Class: Aws::SecurityHub::Types::AwsSecurityFinding

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb

Overview

Note:

When making an API call, you may pass AwsSecurityFinding data as a hash:

{
  schema_version: "NonEmptyString", # required
  id: "NonEmptyString", # required
  product_arn: "NonEmptyString", # required
  generator_id: "NonEmptyString", # required
  aws_account_id: "NonEmptyString", # required
  types: ["NonEmptyString"],
  first_observed_at: "NonEmptyString",
  last_observed_at: "NonEmptyString",
  created_at: "NonEmptyString", # required
  updated_at: "NonEmptyString", # required
  severity: {
    product: 1.0,
    label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
    normalized: 1,
    original: "NonEmptyString",
  },
  confidence: 1,
  criticality: 1,
  title: "NonEmptyString", # required
  description: "NonEmptyString", # required
  remediation: {
    recommendation: {
      text: "NonEmptyString",
      url: "NonEmptyString",
    },
  },
  source_url: "NonEmptyString",
  product_fields: {
    "NonEmptyString" => "NonEmptyString",
  },
  user_defined_fields: {
    "NonEmptyString" => "NonEmptyString",
  },
  malware: [
    {
      name: "NonEmptyString", # required
      type: "ADWARE", # accepts ADWARE, BLENDED_THREAT, BOTNET_AGENT, COIN_MINER, EXPLOIT_KIT, KEYLOGGER, MACRO, POTENTIALLY_UNWANTED, SPYWARE, RANSOMWARE, REMOTE_ACCESS, ROOTKIT, TROJAN, VIRUS, WORM
      path: "NonEmptyString",
      state: "OBSERVED", # accepts OBSERVED, REMOVAL_FAILED, REMOVED
    },
  ],
  network: {
    direction: "IN", # accepts IN, OUT
    protocol: "NonEmptyString",
    open_port_range: {
      begin: 1,
      end: 1,
    },
    source_ip_v4: "NonEmptyString",
    source_ip_v6: "NonEmptyString",
    source_port: 1,
    source_domain: "NonEmptyString",
    source_mac: "NonEmptyString",
    destination_ip_v4: "NonEmptyString",
    destination_ip_v6: "NonEmptyString",
    destination_port: 1,
    destination_domain: "NonEmptyString",
  },
  network_path: [
    {
      component_id: "NonEmptyString",
      component_type: "NonEmptyString",
      egress: {
        protocol: "NonEmptyString",
        destination: {
          address: ["NonEmptyString"],
          port_ranges: [
            {
              begin: 1,
              end: 1,
            },
          ],
        },
        source: {
          address: ["NonEmptyString"],
          port_ranges: [
            {
              begin: 1,
              end: 1,
            },
          ],
        },
      },
      ingress: {
        protocol: "NonEmptyString",
        destination: {
          address: ["NonEmptyString"],
          port_ranges: [
            {
              begin: 1,
              end: 1,
            },
          ],
        },
        source: {
          address: ["NonEmptyString"],
          port_ranges: [
            {
              begin: 1,
              end: 1,
            },
          ],
        },
      },
    },
  ],
  process: {
    name: "NonEmptyString",
    path: "NonEmptyString",
    pid: 1,
    parent_pid: 1,
    launched_at: "NonEmptyString",
    terminated_at: "NonEmptyString",
  },
  threat_intel_indicators: [
    {
      type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL
      value: "NonEmptyString",
      category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER
      last_observed_at: "NonEmptyString",
      source: "NonEmptyString",
      source_url: "NonEmptyString",
    },
  ],
  resources: [ # required
    {
      type: "NonEmptyString", # required
      id: "NonEmptyString", # required
      partition: "aws", # accepts aws, aws-cn, aws-us-gov
      region: "NonEmptyString",
      resource_role: "NonEmptyString",
      tags: {
        "NonEmptyString" => "NonEmptyString",
      },
      data_classification: {
        detailed_results_location: "NonEmptyString",
        result: {
          mime_type: "NonEmptyString",
          size_classified: 1,
          additional_occurrences: false,
          status: {
            code: "NonEmptyString",
            reason: "NonEmptyString",
          },
          sensitive_data: [
            {
              category: "NonEmptyString",
              detections: [
                {
                  count: 1,
                  type: "NonEmptyString",
                  occurrences: {
                    line_ranges: [
                      {
                        start: 1,
                        end: 1,
                        start_column: 1,
                      },
                    ],
                    offset_ranges: [
                      {
                        start: 1,
                        end: 1,
                        start_column: 1,
                      },
                    ],
                    pages: [
                      {
                        page_number: 1,
                        line_range: {
                          start: 1,
                          end: 1,
                          start_column: 1,
                        },
                        offset_range: {
                          start: 1,
                          end: 1,
                          start_column: 1,
                        },
                      },
                    ],
                    records: [
                      {
                        json_path: "NonEmptyString",
                        record_index: 1,
                      },
                    ],
                    cells: [
                      {
                        column: 1,
                        row: 1,
                        column_name: "NonEmptyString",
                        cell_reference: "NonEmptyString",
                      },
                    ],
                  },
                },
              ],
              total_count: 1,
            },
          ],
          custom_data_identifiers: {
            detections: [
              {
                count: 1,
                arn: "NonEmptyString",
                name: "NonEmptyString",
                occurrences: {
                  line_ranges: [
                    {
                      start: 1,
                      end: 1,
                      start_column: 1,
                    },
                  ],
                  offset_ranges: [
                    {
                      start: 1,
                      end: 1,
                      start_column: 1,
                    },
                  ],
                  pages: [
                    {
                      page_number: 1,
                      line_range: {
                        start: 1,
                        end: 1,
                        start_column: 1,
                      },
                      offset_range: {
                        start: 1,
                        end: 1,
                        start_column: 1,
                      },
                    },
                  ],
                  records: [
                    {
                      json_path: "NonEmptyString",
                      record_index: 1,
                    },
                  ],
                  cells: [
                    {
                      column: 1,
                      row: 1,
                      column_name: "NonEmptyString",
                      cell_reference: "NonEmptyString",
                    },
                  ],
                },
              },
            ],
            total_count: 1,
          },
        },
      },
      details: {
        aws_auto_scaling_auto_scaling_group: {
          launch_configuration_name: "NonEmptyString",
          load_balancer_names: ["NonEmptyString"],
          health_check_type: "NonEmptyString",
          health_check_grace_period: 1,
          created_time: "NonEmptyString",
        },
        aws_code_build_project: {
          encryption_key: "NonEmptyString",
          environment: {
            certificate: "NonEmptyString",
            image_pull_credentials_type: "NonEmptyString",
            registry_credential: {
              credential: "NonEmptyString",
              credential_provider: "NonEmptyString",
            },
            type: "NonEmptyString",
          },
          name: "NonEmptyString",
          source: {
            type: "NonEmptyString",
            location: "NonEmptyString",
            git_clone_depth: 1,
            insecure_ssl: false,
          },
          service_role: "NonEmptyString",
          vpc_config: {
            vpc_id: "NonEmptyString",
            subnets: ["NonEmptyString"],
            security_group_ids: ["NonEmptyString"],
          },
        },
        aws_cloud_front_distribution: {
          cache_behaviors: {
            items: [
              {
                viewer_protocol_policy: "NonEmptyString",
              },
            ],
          },
          default_cache_behavior: {
            viewer_protocol_policy: "NonEmptyString",
          },
          default_root_object: "NonEmptyString",
          domain_name: "NonEmptyString",
          etag: "NonEmptyString",
          last_modified_time: "NonEmptyString",
          logging: {
            bucket: "NonEmptyString",
            enabled: false,
            include_cookies: false,
            prefix: "NonEmptyString",
          },
          origins: {
            items: [
              {
                domain_name: "NonEmptyString",
                id: "NonEmptyString",
                origin_path: "NonEmptyString",
                s3_origin_config: {
                  origin_access_identity: "NonEmptyString",
                },
              },
            ],
          },
          origin_groups: {
            items: [
              {
                failover_criteria: {
                  status_codes: {
                    items: [1],
                    quantity: 1,
                  },
                },
              },
            ],
          },
          status: "NonEmptyString",
          web_acl_id: "NonEmptyString",
        },
        aws_ec2_instance: {
          type: "NonEmptyString",
          image_id: "NonEmptyString",
          ip_v4_addresses: ["NonEmptyString"],
          ip_v6_addresses: ["NonEmptyString"],
          key_name: "NonEmptyString",
          iam_instance_profile_arn: "NonEmptyString",
          vpc_id: "NonEmptyString",
          subnet_id: "NonEmptyString",
          launched_at: "NonEmptyString",
        },
        aws_ec2_network_interface: {
          attachment: {
            attach_time: "NonEmptyString",
            attachment_id: "NonEmptyString",
            delete_on_termination: false,
            device_index: 1,
            instance_id: "NonEmptyString",
            instance_owner_id: "NonEmptyString",
            status: "NonEmptyString",
          },
          network_interface_id: "NonEmptyString",
          security_groups: [
            {
              group_name: "NonEmptyString",
              group_id: "NonEmptyString",
            },
          ],
          source_dest_check: false,
          ip_v6_addresses: [
            {
              ip_v6_address: "NonEmptyString",
            },
          ],
          private_ip_addresses: [
            {
              private_ip_address: "NonEmptyString",
              private_dns_name: "NonEmptyString",
            },
          ],
          public_dns_name: "NonEmptyString",
          public_ip: "NonEmptyString",
        },
        aws_ec2_security_group: {
          group_name: "NonEmptyString",
          group_id: "NonEmptyString",
          owner_id: "NonEmptyString",
          vpc_id: "NonEmptyString",
          ip_permissions: [
            {
              ip_protocol: "NonEmptyString",
              from_port: 1,
              to_port: 1,
              user_id_group_pairs: [
                {
                  group_id: "NonEmptyString",
                  group_name: "NonEmptyString",
                  peering_status: "NonEmptyString",
                  user_id: "NonEmptyString",
                  vpc_id: "NonEmptyString",
                  vpc_peering_connection_id: "NonEmptyString",
                },
              ],
              ip_ranges: [
                {
                  cidr_ip: "NonEmptyString",
                },
              ],
              ipv_6_ranges: [
                {
                  cidr_ipv_6: "NonEmptyString",
                },
              ],
              prefix_list_ids: [
                {
                  prefix_list_id: "NonEmptyString",
                },
              ],
            },
          ],
          ip_permissions_egress: [
            {
              ip_protocol: "NonEmptyString",
              from_port: 1,
              to_port: 1,
              user_id_group_pairs: [
                {
                  group_id: "NonEmptyString",
                  group_name: "NonEmptyString",
                  peering_status: "NonEmptyString",
                  user_id: "NonEmptyString",
                  vpc_id: "NonEmptyString",
                  vpc_peering_connection_id: "NonEmptyString",
                },
              ],
              ip_ranges: [
                {
                  cidr_ip: "NonEmptyString",
                },
              ],
              ipv_6_ranges: [
                {
                  cidr_ipv_6: "NonEmptyString",
                },
              ],
              prefix_list_ids: [
                {
                  prefix_list_id: "NonEmptyString",
                },
              ],
            },
          ],
        },
        aws_ec2_volume: {
          create_time: "NonEmptyString",
          encrypted: false,
          size: 1,
          snapshot_id: "NonEmptyString",
          status: "NonEmptyString",
          kms_key_id: "NonEmptyString",
          attachments: [
            {
              attach_time: "NonEmptyString",
              delete_on_termination: false,
              instance_id: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
        },
        aws_ec2_vpc: {
          cidr_block_association_set: [
            {
              association_id: "NonEmptyString",
              cidr_block: "NonEmptyString",
              cidr_block_state: "NonEmptyString",
            },
          ],
          ipv_6_cidr_block_association_set: [
            {
              association_id: "NonEmptyString",
              ipv_6_cidr_block: "NonEmptyString",
              cidr_block_state: "NonEmptyString",
            },
          ],
          dhcp_options_id: "NonEmptyString",
          state: "NonEmptyString",
        },
        aws_ec2_eip: {
          instance_id: "NonEmptyString",
          public_ip: "NonEmptyString",
          allocation_id: "NonEmptyString",
          association_id: "NonEmptyString",
          domain: "NonEmptyString",
          public_ipv_4_pool: "NonEmptyString",
          network_border_group: "NonEmptyString",
          network_interface_id: "NonEmptyString",
          network_interface_owner_id: "NonEmptyString",
          private_ip_address: "NonEmptyString",
        },
        aws_elbv_2_load_balancer: {
          availability_zones: [
            {
              zone_name: "NonEmptyString",
              subnet_id: "NonEmptyString",
            },
          ],
          canonical_hosted_zone_id: "NonEmptyString",
          created_time: "NonEmptyString",
          dns_name: "NonEmptyString",
          ip_address_type: "NonEmptyString",
          scheme: "NonEmptyString",
          security_groups: ["NonEmptyString"],
          state: {
            code: "NonEmptyString",
            reason: "NonEmptyString",
          },
          type: "NonEmptyString",
          vpc_id: "NonEmptyString",
        },
        aws_elasticsearch_domain: {
          access_policies: "NonEmptyString",
          domain_endpoint_options: {
            enforce_https: false,
            tls_security_policy: "NonEmptyString",
          },
          domain_id: "NonEmptyString",
          domain_name: "NonEmptyString",
          endpoint: "NonEmptyString",
          endpoints: {
            "NonEmptyString" => "NonEmptyString",
          },
          elasticsearch_version: "NonEmptyString",
          encryption_at_rest_options: {
            enabled: false,
            kms_key_id: "NonEmptyString",
          },
          node_to_node_encryption_options: {
            enabled: false,
          },
          vpc_options: {
            availability_zones: ["NonEmptyString"],
            security_group_ids: ["NonEmptyString"],
            subnet_ids: ["NonEmptyString"],
            vpc_id: "NonEmptyString",
          },
        },
        aws_s3_bucket: {
          owner_id: "NonEmptyString",
          owner_name: "NonEmptyString",
          created_at: "NonEmptyString",
          server_side_encryption_configuration: {
            rules: [
              {
                apply_server_side_encryption_by_default: {
                  sse_algorithm: "NonEmptyString",
                  kms_master_key_id: "NonEmptyString",
                },
              },
            ],
          },
          public_access_block_configuration: {
            block_public_acls: false,
            block_public_policy: false,
            ignore_public_acls: false,
            restrict_public_buckets: false,
          },
        },
        aws_s3_account_public_access_block: {
          block_public_acls: false,
          block_public_policy: false,
          ignore_public_acls: false,
          restrict_public_buckets: false,
        },
        aws_s3_object: {
          last_modified: "NonEmptyString",
          etag: "NonEmptyString",
          version_id: "NonEmptyString",
          content_type: "NonEmptyString",
          server_side_encryption: "NonEmptyString",
          ssekms_key_id: "NonEmptyString",
        },
        aws_secrets_manager_secret: {
          rotation_rules: {
            automatically_after_days: 1,
          },
          rotation_occurred_within_frequency: false,
          kms_key_id: "NonEmptyString",
          rotation_enabled: false,
          rotation_lambda_arn: "NonEmptyString",
          deleted: false,
          name: "NonEmptyString",
          description: "NonEmptyString",
        },
        aws_iam_access_key: {
          user_name: "NonEmptyString",
          status: "Active", # accepts Active, Inactive
          created_at: "NonEmptyString",
          principal_id: "NonEmptyString",
          principal_type: "NonEmptyString",
          principal_name: "NonEmptyString",
          account_id: "NonEmptyString",
          access_key_id: "NonEmptyString",
          session_context: {
            attributes: {
              mfa_authenticated: false,
              creation_date: "NonEmptyString",
            },
            session_issuer: {
              type: "NonEmptyString",
              principal_id: "NonEmptyString",
              arn: "NonEmptyString",
              account_id: "NonEmptyString",
              user_name: "NonEmptyString",
            },
          },
        },
        aws_iam_user: {
          attached_managed_policies: [
            {
              policy_name: "NonEmptyString",
              policy_arn: "NonEmptyString",
            },
          ],
          create_date: "NonEmptyString",
          group_list: ["NonEmptyString"],
          path: "NonEmptyString",
          permissions_boundary: {
            permissions_boundary_arn: "NonEmptyString",
            permissions_boundary_type: "NonEmptyString",
          },
          user_id: "NonEmptyString",
          user_name: "NonEmptyString",
          user_policy_list: [
            {
              policy_name: "NonEmptyString",
            },
          ],
        },
        aws_iam_policy: {
          attachment_count: 1,
          create_date: "NonEmptyString",
          default_version_id: "NonEmptyString",
          description: "NonEmptyString",
          is_attachable: false,
          path: "NonEmptyString",
          permissions_boundary_usage_count: 1,
          policy_id: "NonEmptyString",
          policy_name: "NonEmptyString",
          policy_version_list: [
            {
              version_id: "NonEmptyString",
              is_default_version: false,
              create_date: "NonEmptyString",
            },
          ],
          update_date: "NonEmptyString",
        },
        aws_api_gateway_v2_stage: {
          created_date: "NonEmptyString",
          description: "NonEmptyString",
          default_route_settings: {
            detailed_metrics_enabled: false,
            logging_level: "NonEmptyString",
            data_trace_enabled: false,
            throttling_burst_limit: 1,
            throttling_rate_limit: 1.0,
          },
          deployment_id: "NonEmptyString",
          last_updated_date: "NonEmptyString",
          route_settings: {
            detailed_metrics_enabled: false,
            logging_level: "NonEmptyString",
            data_trace_enabled: false,
            throttling_burst_limit: 1,
            throttling_rate_limit: 1.0,
          },
          stage_name: "NonEmptyString",
          stage_variables: {
            "NonEmptyString" => "NonEmptyString",
          },
          access_log_settings: {
            format: "NonEmptyString",
            destination_arn: "NonEmptyString",
          },
          auto_deploy: false,
          last_deployment_status_message: "NonEmptyString",
          api_gateway_managed: false,
        },
        aws_api_gateway_v2_api: {
          api_endpoint: "NonEmptyString",
          api_id: "NonEmptyString",
          api_key_selection_expression: "NonEmptyString",
          created_date: "NonEmptyString",
          description: "NonEmptyString",
          version: "NonEmptyString",
          name: "NonEmptyString",
          protocol_type: "NonEmptyString",
          route_selection_expression: "NonEmptyString",
          cors_configuration: {
            allow_origins: ["NonEmptyString"],
            allow_credentials: false,
            expose_headers: ["NonEmptyString"],
            max_age: 1,
            allow_methods: ["NonEmptyString"],
            allow_headers: ["NonEmptyString"],
          },
        },
        aws_dynamo_db_table: {
          attribute_definitions: [
            {
              attribute_name: "NonEmptyString",
              attribute_type: "NonEmptyString",
            },
          ],
          billing_mode_summary: {
            billing_mode: "NonEmptyString",
            last_update_to_pay_per_request_date_time: "NonEmptyString",
          },
          creation_date_time: "NonEmptyString",
          global_secondary_indexes: [
            {
              backfilling: false,
              index_arn: "NonEmptyString",
              index_name: "NonEmptyString",
              index_size_bytes: 1,
              index_status: "NonEmptyString",
              item_count: 1,
              key_schema: [
                {
                  attribute_name: "NonEmptyString",
                  key_type: "NonEmptyString",
                },
              ],
              projection: {
                non_key_attributes: ["NonEmptyString"],
                projection_type: "NonEmptyString",
              },
              provisioned_throughput: {
                last_decrease_date_time: "NonEmptyString",
                last_increase_date_time: "NonEmptyString",
                number_of_decreases_today: 1,
                read_capacity_units: 1,
                write_capacity_units: 1,
              },
            },
          ],
          global_table_version: "NonEmptyString",
          item_count: 1,
          key_schema: [
            {
              attribute_name: "NonEmptyString",
              key_type: "NonEmptyString",
            },
          ],
          latest_stream_arn: "NonEmptyString",
          latest_stream_label: "NonEmptyString",
          local_secondary_indexes: [
            {
              index_arn: "NonEmptyString",
              index_name: "NonEmptyString",
              key_schema: [
                {
                  attribute_name: "NonEmptyString",
                  key_type: "NonEmptyString",
                },
              ],
              projection: {
                non_key_attributes: ["NonEmptyString"],
                projection_type: "NonEmptyString",
              },
            },
          ],
          provisioned_throughput: {
            last_decrease_date_time: "NonEmptyString",
            last_increase_date_time: "NonEmptyString",
            number_of_decreases_today: 1,
            read_capacity_units: 1,
            write_capacity_units: 1,
          },
          replicas: [
            {
              global_secondary_indexes: [
                {
                  index_name: "NonEmptyString",
                  provisioned_throughput_override: {
                    read_capacity_units: 1,
                  },
                },
              ],
              kms_master_key_id: "NonEmptyString",
              provisioned_throughput_override: {
                read_capacity_units: 1,
              },
              region_name: "NonEmptyString",
              replica_status: "NonEmptyString",
              replica_status_description: "NonEmptyString",
            },
          ],
          restore_summary: {
            source_backup_arn: "NonEmptyString",
            source_table_arn: "NonEmptyString",
            restore_date_time: "NonEmptyString",
            restore_in_progress: false,
          },
          sse_description: {
            inaccessible_encryption_date_time: "NonEmptyString",
            status: "NonEmptyString",
            sse_type: "NonEmptyString",
            kms_master_key_arn: "NonEmptyString",
          },
          stream_specification: {
            stream_enabled: false,
            stream_view_type: "NonEmptyString",
          },
          table_id: "NonEmptyString",
          table_name: "NonEmptyString",
          table_size_bytes: 1,
          table_status: "NonEmptyString",
        },
        aws_api_gateway_stage: {
          deployment_id: "NonEmptyString",
          client_certificate_id: "NonEmptyString",
          stage_name: "NonEmptyString",
          description: "NonEmptyString",
          cache_cluster_enabled: false,
          cache_cluster_size: "NonEmptyString",
          cache_cluster_status: "NonEmptyString",
          method_settings: [
            {
              metrics_enabled: false,
              logging_level: "NonEmptyString",
              data_trace_enabled: false,
              throttling_burst_limit: 1,
              throttling_rate_limit: 1.0,
              caching_enabled: false,
              cache_ttl_in_seconds: 1,
              cache_data_encrypted: false,
              require_authorization_for_cache_control: false,
              unauthorized_cache_control_header_strategy: "NonEmptyString",
              http_method: "NonEmptyString",
              resource_path: "NonEmptyString",
            },
          ],
          variables: {
            "NonEmptyString" => "NonEmptyString",
          },
          documentation_version: "NonEmptyString",
          access_log_settings: {
            format: "NonEmptyString",
            destination_arn: "NonEmptyString",
          },
          canary_settings: {
            percent_traffic: 1.0,
            deployment_id: "NonEmptyString",
            stage_variable_overrides: {
              "NonEmptyString" => "NonEmptyString",
            },
            use_stage_cache: false,
          },
          tracing_enabled: false,
          created_date: "NonEmptyString",
          last_updated_date: "NonEmptyString",
          web_acl_arn: "NonEmptyString",
        },
        aws_api_gateway_rest_api: {
          id: "NonEmptyString",
          name: "NonEmptyString",
          description: "NonEmptyString",
          created_date: "NonEmptyString",
          version: "NonEmptyString",
          binary_media_types: ["NonEmptyString"],
          minimum_compression_size: 1,
          api_key_source: "NonEmptyString",
          endpoint_configuration: {
            types: ["NonEmptyString"],
          },
        },
        aws_cloud_trail_trail: {
          cloud_watch_logs_log_group_arn: "NonEmptyString",
          cloud_watch_logs_role_arn: "NonEmptyString",
          has_custom_event_selectors: false,
          home_region: "NonEmptyString",
          include_global_service_events: false,
          is_multi_region_trail: false,
          is_organization_trail: false,
          kms_key_id: "NonEmptyString",
          log_file_validation_enabled: false,
          name: "NonEmptyString",
          s3_bucket_name: "NonEmptyString",
          s3_key_prefix: "NonEmptyString",
          sns_topic_arn: "NonEmptyString",
          sns_topic_name: "NonEmptyString",
          trail_arn: "NonEmptyString",
        },
        aws_ssm_patch_compliance: {
          patch: {
            compliance_summary: {
              status: "NonEmptyString",
              compliant_critical_count: 1,
              compliant_high_count: 1,
              compliant_medium_count: 1,
              execution_type: "NonEmptyString",
              non_compliant_critical_count: 1,
              compliant_informational_count: 1,
              non_compliant_informational_count: 1,
              compliant_unspecified_count: 1,
              non_compliant_low_count: 1,
              non_compliant_high_count: 1,
              compliant_low_count: 1,
              compliance_type: "NonEmptyString",
              patch_baseline_id: "NonEmptyString",
              overall_severity: "NonEmptyString",
              non_compliant_medium_count: 1,
              non_compliant_unspecified_count: 1,
              patch_group: "NonEmptyString",
            },
          },
        },
        aws_certificate_manager_certificate: {
          certificate_authority_arn: "NonEmptyString",
          created_at: "NonEmptyString",
          domain_name: "NonEmptyString",
          domain_validation_options: [
            {
              domain_name: "NonEmptyString",
              resource_record: {
                name: "NonEmptyString",
                type: "NonEmptyString",
                value: "NonEmptyString",
              },
              validation_domain: "NonEmptyString",
              validation_emails: ["NonEmptyString"],
              validation_method: "NonEmptyString",
              validation_status: "NonEmptyString",
            },
          ],
          extended_key_usages: [
            {
              name: "NonEmptyString",
              o_id: "NonEmptyString",
            },
          ],
          failure_reason: "NonEmptyString",
          imported_at: "NonEmptyString",
          in_use_by: ["NonEmptyString"],
          issued_at: "NonEmptyString",
          issuer: "NonEmptyString",
          key_algorithm: "NonEmptyString",
          key_usages: [
            {
              name: "NonEmptyString",
            },
          ],
          not_after: "NonEmptyString",
          not_before: "NonEmptyString",
          options: {
            certificate_transparency_logging_preference: "NonEmptyString",
          },
          renewal_eligibility: "NonEmptyString",
          renewal_summary: {
            domain_validation_options: [
              {
                domain_name: "NonEmptyString",
                resource_record: {
                  name: "NonEmptyString",
                  type: "NonEmptyString",
                  value: "NonEmptyString",
                },
                validation_domain: "NonEmptyString",
                validation_emails: ["NonEmptyString"],
                validation_method: "NonEmptyString",
                validation_status: "NonEmptyString",
              },
            ],
            renewal_status: "NonEmptyString",
            renewal_status_reason: "NonEmptyString",
            updated_at: "NonEmptyString",
          },
          serial: "NonEmptyString",
          signature_algorithm: "NonEmptyString",
          status: "NonEmptyString",
          subject: "NonEmptyString",
          subject_alternative_names: ["NonEmptyString"],
          type: "NonEmptyString",
        },
        aws_redshift_cluster: {
          allow_version_upgrade: false,
          automated_snapshot_retention_period: 1,
          availability_zone: "NonEmptyString",
          cluster_availability_status: "NonEmptyString",
          cluster_create_time: "NonEmptyString",
          cluster_identifier: "NonEmptyString",
          cluster_nodes: [
            {
              node_role: "NonEmptyString",
              private_ip_address: "NonEmptyString",
              public_ip_address: "NonEmptyString",
            },
          ],
          cluster_parameter_groups: [
            {
              cluster_parameter_status_list: [
                {
                  parameter_name: "NonEmptyString",
                  parameter_apply_status: "NonEmptyString",
                  parameter_apply_error_description: "NonEmptyString",
                },
              ],
              parameter_apply_status: "NonEmptyString",
              parameter_group_name: "NonEmptyString",
            },
          ],
          cluster_public_key: "NonEmptyString",
          cluster_revision_number: "NonEmptyString",
          cluster_security_groups: [
            {
              cluster_security_group_name: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          cluster_snapshot_copy_status: {
            destination_region: "NonEmptyString",
            manual_snapshot_retention_period: 1,
            retention_period: 1,
            snapshot_copy_grant_name: "NonEmptyString",
          },
          cluster_status: "NonEmptyString",
          cluster_subnet_group_name: "NonEmptyString",
          cluster_version: "NonEmptyString",
          db_name: "NonEmptyString",
          deferred_maintenance_windows: [
            {
              defer_maintenance_end_time: "NonEmptyString",
              defer_maintenance_identifier: "NonEmptyString",
              defer_maintenance_start_time: "NonEmptyString",
            },
          ],
          elastic_ip_status: {
            elastic_ip: "NonEmptyString",
            status: "NonEmptyString",
          },
          elastic_resize_number_of_node_options: "NonEmptyString",
          encrypted: false,
          endpoint: {
            address: "NonEmptyString",
            port: 1,
          },
          enhanced_vpc_routing: false,
          expected_next_snapshot_schedule_time: "NonEmptyString",
          expected_next_snapshot_schedule_time_status: "NonEmptyString",
          hsm_status: {
            hsm_client_certificate_identifier: "NonEmptyString",
            hsm_configuration_identifier: "NonEmptyString",
            status: "NonEmptyString",
          },
          iam_roles: [
            {
              apply_status: "NonEmptyString",
              iam_role_arn: "NonEmptyString",
            },
          ],
          kms_key_id: "NonEmptyString",
          maintenance_track_name: "NonEmptyString",
          manual_snapshot_retention_period: 1,
          master_username: "NonEmptyString",
          next_maintenance_window_start_time: "NonEmptyString",
          node_type: "NonEmptyString",
          number_of_nodes: 1,
          pending_actions: ["NonEmptyString"],
          pending_modified_values: {
            automated_snapshot_retention_period: 1,
            cluster_identifier: "NonEmptyString",
            cluster_type: "NonEmptyString",
            cluster_version: "NonEmptyString",
            encryption_type: "NonEmptyString",
            enhanced_vpc_routing: false,
            maintenance_track_name: "NonEmptyString",
            master_user_password: "NonEmptyString",
            node_type: "NonEmptyString",
            number_of_nodes: 1,
            publicly_accessible: false,
          },
          preferred_maintenance_window: "NonEmptyString",
          publicly_accessible: false,
          resize_info: {
            allow_cancel_resize: false,
            resize_type: "NonEmptyString",
          },
          restore_status: {
            current_restore_rate_in_mega_bytes_per_second: 1.0,
            elapsed_time_in_seconds: 1,
            estimated_time_to_completion_in_seconds: 1,
            progress_in_mega_bytes: 1,
            snapshot_size_in_mega_bytes: 1,
            status: "NonEmptyString",
          },
          snapshot_schedule_identifier: "NonEmptyString",
          snapshot_schedule_state: "NonEmptyString",
          vpc_id: "NonEmptyString",
          vpc_security_groups: [
            {
              status: "NonEmptyString",
              vpc_security_group_id: "NonEmptyString",
            },
          ],
        },
        aws_elb_load_balancer: {
          availability_zones: ["NonEmptyString"],
          backend_server_descriptions: [
            {
              instance_port: 1,
              policy_names: ["NonEmptyString"],
            },
          ],
          canonical_hosted_zone_name: "NonEmptyString",
          canonical_hosted_zone_name_id: "NonEmptyString",
          created_time: "NonEmptyString",
          dns_name: "NonEmptyString",
          health_check: {
            healthy_threshold: 1,
            interval: 1,
            target: "NonEmptyString",
            timeout: 1,
            unhealthy_threshold: 1,
          },
          instances: [
            {
              instance_id: "NonEmptyString",
            },
          ],
          listener_descriptions: [
            {
              listener: {
                instance_port: 1,
                instance_protocol: "NonEmptyString",
                load_balancer_port: 1,
                protocol: "NonEmptyString",
                ssl_certificate_id: "NonEmptyString",
              },
              policy_names: ["NonEmptyString"],
            },
          ],
          load_balancer_attributes: {
            access_log: {
              emit_interval: 1,
              enabled: false,
              s3_bucket_name: "NonEmptyString",
              s3_bucket_prefix: "NonEmptyString",
            },
            connection_draining: {
              enabled: false,
              timeout: 1,
            },
            connection_settings: {
              idle_timeout: 1,
            },
            cross_zone_load_balancing: {
              enabled: false,
            },
          },
          load_balancer_name: "NonEmptyString",
          policies: {
            app_cookie_stickiness_policies: [
              {
                cookie_name: "NonEmptyString",
                policy_name: "NonEmptyString",
              },
            ],
            lb_cookie_stickiness_policies: [
              {
                cookie_expiration_period: 1,
                policy_name: "NonEmptyString",
              },
            ],
            other_policies: ["NonEmptyString"],
          },
          scheme: "NonEmptyString",
          security_groups: ["NonEmptyString"],
          source_security_group: {
            group_name: "NonEmptyString",
            owner_alias: "NonEmptyString",
          },
          subnets: ["NonEmptyString"],
          vpc_id: "NonEmptyString",
        },
        aws_iam_group: {
          attached_managed_policies: [
            {
              policy_name: "NonEmptyString",
              policy_arn: "NonEmptyString",
            },
          ],
          create_date: "NonEmptyString",
          group_id: "NonEmptyString",
          group_name: "NonEmptyString",
          group_policy_list: [
            {
              policy_name: "NonEmptyString",
            },
          ],
          path: "NonEmptyString",
        },
        aws_iam_role: {
          assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
          attached_managed_policies: [
            {
              policy_name: "NonEmptyString",
              policy_arn: "NonEmptyString",
            },
          ],
          create_date: "NonEmptyString",
          instance_profile_list: [
            {
              arn: "NonEmptyString",
              create_date: "NonEmptyString",
              instance_profile_id: "NonEmptyString",
              instance_profile_name: "NonEmptyString",
              path: "NonEmptyString",
              roles: [
                {
                  arn: "NonEmptyString",
                  assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
                  create_date: "NonEmptyString",
                  path: "NonEmptyString",
                  role_id: "NonEmptyString",
                  role_name: "NonEmptyString",
                },
              ],
            },
          ],
          permissions_boundary: {
            permissions_boundary_arn: "NonEmptyString",
            permissions_boundary_type: "NonEmptyString",
          },
          role_id: "NonEmptyString",
          role_name: "NonEmptyString",
          role_policy_list: [
            {
              policy_name: "NonEmptyString",
            },
          ],
          max_session_duration: 1,
          path: "NonEmptyString",
        },
        aws_kms_key: {
          aws_account_id: "NonEmptyString",
          creation_date: 1.0,
          key_id: "NonEmptyString",
          key_manager: "NonEmptyString",
          key_state: "NonEmptyString",
          origin: "NonEmptyString",
          description: "NonEmptyString",
        },
        aws_lambda_function: {
          code: {
            s3_bucket: "NonEmptyString",
            s3_key: "NonEmptyString",
            s3_object_version: "NonEmptyString",
            zip_file: "NonEmptyString",
          },
          code_sha_256: "NonEmptyString",
          dead_letter_config: {
            target_arn: "NonEmptyString",
          },
          environment: {
            variables: {
              "NonEmptyString" => "NonEmptyString",
            },
            error: {
              error_code: "NonEmptyString",
              message: "NonEmptyString",
            },
          },
          function_name: "NonEmptyString",
          handler: "NonEmptyString",
          kms_key_arn: "NonEmptyString",
          last_modified: "NonEmptyString",
          layers: [
            {
              arn: "NonEmptyString",
              code_size: 1,
            },
          ],
          master_arn: "NonEmptyString",
          memory_size: 1,
          revision_id: "NonEmptyString",
          role: "NonEmptyString",
          runtime: "NonEmptyString",
          timeout: 1,
          tracing_config: {
            mode: "NonEmptyString",
          },
          vpc_config: {
            security_group_ids: ["NonEmptyString"],
            subnet_ids: ["NonEmptyString"],
            vpc_id: "NonEmptyString",
          },
          version: "NonEmptyString",
        },
        aws_lambda_layer_version: {
          version: 1,
          compatible_runtimes: ["NonEmptyString"],
          created_date: "NonEmptyString",
        },
        aws_rds_db_instance: {
          associated_roles: [
            {
              role_arn: "NonEmptyString",
              feature_name: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          ca_certificate_identifier: "NonEmptyString",
          db_cluster_identifier: "NonEmptyString",
          db_instance_identifier: "NonEmptyString",
          db_instance_class: "NonEmptyString",
          db_instance_port: 1,
          dbi_resource_id: "NonEmptyString",
          db_name: "NonEmptyString",
          deletion_protection: false,
          endpoint: {
            address: "NonEmptyString",
            port: 1,
            hosted_zone_id: "NonEmptyString",
          },
          engine: "NonEmptyString",
          engine_version: "NonEmptyString",
          iam_database_authentication_enabled: false,
          instance_create_time: "NonEmptyString",
          kms_key_id: "NonEmptyString",
          publicly_accessible: false,
          storage_encrypted: false,
          tde_credential_arn: "NonEmptyString",
          vpc_security_groups: [
            {
              vpc_security_group_id: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          multi_az: false,
          enhanced_monitoring_resource_arn: "NonEmptyString",
          db_instance_status: "NonEmptyString",
          master_username: "NonEmptyString",
          allocated_storage: 1,
          preferred_backup_window: "NonEmptyString",
          backup_retention_period: 1,
          db_security_groups: ["NonEmptyString"],
          db_parameter_groups: [
            {
              db_parameter_group_name: "NonEmptyString",
              parameter_apply_status: "NonEmptyString",
            },
          ],
          availability_zone: "NonEmptyString",
          db_subnet_group: {
            db_subnet_group_name: "NonEmptyString",
            db_subnet_group_description: "NonEmptyString",
            vpc_id: "NonEmptyString",
            subnet_group_status: "NonEmptyString",
            subnets: [
              {
                subnet_identifier: "NonEmptyString",
                subnet_availability_zone: {
                  name: "NonEmptyString",
                },
                subnet_status: "NonEmptyString",
              },
            ],
            db_subnet_group_arn: "NonEmptyString",
          },
          preferred_maintenance_window: "NonEmptyString",
          pending_modified_values: {
            db_instance_class: "NonEmptyString",
            allocated_storage: 1,
            master_user_password: "NonEmptyString",
            port: 1,
            backup_retention_period: 1,
            multi_az: false,
            engine_version: "NonEmptyString",
            license_model: "NonEmptyString",
            iops: 1,
            db_instance_identifier: "NonEmptyString",
            storage_type: "NonEmptyString",
            ca_certificate_identifier: "NonEmptyString",
            db_subnet_group_name: "NonEmptyString",
            pending_cloud_watch_logs_exports: {
              log_types_to_enable: ["NonEmptyString"],
              log_types_to_disable: ["NonEmptyString"],
            },
            processor_features: [
              {
                name: "NonEmptyString",
                value: "NonEmptyString",
              },
            ],
          },
          latest_restorable_time: "NonEmptyString",
          auto_minor_version_upgrade: false,
          read_replica_source_db_instance_identifier: "NonEmptyString",
          read_replica_db_instance_identifiers: ["NonEmptyString"],
          read_replica_db_cluster_identifiers: ["NonEmptyString"],
          license_model: "NonEmptyString",
          iops: 1,
          option_group_memberships: [
            {
              option_group_name: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          character_set_name: "NonEmptyString",
          secondary_availability_zone: "NonEmptyString",
          status_infos: [
            {
              status_type: "NonEmptyString",
              normal: false,
              status: "NonEmptyString",
              message: "NonEmptyString",
            },
          ],
          storage_type: "NonEmptyString",
          domain_memberships: [
            {
              domain: "NonEmptyString",
              status: "NonEmptyString",
              fqdn: "NonEmptyString",
              iam_role_name: "NonEmptyString",
            },
          ],
          copy_tags_to_snapshot: false,
          monitoring_interval: 1,
          monitoring_role_arn: "NonEmptyString",
          promotion_tier: 1,
          timezone: "NonEmptyString",
          performance_insights_enabled: false,
          performance_insights_kms_key_id: "NonEmptyString",
          performance_insights_retention_period: 1,
          enabled_cloud_watch_logs_exports: ["NonEmptyString"],
          processor_features: [
            {
              name: "NonEmptyString",
              value: "NonEmptyString",
            },
          ],
          listener_endpoint: {
            address: "NonEmptyString",
            port: 1,
            hosted_zone_id: "NonEmptyString",
          },
          max_allocated_storage: 1,
        },
        aws_sns_topic: {
          kms_master_key_id: "NonEmptyString",
          subscription: [
            {
              endpoint: "NonEmptyString",
              protocol: "NonEmptyString",
            },
          ],
          topic_name: "NonEmptyString",
          owner: "NonEmptyString",
        },
        aws_sqs_queue: {
          kms_data_key_reuse_period_seconds: 1,
          kms_master_key_id: "NonEmptyString",
          queue_name: "NonEmptyString",
          dead_letter_target_arn: "NonEmptyString",
        },
        aws_waf_web_acl: {
          name: "NonEmptyString",
          default_action: "NonEmptyString",
          rules: [
            {
              action: {
                type: "NonEmptyString",
              },
              excluded_rules: [
                {
                  rule_id: "NonEmptyString",
                },
              ],
              override_action: {
                type: "NonEmptyString",
              },
              priority: 1,
              rule_id: "NonEmptyString",
              type: "NonEmptyString",
            },
          ],
          web_acl_id: "NonEmptyString",
        },
        aws_rds_db_snapshot: {
          db_snapshot_identifier: "NonEmptyString",
          db_instance_identifier: "NonEmptyString",
          snapshot_create_time: "NonEmptyString",
          engine: "NonEmptyString",
          allocated_storage: 1,
          status: "NonEmptyString",
          port: 1,
          availability_zone: "NonEmptyString",
          vpc_id: "NonEmptyString",
          instance_create_time: "NonEmptyString",
          master_username: "NonEmptyString",
          engine_version: "NonEmptyString",
          license_model: "NonEmptyString",
          snapshot_type: "NonEmptyString",
          iops: 1,
          option_group_name: "NonEmptyString",
          percent_progress: 1,
          source_region: "NonEmptyString",
          source_db_snapshot_identifier: "NonEmptyString",
          storage_type: "NonEmptyString",
          tde_credential_arn: "NonEmptyString",
          encrypted: false,
          kms_key_id: "NonEmptyString",
          timezone: "NonEmptyString",
          iam_database_authentication_enabled: false,
          processor_features: [
            {
              name: "NonEmptyString",
              value: "NonEmptyString",
            },
          ],
          dbi_resource_id: "NonEmptyString",
        },
        aws_rds_db_cluster_snapshot: {
          availability_zones: ["NonEmptyString"],
          snapshot_create_time: "NonEmptyString",
          engine: "NonEmptyString",
          allocated_storage: 1,
          status: "NonEmptyString",
          port: 1,
          vpc_id: "NonEmptyString",
          cluster_create_time: "NonEmptyString",
          master_username: "NonEmptyString",
          engine_version: "NonEmptyString",
          license_model: "NonEmptyString",
          snapshot_type: "NonEmptyString",
          percent_progress: 1,
          storage_encrypted: false,
          kms_key_id: "NonEmptyString",
          db_cluster_identifier: "NonEmptyString",
          db_cluster_snapshot_identifier: "NonEmptyString",
          iam_database_authentication_enabled: false,
        },
        aws_rds_db_cluster: {
          allocated_storage: 1,
          availability_zones: ["NonEmptyString"],
          backup_retention_period: 1,
          database_name: "NonEmptyString",
          status: "NonEmptyString",
          endpoint: "NonEmptyString",
          reader_endpoint: "NonEmptyString",
          custom_endpoints: ["NonEmptyString"],
          multi_az: false,
          engine: "NonEmptyString",
          engine_version: "NonEmptyString",
          port: 1,
          master_username: "NonEmptyString",
          preferred_backup_window: "NonEmptyString",
          preferred_maintenance_window: "NonEmptyString",
          read_replica_identifiers: ["NonEmptyString"],
          vpc_security_groups: [
            {
              vpc_security_group_id: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          hosted_zone_id: "NonEmptyString",
          storage_encrypted: false,
          kms_key_id: "NonEmptyString",
          db_cluster_resource_id: "NonEmptyString",
          associated_roles: [
            {
              role_arn: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          cluster_create_time: "NonEmptyString",
          enabled_cloud_watch_logs_exports: ["NonEmptyString"],
          engine_mode: "NonEmptyString",
          deletion_protection: false,
          http_endpoint_enabled: false,
          activity_stream_status: "NonEmptyString",
          copy_tags_to_snapshot: false,
          cross_account_clone: false,
          domain_memberships: [
            {
              domain: "NonEmptyString",
              status: "NonEmptyString",
              fqdn: "NonEmptyString",
              iam_role_name: "NonEmptyString",
            },
          ],
          db_cluster_parameter_group: "NonEmptyString",
          db_subnet_group: "NonEmptyString",
          db_cluster_option_group_memberships: [
            {
              db_cluster_option_group_name: "NonEmptyString",
              status: "NonEmptyString",
            },
          ],
          db_cluster_identifier: "NonEmptyString",
          db_cluster_members: [
            {
              is_cluster_writer: false,
              promotion_tier: 1,
              db_instance_identifier: "NonEmptyString",
              db_cluster_parameter_group_status: "NonEmptyString",
            },
          ],
          iam_database_authentication_enabled: false,
        },
        container: {
          name: "NonEmptyString",
          image_id: "NonEmptyString",
          image_name: "NonEmptyString",
          launched_at: "NonEmptyString",
        },
        other: {
          "NonEmptyString" => "NonEmptyString",
        },
      },
    },
  ],
  compliance: {
    status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
    related_requirements: ["NonEmptyString"],
    status_reasons: [
      {
        reason_code: "NonEmptyString", # required
        description: "NonEmptyString",
      },
    ],
  },
  verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
  workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
  workflow: {
    status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
  },
  record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
  related_findings: [
    {
      product_arn: "NonEmptyString", # required
      id: "NonEmptyString", # required
    },
  ],
  note: {
    text: "NonEmptyString", # required
    updated_by: "NonEmptyString", # required
    updated_at: "NonEmptyString", # required
  },
  vulnerabilities: [
    {
      id: "NonEmptyString", # required
      vulnerable_packages: [
        {
          name: "NonEmptyString",
          version: "NonEmptyString",
          epoch: "NonEmptyString",
          release: "NonEmptyString",
          architecture: "NonEmptyString",
        },
      ],
      cvss: [
        {
          version: "NonEmptyString",
          base_score: 1.0,
          base_vector: "NonEmptyString",
        },
      ],
      related_vulnerabilities: ["NonEmptyString"],
      vendor: {
        name: "NonEmptyString", # required
        url: "NonEmptyString",
        vendor_severity: "NonEmptyString",
        vendor_created_at: "NonEmptyString",
        vendor_updated_at: "NonEmptyString",
      },
      reference_urls: ["NonEmptyString"],
    },
  ],
  patch_summary: {
    id: "NonEmptyString", # required
    installed_count: 1,
    missing_count: 1,
    failed_count: 1,
    installed_other_count: 1,
    installed_rejected_count: 1,
    installed_pending_reboot: 1,
    operation_start_time: "NonEmptyString",
    operation_end_time: "NonEmptyString",
    reboot_option: "NonEmptyString",
    operation: "NonEmptyString",
  },
  action: {
    action_type: "NonEmptyString",
    network_connection_action: {
      connection_direction: "NonEmptyString",
      remote_ip_details: {
        ip_address_v4: "NonEmptyString",
        organization: {
          asn: 1,
          asn_org: "NonEmptyString",
          isp: "NonEmptyString",
          org: "NonEmptyString",
        },
        country: {
          country_code: "NonEmptyString",
          country_name: "NonEmptyString",
        },
        city: {
          city_name: "NonEmptyString",
        },
        geo_location: {
          lon: 1.0,
          lat: 1.0,
        },
      },
      remote_port_details: {
        port: 1,
        port_name: "NonEmptyString",
      },
      local_port_details: {
        port: 1,
        port_name: "NonEmptyString",
      },
      protocol: "NonEmptyString",
      blocked: false,
    },
    aws_api_call_action: {
      api: "NonEmptyString",
      service_name: "NonEmptyString",
      caller_type: "NonEmptyString",
      remote_ip_details: {
        ip_address_v4: "NonEmptyString",
        organization: {
          asn: 1,
          asn_org: "NonEmptyString",
          isp: "NonEmptyString",
          org: "NonEmptyString",
        },
        country: {
          country_code: "NonEmptyString",
          country_name: "NonEmptyString",
        },
        city: {
          city_name: "NonEmptyString",
        },
        geo_location: {
          lon: 1.0,
          lat: 1.0,
        },
      },
      domain_details: {
        domain: "NonEmptyString",
      },
      affected_resources: {
        "NonEmptyString" => "NonEmptyString",
      },
      first_seen: "NonEmptyString",
      last_seen: "NonEmptyString",
    },
    dns_request_action: {
      domain: "NonEmptyString",
      protocol: "NonEmptyString",
      blocked: false,
    },
    port_probe_action: {
      port_probe_details: [
        {
          local_port_details: {
            port: 1,
            port_name: "NonEmptyString",
          },
          local_ip_details: {
            ip_address_v4: "NonEmptyString",
          },
          remote_ip_details: {
            ip_address_v4: "NonEmptyString",
            organization: {
              asn: 1,
              asn_org: "NonEmptyString",
              isp: "NonEmptyString",
              org: "NonEmptyString",
            },
            country: {
              country_code: "NonEmptyString",
              country_name: "NonEmptyString",
            },
            city: {
              city_name: "NonEmptyString",
            },
            geo_location: {
              lon: 1.0,
              lat: 1.0,
            },
          },
        },
      ],
      blocked: false,
    },
  },
  finding_provider_fields: {
    confidence: 1,
    criticality: 1,
    related_findings: [
      {
        product_arn: "NonEmptyString", # required
        id: "NonEmptyString", # required
      },
    ],
    severity: {
      label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
      original: "NonEmptyString",
    },
    types: ["NonEmptyString"],
  },
}

Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and security standards checks.

A finding is a potential security issue generated either by AWS services (Amazon GuardDuty, Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and standards checks.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#actionTypes::Action

Provides details about an action that affects or that was taken on a resource.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#aws_account_idString

The AWS account ID that a finding is generated in.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#complianceTypes::Compliance

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS AWS Foundations. Contains security standard-related finding details.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#confidenceInteger

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

  • (Integer)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#created_atString

Indicates when the security-findings provider created the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#criticalityInteger

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Integer)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#descriptionString

A finding's description.

In this release, Description is a required property.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#finding_provider_fieldsTypes::FindingProviderFields

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#first_observed_atString

Indicates when the security-findings provider first observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#generator_idString

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#idString

The security findings provider-specific identifier for a finding.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#last_observed_atString

Indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#malwareArray<Types::Malware>

A list of malware related to a finding.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#networkTypes::Network

The details of network-related information about a finding.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#network_pathArray<Types::NetworkPathComponent>

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#noteTypes::Note

A user-defined note added to a finding.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#patch_summaryTypes::PatchSummary

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#processTypes::ProcessDetails

The details of process-related information about a finding.



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#product_arnString

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#product_fieldsHash<String,String>

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

Returns:

  • (Hash<String,String>)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#record_stateString

The record state of a finding.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

A list of related findings.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#remediationTypes::Remediation

A data type that describes the remediation options for a finding.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#resourcesArray<Types::Resource>

A set of resource data types that describe the resources that the finding refers to.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#schema_versionString

The schema version that a finding is formatted for.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#severityTypes::Severity

A finding's severity.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#source_urlString

A URL that links to a page about the current finding in the security-findings provider's solution.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#threat_intel_indicatorsArray<Types::ThreatIntelIndicator>

Threat intelligence details related to a finding.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#titleString

A finding's title.

In this release, Title is a required property.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#typesArray<String>

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Returns:

  • (Array<String>)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#updated_atString

Indicates when the security-findings provider last updated the finding record.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#user_defined_fieldsHash<String,String>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Returns:

  • (Hash<String,String>)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#verification_stateString

Indicates the veracity of a finding.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#vulnerabilitiesArray<Types::Vulnerability>

Provides a list of vulnerabilities associated with the findings.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#workflowTypes::Workflow

Provides information about the status of the investigation into a finding.

Returns:



12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end

#workflow_stateString

The workflow state of a finding.

Returns:

  • (String)


12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 12176

class AwsSecurityFinding < Struct.new(
  :schema_version,
  :id,
  :product_arn,
  :generator_id,
  :aws_account_id,
  :types,
  :first_observed_at,
  :last_observed_at,
  :created_at,
  :updated_at,
  :severity,
  :confidence,
  :criticality,
  :title,
  :description,
  :remediation,
  :source_url,
  :product_fields,
  :user_defined_fields,
  :malware,
  :network,
  :network_path,
  :process,
  :threat_intel_indicators,
  :resources,
  :compliance,
  :verification_state,
  :workflow_state,
  :workflow,
  :record_state,
  :related_findings,
  :note,
  :vulnerabilities,
  :patch_summary,
  :action,
  :finding_provider_fields)
  SENSITIVE = []
  include Aws::Structure
end