CreateInsight
Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
To group the related findings in the insight, use the
GroupByAttribute.
Request Syntax
POST /insights HTTP/1.1
Content-type: application/json
{
"Filters": {
"AwsAccountId": [
{
"Comparison": "string",
"Value": "string"
}
],
"AwsAccountName": [
{
"Comparison": "string",
"Value": "string"
}
],
"CompanyName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ComplianceAssociatedStandardsId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ComplianceSecurityControlId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ComplianceSecurityControlParametersName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ComplianceSecurityControlParametersValue": [
{
"Comparison": "string",
"Value": "string"
}
],
"ComplianceStatus": [
{
"Comparison": "string",
"Value": "string"
}
],
"Confidence": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"CreatedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"Criticality": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"Description": [
{
"Comparison": "string",
"Value": "string"
}
],
"FindingProviderFieldsConfidence": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"FindingProviderFieldsCriticality": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"FindingProviderFieldsRelatedFindingsId": [
{
"Comparison": "string",
"Value": "string"
}
],
"FindingProviderFieldsRelatedFindingsProductArn": [
{
"Comparison": "string",
"Value": "string"
}
],
"FindingProviderFieldsSeverityLabel": [
{
"Comparison": "string",
"Value": "string"
}
],
"FindingProviderFieldsSeverityOriginal": [
{
"Comparison": "string",
"Value": "string"
}
],
"FindingProviderFieldsTypes": [
{
"Comparison": "string",
"Value": "string"
}
],
"FirstObservedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"GeneratorId": [
{
"Comparison": "string",
"Value": "string"
}
],
"Id": [
{
"Comparison": "string",
"Value": "string"
}
],
"Keyword": [
{
"Value": "string"
}
],
"LastObservedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"MalwareName": [
{
"Comparison": "string",
"Value": "string"
}
],
"MalwarePath": [
{
"Comparison": "string",
"Value": "string"
}
],
"MalwareState": [
{
"Comparison": "string",
"Value": "string"
}
],
"MalwareType": [
{
"Comparison": "string",
"Value": "string"
}
],
"NetworkDestinationDomain": [
{
"Comparison": "string",
"Value": "string"
}
],
"NetworkDestinationIpV4": [
{
"Cidr": "string"
}
],
"NetworkDestinationIpV6": [
{
"Cidr": "string"
}
],
"NetworkDestinationPort": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"NetworkDirection": [
{
"Comparison": "string",
"Value": "string"
}
],
"NetworkProtocol": [
{
"Comparison": "string",
"Value": "string"
}
],
"NetworkSourceDomain": [
{
"Comparison": "string",
"Value": "string"
}
],
"NetworkSourceIpV4": [
{
"Cidr": "string"
}
],
"NetworkSourceIpV6": [
{
"Cidr": "string"
}
],
"NetworkSourceMac": [
{
"Comparison": "string",
"Value": "string"
}
],
"NetworkSourcePort": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"NoteText": [
{
"Comparison": "string",
"Value": "string"
}
],
"NoteUpdatedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"NoteUpdatedBy": [
{
"Comparison": "string",
"Value": "string"
}
],
"ProcessLaunchedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"ProcessName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ProcessParentPid": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"ProcessPath": [
{
"Comparison": "string",
"Value": "string"
}
],
"ProcessPid": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"ProcessTerminatedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"ProductArn": [
{
"Comparison": "string",
"Value": "string"
}
],
"ProductFields": [
{
"Comparison": "string",
"Key": "string",
"Value": "string"
}
],
"ProductName": [
{
"Comparison": "string",
"Value": "string"
}
],
"RecommendationText": [
{
"Comparison": "string",
"Value": "string"
}
],
"RecordState": [
{
"Comparison": "string",
"Value": "string"
}
],
"Region": [
{
"Comparison": "string",
"Value": "string"
}
],
"RelatedFindingsId": [
{
"Comparison": "string",
"Value": "string"
}
],
"RelatedFindingsProductArn": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceApplicationArn": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceApplicationName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsEc2InstanceIamInstanceProfileArn": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsEc2InstanceImageId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsEc2InstanceIpV4Addresses": [
{
"Cidr": "string"
}
],
"ResourceAwsEc2InstanceIpV6Addresses": [
{
"Cidr": "string"
}
],
"ResourceAwsEc2InstanceKeyName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsEc2InstanceLaunchedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"ResourceAwsEc2InstanceSubnetId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsEc2InstanceType": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsEc2InstanceVpcId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsIamAccessKeyCreatedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"ResourceAwsIamAccessKeyPrincipalName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsIamAccessKeyStatus": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsIamAccessKeyUserName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsIamUserUserName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsS3BucketOwnerId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceAwsS3BucketOwnerName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceContainerImageId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceContainerImageName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceContainerLaunchedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"ResourceContainerName": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceDetailsOther": [
{
"Comparison": "string",
"Key": "string",
"Value": "string"
}
],
"ResourceId": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourcePartition": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceRegion": [
{
"Comparison": "string",
"Value": "string"
}
],
"ResourceTags": [
{
"Comparison": "string",
"Key": "string",
"Value": "string"
}
],
"ResourceType": [
{
"Comparison": "string",
"Value": "string"
}
],
"Sample": [
{
"Value": boolean
}
],
"SeverityLabel": [
{
"Comparison": "string",
"Value": "string"
}
],
"SeverityNormalized": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"SeverityProduct": [
{
"Eq": number,
"Gt": number,
"Gte": number,
"Lt": number,
"Lte": number
}
],
"SourceUrl": [
{
"Comparison": "string",
"Value": "string"
}
],
"ThreatIntelIndicatorCategory": [
{
"Comparison": "string",
"Value": "string"
}
],
"ThreatIntelIndicatorLastObservedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"ThreatIntelIndicatorSource": [
{
"Comparison": "string",
"Value": "string"
}
],
"ThreatIntelIndicatorSourceUrl": [
{
"Comparison": "string",
"Value": "string"
}
],
"ThreatIntelIndicatorType": [
{
"Comparison": "string",
"Value": "string"
}
],
"ThreatIntelIndicatorValue": [
{
"Comparison": "string",
"Value": "string"
}
],
"Title": [
{
"Comparison": "string",
"Value": "string"
}
],
"Type": [
{
"Comparison": "string",
"Value": "string"
}
],
"UpdatedAt": [
{
"DateRange": {
"Unit": "string",
"Value": number
},
"End": "string",
"Start": "string"
}
],
"UserDefinedFields": [
{
"Comparison": "string",
"Key": "string",
"Value": "string"
}
],
"VerificationState": [
{
"Comparison": "string",
"Value": "string"
}
],
"VulnerabilitiesExploitAvailable": [
{
"Comparison": "string",
"Value": "string"
}
],
"VulnerabilitiesFixAvailable": [
{
"Comparison": "string",
"Value": "string"
}
],
"WorkflowState": [
{
"Comparison": "string",
"Value": "string"
}
],
"WorkflowStatus": [
{
"Comparison": "string",
"Value": "string"
}
]
},
"GroupByAttribute": "string",
"Name": "string"
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- Filters
-
One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.
Type: AwsSecurityFindingFilters object
Required: Yes
- GroupByAttribute
-
The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.
Type: String
Pattern:
.*\S.*Required: Yes
- Name
-
The name of the custom insight to create.
Type: String
Pattern:
.*\S.*Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"InsightArn": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- InsightArn
-
The ARN of the insight created.
Type: String
Pattern:
.*\S.*
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalException
-
Internal server error.
HTTP Status Code: 500
- InvalidAccessException
-
The account doesn't have permission to perform this action.
HTTP Status Code: 401
- InvalidInputException
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
HTTP Status Code: 400
- LimitExceededException
-
The request was rejected because it attempted to create resources beyond the current AWS account or throttling limits. The error code describes the limit exceeded.
HTTP Status Code: 429
- ResourceConflictException
-
The resource specified in the request conflicts with an existing resource.
HTTP Status Code: 409
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
