class Aws::SecurityHub::Types::AwsSecurityFindingFilters

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

@note When making an API call, you may pass AwsSecurityFindingFilters

data as a hash:

    {
      product_arn: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      aws_account_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      generator_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      region: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      type: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      first_observed_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      last_observed_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      created_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      updated_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      severity_product: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      severity_normalized: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      severity_label: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      confidence: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      criticality: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      title: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      description: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      recommendation_text: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      source_url: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      product_fields: [
        {
          key: "NonEmptyString",
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
        },
      ],
      product_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      company_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      user_defined_fields: [
        {
          key: "NonEmptyString",
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
        },
      ],
      malware_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      malware_type: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      malware_path: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      malware_state: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      network_direction: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      network_protocol: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      network_source_ip_v4: [
        {
          cidr: "NonEmptyString",
        },
      ],
      network_source_ip_v6: [
        {
          cidr: "NonEmptyString",
        },
      ],
      network_source_port: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      network_source_domain: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      network_source_mac: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      network_destination_ip_v4: [
        {
          cidr: "NonEmptyString",
        },
      ],
      network_destination_ip_v6: [
        {
          cidr: "NonEmptyString",
        },
      ],
      network_destination_port: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      network_destination_domain: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      process_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      process_path: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      process_pid: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      process_parent_pid: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      process_launched_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      process_terminated_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      threat_intel_indicator_type: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      threat_intel_indicator_value: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      threat_intel_indicator_category: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      threat_intel_indicator_last_observed_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      threat_intel_indicator_source: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      threat_intel_indicator_source_url: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_type: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_partition: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_region: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_tags: [
        {
          key: "NonEmptyString",
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_type: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_image_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_ip_v4_addresses: [
        {
          cidr: "NonEmptyString",
        },
      ],
      resource_aws_ec2_instance_ip_v6_addresses: [
        {
          cidr: "NonEmptyString",
        },
      ],
      resource_aws_ec2_instance_key_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_iam_instance_profile_arn: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_vpc_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_subnet_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_ec2_instance_launched_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      resource_aws_s3_bucket_owner_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_s3_bucket_owner_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_iam_access_key_user_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_iam_access_key_principal_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_iam_access_key_status: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_aws_iam_access_key_created_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      resource_aws_iam_user_user_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_container_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_container_image_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_container_image_name: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      resource_container_launched_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      resource_details_other: [
        {
          key: "NonEmptyString",
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS
        },
      ],
      compliance_status: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      verification_state: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      workflow_state: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      workflow_status: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      record_state: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      related_findings_product_arn: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      related_findings_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      note_text: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      note_updated_at: [
        {
          start: "NonEmptyString",
          end: "NonEmptyString",
          date_range: {
            value: 1,
            unit: "DAYS", # accepts DAYS
          },
        },
      ],
      note_updated_by: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      keyword: [
        {
          value: "NonEmptyString",
        },
      ],
      finding_provider_fields_confidence: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      finding_provider_fields_criticality: [
        {
          gte: 1.0,
          lte: 1.0,
          eq: 1.0,
        },
      ],
      finding_provider_fields_related_findings_id: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      finding_provider_fields_related_findings_product_arn: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      finding_provider_fields_severity_label: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      finding_provider_fields_severity_original: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
      finding_provider_fields_types: [
        {
          value: "NonEmptyString",
          comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
        },
      ],
    }

@!attribute [rw] product_arn

The ARN generated by Security Hub that uniquely identifies a
third-party company (security findings provider) after this
provider's product (solution that generates findings) is registered
with Security Hub.
@return [Array<Types::StringFilter>]

@!attribute [rw] aws_account_id

The Amazon Web Services account ID that a finding is generated in.
@return [Array<Types::StringFilter>]

@!attribute [rw] id

The security findings provider-specific identifier for a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] generator_id

The identifier for the solution-specific component (a discrete unit
of logic) that generated a finding. In various security-findings
providers' solutions, this generator can be called a rule, a check,
a detector, a plugin, etc.
@return [Array<Types::StringFilter>]

@!attribute [rw] region

The Region from which the finding was generated.
@return [Array<Types::StringFilter>]

@!attribute [rw] type

A finding type in the format of `namespace/category/classifier` that
classifies a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] first_observed_at

An ISO8601-formatted timestamp that indicates when the
security-findings provider first observed the potential security
issue that a finding captured.
@return [Array<Types::DateFilter>]

@!attribute [rw] last_observed_at

An ISO8601-formatted timestamp that indicates when the
security-findings provider most recently observed the potential
security issue that a finding captured.
@return [Array<Types::DateFilter>]

@!attribute [rw] created_at

An ISO8601-formatted timestamp that indicates when the
security-findings provider captured the potential security issue
that a finding captured.
@return [Array<Types::DateFilter>]

@!attribute [rw] updated_at

An ISO8601-formatted timestamp that indicates when the
security-findings provider last updated the finding record.
@return [Array<Types::DateFilter>]

@!attribute [rw] severity_product

The native severity as defined by the security-findings provider's
solution that generated the finding.
@return [Array<Types::NumberFilter>]

@!attribute [rw] severity_normalized

The normalized severity of a finding.
@return [Array<Types::NumberFilter>]

@!attribute [rw] severity_label

The label of a finding's severity.
@return [Array<Types::StringFilter>]

@!attribute [rw] confidence

A finding's confidence. Confidence is defined as the likelihood
that a finding accurately identifies the behavior or issue that it
was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0
means zero percent confidence and 100 means 100 percent confidence.
@return [Array<Types::NumberFilter>]

@!attribute [rw] criticality

The level of importance assigned to the resources associated with
the finding.

A score of 0 means that the underlying resources have no
criticality, and a score of 100 is reserved for the most critical
resources.
@return [Array<Types::NumberFilter>]

@!attribute [rw] title

A finding's title.
@return [Array<Types::StringFilter>]

@!attribute [rw] description

A finding's description.
@return [Array<Types::StringFilter>]

@!attribute [rw] recommendation_text

The recommendation of what to do about the issue described in a
finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] source_url

A URL that links to a page about the current finding in the
security-findings provider's solution.
@return [Array<Types::StringFilter>]

@!attribute [rw] product_fields

A data type where security-findings providers can include additional
solution-specific details that aren't part of the defined
`AwsSecurityFinding` format.
@return [Array<Types::MapFilter>]

@!attribute [rw] product_name

The name of the solution (product) that generates findings.

Note that this is a filter against the `aws/securityhub/ProductName`
field in `ProductFields`. It is not a filter for the top-level
`ProductName` field.
@return [Array<Types::StringFilter>]

@!attribute [rw] company_name

The name of the findings provider (company) that owns the solution
(product) that generates findings.

Note that this is a filter against the `aws/securityhub/CompanyName`
field in `ProductFields`. It is not a filter for the top-level
`CompanyName` field.
@return [Array<Types::StringFilter>]

@!attribute [rw] user_defined_fields

A list of name/value string pairs associated with the finding. These
are custom, user-defined fields added to a finding.
@return [Array<Types::MapFilter>]

@!attribute [rw] malware_name

The name of the malware that was observed.
@return [Array<Types::StringFilter>]

@!attribute [rw] malware_type

The type of the malware that was observed.
@return [Array<Types::StringFilter>]

@!attribute [rw] malware_path

The filesystem path of the malware that was observed.
@return [Array<Types::StringFilter>]

@!attribute [rw] malware_state

The state of the malware that was observed.
@return [Array<Types::StringFilter>]

@!attribute [rw] network_direction

Indicates the direction of network traffic associated with a
finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] network_protocol

The protocol of network-related information about a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] network_source_ip_v4

The source IPv4 address of network-related information about a
finding.
@return [Array<Types::IpFilter>]

@!attribute [rw] network_source_ip_v6

The source IPv6 address of network-related information about a
finding.
@return [Array<Types::IpFilter>]

@!attribute [rw] network_source_port

The source port of network-related information about a finding.
@return [Array<Types::NumberFilter>]

@!attribute [rw] network_source_domain

The source domain of network-related information about a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] network_source_mac

The source media access control (MAC) address of network-related
information about a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] network_destination_ip_v4

The destination IPv4 address of network-related information about a
finding.
@return [Array<Types::IpFilter>]

@!attribute [rw] network_destination_ip_v6

The destination IPv6 address of network-related information about a
finding.
@return [Array<Types::IpFilter>]

@!attribute [rw] network_destination_port

The destination port of network-related information about a finding.
@return [Array<Types::NumberFilter>]

@!attribute [rw] network_destination_domain

The destination domain of network-related information about a
finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] process_name

The name of the process.
@return [Array<Types::StringFilter>]

@!attribute [rw] process_path

The path to the process executable.
@return [Array<Types::StringFilter>]

@!attribute [rw] process_pid

The process ID.
@return [Array<Types::NumberFilter>]

@!attribute [rw] process_parent_pid

The parent process ID.
@return [Array<Types::NumberFilter>]

@!attribute [rw] process_launched_at

The date/time that the process was launched.
@return [Array<Types::DateFilter>]

@!attribute [rw] process_terminated_at

The date/time that the process was terminated.
@return [Array<Types::DateFilter>]

@!attribute [rw] threat_intel_indicator_type

The type of a threat intelligence indicator.
@return [Array<Types::StringFilter>]

@!attribute [rw] threat_intel_indicator_value

The value of a threat intelligence indicator.
@return [Array<Types::StringFilter>]

@!attribute [rw] threat_intel_indicator_category

The category of a threat intelligence indicator.
@return [Array<Types::StringFilter>]

@!attribute [rw] threat_intel_indicator_last_observed_at

The date/time of the last observation of a threat intelligence
indicator.
@return [Array<Types::DateFilter>]

@!attribute [rw] threat_intel_indicator_source

The source of the threat intelligence.
@return [Array<Types::StringFilter>]

@!attribute [rw] threat_intel_indicator_source_url

The URL for more details from the source of the threat intelligence.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_type

Specifies the type of the resource that details are provided for.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_id

The canonical identifier for the given resource type.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_partition

The canonical Amazon Web Services partition name that the Region is
assigned to.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_region

The canonical Amazon Web Services external Region name where this
resource is located.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_tags

A list of Amazon Web Services tags associated with a resource at the
time the finding was processed.
@return [Array<Types::MapFilter>]

@!attribute [rw] resource_aws_ec2_instance_type

The instance type of the instance.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_ec2_instance_image_id

The Amazon Machine Image (AMI) ID of the instance.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_ec2_instance_ip_v4_addresses

The IPv4 addresses associated with the instance.
@return [Array<Types::IpFilter>]

@!attribute [rw] resource_aws_ec2_instance_ip_v6_addresses

The IPv6 addresses associated with the instance.
@return [Array<Types::IpFilter>]

@!attribute [rw] resource_aws_ec2_instance_key_name

The key name associated with the instance.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_ec2_instance_iam_instance_profile_arn

The IAM profile ARN of the instance.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_ec2_instance_vpc_id

The identifier of the VPC that the instance was launched in.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_ec2_instance_subnet_id

The identifier of the subnet that the instance was launched in.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_ec2_instance_launched_at

The date and time the instance was launched.
@return [Array<Types::DateFilter>]

@!attribute [rw] resource_aws_s3_bucket_owner_id

The canonical user ID of the owner of the S3 bucket.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_s3_bucket_owner_name

The display name of the owner of the S3 bucket.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_iam_access_key_user_name

The user associated with the IAM access key related to a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_iam_access_key_principal_name

The name of the principal that is associated with an IAM access key.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_iam_access_key_status

The status of the IAM access key related to a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_aws_iam_access_key_created_at

The creation date/time of the IAM access key related to a finding.
@return [Array<Types::DateFilter>]

@!attribute [rw] resource_aws_iam_user_user_name

The name of an IAM user.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_container_name

The name of the container related to a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_container_image_id

The identifier of the image related to a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_container_image_name

The name of the image related to a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] resource_container_launched_at

The date/time that the container was started.
@return [Array<Types::DateFilter>]

@!attribute [rw] resource_details_other

The details of a resource that doesn't have a specific subfield for
the resource type defined.
@return [Array<Types::MapFilter>]

@!attribute [rw] compliance_status

Exclusive to findings that are generated as the result of a check
run against a specific rule in a supported standard, such as CIS
Amazon Web Services Foundations. Contains security standard-related
finding details.
@return [Array<Types::StringFilter>]

@!attribute [rw] verification_state

The veracity of a finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] workflow_state

The workflow state of a finding.

Note that this field is deprecated. To search for a finding based on
its workflow status, use `WorkflowStatus`.
@return [Array<Types::StringFilter>]

@!attribute [rw] workflow_status

The status of the investigation into a finding. Allowed values are
the following.

* `NEW` - The initial state of a finding, before it is reviewed.

  Security Hub also resets the workflow status from `NOTIFIED` or
  `RESOLVED` to `NEW` in the following cases:

  * The record state changes from `ARCHIVED` to `ACTIVE`.

  * The compliance status changes from `PASSED` to either `WARNING`,
    `FAILED`, or `NOT_AVAILABLE`.

* `NOTIFIED` - Indicates that the resource owner has been notified
  about the security issue. Used when the initial reviewer is not
  the resource owner, and needs intervention from the resource
  owner.

* `SUPPRESSED` - The finding will not be reviewed again and will not
  be acted upon.

* `RESOLVED` - The finding was reviewed and remediated and is now
  considered resolved.
@return [Array<Types::StringFilter>]

@!attribute [rw] record_state

The updated record state for the finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] related_findings_product_arn

The ARN of the solution that generated a related finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] related_findings_id

The solution-generated identifier for a related finding.
@return [Array<Types::StringFilter>]

@!attribute [rw] note_text

The text of a note.
@return [Array<Types::StringFilter>]

@!attribute [rw] note_updated_at

The timestamp of when the note was updated.
@return [Array<Types::DateFilter>]

@!attribute [rw] note_updated_by

The principal that created a note.
@return [Array<Types::StringFilter>]

@!attribute [rw] keyword

A keyword for a finding.
@return [Array<Types::KeywordFilter>]

@!attribute [rw] finding_provider_fields_confidence

The finding provider value for the finding confidence. Confidence is
defined as the likelihood that a finding accurately identifies the
behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0
means zero percent confidence and 100 means 100 percent confidence.
@return [Array<Types::NumberFilter>]

@!attribute [rw] finding_provider_fields_criticality

The finding provider value for the level of importance assigned to
the resources associated with the findings.

A score of 0 means that the underlying resources have no
criticality, and a score of 100 is reserved for the most critical
resources.
@return [Array<Types::NumberFilter>]

@!attribute [rw] finding_provider_fields_related_findings_id

The finding identifier of a related finding that is identified by
the finding provider.
@return [Array<Types::StringFilter>]

@!attribute [rw] finding_provider_fields_related_findings_product_arn

The ARN of the solution that generated a related finding that is
identified by the finding provider.
@return [Array<Types::StringFilter>]

@!attribute [rw] finding_provider_fields_severity_label

The finding provider value for the severity label.
@return [Array<Types::StringFilter>]

@!attribute [rw] finding_provider_fields_severity_original

The finding provider's original value for the severity.
@return [Array<Types::StringFilter>]

@!attribute [rw] finding_provider_fields_types

One or more finding types that the finding provider assigned to the
finding. Uses the format of `namespace/category/classifier` that
classify a finding.

Valid namespace values are: Software and Configuration Checks \|
TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
Identifications
@return [Array<Types::StringFilter>]

@see docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation

Constants

SENSITIVE