interface CfnAutomationRuleProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.SecurityHub.CfnAutomationRuleProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awssecurityhub#CfnAutomationRuleProps |
 Java | software.amazon.awscdk.services.securityhub.CfnAutomationRuleProps |
 Python | aws_cdk.aws_securityhub.CfnAutomationRuleProps |
 TypeScript | aws-cdk-lib » aws_securityhub » CfnAutomationRuleProps |
Properties for defining a CfnAutomationRule.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_securityhub as securityhub } from 'aws-cdk-lib';
declare const id: any;
declare const updatedBy: any;
const cfnAutomationRuleProps: securityhub.CfnAutomationRuleProps = {
actions: [{
findingFieldsUpdate: {
confidence: 123,
criticality: 123,
note: {
text: 'text',
updatedBy: updatedBy,
},
relatedFindings: [{
id: id,
productArn: 'productArn',
}],
severity: {
label: 'label',
normalized: 123,
product: 123,
},
types: ['types'],
userDefinedFields: {
userDefinedFieldsKey: 'userDefinedFields',
},
verificationState: 'verificationState',
workflow: {
status: 'status',
},
},
type: 'type',
}],
criteria: {
awsAccountId: [{
comparison: 'comparison',
value: 'value',
}],
companyName: [{
comparison: 'comparison',
value: 'value',
}],
complianceAssociatedStandardsId: [{
comparison: 'comparison',
value: 'value',
}],
complianceSecurityControlId: [{
comparison: 'comparison',
value: 'value',
}],
complianceStatus: [{
comparison: 'comparison',
value: 'value',
}],
confidence: [{
eq: 123,
gte: 123,
lte: 123,
}],
createdAt: [{
dateRange: {
unit: 'unit',
value: 123,
},
end: 'end',
start: 'start',
}],
criticality: [{
eq: 123,
gte: 123,
lte: 123,
}],
description: [{
comparison: 'comparison',
value: 'value',
}],
firstObservedAt: [{
dateRange: {
unit: 'unit',
value: 123,
},
end: 'end',
start: 'start',
}],
generatorId: [{
comparison: 'comparison',
value: 'value',
}],
id: [{
comparison: 'comparison',
value: 'value',
}],
lastObservedAt: [{
dateRange: {
unit: 'unit',
value: 123,
},
end: 'end',
start: 'start',
}],
noteText: [{
comparison: 'comparison',
value: 'value',
}],
noteUpdatedAt: [{
dateRange: {
unit: 'unit',
value: 123,
},
end: 'end',
start: 'start',
}],
noteUpdatedBy: [{
comparison: 'comparison',
value: 'value',
}],
productArn: [{
comparison: 'comparison',
value: 'value',
}],
productName: [{
comparison: 'comparison',
value: 'value',
}],
recordState: [{
comparison: 'comparison',
value: 'value',
}],
relatedFindingsId: [{
comparison: 'comparison',
value: 'value',
}],
relatedFindingsProductArn: [{
comparison: 'comparison',
value: 'value',
}],
resourceDetailsOther: [{
comparison: 'comparison',
key: 'key',
value: 'value',
}],
resourceId: [{
comparison: 'comparison',
value: 'value',
}],
resourcePartition: [{
comparison: 'comparison',
value: 'value',
}],
resourceRegion: [{
comparison: 'comparison',
value: 'value',
}],
resourceTags: [{
comparison: 'comparison',
key: 'key',
value: 'value',
}],
resourceType: [{
comparison: 'comparison',
value: 'value',
}],
severityLabel: [{
comparison: 'comparison',
value: 'value',
}],
sourceUrl: [{
comparison: 'comparison',
value: 'value',
}],
title: [{
comparison: 'comparison',
value: 'value',
}],
type: [{
comparison: 'comparison',
value: 'value',
}],
updatedAt: [{
dateRange: {
unit: 'unit',
value: 123,
},
end: 'end',
start: 'start',
}],
userDefinedFields: [{
comparison: 'comparison',
key: 'key',
value: 'value',
}],
verificationState: [{
comparison: 'comparison',
value: 'value',
}],
workflowStatus: [{
comparison: 'comparison',
value: 'value',
}],
},
description: 'description',
ruleName: 'ruleName',
ruleOrder: 123,
// the properties below are optional
isTerminal: false,
ruleStatus: 'ruleStatus',
tags: {
tagsKey: 'tags',
},
};
Properties
| Name | Type | Description |
|---|---|---|
| actions | IResolvable | IResolvable | Automation[] | One or more actions to update finding fields if a finding matches the conditions specified in Criteria . |
| criteria | IResolvable | Automation | A set of AWS Security Finding Format (ASFF) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding. |
| description | string | A description of the rule. |
| rule | string | The name of the rule. |
| rule | number | An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. |
| is | boolean | IResolvable | Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. |
| rule | string | Whether the rule is active after it is created. |
| tags? | { [string]: string } | User-defined tags associated with an automation rule. |
actions
Type:
IResolvable | IResolvable | Automation[]
One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
criteria
Type:
IResolvable | Automation
A set of AWS Security Finding Format (ASFF) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
description
Type:
string
A description of the rule.
ruleName
Type:
string
The name of the rule.
ruleOrder
Type:
number
An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.
Security Hub applies rules with lower values for this parameter first.
isTerminal?
Type:
boolean | IResolvable
(optional)
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.
This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
ruleStatus?
Type:
string
(optional)
Whether the rule is active after it is created.
If this parameter is equal to ENABLED , Security Hub applies the rule to findings and finding updates after the rule is created.
tags?
Type:
{ [string]: string }
(optional)
User-defined tags associated with an automation rule.