1. Packages
  2. AWS Native
  3. API Docs
  4. securityhub
  5. AutomationRule

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

aws-native.securityhub.AutomationRule

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

    The AWS::SecurityHub::AutomationRule resource specifies an automation rule based on input parameters. For more information, see Automation rules in the User Guide.

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
        {
            RuleName = "Example rule name",
            RuleOrder = 5,
            Description = "Example rule description.",
            IsTerminal = false,
            RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
            Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
            {
                ProductName = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "GuardDuty",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "SecurityHub",
                    },
                },
                CompanyName = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "AWS",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "Private",
                    },
                },
                ProductArn = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
                    },
                },
                AwsAccountId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "123456789012",
                    },
                },
                Id = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-finding-id",
                    },
                },
                GeneratorId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-generator-id",
                    },
                },
                Type = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "type-1",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "type-2",
                    },
                },
                Description = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "description1",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "description2",
                    },
                },
                SourceUrl = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "https",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "ftp",
                    },
                },
                Title = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "title-1",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "title-2",
                    },
                },
                SeverityLabel = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "LOW",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "HIGH",
                    },
                },
                ResourceType = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "AwsEc2Instance",
                    },
                },
                ResourcePartition = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "aws",
                    },
                },
                ResourceId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "i-1234567890",
                    },
                },
                ResourceRegion = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "us-west",
                    },
                },
                ComplianceStatus = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "FAILED",
                    },
                },
                ComplianceSecurityControlId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "EC2.3",
                    },
                },
                ComplianceAssociatedStandardsId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                    },
                },
                VerificationState = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "BENIGN_POSITIVE",
                    },
                },
                RecordState = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "ACTIVE",
                    },
                },
                RelatedFindingsProductArn = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
                    },
                },
                RelatedFindingsId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-finding-id-2",
                    },
                },
                NoteText = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-note-text",
                    },
                },
                NoteUpdatedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                NoteUpdatedBy = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "sechub",
                    },
                },
                WorkflowStatus = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "NEW",
                    },
                },
                FirstObservedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                LastObservedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                CreatedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                UpdatedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        Start = "2023-04-25T17:05:54.832Z",
                        End = "2023-05-25T17:05:54.832Z",
                    },
                },
                ResourceTags = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "department",
                        Value = "security",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "department",
                        Value = "operations",
                    },
                },
                UserDefinedFields = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                        Key = "key1",
                        Value = "security",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                        Key = "key2",
                        Value = "operations",
                    },
                },
                ResourceDetailsOther = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "area",
                        Value = "na",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "department",
                        Value = "sales",
                    },
                },
                Confidence = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                    {
                        Gte = 50,
                        Lte = 95,
                    },
                },
                Criticality = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                    {
                        Gte = 50,
                        Lte = 95,
                    },
                },
            },
            Actions = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
                {
                    Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
                    FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
                    {
                        Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
                        {
                            Product = 50,
                            Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
                            Normalized = 60,
                        },
                        Types = new[]
                        {
                            "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                            "Industry Compliance",
                        },
                        Confidence = 98,
                        Criticality = 95,
                        UserDefinedFields = 
                        {
                            { "key1", "value1" },
                            { "key2", "value2" },
                        },
                        RelatedFindings = new[]
                        {
                            new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                            {
                                ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                                Id = "sample-finding-id-1",
                            },
                            new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                            {
                                ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                                Id = "sample-finding-id-2",
                            },
                        },
                        Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
                        {
                            Text = "sample-note-text",
                            UpdatedBy = "sechub",
                        },
                        VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
                        Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
                        {
                            Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
                        },
                    },
                },
            },
            Tags = 
            {
                { "sampleTag", "sampleValue" },
                { "organizationUnit", "pnw" },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
    			RuleName:    pulumi.String("Example rule name"),
    			RuleOrder:   pulumi.Int(5),
    			Description: pulumi.String("Example rule description."),
    			IsTerminal:  pulumi.Bool(false),
    			RuleStatus:  securityhub.AutomationRuleRuleStatusEnabled,
    			Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
    				ProductName: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("GuardDuty"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("SecurityHub"),
    					},
    				},
    				CompanyName: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("AWS"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("Private"),
    					},
    				},
    				ProductArn: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
    					},
    				},
    				AwsAccountId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("123456789012"),
    					},
    				},
    				Id: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-finding-id"),
    					},
    				},
    				GeneratorId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-generator-id"),
    					},
    				},
    				Type: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("type-1"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("type-2"),
    					},
    				},
    				Description: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("description1"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("description2"),
    					},
    				},
    				SourceUrl: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("https"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("ftp"),
    					},
    				},
    				Title: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("title-1"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("title-2"),
    					},
    				},
    				SeverityLabel: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("LOW"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("HIGH"),
    					},
    				},
    				ResourceType: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("AwsEc2Instance"),
    					},
    				},
    				ResourcePartition: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("aws"),
    					},
    				},
    				ResourceId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("i-1234567890"),
    					},
    				},
    				ResourceRegion: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("us-west"),
    					},
    				},
    				ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("FAILED"),
    					},
    				},
    				ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("EC2.3"),
    					},
    				},
    				ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
    					},
    				},
    				VerificationState: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("BENIGN_POSITIVE"),
    					},
    				},
    				RecordState: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("ACTIVE"),
    					},
    				},
    				RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
    					},
    				},
    				RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-finding-id-2"),
    					},
    				},
    				NoteText: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-note-text"),
    					},
    				},
    				NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("sechub"),
    					},
    				},
    				WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("NEW"),
    					},
    				},
    				FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				LastObservedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				CreatedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				UpdatedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						Start: pulumi.String("2023-04-25T17:05:54.832Z"),
    						End:   pulumi.String("2023-05-25T17:05:54.832Z"),
    					},
    				},
    				ResourceTags: securityhub.AutomationRuleMapFilterArray{
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("department"),
    						Value:      pulumi.String("security"),
    					},
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("department"),
    						Value:      pulumi.String("operations"),
    					},
    				},
    				UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
    						Key:        pulumi.String("key1"),
    						Value:      pulumi.String("security"),
    					},
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
    						Key:        pulumi.String("key2"),
    						Value:      pulumi.String("operations"),
    					},
    				},
    				ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("area"),
    						Value:      pulumi.String("na"),
    					},
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("department"),
    						Value:      pulumi.String("sales"),
    					},
    				},
    				Confidence: securityhub.AutomationRuleNumberFilterArray{
    					&securityhub.AutomationRuleNumberFilterArgs{
    						Gte: pulumi.Float64(50),
    						Lte: pulumi.Float64(95),
    					},
    				},
    				Criticality: securityhub.AutomationRuleNumberFilterArray{
    					&securityhub.AutomationRuleNumberFilterArgs{
    						Gte: pulumi.Float64(50),
    						Lte: pulumi.Float64(95),
    					},
    				},
    			},
    			Actions: securityhub.AutomationRulesActionArray{
    				&securityhub.AutomationRulesActionArgs{
    					Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
    					FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
    						Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
    							Product:    pulumi.Float64(50),
    							Label:      securityhub.AutomationRuleSeverityUpdateLabelMedium,
    							Normalized: pulumi.Int(60),
    						},
    						Types: pulumi.StringArray{
    							pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
    							pulumi.String("Industry Compliance"),
    						},
    						Confidence:  pulumi.Int(98),
    						Criticality: pulumi.Int(95),
    						UserDefinedFields: pulumi.StringMap{
    							"key1": pulumi.String("value1"),
    							"key2": pulumi.String("value2"),
    						},
    						RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
    							&securityhub.AutomationRuleRelatedFindingArgs{
    								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
    								Id:         pulumi.String("sample-finding-id-1"),
    							},
    							&securityhub.AutomationRuleRelatedFindingArgs{
    								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
    								Id:         pulumi.String("sample-finding-id-2"),
    							},
    						},
    						Note: &securityhub.AutomationRuleNoteUpdateArgs{
    							Text:      pulumi.String("sample-note-text"),
    							UpdatedBy: pulumi.String("sechub"),
    						},
    						VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
    						Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
    							Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
    						},
    					},
    				},
    			},
    			Tags: pulumi.StringMap{
    				"sampleTag":        pulumi.String("sampleValue"),
    				"organizationUnit": pulumi.String("pnw"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
        rule_name="Example rule name",
        rule_order=5,
        description="Example rule description.",
        is_terminal=False,
        rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
        criteria=aws_native.securityhub.AutomationRulesFindingFiltersArgs(
            product_name=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="GuardDuty",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="SecurityHub",
                ),
            ],
            company_name=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="AWS",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="Private",
                ),
            ],
            product_arn=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="arn:aws:securityhub:us-west-2:123456789012:product/aws",
                ),
            ],
            aws_account_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="123456789012",
            )],
            id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-finding-id",
            )],
            generator_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-generator-id",
            )],
            type=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="type-1",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="type-2",
                ),
            ],
            description=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="description1",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="description2",
                ),
            ],
            source_url=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="https",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="ftp",
                ),
            ],
            title=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="title-1",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="title-2",
                ),
            ],
            severity_label=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="LOW",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="HIGH",
                ),
            ],
            resource_type=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="AwsEc2Instance",
            )],
            resource_partition=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="aws",
            )],
            resource_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="i-1234567890",
            )],
            resource_region=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="us-west",
            )],
            compliance_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="FAILED",
            )],
            compliance_security_control_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="EC2.3",
            )],
            compliance_associated_standards_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            )],
            verification_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="BENIGN_POSITIVE",
            )],
            record_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="ACTIVE",
            )],
            related_findings_product_arn=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="arn:aws:securityhub:eu-central-1::product/aws/securityhub",
            )],
            related_findings_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-finding-id-2",
            )],
            note_text=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-note-text",
            )],
            note_updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            note_updated_by=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="sechub",
            )],
            workflow_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="NEW",
            )],
            first_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            last_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            created_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                start="2023-04-25T17:05:54.832Z",
                end="2023-05-25T17:05:54.832Z",
            )],
            resource_tags=[
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="department",
                    value="security",
                ),
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="department",
                    value="operations",
                ),
            ],
            user_defined_fields=[
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                    key="key1",
                    value="security",
                ),
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                    key="key2",
                    value="operations",
                ),
            ],
            resource_details_other=[
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="area",
                    value="na",
                ),
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="department",
                    value="sales",
                ),
            ],
            confidence=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
                gte=50,
                lte=95,
            )],
            criticality=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
                gte=50,
                lte=95,
            )],
        ),
        actions=[aws_native.securityhub.AutomationRulesActionArgs(
            type=aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
            finding_fields_update=aws_native.securityhub.AutomationRulesFindingFieldsUpdateArgs(
                severity=aws_native.securityhub.AutomationRuleSeverityUpdateArgs(
                    product=50,
                    label=aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
                    normalized=60,
                ),
                types=[
                    "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                    "Industry Compliance",
                ],
                confidence=98,
                criticality=95,
                user_defined_fields={
                    "key1": "value1",
                    "key2": "value2",
                },
                related_findings=[
                    aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                        product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id="sample-finding-id-1",
                    ),
                    aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                        product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id="sample-finding-id-2",
                    ),
                ],
                note=aws_native.securityhub.AutomationRuleNoteUpdateArgs(
                    text="sample-note-text",
                    updated_by="sechub",
                ),
                verification_state=aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
                workflow=aws_native.securityhub.AutomationRuleWorkflowUpdateArgs(
                    status=aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
                ),
            ),
        )],
        tags={
            "sampleTag": "sampleValue",
            "organizationUnit": "pnw",
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
        ruleName: "Example rule name",
        ruleOrder: 5,
        description: "Example rule description.",
        isTerminal: false,
        ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
        criteria: {
            productName: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "GuardDuty",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "SecurityHub",
                },
            ],
            companyName: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "AWS",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "Private",
                },
            ],
            productArn: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
                },
            ],
            awsAccountId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "123456789012",
            }],
            id: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-finding-id",
            }],
            generatorId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-generator-id",
            }],
            type: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "type-1",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "type-2",
                },
            ],
            description: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "description1",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "description2",
                },
            ],
            sourceUrl: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "https",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "ftp",
                },
            ],
            title: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "title-1",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "title-2",
                },
            ],
            severityLabel: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "LOW",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "HIGH",
                },
            ],
            resourceType: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "AwsEc2Instance",
            }],
            resourcePartition: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "aws",
            }],
            resourceId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "i-1234567890",
            }],
            resourceRegion: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "us-west",
            }],
            complianceStatus: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "FAILED",
            }],
            complianceSecurityControlId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "EC2.3",
            }],
            complianceAssociatedStandardsId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            }],
            verificationState: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "BENIGN_POSITIVE",
            }],
            recordState: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "ACTIVE",
            }],
            relatedFindingsProductArn: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
            }],
            relatedFindingsId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-finding-id-2",
            }],
            noteText: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-note-text",
            }],
            noteUpdatedAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            noteUpdatedBy: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "sechub",
            }],
            workflowStatus: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "NEW",
            }],
            firstObservedAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            lastObservedAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            createdAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            updatedAt: [{
                start: "2023-04-25T17:05:54.832Z",
                end: "2023-05-25T17:05:54.832Z",
            }],
            resourceTags: [
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "department",
                    value: "security",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "department",
                    value: "operations",
                },
            ],
            userDefinedFields: [
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                    key: "key1",
                    value: "security",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                    key: "key2",
                    value: "operations",
                },
            ],
            resourceDetailsOther: [
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "area",
                    value: "na",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "department",
                    value: "sales",
                },
            ],
            confidence: [{
                gte: 50,
                lte: 95,
            }],
            criticality: [{
                gte: 50,
                lte: 95,
            }],
        },
        actions: [{
            type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
            findingFieldsUpdate: {
                severity: {
                    product: 50,
                    label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
                    normalized: 60,
                },
                types: [
                    "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                    "Industry Compliance",
                ],
                confidence: 98,
                criticality: 95,
                userDefinedFields: {
                    key1: "value1",
                    key2: "value2",
                },
                relatedFindings: [
                    {
                        productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id: "sample-finding-id-1",
                    },
                    {
                        productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id: "sample-finding-id-2",
                    },
                ],
                note: {
                    text: "sample-note-text",
                    updatedBy: "sechub",
                },
                verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
                workflow: {
                    status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
                },
            },
        }],
        tags: {
            sampleTag: "sampleValue",
            organizationUnit: "pnw",
        },
    });
    

    Coming soon!

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
        {
            RuleName = "Example rule name",
            RuleOrder = 5,
            Description = "Example rule description.",
            IsTerminal = false,
            RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
            Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
            {
                ProductName = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "GuardDuty",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "SecurityHub",
                    },
                },
                CompanyName = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "AWS",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "Private",
                    },
                },
                ProductArn = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
                    },
                },
                AwsAccountId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "123456789012",
                    },
                },
                Id = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-finding-id",
                    },
                },
                GeneratorId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-generator-id",
                    },
                },
                Type = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "type-1",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "type-2",
                    },
                },
                Description = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "description1",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "description2",
                    },
                },
                SourceUrl = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "https",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "ftp",
                    },
                },
                Title = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "title-1",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "title-2",
                    },
                },
                SeverityLabel = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "LOW",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "HIGH",
                    },
                },
                ResourceType = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "AwsEc2Instance",
                    },
                },
                ResourcePartition = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "aws",
                    },
                },
                ResourceId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "i-1234567890",
                    },
                },
                ResourceRegion = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "us-west",
                    },
                },
                ComplianceStatus = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "FAILED",
                    },
                },
                ComplianceSecurityControlId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "EC2.3",
                    },
                },
                ComplianceAssociatedStandardsId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                    },
                },
                VerificationState = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "BENIGN_POSITIVE",
                    },
                },
                RecordState = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "ACTIVE",
                    },
                },
                RelatedFindingsProductArn = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
                    },
                },
                RelatedFindingsId = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-finding-id-2",
                    },
                },
                NoteText = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "example-note-text",
                    },
                },
                NoteUpdatedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                NoteUpdatedBy = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                        Value = "sechub",
                    },
                },
                WorkflowStatus = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                        Value = "NEW",
                    },
                },
                FirstObservedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                LastObservedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                CreatedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                        {
                            Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                            Value = 5,
                        },
                    },
                },
                UpdatedAt = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                    {
                        Start = "2023-04-25T17:05:54.832Z",
                        End = "2023-05-25T17:05:54.832Z",
                    },
                },
                ResourceTags = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "department",
                        Value = "security",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "department",
                        Value = "operations",
                    },
                },
                UserDefinedFields = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                        Key = "key1",
                        Value = "security",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                        Key = "key2",
                        Value = "operations",
                    },
                },
                ResourceDetailsOther = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "area",
                        Value = "na",
                    },
                    new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                    {
                        Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                        Key = "department",
                        Value = "sales",
                    },
                },
                Confidence = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                    {
                        Gte = 50,
                        Lte = 95,
                    },
                },
                Criticality = new[]
                {
                    new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                    {
                        Gte = 50,
                        Lte = 95,
                    },
                },
            },
            Actions = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
                {
                    Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
                    FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
                    {
                        Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
                        {
                            Product = 50,
                            Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
                            Normalized = 60,
                        },
                        Types = new[]
                        {
                            "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                            "Industry Compliance",
                        },
                        Confidence = 98,
                        Criticality = 95,
                        UserDefinedFields = 
                        {
                            { "key1", "value1" },
                            { "key2", "value2" },
                        },
                        RelatedFindings = new[]
                        {
                            new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                            {
                                ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                                Id = "sample-finding-id-1",
                            },
                            new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                            {
                                ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                                Id = "sample-finding-id-2",
                            },
                        },
                        Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
                        {
                            Text = "sample-note-text",
                            UpdatedBy = "sechub",
                        },
                        VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
                        Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
                        {
                            Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
                        },
                    },
                },
            },
            Tags = 
            {
                { "sampleTag", "sampleValue" },
                { "organizationUnit", "pnw" },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
    			RuleName:    pulumi.String("Example rule name"),
    			RuleOrder:   pulumi.Int(5),
    			Description: pulumi.String("Example rule description."),
    			IsTerminal:  pulumi.Bool(false),
    			RuleStatus:  securityhub.AutomationRuleRuleStatusEnabled,
    			Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
    				ProductName: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("GuardDuty"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("SecurityHub"),
    					},
    				},
    				CompanyName: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("AWS"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("Private"),
    					},
    				},
    				ProductArn: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
    					},
    				},
    				AwsAccountId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("123456789012"),
    					},
    				},
    				Id: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-finding-id"),
    					},
    				},
    				GeneratorId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-generator-id"),
    					},
    				},
    				Type: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("type-1"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("type-2"),
    					},
    				},
    				Description: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("description1"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("description2"),
    					},
    				},
    				SourceUrl: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("https"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("ftp"),
    					},
    				},
    				Title: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("title-1"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("title-2"),
    					},
    				},
    				SeverityLabel: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("LOW"),
    					},
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("HIGH"),
    					},
    				},
    				ResourceType: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("AwsEc2Instance"),
    					},
    				},
    				ResourcePartition: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("aws"),
    					},
    				},
    				ResourceId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("i-1234567890"),
    					},
    				},
    				ResourceRegion: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("us-west"),
    					},
    				},
    				ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("FAILED"),
    					},
    				},
    				ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("EC2.3"),
    					},
    				},
    				ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
    					},
    				},
    				VerificationState: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("BENIGN_POSITIVE"),
    					},
    				},
    				RecordState: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("ACTIVE"),
    					},
    				},
    				RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
    					},
    				},
    				RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-finding-id-2"),
    					},
    				},
    				NoteText: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("example-note-text"),
    					},
    				},
    				NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
    						Value:      pulumi.String("sechub"),
    					},
    				},
    				WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
    					&securityhub.AutomationRuleStringFilterArgs{
    						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
    						Value:      pulumi.String("NEW"),
    					},
    				},
    				FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				LastObservedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				CreatedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						DateRange: &securityhub.AutomationRuleDateRangeArgs{
    							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
    							Value: pulumi.Float64(5),
    						},
    					},
    				},
    				UpdatedAt: securityhub.AutomationRuleDateFilterArray{
    					&securityhub.AutomationRuleDateFilterArgs{
    						Start: pulumi.String("2023-04-25T17:05:54.832Z"),
    						End:   pulumi.String("2023-05-25T17:05:54.832Z"),
    					},
    				},
    				ResourceTags: securityhub.AutomationRuleMapFilterArray{
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("department"),
    						Value:      pulumi.String("security"),
    					},
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("department"),
    						Value:      pulumi.String("operations"),
    					},
    				},
    				UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
    						Key:        pulumi.String("key1"),
    						Value:      pulumi.String("security"),
    					},
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
    						Key:        pulumi.String("key2"),
    						Value:      pulumi.String("operations"),
    					},
    				},
    				ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("area"),
    						Value:      pulumi.String("na"),
    					},
    					&securityhub.AutomationRuleMapFilterArgs{
    						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
    						Key:        pulumi.String("department"),
    						Value:      pulumi.String("sales"),
    					},
    				},
    				Confidence: securityhub.AutomationRuleNumberFilterArray{
    					&securityhub.AutomationRuleNumberFilterArgs{
    						Gte: pulumi.Float64(50),
    						Lte: pulumi.Float64(95),
    					},
    				},
    				Criticality: securityhub.AutomationRuleNumberFilterArray{
    					&securityhub.AutomationRuleNumberFilterArgs{
    						Gte: pulumi.Float64(50),
    						Lte: pulumi.Float64(95),
    					},
    				},
    			},
    			Actions: securityhub.AutomationRulesActionArray{
    				&securityhub.AutomationRulesActionArgs{
    					Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
    					FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
    						Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
    							Product:    pulumi.Float64(50),
    							Label:      securityhub.AutomationRuleSeverityUpdateLabelMedium,
    							Normalized: pulumi.Int(60),
    						},
    						Types: pulumi.StringArray{
    							pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
    							pulumi.String("Industry Compliance"),
    						},
    						Confidence:  pulumi.Int(98),
    						Criticality: pulumi.Int(95),
    						UserDefinedFields: pulumi.StringMap{
    							"key1": pulumi.String("value1"),
    							"key2": pulumi.String("value2"),
    						},
    						RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
    							&securityhub.AutomationRuleRelatedFindingArgs{
    								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
    								Id:         pulumi.String("sample-finding-id-1"),
    							},
    							&securityhub.AutomationRuleRelatedFindingArgs{
    								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
    								Id:         pulumi.String("sample-finding-id-2"),
    							},
    						},
    						Note: &securityhub.AutomationRuleNoteUpdateArgs{
    							Text:      pulumi.String("sample-note-text"),
    							UpdatedBy: pulumi.String("sechub"),
    						},
    						VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
    						Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
    							Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
    						},
    					},
    				},
    			},
    			Tags: pulumi.StringMap{
    				"sampleTag":        pulumi.String("sampleValue"),
    				"organizationUnit": pulumi.String("pnw"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
        rule_name="Example rule name",
        rule_order=5,
        description="Example rule description.",
        is_terminal=False,
        rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
        criteria=aws_native.securityhub.AutomationRulesFindingFiltersArgs(
            product_name=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="GuardDuty",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="SecurityHub",
                ),
            ],
            company_name=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="AWS",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="Private",
                ),
            ],
            product_arn=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="arn:aws:securityhub:us-west-2:123456789012:product/aws",
                ),
            ],
            aws_account_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="123456789012",
            )],
            id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-finding-id",
            )],
            generator_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-generator-id",
            )],
            type=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="type-1",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="type-2",
                ),
            ],
            description=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="description1",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="description2",
                ),
            ],
            source_url=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="https",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="ftp",
                ),
            ],
            title=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="title-1",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                    value="title-2",
                ),
            ],
            severity_label=[
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="LOW",
                ),
                aws_native.securityhub.AutomationRuleStringFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                    value="HIGH",
                ),
            ],
            resource_type=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="AwsEc2Instance",
            )],
            resource_partition=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="aws",
            )],
            resource_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="i-1234567890",
            )],
            resource_region=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="us-west",
            )],
            compliance_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="FAILED",
            )],
            compliance_security_control_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="EC2.3",
            )],
            compliance_associated_standards_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            )],
            verification_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="BENIGN_POSITIVE",
            )],
            record_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="ACTIVE",
            )],
            related_findings_product_arn=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="arn:aws:securityhub:eu-central-1::product/aws/securityhub",
            )],
            related_findings_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-finding-id-2",
            )],
            note_text=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="example-note-text",
            )],
            note_updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            note_updated_by=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="sechub",
            )],
            workflow_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="NEW",
            )],
            first_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            last_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            created_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                    unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                    value=5,
                ),
            )],
            updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
                start="2023-04-25T17:05:54.832Z",
                end="2023-05-25T17:05:54.832Z",
            )],
            resource_tags=[
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="department",
                    value="security",
                ),
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="department",
                    value="operations",
                ),
            ],
            user_defined_fields=[
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                    key="key1",
                    value="security",
                ),
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                    key="key2",
                    value="operations",
                ),
            ],
            resource_details_other=[
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="area",
                    value="na",
                ),
                aws_native.securityhub.AutomationRuleMapFilterArgs(
                    comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                    key="department",
                    value="sales",
                ),
            ],
            confidence=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
                gte=50,
                lte=95,
            )],
            criticality=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
                gte=50,
                lte=95,
            )],
        ),
        actions=[aws_native.securityhub.AutomationRulesActionArgs(
            type=aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
            finding_fields_update=aws_native.securityhub.AutomationRulesFindingFieldsUpdateArgs(
                severity=aws_native.securityhub.AutomationRuleSeverityUpdateArgs(
                    product=50,
                    label=aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
                    normalized=60,
                ),
                types=[
                    "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                    "Industry Compliance",
                ],
                confidence=98,
                criticality=95,
                user_defined_fields={
                    "key1": "value1",
                    "key2": "value2",
                },
                related_findings=[
                    aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                        product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id="sample-finding-id-1",
                    ),
                    aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                        product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id="sample-finding-id-2",
                    ),
                ],
                note=aws_native.securityhub.AutomationRuleNoteUpdateArgs(
                    text="sample-note-text",
                    updated_by="sechub",
                ),
                verification_state=aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
                workflow=aws_native.securityhub.AutomationRuleWorkflowUpdateArgs(
                    status=aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
                ),
            ),
        )],
        tags={
            "sampleTag": "sampleValue",
            "organizationUnit": "pnw",
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
        ruleName: "Example rule name",
        ruleOrder: 5,
        description: "Example rule description.",
        isTerminal: false,
        ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
        criteria: {
            productName: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "GuardDuty",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "SecurityHub",
                },
            ],
            companyName: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "AWS",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "Private",
                },
            ],
            productArn: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
                },
            ],
            awsAccountId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "123456789012",
            }],
            id: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-finding-id",
            }],
            generatorId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-generator-id",
            }],
            type: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "type-1",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "type-2",
                },
            ],
            description: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "description1",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "description2",
                },
            ],
            sourceUrl: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "https",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "ftp",
                },
            ],
            title: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "title-1",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                    value: "title-2",
                },
            ],
            severityLabel: [
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "LOW",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                    value: "HIGH",
                },
            ],
            resourceType: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "AwsEc2Instance",
            }],
            resourcePartition: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "aws",
            }],
            resourceId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "i-1234567890",
            }],
            resourceRegion: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "us-west",
            }],
            complianceStatus: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "FAILED",
            }],
            complianceSecurityControlId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "EC2.3",
            }],
            complianceAssociatedStandardsId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            }],
            verificationState: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "BENIGN_POSITIVE",
            }],
            recordState: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "ACTIVE",
            }],
            relatedFindingsProductArn: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
            }],
            relatedFindingsId: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-finding-id-2",
            }],
            noteText: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "example-note-text",
            }],
            noteUpdatedAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            noteUpdatedBy: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "sechub",
            }],
            workflowStatus: [{
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "NEW",
            }],
            firstObservedAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            lastObservedAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            createdAt: [{
                dateRange: {
                    unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                    value: 5,
                },
            }],
            updatedAt: [{
                start: "2023-04-25T17:05:54.832Z",
                end: "2023-05-25T17:05:54.832Z",
            }],
            resourceTags: [
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "department",
                    value: "security",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "department",
                    value: "operations",
                },
            ],
            userDefinedFields: [
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                    key: "key1",
                    value: "security",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                    key: "key2",
                    value: "operations",
                },
            ],
            resourceDetailsOther: [
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "area",
                    value: "na",
                },
                {
                    comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                    key: "department",
                    value: "sales",
                },
            ],
            confidence: [{
                gte: 50,
                lte: 95,
            }],
            criticality: [{
                gte: 50,
                lte: 95,
            }],
        },
        actions: [{
            type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
            findingFieldsUpdate: {
                severity: {
                    product: 50,
                    label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
                    normalized: 60,
                },
                types: [
                    "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                    "Industry Compliance",
                ],
                confidence: 98,
                criticality: 95,
                userDefinedFields: {
                    key1: "value1",
                    key2: "value2",
                },
                relatedFindings: [
                    {
                        productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id: "sample-finding-id-1",
                    },
                    {
                        productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                        id: "sample-finding-id-2",
                    },
                ],
                note: {
                    text: "sample-note-text",
                    updatedBy: "sechub",
                },
                verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
                workflow: {
                    status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
                },
            },
        }],
        tags: {
            sampleTag: "sampleValue",
            organizationUnit: "pnw",
        },
    });
    

    Coming soon!

    Create AutomationRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AutomationRule(name: string, args?: AutomationRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AutomationRule(resource_name: str,
                       args: Optional[AutomationRuleArgs] = None,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def AutomationRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       actions: Optional[Sequence[AutomationRulesActionArgs]] = None,
                       criteria: Optional[AutomationRulesFindingFiltersArgs] = None,
                       description: Optional[str] = None,
                       is_terminal: Optional[bool] = None,
                       rule_name: Optional[str] = None,
                       rule_order: Optional[int] = None,
                       rule_status: Optional[AutomationRuleRuleStatus] = None,
                       tags: Optional[Mapping[str, str]] = None)
    func NewAutomationRule(ctx *Context, name string, args *AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
    public AutomationRule(string name, AutomationRuleArgs? args = null, CustomResourceOptions? opts = null)
    public AutomationRule(String name, AutomationRuleArgs args)
    public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
    
    type: aws-native:securityhub:AutomationRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AutomationRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AutomationRule resource accepts the following input properties:

    Actions List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesAction>
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    Criteria Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    Description string
    A description of the rule.
    IsTerminal bool
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    RuleName string
    The name of the rule.
    RuleOrder int
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    RuleStatus Pulumi.AwsNative.SecurityHub.AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    Tags Dictionary<string, string>
    User-defined tags associated with an automation rule.
    Actions []AutomationRulesActionArgs
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    Criteria AutomationRulesFindingFiltersArgs
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    Description string
    A description of the rule.
    IsTerminal bool
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    RuleName string
    The name of the rule.
    RuleOrder int
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    RuleStatus AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    Tags map[string]string
    User-defined tags associated with an automation rule.
    actions List<AutomationRulesAction>
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    criteria AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description String
    A description of the rule.
    isTerminal Boolean
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    ruleName String
    The name of the rule.
    ruleOrder Integer
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    ruleStatus AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags Map<String,String>
    User-defined tags associated with an automation rule.
    actions AutomationRulesAction[]
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    criteria AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description string
    A description of the rule.
    isTerminal boolean
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    ruleName string
    The name of the rule.
    ruleOrder number
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    ruleStatus AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags {[key: string]: string}
    User-defined tags associated with an automation rule.
    actions Sequence[AutomationRulesActionArgs]
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    criteria AutomationRulesFindingFiltersArgs
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description str
    A description of the rule.
    is_terminal bool
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    rule_name str
    The name of the rule.
    rule_order int
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    rule_status AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags Mapping[str, str]
    User-defined tags associated with an automation rule.
    actions List<Property Map>
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    criteria Property Map
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description String
    A description of the rule.
    isTerminal Boolean
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    ruleName String
    The name of the rule.
    ruleOrder Number
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    ruleStatus "ENABLED" | "DISABLED"
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags Map<String>
    User-defined tags associated with an automation rule.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

    CreatedAt string

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    CreatedBy string
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    UpdatedAt string

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    CreatedAt string

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    CreatedBy string
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    UpdatedAt string

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdAt String

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdBy String
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    id String
    The provider-assigned unique ID for this managed resource.
    ruleArn String
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    updatedAt String

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdAt string

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdBy string
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    id string
    The provider-assigned unique ID for this managed resource.
    ruleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    updatedAt string

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    created_at str

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    created_by str
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    id str
    The provider-assigned unique ID for this managed resource.
    rule_arn str
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    updated_at str

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdAt String

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdBy String
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    id String
    The provider-assigned unique ID for this managed resource.
    ruleArn String
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    updatedAt String

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    Supporting Types

    AutomationRuleDateFilter, AutomationRuleDateFilterArgs

    DateRange Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateRange
    A date range for the date filter.
    End string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    Start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    DateRange AutomationRuleDateRange
    A date range for the date filter.
    End string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    Start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange AutomationRuleDateRange
    A date range for the date filter.
    end String

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start String

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange AutomationRuleDateRange
    A date range for the date filter.
    end string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    date_range AutomationRuleDateRange
    A date range for the date filter.
    end str

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start str

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange Property Map
    A date range for the date filter.
    end String

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start String

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    AutomationRuleDateRange, AutomationRuleDateRangeArgs

    Unit Pulumi.AwsNative.SecurityHub.AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    Value double
    A date range value for the date filter.
    Unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    Value float64
    A date range value for the date filter.
    unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    value Double
    A date range value for the date filter.
    unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    value number
    A date range value for the date filter.
    unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    value float
    A date range value for the date filter.
    unit "DAYS"
    A date range unit for the date filter.
    value Number
    A date range value for the date filter.

    AutomationRuleDateRangeUnit, AutomationRuleDateRangeUnitArgs

    Days
    DAYS
    AutomationRuleDateRangeUnitDays
    DAYS
    Days
    DAYS
    Days
    DAYS
    DAYS
    DAYS
    "DAYS"
    DAYS

    AutomationRuleMapFilter, AutomationRuleMapFilterArgs

    Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    Value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    Comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    Value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key String
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value String
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key str
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value str
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key String
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value String
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.

    AutomationRuleMapFilterComparison, AutomationRuleMapFilterComparisonArgs

    EqualsValue
    EQUALS
    NotEquals
    NOT_EQUALS
    Contains
    CONTAINS
    NotContains
    NOT_CONTAINS
    AutomationRuleMapFilterComparisonEquals
    EQUALS
    AutomationRuleMapFilterComparisonNotEquals
    NOT_EQUALS
    AutomationRuleMapFilterComparisonContains
    CONTAINS
    AutomationRuleMapFilterComparisonNotContains
    NOT_CONTAINS
    Equals
    EQUALS
    NotEquals
    NOT_EQUALS
    Contains
    CONTAINS
    NotContains
    NOT_CONTAINS
    Equals
    EQUALS
    NotEquals
    NOT_EQUALS
    Contains
    CONTAINS
    NotContains
    NOT_CONTAINS
    EQUALS
    EQUALS
    NOT_EQUALS
    NOT_EQUALS
    CONTAINS
    CONTAINS
    NOT_CONTAINS
    NOT_CONTAINS
    "EQUALS"
    EQUALS
    "NOT_EQUALS"
    NOT_EQUALS
    "CONTAINS"
    CONTAINS
    "NOT_CONTAINS"
    NOT_CONTAINS

    AutomationRuleNoteUpdate, AutomationRuleNoteUpdateArgs

    Text string
    The updated note text.
    UpdatedBy string
    The principal that updated the note.
    Text string
    The updated note text.
    UpdatedBy string
    The principal that updated the note.
    text String
    The updated note text.
    updatedBy String
    The principal that updated the note.
    text string
    The updated note text.
    updatedBy string
    The principal that updated the note.
    text str
    The updated note text.
    updated_by str
    The principal that updated the note.
    text String
    The updated note text.
    updatedBy String
    The principal that updated the note.

    AutomationRuleNumberFilter, AutomationRuleNumberFilterArgs

    Eq double
    The equal-to condition to be applied to a single field when querying for findings.
    Gte double
    The greater-than-equal condition to be applied to a single field when querying for findings.
    Lte double
    The less-than-equal condition to be applied to a single field when querying for findings.
    Eq float64
    The equal-to condition to be applied to a single field when querying for findings.
    Gte float64
    The greater-than-equal condition to be applied to a single field when querying for findings.
    Lte float64
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq Double
    The equal-to condition to be applied to a single field when querying for findings.
    gte Double
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte Double
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq number
    The equal-to condition to be applied to a single field when querying for findings.
    gte number
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte number
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq float
    The equal-to condition to be applied to a single field when querying for findings.
    gte float
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte float
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq Number
    The equal-to condition to be applied to a single field when querying for findings.
    gte Number
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte Number
    The less-than-equal condition to be applied to a single field when querying for findings.

    AutomationRuleRelatedFinding, AutomationRuleRelatedFindingArgs

    Id string

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn string
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    Id string

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn string
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id String

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn String
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id string

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn string
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id str

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    product_arn str
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id String

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn String
    The Amazon Resource Name (ARN) for the product that generated a related finding.

    AutomationRuleRuleStatus, AutomationRuleRuleStatusArgs

    Enabled
    ENABLED
    Disabled
    DISABLED
    AutomationRuleRuleStatusEnabled
    ENABLED
    AutomationRuleRuleStatusDisabled
    DISABLED
    Enabled
    ENABLED
    Disabled
    DISABLED
    Enabled
    ENABLED
    Disabled
    DISABLED
    ENABLED
    ENABLED
    DISABLED
    DISABLED
    "ENABLED"
    ENABLED
    "DISABLED"
    DISABLED

    AutomationRuleSeverityUpdate, AutomationRuleSeverityUpdateArgs

    Label Pulumi.AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    Normalized int

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    Product double
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    Label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    Normalized int

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    Product float64
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized Integer

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product Double
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized number

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product number
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized int

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product float
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized Number

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product Number
    The native severity as defined by the AWS service or integrated partner product that generated the finding.

    AutomationRuleSeverityUpdateLabel, AutomationRuleSeverityUpdateLabelArgs

    Informational
    INFORMATIONAL
    Low
    LOW
    Medium
    MEDIUM
    High
    HIGH
    Critical
    CRITICAL
    AutomationRuleSeverityUpdateLabelInformational
    INFORMATIONAL
    AutomationRuleSeverityUpdateLabelLow
    LOW
    AutomationRuleSeverityUpdateLabelMedium
    MEDIUM
    AutomationRuleSeverityUpdateLabelHigh
    HIGH
    AutomationRuleSeverityUpdateLabelCritical
    CRITICAL
    Informational
    INFORMATIONAL
    Low
    LOW
    Medium
    MEDIUM
    High
    HIGH
    Critical
    CRITICAL
    Informational
    INFORMATIONAL
    Low
    LOW
    Medium
    MEDIUM
    High
    HIGH
    Critical
    CRITICAL
    INFORMATIONAL
    INFORMATIONAL
    LOW
    LOW
    MEDIUM
    MEDIUM
    HIGH
    HIGH
    CRITICAL
    CRITICAL
    "INFORMATIONAL"
    INFORMATIONAL
    "LOW"
    LOW
    "MEDIUM"
    MEDIUM
    "HIGH"
    HIGH
    "CRITICAL"
    CRITICAL

    AutomationRuleStringFilter, AutomationRuleStringFilterArgs

    Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    Comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value String
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value str
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value String
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.

    AutomationRuleStringFilterComparison, AutomationRuleStringFilterComparisonArgs

    EqualsValue
    EQUALS
    Prefix
    PREFIX
    NotEquals
    NOT_EQUALS
    PrefixNotEquals
    PREFIX_NOT_EQUALS
    Contains
    CONTAINS
    NotContains
    NOT_CONTAINS
    AutomationRuleStringFilterComparisonEquals
    EQUALS
    AutomationRuleStringFilterComparisonPrefix
    PREFIX
    AutomationRuleStringFilterComparisonNotEquals
    NOT_EQUALS
    AutomationRuleStringFilterComparisonPrefixNotEquals
    PREFIX_NOT_EQUALS
    AutomationRuleStringFilterComparisonContains
    CONTAINS
    AutomationRuleStringFilterComparisonNotContains
    NOT_CONTAINS
    Equals
    EQUALS
    Prefix
    PREFIX
    NotEquals
    NOT_EQUALS
    PrefixNotEquals
    PREFIX_NOT_EQUALS
    Contains
    CONTAINS
    NotContains
    NOT_CONTAINS
    Equals
    EQUALS
    Prefix
    PREFIX
    NotEquals
    NOT_EQUALS
    PrefixNotEquals
    PREFIX_NOT_EQUALS
    Contains
    CONTAINS
    NotContains
    NOT_CONTAINS
    EQUALS
    EQUALS
    PREFIX
    PREFIX
    NOT_EQUALS
    NOT_EQUALS
    PREFIX_NOT_EQUALS
    PREFIX_NOT_EQUALS
    CONTAINS
    CONTAINS
    NOT_CONTAINS
    NOT_CONTAINS
    "EQUALS"
    EQUALS
    "PREFIX"
    PREFIX
    "NOT_EQUALS"
    NOT_EQUALS
    "PREFIX_NOT_EQUALS"
    PREFIX_NOT_EQUALS
    "CONTAINS"
    CONTAINS
    "NOT_CONTAINS"
    NOT_CONTAINS

    AutomationRuleWorkflowUpdate, AutomationRuleWorkflowUpdateArgs

    Status Pulumi.AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    Status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status "NEW" | "NOTIFIED" | "RESOLVED" | "SUPPRESSED"

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

    AutomationRuleWorkflowUpdateStatus, AutomationRuleWorkflowUpdateStatusArgs

    New
    NEW
    Notified
    NOTIFIED
    Resolved
    RESOLVED
    Suppressed
    SUPPRESSED
    AutomationRuleWorkflowUpdateStatusNew
    NEW
    AutomationRuleWorkflowUpdateStatusNotified
    NOTIFIED
    AutomationRuleWorkflowUpdateStatusResolved
    RESOLVED
    AutomationRuleWorkflowUpdateStatusSuppressed
    SUPPRESSED
    New
    NEW
    Notified
    NOTIFIED
    Resolved
    RESOLVED
    Suppressed
    SUPPRESSED
    New
    NEW
    Notified
    NOTIFIED
    Resolved
    RESOLVED
    Suppressed
    SUPPRESSED
    NEW
    NEW
    NOTIFIED
    NOTIFIED
    RESOLVED
    RESOLVED
    SUPPRESSED
    SUPPRESSED
    "NEW"
    NEW
    "NOTIFIED"
    NOTIFIED
    "RESOLVED"
    RESOLVED
    "SUPPRESSED"
    SUPPRESSED

    AutomationRulesAction, AutomationRulesActionArgs

    FindingFieldsUpdate Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    Type Pulumi.AwsNative.SecurityHub.AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    FindingFieldsUpdate AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    Type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    findingFieldsUpdate AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    findingFieldsUpdate AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    finding_fields_update AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    findingFieldsUpdate Property Map
    Specifies that the automation rule action is an update to a finding field.
    type "FINDING_FIELDS_UPDATE"
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    AutomationRulesActionType, AutomationRulesActionTypeArgs

    FindingFieldsUpdate
    FINDING_FIELDS_UPDATE
    AutomationRulesActionTypeFindingFieldsUpdate
    FINDING_FIELDS_UPDATE
    FindingFieldsUpdate
    FINDING_FIELDS_UPDATE
    FindingFieldsUpdate
    FINDING_FIELDS_UPDATE
    FINDING_FIELDS_UPDATE
    FINDING_FIELDS_UPDATE
    "FINDING_FIELDS_UPDATE"
    FINDING_FIELDS_UPDATE

    AutomationRulesFindingFieldsUpdate, AutomationRulesFindingFieldsUpdateArgs

    Confidence int
    The rule action updates the Confidence field of a finding.
    Criticality int
    The rule action updates the Criticality field of a finding.
    Note Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    RelatedFindings List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFinding>
    The rule action will update the RelatedFindings field of a finding.
    Severity Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    Types List<string>
    The rule action updates the Types field of a finding.
    UserDefinedFields Dictionary<string, string>
    The rule action updates the UserDefinedFields field of a finding.
    VerificationState Pulumi.AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    Workflow Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    Confidence int
    The rule action updates the Confidence field of a finding.
    Criticality int
    The rule action updates the Criticality field of a finding.
    Note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    RelatedFindings []AutomationRuleRelatedFinding
    The rule action will update the RelatedFindings field of a finding.
    Severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    Types []string
    The rule action updates the Types field of a finding.
    UserDefinedFields map[string]string
    The rule action updates the UserDefinedFields field of a finding.
    VerificationState AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    Workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence Integer
    The rule action updates the Confidence field of a finding.
    criticality Integer
    The rule action updates the Criticality field of a finding.
    note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    relatedFindings List<AutomationRuleRelatedFinding>
    The rule action will update the RelatedFindings field of a finding.
    severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    types List<String>
    The rule action updates the Types field of a finding.
    userDefinedFields Map<String,String>
    The rule action updates the UserDefinedFields field of a finding.
    verificationState AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence number
    The rule action updates the Confidence field of a finding.
    criticality number
    The rule action updates the Criticality field of a finding.
    note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    relatedFindings AutomationRuleRelatedFinding[]
    The rule action will update the RelatedFindings field of a finding.
    severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    types string[]
    The rule action updates the Types field of a finding.
    userDefinedFields {[key: string]: string}
    The rule action updates the UserDefinedFields field of a finding.
    verificationState AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence int
    The rule action updates the Confidence field of a finding.
    criticality int
    The rule action updates the Criticality field of a finding.
    note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    related_findings Sequence[AutomationRuleRelatedFinding]
    The rule action will update the RelatedFindings field of a finding.
    severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    types Sequence[str]
    The rule action updates the Types field of a finding.
    user_defined_fields Mapping[str, str]
    The rule action updates the UserDefinedFields field of a finding.
    verification_state AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence Number
    The rule action updates the Confidence field of a finding.
    criticality Number
    The rule action updates the Criticality field of a finding.
    note Property Map
    The rule action will update the Note field of a finding.
    relatedFindings List<Property Map>
    The rule action will update the RelatedFindings field of a finding.
    severity Property Map
    The rule action will update the Severity field of a finding.
    types List<String>
    The rule action updates the Types field of a finding.
    userDefinedFields Map<String>
    The rule action updates the UserDefinedFields field of a finding.
    verificationState "UNKNOWN" | "TRUE_POSITIVE" | "FALSE_POSITIVE" | "BENIGN_POSITIVE"
    The rule action updates the VerificationState field of a finding.
    workflow Property Map
    The rule action will update the Workflow field of a finding.

    AutomationRulesFindingFieldsUpdateVerificationState, AutomationRulesFindingFieldsUpdateVerificationStateArgs

    Unknown
    UNKNOWN
    TruePositive
    TRUE_POSITIVE
    FalsePositive
    FALSE_POSITIVE
    BenignPositive
    BENIGN_POSITIVE
    AutomationRulesFindingFieldsUpdateVerificationStateUnknown
    UNKNOWN
    AutomationRulesFindingFieldsUpdateVerificationStateTruePositive
    TRUE_POSITIVE
    AutomationRulesFindingFieldsUpdateVerificationStateFalsePositive
    FALSE_POSITIVE
    AutomationRulesFindingFieldsUpdateVerificationStateBenignPositive
    BENIGN_POSITIVE
    Unknown
    UNKNOWN
    TruePositive
    TRUE_POSITIVE
    FalsePositive
    FALSE_POSITIVE
    BenignPositive
    BENIGN_POSITIVE
    Unknown
    UNKNOWN
    TruePositive
    TRUE_POSITIVE
    FalsePositive
    FALSE_POSITIVE
    BenignPositive
    BENIGN_POSITIVE
    UNKNOWN
    UNKNOWN
    TRUE_POSITIVE
    TRUE_POSITIVE
    FALSE_POSITIVE
    FALSE_POSITIVE
    BENIGN_POSITIVE
    BENIGN_POSITIVE
    "UNKNOWN"
    UNKNOWN
    "TRUE_POSITIVE"
    TRUE_POSITIVE
    "FALSE_POSITIVE"
    FALSE_POSITIVE
    "BENIGN_POSITIVE"
    BENIGN_POSITIVE

    AutomationRulesFindingFilters, AutomationRulesFindingFiltersArgs

    AwsAccountId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    CompanyName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceAssociatedStandardsId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceSecurityControlId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Confidence List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    CreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Criticality List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Description List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    FirstObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    GeneratorId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Id List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    LastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteText List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedBy List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RecordState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceDetailsOther List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    ResourcePartition List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceRegion List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceTags List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceType List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    SeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    SourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Title List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Type List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UserDefinedFields List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    VerificationState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    WorkflowStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    AwsAccountId []AutomationRuleStringFilter

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    CompanyName []AutomationRuleStringFilter

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceAssociatedStandardsId []AutomationRuleStringFilter

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceSecurityControlId []AutomationRuleStringFilter

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceStatus []AutomationRuleStringFilter

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Confidence []AutomationRuleNumberFilter

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    CreatedAt []AutomationRuleDateFilter

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Criticality []AutomationRuleNumberFilter

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Description []AutomationRuleStringFilter

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    FirstObservedAt []AutomationRuleDateFilter

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    GeneratorId []AutomationRuleStringFilter

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Id []AutomationRuleStringFilter

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    LastObservedAt []AutomationRuleDateFilter

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteText []AutomationRuleStringFilter

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedAt []AutomationRuleDateFilter

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedBy []AutomationRuleStringFilter

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn []AutomationRuleStringFilter

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductName []AutomationRuleStringFilter

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RecordState []AutomationRuleStringFilter

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsId []AutomationRuleStringFilter

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsProductArn []AutomationRuleStringFilter

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceDetailsOther []AutomationRuleMapFilter

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceId []AutomationRuleStringFilter

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    ResourcePartition []AutomationRuleStringFilter

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceRegion []AutomationRuleStringFilter

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceTags []AutomationRuleMapFilter

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceType []AutomationRuleStringFilter

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    SeverityLabel []AutomationRuleStringFilter

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    SourceUrl []AutomationRuleStringFilter

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Title []AutomationRuleStringFilter

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Type []AutomationRuleStringFilter

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UpdatedAt []AutomationRuleDateFilter

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UserDefinedFields []AutomationRuleMapFilter

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    VerificationState []AutomationRuleStringFilter

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    WorkflowStatus []AutomationRuleStringFilter

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    awsAccountId List<AutomationRuleStringFilter>

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    companyName List<AutomationRuleStringFilter>

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceAssociatedStandardsId List<AutomationRuleStringFilter>

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceSecurityControlId List<AutomationRuleStringFilter>

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceStatus List<AutomationRuleStringFilter>

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence List<AutomationRuleNumberFilter>

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    createdAt List<AutomationRuleDateFilter>

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality List<AutomationRuleNumberFilter>

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description List<AutomationRuleStringFilter>

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    firstObservedAt List<AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generatorId List<AutomationRuleStringFilter>

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id List<AutomationRuleStringFilter>

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    lastObservedAt List<AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteText List<AutomationRuleStringFilter>

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedAt List<AutomationRuleDateFilter>

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedBy List<AutomationRuleStringFilter>

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn List<AutomationRuleStringFilter>

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productName List<AutomationRuleStringFilter>

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    recordState List<AutomationRuleStringFilter>

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsId List<AutomationRuleStringFilter>

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsProductArn List<AutomationRuleStringFilter>

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceDetailsOther List<AutomationRuleMapFilter>

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceId List<AutomationRuleStringFilter>

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resourcePartition List<AutomationRuleStringFilter>

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceRegion List<AutomationRuleStringFilter>

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceTags List<AutomationRuleMapFilter>

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceType List<AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severityLabel List<AutomationRuleStringFilter>

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    sourceUrl List<AutomationRuleStringFilter>

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title List<AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type List<AutomationRuleStringFilter>

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updatedAt List<AutomationRuleDateFilter>

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    userDefinedFields List<AutomationRuleMapFilter>

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verificationState List<AutomationRuleStringFilter>

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflowStatus List<AutomationRuleStringFilter>

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    awsAccountId AutomationRuleStringFilter[]

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    companyName AutomationRuleStringFilter[]

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceAssociatedStandardsId AutomationRuleStringFilter[]

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceSecurityControlId AutomationRuleStringFilter[]

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceStatus AutomationRuleStringFilter[]

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence AutomationRuleNumberFilter[]

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    createdAt AutomationRuleDateFilter[]

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality AutomationRuleNumberFilter[]

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description AutomationRuleStringFilter[]

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    firstObservedAt AutomationRuleDateFilter[]

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generatorId AutomationRuleStringFilter[]

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id AutomationRuleStringFilter[]

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    lastObservedAt AutomationRuleDateFilter[]

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteText AutomationRuleStringFilter[]

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedAt AutomationRuleDateFilter[]

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedBy AutomationRuleStringFilter[]

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn AutomationRuleStringFilter[]

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productName AutomationRuleStringFilter[]

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    recordState AutomationRuleStringFilter[]

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsId AutomationRuleStringFilter[]

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsProductArn AutomationRuleStringFilter[]

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceDetailsOther AutomationRuleMapFilter[]

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceId AutomationRuleStringFilter[]

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resourcePartition AutomationRuleStringFilter[]

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceRegion AutomationRuleStringFilter[]

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceTags AutomationRuleMapFilter[]

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceType AutomationRuleStringFilter[]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severityLabel AutomationRuleStringFilter[]

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    sourceUrl AutomationRuleStringFilter[]

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title AutomationRuleStringFilter[]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type AutomationRuleStringFilter[]

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updatedAt AutomationRuleDateFilter[]

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    userDefinedFields AutomationRuleMapFilter[]

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verificationState AutomationRuleStringFilter[]

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflowStatus AutomationRuleStringFilter[]

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    aws_account_id Sequence[AutomationRuleStringFilter]

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    company_name Sequence[AutomationRuleStringFilter]

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    compliance_associated_standards_id Sequence[AutomationRuleStringFilter]

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    compliance_security_control_id Sequence[AutomationRuleStringFilter]

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    compliance_status Sequence[AutomationRuleStringFilter]

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence Sequence[AutomationRuleNumberFilter]

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    created_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality Sequence[AutomationRuleNumberFilter]

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description Sequence[AutomationRuleStringFilter]

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    first_observed_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generator_id Sequence[AutomationRuleStringFilter]

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id Sequence[AutomationRuleStringFilter]

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    last_observed_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    note_text Sequence[AutomationRuleStringFilter]

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    note_updated_at Sequence[AutomationRuleDateFilter]

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    note_updated_by Sequence[AutomationRuleStringFilter]

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    product_arn Sequence[AutomationRuleStringFilter]

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    product_name Sequence[AutomationRuleStringFilter]

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    record_state Sequence[AutomationRuleStringFilter]

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    related_findings_id Sequence[AutomationRuleStringFilter]

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    related_findings_product_arn Sequence[AutomationRuleStringFilter]

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_details_other Sequence[AutomationRuleMapFilter]

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_id Sequence[AutomationRuleStringFilter]

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resource_partition Sequence[AutomationRuleStringFilter]

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_region Sequence[AutomationRuleStringFilter]

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_tags Sequence[AutomationRuleMapFilter]

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_type Sequence[AutomationRuleStringFilter]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severity_label Sequence[AutomationRuleStringFilter]

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    source_url Sequence[AutomationRuleStringFilter]

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title Sequence[AutomationRuleStringFilter]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type Sequence[AutomationRuleStringFilter]

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updated_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    user_defined_fields Sequence[AutomationRuleMapFilter]

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verification_state Sequence[AutomationRuleStringFilter]

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflow_status Sequence[AutomationRuleStringFilter]

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    awsAccountId List<Property Map>

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    companyName List<Property Map>

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceAssociatedStandardsId List<Property Map>

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceSecurityControlId List<Property Map>

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceStatus List<Property Map>

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence List<Property Map>

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    createdAt List<Property Map>

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality List<Property Map>

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description List<Property Map>

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    firstObservedAt List<Property Map>

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generatorId List<Property Map>

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id List<Property Map>

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    lastObservedAt List<Property Map>

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteText List<Property Map>

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedAt List<Property Map>

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedBy List<Property Map>

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn List<Property Map>

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productName List<Property Map>

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    recordState List<Property Map>

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsId List<Property Map>

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsProductArn List<Property Map>

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceDetailsOther List<Property Map>

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceId List<Property Map>

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resourcePartition List<Property Map>

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceRegion List<Property Map>

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceTags List<Property Map>

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceType List<Property Map>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severityLabel List<Property Map>

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    sourceUrl List<Property Map>

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title List<Property Map>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type List<Property Map>

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updatedAt List<Property Map>

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    userDefinedFields List<Property Map>

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verificationState List<Property Map>

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflowStatus List<Property Map>

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi