You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::SecurityHub::Types::AwsSecurityFindingFilters

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing AwsSecurityFindingFilters as input to an Aws::Client method, you can use a vanilla Hash:

{
  product_arn: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  aws_account_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  generator_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  first_observed_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  last_observed_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  created_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  updated_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  severity_product: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  severity_normalized: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  severity_label: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  confidence: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  criticality: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  title: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  description: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  recommendation_text: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  source_url: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  product_fields: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
    },
  ],
  product_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  company_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  user_defined_fields: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
    },
  ],
  malware_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  malware_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  malware_path: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  malware_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  network_direction: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  network_protocol: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  network_source_ip_v4: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_source_ip_v6: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_source_port: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  network_source_domain: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  network_source_mac: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  network_destination_ip_v4: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_destination_ip_v6: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_destination_port: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  network_destination_domain: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  process_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  process_path: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  process_pid: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  process_parent_pid: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  process_launched_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  process_terminated_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  threat_intel_indicator_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  threat_intel_indicator_value: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  threat_intel_indicator_category: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  threat_intel_indicator_last_observed_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  threat_intel_indicator_source: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  threat_intel_indicator_source_url: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_partition: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_region: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_tags: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_image_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_ip_v4_addresses: [
    {
      cidr: "NonEmptyString",
    },
  ],
  resource_aws_ec2_instance_ip_v6_addresses: [
    {
      cidr: "NonEmptyString",
    },
  ],
  resource_aws_ec2_instance_key_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_iam_instance_profile_arn: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_vpc_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_subnet_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_ec2_instance_launched_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  resource_aws_s3_bucket_owner_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_s3_bucket_owner_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_iam_access_key_user_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_iam_access_key_status: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_aws_iam_access_key_created_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  resource_container_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_container_image_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_container_image_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  resource_container_launched_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  resource_details_other: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
    },
  ],
  compliance_status: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  verification_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  workflow_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  workflow_status: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  record_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  related_findings_product_arn: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  related_findings_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  note_text: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  note_updated_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  note_updated_by: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
    },
  ],
  keyword: [
    {
      value: "NonEmptyString",
    },
  ],
}

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

Returned by:

See Also:

Instance Attribute Summary collapse

Instance Attribute Details

#aws_account_idArray<Types::StringFilter>

The AWS account ID that a finding is generated in.

Returns:

#company_nameArray<Types::StringFilter>

The name of the findings provider (company) that owns the solution (product) that generates findings.

Returns:

  • (Array<Types::StringFilter>)

    The name of the findings provider (company) that owns the solution (product) that generates findings.

#compliance_statusArray<Types::StringFilter>

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.

Returns:

  • (Array<Types::StringFilter>)

    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations.

#confidenceArray<Types::NumberFilter>

A finding\'s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

#created_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

#criticalityArray<Types::NumberFilter>

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Array<Types::NumberFilter>)

    The level of importance assigned to the resources associated with the finding.

#descriptionArray<Types::StringFilter>

A finding\'s description.

Returns:

#first_observed_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

#generator_idArray<Types::StringFilter>

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers\' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

Returns:

  • (Array<Types::StringFilter>)

    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.

#idArray<Types::StringFilter>

The security findings provider-specific identifier for a finding.

Returns:

  • (Array<Types::StringFilter>)

    The security findings provider-specific identifier for a finding.

#keywordArray<Types::KeywordFilter>

A keyword for a finding.

Returns:

#last_observed_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

#malware_nameArray<Types::StringFilter>

The name of the malware that was observed.

Returns:

#malware_pathArray<Types::StringFilter>

The filesystem path of the malware that was observed.

Returns:

#malware_stateArray<Types::StringFilter>

The state of the malware that was observed.

Returns:

#malware_typeArray<Types::StringFilter>

The type of the malware that was observed.

Returns:

#network_destination_domainArray<Types::StringFilter>

The destination domain of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The destination domain of network-related information about a finding.

#network_destination_ip_v4Array<Types::IpFilter>

The destination IPv4 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The destination IPv4 address of network-related information about a finding.

#network_destination_ip_v6Array<Types::IpFilter>

The destination IPv6 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The destination IPv6 address of network-related information about a finding.

#network_destination_portArray<Types::NumberFilter>

The destination port of network-related information about a finding.

Returns:

  • (Array<Types::NumberFilter>)

    The destination port of network-related information about a finding.

#network_directionArray<Types::StringFilter>

Indicates the direction of network traffic associated with a finding.

Returns:

  • (Array<Types::StringFilter>)

    Indicates the direction of network traffic associated with a finding.

#network_protocolArray<Types::StringFilter>

The protocol of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The protocol of network-related information about a finding.

#network_source_domainArray<Types::StringFilter>

The source domain of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The source domain of network-related information about a finding.

#network_source_ip_v4Array<Types::IpFilter>

The source IPv4 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The source IPv4 address of network-related information about a finding.

#network_source_ip_v6Array<Types::IpFilter>

The source IPv6 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The source IPv6 address of network-related information about a finding.

#network_source_macArray<Types::StringFilter>

The source media access control (MAC) address of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The source media access control (MAC) address of network-related information about a finding.

#network_source_portArray<Types::NumberFilter>

The source port of network-related information about a finding.

Returns:

  • (Array<Types::NumberFilter>)

    The source port of network-related information about a finding.

#note_textArray<Types::StringFilter>

The text of a note.

Returns:

#note_updated_atArray<Types::DateFilter>

The timestamp of when the note was updated.

Returns:

#note_updated_byArray<Types::StringFilter>

The principal that created a note.

Returns:

#process_launched_atArray<Types::DateFilter>

The date/time that the process was launched.

Returns:

#process_nameArray<Types::StringFilter>

The name of the process.

Returns:

#process_parent_pidArray<Types::NumberFilter>

The parent process ID.

Returns:

#process_pathArray<Types::StringFilter>

The path to the process executable.

Returns:

#process_pidArray<Types::NumberFilter>

The process ID.

Returns:

#process_terminated_atArray<Types::DateFilter>

The date/time that the process was terminated.

Returns:

#product_arnArray<Types::StringFilter>

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider\'s product (solution that generates findings) is registered with Security Hub.

Returns:

  • (Array<Types::StringFilter>)

    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider\'s product (solution that generates findings) is registered with Security Hub.

#product_fieldsArray<Types::MapFilter>

A data type where security-findings providers can include additional solution-specific details that aren\'t part of the defined AwsSecurityFinding format.

Returns:

  • (Array<Types::MapFilter>)

    A data type where security-findings providers can include additional solution-specific details that aren\'t part of the defined AwsSecurityFinding format.

#product_nameArray<Types::StringFilter>

The name of the solution (product) that generates findings.

Returns:

#recommendation_textArray<Types::StringFilter>

The recommendation of what to do about the issue described in a finding.

Returns:

  • (Array<Types::StringFilter>)

    The recommendation of what to do about the issue described in a finding.

#record_stateArray<Types::StringFilter>

The updated record state for the finding.

Returns:

#related_findings_idArray<Types::StringFilter>

The solution-generated identifier for a related finding.

Returns:

#related_findings_product_arnArray<Types::StringFilter>

The ARN of the solution that generated a related finding.

Returns:

#resource_aws_ec2_instance_iam_instance_profile_arnArray<Types::StringFilter>

The IAM profile ARN of the instance.

Returns:

#resource_aws_ec2_instance_image_idArray<Types::StringFilter>

The Amazon Machine Image (AMI) ID of the instance.

Returns:

#resource_aws_ec2_instance_ip_v4_addressesArray<Types::IpFilter>

The IPv4 addresses associated with the instance.

Returns:

  • (Array<Types::IpFilter>)

    The IPv4 addresses associated with the instance.

#resource_aws_ec2_instance_ip_v6_addressesArray<Types::IpFilter>

The IPv6 addresses associated with the instance.

Returns:

  • (Array<Types::IpFilter>)

    The IPv6 addresses associated with the instance.

#resource_aws_ec2_instance_key_nameArray<Types::StringFilter>

The key name associated with the instance.

Returns:

#resource_aws_ec2_instance_launched_atArray<Types::DateFilter>

The date and time the instance was launched.

Returns:

#resource_aws_ec2_instance_subnet_idArray<Types::StringFilter>

The identifier of the subnet that the instance was launched in.

Returns:

  • (Array<Types::StringFilter>)

    The identifier of the subnet that the instance was launched in.

#resource_aws_ec2_instance_typeArray<Types::StringFilter>

The instance type of the instance.

Returns:

#resource_aws_ec2_instance_vpc_idArray<Types::StringFilter>

The identifier of the VPC that the instance was launched in.

Returns:

  • (Array<Types::StringFilter>)

    The identifier of the VPC that the instance was launched in.

#resource_aws_iam_access_key_created_atArray<Types::DateFilter>

The creation date/time of the IAM access key related to a finding.

Returns:

  • (Array<Types::DateFilter>)

    The creation date/time of the IAM access key related to a finding.

#resource_aws_iam_access_key_statusArray<Types::StringFilter>

The status of the IAM access key related to a finding.

Returns:

#resource_aws_iam_access_key_user_nameArray<Types::StringFilter>

The user associated with the IAM access key related to a finding.

Returns:

  • (Array<Types::StringFilter>)

    The user associated with the IAM access key related to a finding.

#resource_aws_s3_bucket_owner_idArray<Types::StringFilter>

The canonical user ID of the owner of the S3 bucket.

Returns:

#resource_aws_s3_bucket_owner_nameArray<Types::StringFilter>

The display name of the owner of the S3 bucket.

Returns:

#resource_container_image_idArray<Types::StringFilter>

The identifier of the image related to a finding.

Returns:

#resource_container_image_nameArray<Types::StringFilter>

The name of the image related to a finding.

Returns:

#resource_container_launched_atArray<Types::DateFilter>

The date/time that the container was started.

Returns:

#resource_container_nameArray<Types::StringFilter>

The name of the container related to a finding.

Returns:

#resource_details_otherArray<Types::MapFilter>

The details of a resource that doesn\'t have a specific subfield for the resource type defined.

Returns:

  • (Array<Types::MapFilter>)

    The details of a resource that doesn\'t have a specific subfield for the resource type defined.

#resource_idArray<Types::StringFilter>

The canonical identifier for the given resource type.

Returns:

#resource_partitionArray<Types::StringFilter>

The canonical AWS partition name that the Region is assigned to.

Returns:

  • (Array<Types::StringFilter>)

    The canonical AWS partition name that the Region is assigned to.

#resource_regionArray<Types::StringFilter>

The canonical AWS external Region name where this resource is located.

Returns:

  • (Array<Types::StringFilter>)

    The canonical AWS external Region name where this resource is located.

#resource_tagsArray<Types::MapFilter>

A list of AWS tags associated with a resource at the time the finding was processed.

Returns:

  • (Array<Types::MapFilter>)

    A list of AWS tags associated with a resource at the time the finding was processed.

#resource_typeArray<Types::StringFilter>

Specifies the type of the resource that details are provided for.

Returns:

  • (Array<Types::StringFilter>)

    Specifies the type of the resource that details are provided for.

#severity_labelArray<Types::StringFilter>

The label of a finding\'s severity.

Returns:

#severity_normalizedArray<Types::NumberFilter>

The normalized severity of a finding.

Returns:

#severity_productArray<Types::NumberFilter>

The native severity as defined by the security-findings provider\'s solution that generated the finding.

Returns:

  • (Array<Types::NumberFilter>)

    The native severity as defined by the security-findings provider\'s solution that generated the finding.

#source_urlArray<Types::StringFilter>

A URL that links to a page about the current finding in the security-findings provider\'s solution.

Returns:

  • (Array<Types::StringFilter>)

    A URL that links to a page about the current finding in the security-findings provider\'s solution.

#threat_intel_indicator_categoryArray<Types::StringFilter>

The category of a threat intelligence indicator.

Returns:

#threat_intel_indicator_last_observed_atArray<Types::DateFilter>

The date/time of the last observation of a threat intelligence indicator.

Returns:

  • (Array<Types::DateFilter>)

    The date/time of the last observation of a threat intelligence indicator.

#threat_intel_indicator_sourceArray<Types::StringFilter>

The source of the threat intelligence.

Returns:

#threat_intel_indicator_source_urlArray<Types::StringFilter>

The URL for more details from the source of the threat intelligence.

Returns:

  • (Array<Types::StringFilter>)

    The URL for more details from the source of the threat intelligence.

#threat_intel_indicator_typeArray<Types::StringFilter>

The type of a threat intelligence indicator.

Returns:

#threat_intel_indicator_valueArray<Types::StringFilter>

The value of a threat intelligence indicator.

Returns:

#titleArray<Types::StringFilter>

A finding\'s title.

Returns:

#typeArray<Types::StringFilter>

A finding type in the format of namespace/category/classifier that classifies a finding.

Returns:

  • (Array<Types::StringFilter>)

    A finding type in the format of namespace/category/classifier that classifies a finding.

#updated_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

#user_defined_fieldsArray<Types::MapFilter>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Returns:

  • (Array<Types::MapFilter>)

    A list of name/value string pairs associated with the finding.

#verification_stateArray<Types::StringFilter>

The veracity of a finding.

Returns:

#workflow_stateArray<Types::StringFilter>

The workflow state of a finding.

Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

Returns:

#workflow_statusArray<Types::StringFilter>

The status of the investigation into a finding. Allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

  • NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

  • SUPPRESSED - The finding will not be reviewed again and will not be acted upon.

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

Returns: