date filter. This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: - YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z ) - YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 ) - YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 ) - YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

date_filter_property = securityhub.CfnInsight.DateFilterProperty(
    date_range=securityhub.CfnInsight.DateRangeProperty(
        unit="unit",
        value=123
    ),
    end="end",
    start="start"
)

Attributes

date_range

A date range for the date filter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html#cfn-securityhub-insight-datefilter-daterange

end

A timestamp that provides the end date for the date filter.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html#cfn-securityhub-insight-datefilter-end

start

A timestamp that provides the start date for the date filter.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html#cfn-securityhub-insight-datefilter-start

DateRangeProperty

class CfnInsight.DateRangeProperty(*, unit, value)

Bases: object

A date range for the date filter.

Parameters:
  • unit (str) – A date range unit for the date filter.

  • value (Union[int, float]) – A date range value for the date filter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-daterange.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

date_range_property = securityhub.CfnInsight.DateRangeProperty(
    unit="unit",
    value=123
)

Attributes

unit

A date range unit for the date filter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-daterange.html#cfn-securityhub-insight-daterange-unit

value

A date range value for the date filter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-daterange.html#cfn-securityhub-insight-daterange-value

IpFilterProperty

class CfnInsight.IpFilterProperty(*, cidr)

Bases: object

The IP filter for querying findings.

Parameters:

cidr (str) – A finding’s CIDR value.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-ipfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

ip_filter_property = securityhub.CfnInsight.IpFilterProperty(
    cidr="cidr"
)

Attributes

cidr

A finding’s CIDR value.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-ipfilter.html#cfn-securityhub-insight-ipfilter-cidr

KeywordFilterProperty

class CfnInsight.KeywordFilterProperty(*, value)

Bases: object

A keyword filter for querying findings.

Parameters:

value (str) – A value for the keyword.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-keywordfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

keyword_filter_property = securityhub.CfnInsight.KeywordFilterProperty(
    value="value"
)

Attributes

value

A value for the keyword.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-keywordfilter.html#cfn-securityhub-insight-keywordfilter-value

MapFilterProperty

class CfnInsight.MapFilterProperty(*, comparison, key, value)

Bases: object

A map filter for filtering AWS Security Hub findings.

Each map filter provides the field to check for, the value to check for, and the comparison operator.

Parameters:
  • comparison (str) – The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match. - To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag. CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag. - To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag. NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters. You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

  • key (str) – The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

  • value (str) – The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there’s no match.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-mapfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

map_filter_property = securityhub.CfnInsight.MapFilterProperty(
    comparison="comparison",
    key="key",
    value="value"
)

Attributes

comparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

  • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.

  • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

To search for values that don’t have the filter value, use one of the following comparison operators:

  • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.

  • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-mapfilter.html#cfn-securityhub-insight-mapfilter-comparison

key

The key of the map filter.

For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-mapfilter.html#cfn-securityhub-insight-mapfilter-key

value

The value for the key in the map filter.

Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there’s no match.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-mapfilter.html#cfn-securityhub-insight-mapfilter-value

NumberFilterProperty

class CfnInsight.NumberFilterProperty(*, eq=None, gte=None, lte=None)

Bases: object

A number filter for querying findings.

Parameters:
  • eq (Union[int, float, None]) – The equal-to condition to be applied to a single field when querying for findings.

  • gte (Union[int, float, None]) – The greater-than-equal condition to be applied to a single field when querying for findings.

  • lte (Union[int, float, None]) – The less-than-equal condition to be applied to a single field when querying for findings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-numberfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

number_filter_property = securityhub.CfnInsight.NumberFilterProperty(
    eq=123,
    gte=123,
    lte=123
)

Attributes

eq

The equal-to condition to be applied to a single field when querying for findings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-numberfilter.html#cfn-securityhub-insight-numberfilter-eq

gte

The greater-than-equal condition to be applied to a single field when querying for findings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-numberfilter.html#cfn-securityhub-insight-numberfilter-gte

lte

The less-than-equal condition to be applied to a single field when querying for findings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-numberfilter.html#cfn-securityhub-insight-numberfilter-lte

StringFilterProperty

class CfnInsight.StringFilterProperty(*, comparison, value)

Bases: object

A string filter for filtering AWS Security Hub findings.

Parameters:
  • comparison (str) –

    The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront. - To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 . - To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn’t match. CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront. - To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 . - To search for values that don’t start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us . NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title. You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters. You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface . - ResourceType PREFIX AwsIam - ResourceType PREFIX AwsEc2 - ResourceType NOT_EQUALS AwsIamPolicy - ResourceType NOT_EQUALS AwsEc2NetworkInterface CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

  • value (str) – The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there’s no match.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-stringfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

string_filter_property = securityhub.CfnInsight.StringFilterProperty(
    comparison="comparison",
    value="value"
)

Attributes

comparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

  • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.

  • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .

  • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn’t match.

CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

To search for values that don’t have the filter value, use one of the following comparison operators:

  • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.

  • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .

  • To search for values that don’t start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

  • ResourceType PREFIX AwsIam

  • ResourceType PREFIX AwsEc2

  • ResourceType NOT_EQUALS AwsIamPolicy

  • ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-stringfilter.html#cfn-securityhub-insight-stringfilter-comparison

value

The string filter value.

Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there’s no match.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-stringfilter.html#cfn-securityhub-insight-stringfilter-value