StringFilter
A string filter for querying findings.
Contents
- Comparison
-
The condition to apply to a string value when querying for findings. To search for values that contain the filter criteria value, use one of the following comparison operators:
-
To search for values that exactly match the filter value, use
EQUALS
.For example, the filter
ResourceType EQUALS AwsEc2SecurityGroup
only matches findings that have a resource type ofAwsEc2SecurityGroup
. -
To search for values that start with the filter value, use
PREFIX
.For example, the filter
ResourceType PREFIX AwsIam
matches findings that have a resource type that starts withAwsIam
. Findings with a resource type ofAwsIamPolicy
,AwsIamRole
, orAwsIamUser
would all match.
EQUALS
andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters.To search for values that do not contain the filter criteria value, use one of the following comparison operators:
-
To search for values that do not exactly match the filter value, use
NOT_EQUALS
.For example, the filter
ResourceType NOT_EQUALS AwsIamPolicy
matches findings that have a resource type other thanAwsIamPolicy
. -
To search for values that do not start with the filter value, use
PREFIX_NOT_EQUALS
.For example, the filter
ResourceType PREFIX_NOT_EQUALS AwsIam
matches findings that have a resource type that does not start withAwsIam
. Findings with a resource type ofAwsIamPolicy
,AwsIamRole
, orAwsIamUser
would all be excluded from the results.
NOT_EQUALS
andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters.For filters on the same field, you cannot provide both an
EQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter. Combining filters in this way always returns an error, even if the provided filter values would return valid results.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filter, Security Hub first identifies findings that have resource types that start with either
AwsIAM
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.-
ResourceType PREFIX AwsIam
-
ResourceType PREFIX AwsEc2
-
ResourceType NOT_EQUALS AwsIamPolicy
-
ResourceType NOT_EQUALS AwsEc2NetworkInterface
Type: String
Valid Values:
EQUALS | PREFIX | NOT_EQUALS | PREFIX_NOT_EQUALS
Required: No
-
- Value
-
The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter text, then there is no match.Type: String
Pattern:
.*\S.*
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: