You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::SecurityHub::Types::AwsSecurityFindingFilters

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing AwsSecurityFindingFilters as input to an Aws::Client method, you can use a vanilla Hash:

{
  product_arn: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  aws_account_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  generator_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  first_observed_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  last_observed_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  created_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  updated_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  severity_product: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  severity_normalized: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  severity_label: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  confidence: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  criticality: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  title: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  description: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  recommendation_text: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  source_url: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  product_fields: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS
    },
  ],
  product_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  company_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  user_defined_fields: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS
    },
  ],
  malware_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  malware_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  malware_path: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  malware_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  network_direction: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  network_protocol: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  network_source_ip_v4: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_source_ip_v6: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_source_port: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  network_source_domain: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  network_source_mac: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  network_destination_ip_v4: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_destination_ip_v6: [
    {
      cidr: "NonEmptyString",
    },
  ],
  network_destination_port: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  network_destination_domain: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  process_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  process_path: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  process_pid: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  process_parent_pid: [
    {
      gte: 1.0,
      lte: 1.0,
      eq: 1.0,
    },
  ],
  process_launched_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  process_terminated_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  threat_intel_indicator_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  threat_intel_indicator_value: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  threat_intel_indicator_category: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  threat_intel_indicator_last_observed_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  threat_intel_indicator_source: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  threat_intel_indicator_source_url: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_partition: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_region: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_tags: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS
    },
  ],
  resource_aws_ec2_instance_type: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_ec2_instance_image_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_ec2_instance_ip_v4_addresses: [
    {
      cidr: "NonEmptyString",
    },
  ],
  resource_aws_ec2_instance_ip_v6_addresses: [
    {
      cidr: "NonEmptyString",
    },
  ],
  resource_aws_ec2_instance_key_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_ec2_instance_iam_instance_profile_arn: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_ec2_instance_vpc_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_ec2_instance_subnet_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_ec2_instance_launched_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  resource_aws_s3_bucket_owner_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_s3_bucket_owner_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_iam_access_key_user_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_iam_access_key_status: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_aws_iam_access_key_created_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  resource_container_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_container_image_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_container_image_name: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  resource_container_launched_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  resource_details_other: [
    {
      key: "NonEmptyString",
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS
    },
  ],
  compliance_status: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  verification_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  workflow_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  record_state: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  related_findings_product_arn: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  related_findings_id: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  note_text: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  note_updated_at: [
    {
      start: "NonEmptyString",
      end: "NonEmptyString",
      date_range: {
        value: 1,
        unit: "DAYS", # accepts DAYS
      },
    },
  ],
  note_updated_by: [
    {
      value: "NonEmptyString",
      comparison: "EQUALS", # accepts EQUALS, PREFIX
    },
  ],
  keyword: [
    {
      value: "NonEmptyString",
    },
  ],
}

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

Returned by:

Instance Attribute Summary collapse

Instance Attribute Details

#aws_account_idArray<Types::StringFilter>

The AWS account ID that a finding is generated in.

Returns:

#company_nameArray<Types::StringFilter>

The name of the findings provider (company) that owns the solution (product) that generates findings.

Returns:

  • (Array<Types::StringFilter>)

    The name of the findings provider (company) that owns the solution (product) that generates findings.

#compliance_statusArray<Types::StringFilter>

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.

Returns:

  • (Array<Types::StringFilter>)

    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations).

#confidenceArray<Types::NumberFilter>

A finding\'s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

#created_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

#criticalityArray<Types::NumberFilter>

The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Array<Types::NumberFilter>)

    The level of importance assigned to the resources associated with the finding.

#descriptionArray<Types::StringFilter>

A finding\'s description.

Returns:

#first_observed_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

#generator_idArray<Types::StringFilter>

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers\' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.

Returns:

  • (Array<Types::StringFilter>)

    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.

#idArray<Types::StringFilter>

The security findings provider-specific identifier for a finding.

Returns:

  • (Array<Types::StringFilter>)

    The security findings provider-specific identifier for a finding.

#keywordArray<Types::KeywordFilter>

A keyword for a finding.

Returns:

#last_observed_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

#malware_nameArray<Types::StringFilter>

The name of the malware that was observed.

Returns:

#malware_pathArray<Types::StringFilter>

The filesystem path of the malware that was observed.

Returns:

#malware_stateArray<Types::StringFilter>

The state of the malware that was observed.

Returns:

#malware_typeArray<Types::StringFilter>

The type of the malware that was observed.

Returns:

#network_destination_domainArray<Types::StringFilter>

The destination domain of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The destination domain of network-related information about a finding.

#network_destination_ip_v4Array<Types::IpFilter>

The destination IPv4 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The destination IPv4 address of network-related information about a finding.

#network_destination_ip_v6Array<Types::IpFilter>

The destination IPv6 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The destination IPv6 address of network-related information about a finding.

#network_destination_portArray<Types::NumberFilter>

The destination port of network-related information about a finding.

Returns:

  • (Array<Types::NumberFilter>)

    The destination port of network-related information about a finding.

#network_directionArray<Types::StringFilter>

Indicates the direction of network traffic associated with a finding.

Returns:

  • (Array<Types::StringFilter>)

    Indicates the direction of network traffic associated with a finding.

#network_protocolArray<Types::StringFilter>

The protocol of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The protocol of network-related information about a finding.

#network_source_domainArray<Types::StringFilter>

The source domain of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The source domain of network-related information about a finding.

#network_source_ip_v4Array<Types::IpFilter>

The source IPv4 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The source IPv4 address of network-related information about a finding.

#network_source_ip_v6Array<Types::IpFilter>

The source IPv6 address of network-related information about a finding.

Returns:

  • (Array<Types::IpFilter>)

    The source IPv6 address of network-related information about a finding.

#network_source_macArray<Types::StringFilter>

The source media access control (MAC) address of network-related information about a finding.

Returns:

  • (Array<Types::StringFilter>)

    The source media access control (MAC) address of network-related information about a finding.

#network_source_portArray<Types::NumberFilter>

The source port of network-related information about a finding.

Returns:

  • (Array<Types::NumberFilter>)

    The source port of network-related information about a finding.

#note_textArray<Types::StringFilter>

The text of a note.

Returns:

#note_updated_atArray<Types::DateFilter>

The timestamp of when the note was updated.

Returns:

#note_updated_byArray<Types::StringFilter>

The principal that created a note.

Returns:

#process_launched_atArray<Types::DateFilter>

The date/time that the process was launched.

Returns:

#process_nameArray<Types::StringFilter>

The name of the process.

Returns:

#process_parent_pidArray<Types::NumberFilter>

The parent process ID.

Returns:

#process_pathArray<Types::StringFilter>

The path to the process executable.

Returns:

#process_pidArray<Types::NumberFilter>

The process ID.

Returns:

#process_terminated_atArray<Types::DateFilter>

The date/time that the process was terminated.

Returns:

#product_arnArray<Types::StringFilter>

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider\'s product (solution that generates findings) is registered with Security Hub.

Returns:

  • (Array<Types::StringFilter>)

    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider\'s product (solution that generates findings) is registered with Security Hub.

#product_fieldsArray<Types::MapFilter>

A data type where security-findings providers can include additional solution-specific details that aren\'t part of the defined AwsSecurityFinding format.

Returns:

  • (Array<Types::MapFilter>)

    A data type where security-findings providers can include additional solution-specific details that aren\'t part of the defined AwsSecurityFinding format.

#product_nameArray<Types::StringFilter>

The name of the solution (product) that generates findings.

Returns:

#recommendation_textArray<Types::StringFilter>

The recommendation of what to do about the issue described in a finding.

Returns:

  • (Array<Types::StringFilter>)

    The recommendation of what to do about the issue described in a finding.

#record_stateArray<Types::StringFilter>

The updated record state for the finding.

Returns:

The solution-generated identifier for a related finding.

Returns:

The ARN of the solution that generated a related finding.

Returns:

#resource_aws_ec2_instance_iam_instance_profile_arnArray<Types::StringFilter>

The IAM profile ARN of the instance.

Returns:

#resource_aws_ec2_instance_image_idArray<Types::StringFilter>

The Amazon Machine Image (AMI) ID of the instance.

Returns:

#resource_aws_ec2_instance_ip_v4_addressesArray<Types::IpFilter>

The IPv4 addresses associated with the instance.

Returns:

  • (Array<Types::IpFilter>)

    The IPv4 addresses associated with the instance.

#resource_aws_ec2_instance_ip_v6_addressesArray<Types::IpFilter>

The IPv6 addresses associated with the instance.

Returns:

  • (Array<Types::IpFilter>)

    The IPv6 addresses associated with the instance.

#resource_aws_ec2_instance_key_nameArray<Types::StringFilter>

The key name associated with the instance.

Returns:

#resource_aws_ec2_instance_launched_atArray<Types::DateFilter>

The date/time the instance was launched.

Returns:

#resource_aws_ec2_instance_subnet_idArray<Types::StringFilter>

The identifier of the subnet that the instance was launched in.

Returns:

  • (Array<Types::StringFilter>)

    The identifier of the subnet that the instance was launched in.

#resource_aws_ec2_instance_typeArray<Types::StringFilter>

The instance type of the instance.

Returns:

#resource_aws_ec2_instance_vpc_idArray<Types::StringFilter>

The identifier of the VPC that the instance was launched in.

Returns:

  • (Array<Types::StringFilter>)

    The identifier of the VPC that the instance was launched in.

#resource_aws_iam_access_key_created_atArray<Types::DateFilter>

The creation date/time of the IAM access key related to a finding.

Returns:

  • (Array<Types::DateFilter>)

    The creation date/time of the IAM access key related to a finding.

#resource_aws_iam_access_key_statusArray<Types::StringFilter>

The status of the IAM access key related to a finding.

Returns:

#resource_aws_iam_access_key_user_nameArray<Types::StringFilter>

The user associated with the IAM access key related to a finding.

Returns:

  • (Array<Types::StringFilter>)

    The user associated with the IAM access key related to a finding.

#resource_aws_s3_bucket_owner_idArray<Types::StringFilter>

The canonical user ID of the owner of the S3 bucket.

Returns:

#resource_aws_s3_bucket_owner_nameArray<Types::StringFilter>

The display name of the owner of the S3 bucket.

Returns:

#resource_container_image_idArray<Types::StringFilter>

The identifier of the image related to a finding.

Returns:

#resource_container_image_nameArray<Types::StringFilter>

The name of the image related to a finding.

Returns:

#resource_container_launched_atArray<Types::DateFilter>

The date/time that the container was started.

Returns:

#resource_container_nameArray<Types::StringFilter>

The name of the container related to a finding.

Returns:

#resource_details_otherArray<Types::MapFilter>

The details of a resource that doesn\'t have a specific subfield for the resource type defined.

Returns:

  • (Array<Types::MapFilter>)

    The details of a resource that doesn\'t have a specific subfield for the resource type defined.

#resource_idArray<Types::StringFilter>

The canonical identifier for the given resource type.

Returns:

#resource_partitionArray<Types::StringFilter>

The canonical AWS partition name that the Region is assigned to.

Returns:

  • (Array<Types::StringFilter>)

    The canonical AWS partition name that the Region is assigned to.

#resource_regionArray<Types::StringFilter>

The canonical AWS external Region name where this resource is located.

Returns:

  • (Array<Types::StringFilter>)

    The canonical AWS external Region name where this resource is located.

#resource_tagsArray<Types::MapFilter>

A list of AWS tags associated with a resource at the time the finding was processed.

Returns:

  • (Array<Types::MapFilter>)

    A list of AWS tags associated with a resource at the time the finding was processed.

#resource_typeArray<Types::StringFilter>

Specifies the type of the resource that details are provided for.

Returns:

  • (Array<Types::StringFilter>)

    Specifies the type of the resource that details are provided for.

#severity_labelArray<Types::StringFilter>

The label of a finding\'s severity.

Returns:

#severity_normalizedArray<Types::NumberFilter>

The normalized severity of a finding.

Returns:

#severity_productArray<Types::NumberFilter>

The native severity as defined by the security-findings provider\'s solution that generated the finding.

Returns:

  • (Array<Types::NumberFilter>)

    The native severity as defined by the security-findings provider\'s solution that generated the finding.

#source_urlArray<Types::StringFilter>

A URL that links to a page about the current finding in the security-findings provider\'s solution.

Returns:

  • (Array<Types::StringFilter>)

    A URL that links to a page about the current finding in the security-findings provider\'s solution.

#threat_intel_indicator_categoryArray<Types::StringFilter>

The category of a threat intel indicator.

Returns:

#threat_intel_indicator_last_observed_atArray<Types::DateFilter>

The date/time of the last observation of a threat intel indicator.

Returns:

  • (Array<Types::DateFilter>)

    The date/time of the last observation of a threat intel indicator.

#threat_intel_indicator_sourceArray<Types::StringFilter>

The source of the threat intel.

Returns:

#threat_intel_indicator_source_urlArray<Types::StringFilter>

The URL for more details from the source of the threat intel.

Returns:

  • (Array<Types::StringFilter>)

    The URL for more details from the source of the threat intel.

#threat_intel_indicator_typeArray<Types::StringFilter>

The type of a threat intel indicator.

Returns:

#threat_intel_indicator_valueArray<Types::StringFilter>

The value of a threat intel indicator.

Returns:

#titleArray<Types::StringFilter>

A finding\'s title.

Returns:

#typeArray<Types::StringFilter>

A finding type in the format of namespace/category/classifier that classifies a finding.

Returns:

  • (Array<Types::StringFilter>)

    A finding type in the format of namespace/category/classifier that classifies a finding.

#updated_atArray<Types::DateFilter>

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

Returns:

  • (Array<Types::DateFilter>)

    An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

#user_defined_fieldsArray<Types::MapFilter>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Returns:

  • (Array<Types::MapFilter>)

    A list of name/value string pairs associated with the finding.

#verification_stateArray<Types::StringFilter>

The veracity of a finding.

Returns:

#workflow_stateArray<Types::StringFilter>

The workflow state of a finding.

Returns: