class Aws::SecurityHub::Types::AwsSecurityFindingFilters
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.
@note When making an API call, you may pass AwsSecurityFindingFilters
data as a hash: { product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], aws_account_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], generator_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], region: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], first_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], last_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], created_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], updated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], severity_product: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], severity_normalized: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], severity_label: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], confidence: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], criticality: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], title: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], description: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], recommendation_text: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], source_url: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], product_fields: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], product_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], company_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], user_defined_fields: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], malware_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_path: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_direction: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_protocol: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_source_ip_v4: [ { cidr: "NonEmptyString", }, ], network_source_ip_v6: [ { cidr: "NonEmptyString", }, ], network_source_port: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], network_source_domain: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_source_mac: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_destination_ip_v4: [ { cidr: "NonEmptyString", }, ], network_destination_ip_v6: [ { cidr: "NonEmptyString", }, ], network_destination_port: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], network_destination_domain: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_path: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_pid: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], process_parent_pid: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], process_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], process_terminated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], threat_intel_indicator_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_value: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_category: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_last_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], threat_intel_indicator_source: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_source_url: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_partition: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_region: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_tags: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], resource_aws_ec2_instance_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_image_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_ip_v4_addresses: [ { cidr: "NonEmptyString", }, ], resource_aws_ec2_instance_ip_v6_addresses: [ { cidr: "NonEmptyString", }, ], resource_aws_ec2_instance_key_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_iam_instance_profile_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_vpc_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_subnet_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_aws_s3_bucket_owner_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_s3_bucket_owner_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_user_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_principal_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_created_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_aws_iam_user_user_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_image_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_image_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_details_other: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], compliance_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], verification_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], workflow_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], workflow_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], record_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], related_findings_product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], related_findings_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], note_text: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], note_updated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], note_updated_by: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], keyword: [ { value: "NonEmptyString", }, ], finding_provider_fields_confidence: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], finding_provider_fields_criticality: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], finding_provider_fields_related_findings_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_related_findings_product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_severity_label: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_severity_original: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_types: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], }
@!attribute [rw] product_arn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. @return [Array<Types::StringFilter>]
@!attribute [rw] aws_account_id
The Amazon Web Services account ID that a finding is generated in. @return [Array<Types::StringFilter>]
@!attribute [rw] id
The security findings provider-specific identifier for a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] generator_id
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc. @return [Array<Types::StringFilter>]
@!attribute [rw] region
The Region from which the finding was generated. @return [Array<Types::StringFilter>]
@!attribute [rw] type
A finding type in the format of `namespace/category/classifier` that classifies a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] first_observed_at
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. @return [Array<Types::DateFilter>]
@!attribute [rw] last_observed_at
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. @return [Array<Types::DateFilter>]
@!attribute [rw] created_at
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. @return [Array<Types::DateFilter>]
@!attribute [rw] updated_at
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. @return [Array<Types::DateFilter>]
@!attribute [rw] severity_product
The native severity as defined by the security-findings provider's solution that generated the finding. @return [Array<Types::NumberFilter>]
@!attribute [rw] severity_normalized
The normalized severity of a finding. @return [Array<Types::NumberFilter>]
@!attribute [rw] severity_label
The label of a finding's severity. @return [Array<Types::StringFilter>]
@!attribute [rw] confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. @return [Array<Types::NumberFilter>]
@!attribute [rw] criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. @return [Array<Types::NumberFilter>]
@!attribute [rw] title
A finding's title. @return [Array<Types::StringFilter>]
@!attribute [rw] description
A finding's description. @return [Array<Types::StringFilter>]
@!attribute [rw] recommendation_text
The recommendation of what to do about the issue described in a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] source_url
A URL that links to a page about the current finding in the security-findings provider's solution. @return [Array<Types::StringFilter>]
@!attribute [rw] product_fields
A data type where security-findings providers can include additional solution-specific details that aren't part of the defined `AwsSecurityFinding` format. @return [Array<Types::MapFilter>]
@!attribute [rw] product_name
The name of the solution (product) that generates findings. Note that this is a filter against the `aws/securityhub/ProductName` field in `ProductFields`. It is not a filter for the top-level `ProductName` field. @return [Array<Types::StringFilter>]
@!attribute [rw] company_name
The name of the findings provider (company) that owns the solution (product) that generates findings. Note that this is a filter against the `aws/securityhub/CompanyName` field in `ProductFields`. It is not a filter for the top-level `CompanyName` field. @return [Array<Types::StringFilter>]
@!attribute [rw] user_defined_fields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. @return [Array<Types::MapFilter>]
@!attribute [rw] malware_name
The name of the malware that was observed. @return [Array<Types::StringFilter>]
@!attribute [rw] malware_type
The type of the malware that was observed. @return [Array<Types::StringFilter>]
@!attribute [rw] malware_path
The filesystem path of the malware that was observed. @return [Array<Types::StringFilter>]
@!attribute [rw] malware_state
The state of the malware that was observed. @return [Array<Types::StringFilter>]
@!attribute [rw] network_direction
Indicates the direction of network traffic associated with a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] network_protocol
The protocol of network-related information about a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] network_source_ip_v4
The source IPv4 address of network-related information about a finding. @return [Array<Types::IpFilter>]
@!attribute [rw] network_source_ip_v6
The source IPv6 address of network-related information about a finding. @return [Array<Types::IpFilter>]
@!attribute [rw] network_source_port
The source port of network-related information about a finding. @return [Array<Types::NumberFilter>]
@!attribute [rw] network_source_domain
The source domain of network-related information about a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] network_source_mac
The source media access control (MAC) address of network-related information about a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] network_destination_ip_v4
The destination IPv4 address of network-related information about a finding. @return [Array<Types::IpFilter>]
@!attribute [rw] network_destination_ip_v6
The destination IPv6 address of network-related information about a finding. @return [Array<Types::IpFilter>]
@!attribute [rw] network_destination_port
The destination port of network-related information about a finding. @return [Array<Types::NumberFilter>]
@!attribute [rw] network_destination_domain
The destination domain of network-related information about a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] process_name
The name of the process. @return [Array<Types::StringFilter>]
@!attribute [rw] process_path
The path to the process executable. @return [Array<Types::StringFilter>]
@!attribute [rw] process_pid
The process ID. @return [Array<Types::NumberFilter>]
@!attribute [rw] process_parent_pid
The parent process ID. @return [Array<Types::NumberFilter>]
@!attribute [rw] process_launched_at
The date/time that the process was launched. @return [Array<Types::DateFilter>]
@!attribute [rw] process_terminated_at
The date/time that the process was terminated. @return [Array<Types::DateFilter>]
@!attribute [rw] threat_intel_indicator_type
The type of a threat intelligence indicator. @return [Array<Types::StringFilter>]
@!attribute [rw] threat_intel_indicator_value
The value of a threat intelligence indicator. @return [Array<Types::StringFilter>]
@!attribute [rw] threat_intel_indicator_category
The category of a threat intelligence indicator. @return [Array<Types::StringFilter>]
@!attribute [rw] threat_intel_indicator_last_observed_at
The date/time of the last observation of a threat intelligence indicator. @return [Array<Types::DateFilter>]
@!attribute [rw] threat_intel_indicator_source
The source of the threat intelligence. @return [Array<Types::StringFilter>]
@!attribute [rw] threat_intel_indicator_source_url
The URL for more details from the source of the threat intelligence. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_type
Specifies the type of the resource that details are provided for. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_id
The canonical identifier for the given resource type. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_partition
The canonical Amazon Web Services partition name that the Region is assigned to. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_region
The canonical Amazon Web Services external Region name where this resource is located. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_tags
A list of Amazon Web Services tags associated with a resource at the time the finding was processed. @return [Array<Types::MapFilter>]
@!attribute [rw] resource_aws_ec2_instance_type
The instance type of the instance. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_ec2_instance_image_id
The Amazon Machine Image (AMI) ID of the instance. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_ec2_instance_ip_v4_addresses
The IPv4 addresses associated with the instance. @return [Array<Types::IpFilter>]
@!attribute [rw] resource_aws_ec2_instance_ip_v6_addresses
The IPv6 addresses associated with the instance. @return [Array<Types::IpFilter>]
@!attribute [rw] resource_aws_ec2_instance_key_name
The key name associated with the instance. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_ec2_instance_iam_instance_profile_arn
The IAM profile ARN of the instance. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_ec2_instance_vpc_id
The identifier of the VPC that the instance was launched in. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_ec2_instance_subnet_id
The identifier of the subnet that the instance was launched in. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_ec2_instance_launched_at
The date and time the instance was launched. @return [Array<Types::DateFilter>]
@!attribute [rw] resource_aws_s3_bucket_owner_id
The canonical user ID of the owner of the S3 bucket. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_s3_bucket_owner_name
The display name of the owner of the S3 bucket. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_iam_access_key_user_name
The user associated with the IAM access key related to a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_iam_access_key_principal_name
The name of the principal that is associated with an IAM access key. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_iam_access_key_status
The status of the IAM access key related to a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_aws_iam_access_key_created_at
The creation date/time of the IAM access key related to a finding. @return [Array<Types::DateFilter>]
@!attribute [rw] resource_aws_iam_user_user_name
The name of an IAM user. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_container_name
The name of the container related to a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_container_image_id
The identifier of the image related to a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_container_image_name
The name of the image related to a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] resource_container_launched_at
The date/time that the container was started. @return [Array<Types::DateFilter>]
@!attribute [rw] resource_details_other
The details of a resource that doesn't have a specific subfield for the resource type defined. @return [Array<Types::MapFilter>]
@!attribute [rw] compliance_status
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details. @return [Array<Types::StringFilter>]
@!attribute [rw] verification_state
The veracity of a finding. @return [Array<Types::StringFilter>]
@!attribute [rw] workflow_state
The workflow state of a finding. Note that this field is deprecated. To search for a finding based on its workflow status, use `WorkflowStatus`. @return [Array<Types::StringFilter>]
@!attribute [rw] workflow_status
The status of the investigation into a finding. Allowed values are the following. * `NEW` - The initial state of a finding, before it is reviewed. Security Hub also resets the workflow status from `NOTIFIED` or `RESOLVED` to `NEW` in the following cases: * The record state changes from `ARCHIVED` to `ACTIVE`. * The compliance status changes from `PASSED` to either `WARNING`, `FAILED`, or `NOT_AVAILABLE`. * `NOTIFIED` - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. * `SUPPRESSED` - The finding will not be reviewed again and will not be acted upon. * `RESOLVED` - The finding was reviewed and remediated and is now considered resolved. @return [Array<Types::StringFilter>]
@!attribute [rw] record_state
The updated record state for the finding. @return [Array<Types::StringFilter>]
@!attribute [rw] related_findings_product_arn
The ARN of the solution that generated a related finding. @return [Array<Types::StringFilter>]
@!attribute [rw] related_findings_id
The solution-generated identifier for a related finding. @return [Array<Types::StringFilter>]
@!attribute [rw] note_text
The text of a note. @return [Array<Types::StringFilter>]
@!attribute [rw] note_updated_at
The timestamp of when the note was updated. @return [Array<Types::DateFilter>]
@!attribute [rw] note_updated_by
The principal that created a note. @return [Array<Types::StringFilter>]
@!attribute [rw] keyword
A keyword for a finding. @return [Array<Types::KeywordFilter>]
@!attribute [rw] finding_provider_fields_confidence
The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. @return [Array<Types::NumberFilter>]
@!attribute [rw] finding_provider_fields_criticality
The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. @return [Array<Types::NumberFilter>]
@!attribute [rw] finding_provider_fields_related_findings_id
The finding identifier of a related finding that is identified by the finding provider. @return [Array<Types::StringFilter>]
@!attribute [rw] finding_provider_fields_related_findings_product_arn
The ARN of the solution that generated a related finding that is identified by the finding provider. @return [Array<Types::StringFilter>]
@!attribute [rw] finding_provider_fields_severity_label
The finding provider value for the severity label. @return [Array<Types::StringFilter>]
@!attribute [rw] finding_provider_fields_severity_original
The finding provider's original value for the severity. @return [Array<Types::StringFilter>]
@!attribute [rw] finding_provider_fields_types
One or more finding types that the finding provider assigned to the finding. Uses the format of `namespace/category/classifier` that classify a finding. Valid namespace values are: Software and Configuration Checks \| TTPs \| Effects \| Unusual Behaviors \| Sensitive Data Identifications @return [Array<Types::StringFilter>]
@see docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
Constants
- SENSITIVE