class Aws::SecurityHub::Types::CreateInsightRequest
@note When making an API call, you may pass CreateInsightRequest
data as a hash: { name: "NonEmptyString", # required filters: { # required product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], aws_account_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], generator_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], region: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], first_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], last_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], created_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], updated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], severity_product: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], severity_normalized: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], severity_label: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], confidence: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], criticality: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], title: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], description: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], recommendation_text: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], source_url: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], product_fields: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], product_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], company_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], user_defined_fields: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], malware_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_path: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_direction: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_protocol: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_source_ip_v4: [ { cidr: "NonEmptyString", }, ], network_source_ip_v6: [ { cidr: "NonEmptyString", }, ], network_source_port: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], network_source_domain: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_source_mac: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_destination_ip_v4: [ { cidr: "NonEmptyString", }, ], network_destination_ip_v6: [ { cidr: "NonEmptyString", }, ], network_destination_port: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], network_destination_domain: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_path: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_pid: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], process_parent_pid: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], process_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], process_terminated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], threat_intel_indicator_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_value: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_category: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_last_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], threat_intel_indicator_source: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_source_url: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_partition: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_region: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_tags: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], resource_aws_ec2_instance_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_image_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_ip_v4_addresses: [ { cidr: "NonEmptyString", }, ], resource_aws_ec2_instance_ip_v6_addresses: [ { cidr: "NonEmptyString", }, ], resource_aws_ec2_instance_key_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_iam_instance_profile_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_vpc_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_subnet_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_aws_s3_bucket_owner_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_s3_bucket_owner_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_user_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_principal_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_created_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_aws_iam_user_user_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_image_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_image_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_details_other: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], compliance_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], verification_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], workflow_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], workflow_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], record_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], related_findings_product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], related_findings_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], note_text: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], note_updated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], note_updated_by: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], keyword: [ { value: "NonEmptyString", }, ], finding_provider_fields_confidence: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], finding_provider_fields_criticality: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], finding_provider_fields_related_findings_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_related_findings_product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_severity_label: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_severity_original: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_types: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], }, group_by_attribute: "NonEmptyString", # required }
@!attribute [rw] name
The name of the custom insight to create. @return [String]
@!attribute [rw] filters
One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters. @return [Types::AwsSecurityFindingFilters]
@!attribute [rw] group_by_attribute
The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers. @return [String]
@see docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation
Constants
- SENSITIVE