Class: Aws::GuardDuty::Types::CreateFilterRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::GuardDuty::Types::CreateFilterRequest
- Defined in:
- gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb
Overview
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#action ⇒ String
Specifies the action that is to be applied to the findings that match the filter.
-
#client_token ⇒ String
The idempotency token for the create request.
-
#description ⇒ String
The description of the filter.
-
#detector_id ⇒ String
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
-
#finding_criteria ⇒ Types::FindingCriteria
Represents the criteria to be used in the filter for querying findings.
-
#name ⇒ String
The name of the filter.
-
#rank ⇒ Integer
Specifies the position of the filter in the list of current filters.
-
#tags ⇒ Hash<String,String>
The tags to be added to a new filter resource.
Instance Attribute Details
#action ⇒ String
Specifies the action that is to be applied to the findings that match the filter.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#client_token ⇒ String
The idempotency token for the create request.
A suitable default value is auto-generated. You should normally not need to pass this option.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#description ⇒ String
The description of the filter. Valid characters include alphanumeric
characters, and special characters such as hyphen, period, colon,
underscore, parentheses (\{ \}
, [ ]
, and ( )
), forward slash,
horizontal tab, vertical tab, newline, form feed, return, and
whitespace.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#detector_id ⇒ String
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#finding_criteria ⇒ Types::FindingCriteria
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
accountId
id
region
severity
To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:
Low:
["1", "2", "3"]
Medium:
["4", "5", "6"]
High:
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings.
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.outpostArn
resource.resourceType
resource.s3BucketDetails.publicAccess.effectivePermissions
resource.s3BucketDetails.name
resource.s3BucketDetails.tags.key
resource.s3BucketDetails.tags.value
resource.s3BucketDetails.type
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.dnsRequestAction.domainWithSuffix
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.action.awsApiCallAction.remoteAccountDetails.affiliated
service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
service.action.kubernetesApiCallAction.namespace
service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
service.action.kubernetesApiCallAction.requestUri
service.action.kubernetesApiCallAction.statusCode
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.localIpDetails.ipAddressV6
service.action.networkConnectionAction.protocol
service.action.awsApiCallAction.serviceName
service.action.awsApiCallAction.remoteAccountDetails.accountId
service.additionalInfo.threatListName
service.resourceRole
resource.eksClusterDetails.name
resource.kubernetesDetails.kubernetesWorkloadDetails.name
resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
resource.kubernetesDetails.kubernetesUserDetails.username
resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
service.ebsVolumeScanDetails.scanId
service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
resource.ecsClusterDetails.name
resource.ecsClusterDetails.taskDetails.containers.image
resource.ecsClusterDetails.taskDetails.definitionArn
resource.containerDetails.image
resource.rdsDbInstanceDetails.dbInstanceIdentifier
resource.rdsDbInstanceDetails.dbClusterIdentifier
resource.rdsDbInstanceDetails.engine
resource.rdsDbUserDetails.user
resource.rdsDbInstanceDetails.tags.key
resource.rdsDbInstanceDetails.tags.value
service.runtimeDetails.process.executableSha256
service.runtimeDetails.process.name
service.runtimeDetails.process.name
resource.lambdaDetails.functionName
resource.lambdaDetails.functionArn
resource.lambdaDetails.tags.key
resource.lambdaDetails.tags.value
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#name ⇒ String
The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#rank ⇒ Integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#tags ⇒ Hash<String,String>
The tags to be added to a new filter resource.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |