Class: Aws::GuardDuty::Types::CreateFilterRequest

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb

Overview

Note:

When making an API call, you may pass CreateFilterRequest data as a hash:

{
  detector_id: "DetectorId", # required
  name: "FilterName", # required
  description: "FilterDescription",
  action: "NOOP", # accepts NOOP, ARCHIVE
  rank: 1,
  finding_criteria: { # required
    criterion: {
      "String" => {
        eq: ["String"],
        neq: ["String"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        equals: ["String"],
        not_equals: ["String"],
        greater_than: 1,
        greater_than_or_equal: 1,
        less_than: 1,
        less_than_or_equal: 1,
      },
    },
  },
  client_token: "ClientToken",
  tags: {
    "TagKey" => "TagValue",
  },
}

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#actionString

Specifies the action that is to be applied to the findings that match the filter.

Returns:

  • (String)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#client_tokenString

The idempotency token for the create request.

A suitable default value is auto-generated. You should normally not need to pass this option.

Returns:

  • (String)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#descriptionString

The description of the filter.

Returns:

  • (String)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#detector_idString

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

Returns:

  • (String)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#finding_criteriaTypes::FindingCriteria

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId

  • region

  • confidence

  • id

  • resource.accessKeyDetails.accessKeyId

  • resource.accessKeyDetails.principalId

  • resource.accessKeyDetails.userName

  • resource.accessKeyDetails.userType

  • resource.instanceDetails.iamInstanceProfile.id

  • resource.instanceDetails.imageId

  • resource.instanceDetails.instanceId

  • resource.instanceDetails.outpostArn

  • resource.instanceDetails.networkInterfaces.ipv6Addresses

  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

  • resource.instanceDetails.networkInterfaces.publicDnsName

  • resource.instanceDetails.networkInterfaces.publicIp

  • resource.instanceDetails.networkInterfaces.securityGroups.groupId

  • resource.instanceDetails.networkInterfaces.securityGroups.groupName

  • resource.instanceDetails.networkInterfaces.subnetId

  • resource.instanceDetails.networkInterfaces.vpcId

  • resource.instanceDetails.tags.key

  • resource.instanceDetails.tags.value

  • resource.resourceType

  • service.action.actionType

  • service.action.awsApiCallAction.api

  • service.action.awsApiCallAction.callerType

  • service.action.awsApiCallAction.errorCode

  • service.action.awsApiCallAction.remoteIpDetails.city.cityName

  • service.action.awsApiCallAction.remoteIpDetails.country.countryName

  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

  • service.action.awsApiCallAction.remoteIpDetails.organization.asn

  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

  • service.action.awsApiCallAction.serviceName

  • service.action.dnsRequestAction.domain

  • service.action.networkConnectionAction.blocked

  • service.action.networkConnectionAction.connectionDirection

  • service.action.networkConnectionAction.localPortDetails.port

  • service.action.networkConnectionAction.protocol

  • service.action.networkConnectionAction.localIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.city.cityName

  • service.action.networkConnectionAction.remoteIpDetails.country.countryName

  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.organization.asn

  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

  • service.action.networkConnectionAction.remotePortDetails.port

  • service.additionalInfo.threatListName

  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole

  • severity

  • type

  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.



778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#nameString

The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

Returns:

  • (String)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#rankInteger

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Returns:

  • (Integer)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#tagsHash<String,String>

The tags to be added to a new filter resource.

Returns:

  • (Hash<String,String>)


778
779
780
781
782
783
784
785
786
787
788
789
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 778

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end