You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::SecurityHub::Types::BatchImportFindingsRequest

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing BatchImportFindingsRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  findings: [ # required
    {
      schema_version: "NonEmptyString", # required
      id: "NonEmptyString", # required
      product_arn: "NonEmptyString", # required
      generator_id: "NonEmptyString", # required
      aws_account_id: "NonEmptyString", # required
      types: ["NonEmptyString"], # required
      first_observed_at: "NonEmptyString",
      last_observed_at: "NonEmptyString",
      created_at: "NonEmptyString", # required
      updated_at: "NonEmptyString", # required
      severity: { # required
        product: 1.0,
        normalized: 1, # required
      },
      confidence: 1,
      criticality: 1,
      title: "NonEmptyString", # required
      description: "NonEmptyString", # required
      remediation: {
        recommendation: {
          text: "NonEmptyString",
          url: "NonEmptyString",
        },
      },
      source_url: "NonEmptyString",
      product_fields: {
        "NonEmptyString" => "NonEmptyString",
      },
      user_defined_fields: {
        "NonEmptyString" => "NonEmptyString",
      },
      malware: [
        {
          name: "NonEmptyString", # required
          type: "ADWARE", # accepts ADWARE, BLENDED_THREAT, BOTNET_AGENT, COIN_MINER, EXPLOIT_KIT, KEYLOGGER, MACRO, POTENTIALLY_UNWANTED, SPYWARE, RANSOMWARE, REMOTE_ACCESS, ROOTKIT, TROJAN, VIRUS, WORM
          path: "NonEmptyString",
          state: "OBSERVED", # accepts OBSERVED, REMOVAL_FAILED, REMOVED
        },
      ],
      network: {
        direction: "IN", # accepts IN, OUT
        protocol: "NonEmptyString",
        source_ip_v4: "NonEmptyString",
        source_ip_v6: "NonEmptyString",
        source_port: 1,
        source_domain: "NonEmptyString",
        source_mac: "NonEmptyString",
        destination_ip_v4: "NonEmptyString",
        destination_ip_v6: "NonEmptyString",
        destination_port: 1,
        destination_domain: "NonEmptyString",
      },
      process: {
        name: "NonEmptyString",
        path: "NonEmptyString",
        pid: 1,
        parent_pid: 1,
        launched_at: "NonEmptyString",
        terminated_at: "NonEmptyString",
      },
      threat_intel_indicators: [
        {
          type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL
          value: "NonEmptyString",
          category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER
          last_observed_at: "NonEmptyString",
          source: "NonEmptyString",
          source_url: "NonEmptyString",
        },
      ],
      resources: [ # required
        {
          type: "NonEmptyString", # required
          id: "NonEmptyString", # required
          partition: "aws", # accepts aws, aws-cn, aws-us-gov
          region: "NonEmptyString",
          tags: {
            "NonEmptyString" => "NonEmptyString",
          },
          details: {
            aws_cloud_front_distribution: {
              domain_name: "NonEmptyString",
              etag: "NonEmptyString",
              last_modified_time: "NonEmptyString",
              logging: {
                bucket: "NonEmptyString",
                enabled: false,
                include_cookies: false,
                prefix: "NonEmptyString",
              },
              origins: {
                items: [
                  {
                    domain_name: "NonEmptyString",
                    id: "NonEmptyString",
                    origin_path: "NonEmptyString",
                  },
                ],
              },
              status: "NonEmptyString",
              web_acl_id: "NonEmptyString",
            },
            aws_ec2_instance: {
              type: "NonEmptyString",
              image_id: "NonEmptyString",
              ip_v4_addresses: ["NonEmptyString"],
              ip_v6_addresses: ["NonEmptyString"],
              key_name: "NonEmptyString",
              iam_instance_profile_arn: "NonEmptyString",
              vpc_id: "NonEmptyString",
              subnet_id: "NonEmptyString",
              launched_at: "NonEmptyString",
            },
            aws_elbv_2_load_balancer: {
              availability_zones: [
                {
                  zone_name: "NonEmptyString",
                  subnet_id: "NonEmptyString",
                },
              ],
              canonical_hosted_zone_id: "NonEmptyString",
              created_time: "NonEmptyString",
              dns_name: "NonEmptyString",
              ip_address_type: "NonEmptyString",
              scheme: "NonEmptyString",
              security_groups: ["NonEmptyString"],
              state: {
                code: "NonEmptyString",
                reason: "NonEmptyString",
              },
              type: "NonEmptyString",
              vpc_id: "NonEmptyString",
            },
            aws_s3_bucket: {
              owner_id: "NonEmptyString",
              owner_name: "NonEmptyString",
            },
            aws_iam_access_key: {
              user_name: "NonEmptyString",
              status: "Active", # accepts Active, Inactive
              created_at: "NonEmptyString",
              principal_id: "NonEmptyString",
              principal_type: "NonEmptyString",
              principal_name: "NonEmptyString",
            },
            aws_iam_role: {
              assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
              create_date: "NonEmptyString",
              role_id: "NonEmptyString",
              role_name: "NonEmptyString",
              max_session_duration: 1,
              path: "NonEmptyString",
            },
            aws_kms_key: {
              aws_account_id: "NonEmptyString",
              creation_date: 1.0,
              key_id: "NonEmptyString",
              key_manager: "NonEmptyString",
              key_state: "NonEmptyString",
              origin: "NonEmptyString",
            },
            aws_lambda_function: {
              code: {
                s3_bucket: "NonEmptyString",
                s3_key: "NonEmptyString",
                s3_object_version: "NonEmptyString",
                zip_file: "NonEmptyString",
              },
              code_sha_256: "NonEmptyString",
              dead_letter_config: {
                target_arn: "NonEmptyString",
              },
              environment: {
                variables: {
                  "NonEmptyString" => "NonEmptyString",
                },
                error: {
                  error_code: "NonEmptyString",
                  message: "NonEmptyString",
                },
              },
              function_name: "NonEmptyString",
              handler: "NonEmptyString",
              kms_key_arn: "NonEmptyString",
              last_modified: "NonEmptyString",
              layers: [
                {
                  arn: "NonEmptyString",
                  code_size: 1,
                },
              ],
              master_arn: "NonEmptyString",
              memory_size: 1,
              revision_id: "NonEmptyString",
              role: "NonEmptyString",
              runtime: "NonEmptyString",
              timeout: 1,
              tracing_config: {
                mode: "NonEmptyString",
              },
              vpc_config: {
                security_group_ids: ["NonEmptyString"],
                subnet_ids: ["NonEmptyString"],
                vpc_id: "NonEmptyString",
              },
              version: "NonEmptyString",
            },
            aws_sns_topic: {
              kms_master_key_id: "NonEmptyString",
              subscription: [
                {
                  endpoint: "NonEmptyString",
                  protocol: "NonEmptyString",
                },
              ],
              topic_name: "NonEmptyString",
              owner: "NonEmptyString",
            },
            aws_sqs_queue: {
              kms_data_key_reuse_period_seconds: 1,
              kms_master_key_id: "NonEmptyString",
              queue_name: "NonEmptyString",
              dead_letter_target_arn: "NonEmptyString",
            },
            container: {
              name: "NonEmptyString",
              image_id: "NonEmptyString",
              image_name: "NonEmptyString",
              launched_at: "NonEmptyString",
            },
            other: {
              "NonEmptyString" => "NonEmptyString",
            },
          },
        },
      ],
      compliance: {
        status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
      },
      verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
      workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
      record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
      related_findings: [
        {
          product_arn: "NonEmptyString", # required
          id: "NonEmptyString", # required
        },
      ],
      note: {
        text: "NonEmptyString", # required
        updated_by: "NonEmptyString", # required
        updated_at: "NonEmptyString", # required
      },
    },
  ],
}

Instance Attribute Summary collapse

Instance Attribute Details

#findingsArray<Types::AwsSecurityFinding>

A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.

Returns: