1. Packages
  2. AWS Native
  3. API Docs
  4. securityhub
  5. getInsight

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

aws-native.securityhub.getInsight

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

    The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.

    Using getInsight

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getInsight(args: GetInsightArgs, opts?: InvokeOptions): Promise<GetInsightResult>
    function getInsightOutput(args: GetInsightOutputArgs, opts?: InvokeOptions): Output<GetInsightResult>
    def get_insight(insight_arn: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetInsightResult
    def get_insight_output(insight_arn: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetInsightResult]
    func LookupInsight(ctx *Context, args *LookupInsightArgs, opts ...InvokeOption) (*LookupInsightResult, error)
    func LookupInsightOutput(ctx *Context, args *LookupInsightOutputArgs, opts ...InvokeOption) LookupInsightResultOutput

    > Note: This function is named LookupInsight in the Go SDK.

    public static class GetInsight 
    {
        public static Task<GetInsightResult> InvokeAsync(GetInsightArgs args, InvokeOptions? opts = null)
        public static Output<GetInsightResult> Invoke(GetInsightInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetInsightResult> getInsight(GetInsightArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:securityhub:getInsight
      arguments:
        # arguments dictionary

    The following arguments are supported:

    InsightArn string
    The ARN of a Security Hub insight
    InsightArn string
    The ARN of a Security Hub insight
    insightArn String
    The ARN of a Security Hub insight
    insightArn string
    The ARN of a Security Hub insight
    insight_arn str
    The ARN of a Security Hub insight
    insightArn String
    The ARN of a Security Hub insight

    getInsight Result

    The following output properties are available:

    Filters Pulumi.AwsNative.SecurityHub.Outputs.InsightAwsSecurityFindingFilters
    One or more attributes used to filter the findings included in the insight
    GroupByAttribute string
    The grouping attribute for the insight's findings
    InsightArn string
    The ARN of a Security Hub insight
    Name string
    The name of a Security Hub insight
    Filters InsightAwsSecurityFindingFilters
    One or more attributes used to filter the findings included in the insight
    GroupByAttribute string
    The grouping attribute for the insight's findings
    InsightArn string
    The ARN of a Security Hub insight
    Name string
    The name of a Security Hub insight
    filters InsightAwsSecurityFindingFilters
    One or more attributes used to filter the findings included in the insight
    groupByAttribute String
    The grouping attribute for the insight's findings
    insightArn String
    The ARN of a Security Hub insight
    name String
    The name of a Security Hub insight
    filters InsightAwsSecurityFindingFilters
    One or more attributes used to filter the findings included in the insight
    groupByAttribute string
    The grouping attribute for the insight's findings
    insightArn string
    The ARN of a Security Hub insight
    name string
    The name of a Security Hub insight
    filters InsightAwsSecurityFindingFilters
    One or more attributes used to filter the findings included in the insight
    group_by_attribute str
    The grouping attribute for the insight's findings
    insight_arn str
    The ARN of a Security Hub insight
    name str
    The name of a Security Hub insight
    filters Property Map
    One or more attributes used to filter the findings included in the insight
    groupByAttribute String
    The grouping attribute for the insight's findings
    insightArn String
    The ARN of a Security Hub insight
    name String
    The name of a Security Hub insight

    Supporting Types

    InsightAwsSecurityFindingFilters

    AwsAccountId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The AWS account ID in which a finding is generated.
    AwsAccountName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the AWS account in which a finding is generated.
    CompanyName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the findings provider (company) that owns the solution (product) that generates findings.
    ComplianceAssociatedStandardsId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The unique identifier of a standard in which a control is enabled.
    ComplianceSecurityControlId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The unique identifier of a control across standards.
    ComplianceSecurityControlParametersName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of a security control parameter.
    ComplianceSecurityControlParametersValue List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The current value of a security control parameter.
    ComplianceStatus List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
    Confidence List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    A finding's confidence.
    CreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
    Criticality List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The level of importance assigned to the resources associated with the finding.
    Description List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    A finding's description.
    FindingProviderFieldsConfidence List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The finding provider value for the finding confidence.
    FindingProviderFieldsCriticality List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The finding provider value for the level of importance assigned to the resources associated with the findings.
    FindingProviderFieldsRelatedFindingsId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The finding identifier of a related finding that is identified by the finding provider.
    FindingProviderFieldsRelatedFindingsProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The ARN of the solution that generated a related finding that is identified by the finding provider.
    FindingProviderFieldsSeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The finding provider value for the severity label.
    FindingProviderFieldsSeverityOriginal List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The finding provider's original value for the severity.
    FindingProviderFieldsTypes List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    One or more finding types that the finding provider assigned to the finding.
    FirstObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
    GeneratorId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
    Id List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The security findings provider-specific identifier for a finding.
    Keyword List<Pulumi.AwsNative.SecurityHub.Inputs.InsightKeywordFilter>
    A keyword for a finding.
    LastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
    MalwareName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the malware that was observed.
    MalwarePath List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The filesystem path of the malware that was observed.
    MalwareState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The state of the malware that was observed.
    MalwareType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The type of the malware that was observed.
    NetworkDestinationDomain List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The destination domain of network-related information about a finding.
    NetworkDestinationIpV4 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>
    The destination IPv4 address of network-related information about a finding.
    NetworkDestinationIpV6 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>
    The destination IPv6 address of network-related information about a finding.
    NetworkDestinationPort List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The destination port of network-related information about a finding.
    NetworkDirection List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    Indicates the direction of network traffic associated with a finding.
    NetworkProtocol List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The protocol of network-related information about a finding.
    NetworkSourceDomain List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The source domain of network-related information about a finding.
    NetworkSourceIpV4 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>
    The source IPv4 address of network-related information about a finding.
    NetworkSourceIpV6 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>
    The source IPv6 address of network-related information about a finding.
    NetworkSourceMac List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The source media access control (MAC) address of network-related information about a finding.
    NetworkSourcePort List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The source port of network-related information about a finding.
    NoteText List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The text of a note.
    NoteUpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    The timestamp of when the note was updated.
    NoteUpdatedBy List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The principal that created a note.
    ProcessLaunchedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    A timestamp that identifies when the process was launched.
    ProcessName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the process.
    ProcessParentPid List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The parent process ID.
    ProcessPath List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The path to the process executable.
    ProcessPid List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The process ID.
    ProcessTerminatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    A timestamp that identifies when the process was terminated.
    ProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
    ProductFields List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>
    A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
    ProductName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the solution (product) that generates findings.
    RecommendationText List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The recommendation of what to do about the issue described in a finding.
    RecordState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The updated record state for the finding.
    Region List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The Region from which the finding was generated.
    RelatedFindingsId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The solution-generated identifier for a related finding.
    RelatedFindingsProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The ARN of the solution that generated a related finding.
    ResourceApplicationArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The ARN of the application that is related to a finding.
    ResourceApplicationName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the application that is related to a finding.
    ResourceAwsEc2InstanceIamInstanceProfileArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The IAM profile ARN of the instance.
    ResourceAwsEc2InstanceImageId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The Amazon Machine Image (AMI) ID of the instance.
    ResourceAwsEc2InstanceIpV4Addresses List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>
    The IPv4 addresses associated with the instance.
    ResourceAwsEc2InstanceIpV6Addresses List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>
    The IPv6 addresses associated with the instance.
    ResourceAwsEc2InstanceKeyName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The key name associated with the instance.
    ResourceAwsEc2InstanceLaunchedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    The date and time the instance was launched.
    ResourceAwsEc2InstanceSubnetId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The identifier of the subnet that the instance was launched in.
    ResourceAwsEc2InstanceType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The instance type of the instance.
    ResourceAwsEc2InstanceVpcId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The identifier of the VPC that the instance was launched in.
    ResourceAwsIamAccessKeyCreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    The creation date/time of the IAM access key related to a finding.
    ResourceAwsIamAccessKeyPrincipalName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the principal that is associated with an IAM access key.
    ResourceAwsIamAccessKeyStatus List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The status of the IAM access key related to a finding.
    ResourceAwsIamAccessKeyUserName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The user associated with the IAM access key related to a finding.
    ResourceAwsIamUserUserName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of an IAM user.
    ResourceAwsS3BucketOwnerId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The canonical user ID of the owner of the S3 bucket.
    ResourceAwsS3BucketOwnerName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The display name of the owner of the S3 bucket.
    ResourceContainerImageId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The identifier of the image related to a finding.
    ResourceContainerImageName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the image related to a finding.
    ResourceContainerLaunchedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    A timestamp that identifies when the container was started.
    ResourceContainerName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The name of the container related to a finding.
    ResourceDetailsOther List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>
    The details of a resource that doesn't have a specific subfield for the resource type defined.
    ResourceId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The canonical identifier for the given resource type.
    ResourcePartition List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The canonical AWS partition name that the Region is assigned to.
    ResourceRegion List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The canonical AWS external Region name where this resource is located.
    ResourceTags List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>
    A list of AWS tags associated with a resource at the time the finding was processed.
    ResourceType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    Specifies the type of the resource that details are provided for.
    Sample List<Pulumi.AwsNative.SecurityHub.Inputs.InsightBooleanFilter>
    Indicates whether or not sample findings are included in the filter results.
    SeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The label of a finding's severity.
    SeverityNormalized List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The normalized severity of a finding.
    SeverityProduct List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>
    The native severity as defined by the security findings provider's solution that generated the finding.
    SourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    A URL that links to a page about the current finding in the security findings provider's solution.
    ThreatIntelIndicatorCategory List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The category of a threat intelligence indicator.
    ThreatIntelIndicatorLastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    A timestamp that identifies the last observation of a threat intelligence indicator.
    ThreatIntelIndicatorSource List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The source of the threat intelligence.
    ThreatIntelIndicatorSourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The URL for more details from the source of the threat intelligence.
    ThreatIntelIndicatorType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The type of a threat intelligence indicator.
    ThreatIntelIndicatorValue List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The value of a threat intelligence indicator.
    Title List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    A finding's title.
    Type List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    A finding type in the format of namespace/category/classifier that classifies a finding.
    UpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
    UserDefinedFields List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>
    A list of name/value string pairs associated with the finding.
    VerificationState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The veracity of a finding.
    VulnerabilitiesExploitAvailable List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    Indicates whether a software vulnerability in your environment has a known exploit.
    VulnerabilitiesFixAvailable List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
    WorkflowState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The workflow state of a finding.
    WorkflowStatus List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>
    The status of the investigation into a finding.
    AwsAccountId []InsightStringFilter
    The AWS account ID in which a finding is generated.
    AwsAccountName []InsightStringFilter
    The name of the AWS account in which a finding is generated.
    CompanyName []InsightStringFilter
    The name of the findings provider (company) that owns the solution (product) that generates findings.
    ComplianceAssociatedStandardsId []InsightStringFilter
    The unique identifier of a standard in which a control is enabled.
    ComplianceSecurityControlId []InsightStringFilter
    The unique identifier of a control across standards.
    ComplianceSecurityControlParametersName []InsightStringFilter
    The name of a security control parameter.
    ComplianceSecurityControlParametersValue []InsightStringFilter
    The current value of a security control parameter.
    ComplianceStatus []InsightStringFilter
    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
    Confidence []InsightNumberFilter
    A finding's confidence.
    CreatedAt []InsightDateFilter
    An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
    Criticality []InsightNumberFilter
    The level of importance assigned to the resources associated with the finding.
    Description []InsightStringFilter
    A finding's description.
    FindingProviderFieldsConfidence []InsightNumberFilter
    The finding provider value for the finding confidence.
    FindingProviderFieldsCriticality []InsightNumberFilter
    The finding provider value for the level of importance assigned to the resources associated with the findings.
    FindingProviderFieldsRelatedFindingsId []InsightStringFilter
    The finding identifier of a related finding that is identified by the finding provider.
    FindingProviderFieldsRelatedFindingsProductArn []InsightStringFilter
    The ARN of the solution that generated a related finding that is identified by the finding provider.
    FindingProviderFieldsSeverityLabel []InsightStringFilter
    The finding provider value for the severity label.
    FindingProviderFieldsSeverityOriginal []InsightStringFilter
    The finding provider's original value for the severity.
    FindingProviderFieldsTypes []InsightStringFilter
    One or more finding types that the finding provider assigned to the finding.
    FirstObservedAt []InsightDateFilter
    An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
    GeneratorId []InsightStringFilter
    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
    Id []InsightStringFilter
    The security findings provider-specific identifier for a finding.
    Keyword []InsightKeywordFilter
    A keyword for a finding.
    LastObservedAt []InsightDateFilter
    An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
    MalwareName []InsightStringFilter
    The name of the malware that was observed.
    MalwarePath []InsightStringFilter
    The filesystem path of the malware that was observed.
    MalwareState []InsightStringFilter
    The state of the malware that was observed.
    MalwareType []InsightStringFilter
    The type of the malware that was observed.
    NetworkDestinationDomain []InsightStringFilter
    The destination domain of network-related information about a finding.
    NetworkDestinationIpV4 []InsightIpFilter
    The destination IPv4 address of network-related information about a finding.
    NetworkDestinationIpV6 []InsightIpFilter
    The destination IPv6 address of network-related information about a finding.
    NetworkDestinationPort []InsightNumberFilter
    The destination port of network-related information about a finding.
    NetworkDirection []InsightStringFilter
    Indicates the direction of network traffic associated with a finding.
    NetworkProtocol []InsightStringFilter
    The protocol of network-related information about a finding.
    NetworkSourceDomain []InsightStringFilter
    The source domain of network-related information about a finding.
    NetworkSourceIpV4 []InsightIpFilter
    The source IPv4 address of network-related information about a finding.
    NetworkSourceIpV6 []InsightIpFilter
    The source IPv6 address of network-related information about a finding.
    NetworkSourceMac []InsightStringFilter
    The source media access control (MAC) address of network-related information about a finding.
    NetworkSourcePort []InsightNumberFilter
    The source port of network-related information about a finding.
    NoteText []InsightStringFilter
    The text of a note.
    NoteUpdatedAt []InsightDateFilter
    The timestamp of when the note was updated.
    NoteUpdatedBy []InsightStringFilter
    The principal that created a note.
    ProcessLaunchedAt []InsightDateFilter
    A timestamp that identifies when the process was launched.
    ProcessName []InsightStringFilter
    The name of the process.
    ProcessParentPid []InsightNumberFilter
    The parent process ID.
    ProcessPath []InsightStringFilter
    The path to the process executable.
    ProcessPid []InsightNumberFilter
    The process ID.
    ProcessTerminatedAt []InsightDateFilter
    A timestamp that identifies when the process was terminated.
    ProductArn []InsightStringFilter
    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
    ProductFields []InsightMapFilter
    A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
    ProductName []InsightStringFilter
    The name of the solution (product) that generates findings.
    RecommendationText []InsightStringFilter
    The recommendation of what to do about the issue described in a finding.
    RecordState []InsightStringFilter
    The updated record state for the finding.
    Region []InsightStringFilter
    The Region from which the finding was generated.
    RelatedFindingsId []InsightStringFilter
    The solution-generated identifier for a related finding.
    RelatedFindingsProductArn []InsightStringFilter
    The ARN of the solution that generated a related finding.
    ResourceApplicationArn []InsightStringFilter
    The ARN of the application that is related to a finding.
    ResourceApplicationName []InsightStringFilter
    The name of the application that is related to a finding.
    ResourceAwsEc2InstanceIamInstanceProfileArn []InsightStringFilter
    The IAM profile ARN of the instance.
    ResourceAwsEc2InstanceImageId []InsightStringFilter
    The Amazon Machine Image (AMI) ID of the instance.
    ResourceAwsEc2InstanceIpV4Addresses []InsightIpFilter
    The IPv4 addresses associated with the instance.
    ResourceAwsEc2InstanceIpV6Addresses []InsightIpFilter
    The IPv6 addresses associated with the instance.
    ResourceAwsEc2InstanceKeyName []InsightStringFilter
    The key name associated with the instance.
    ResourceAwsEc2InstanceLaunchedAt []InsightDateFilter
    The date and time the instance was launched.
    ResourceAwsEc2InstanceSubnetId []InsightStringFilter
    The identifier of the subnet that the instance was launched in.
    ResourceAwsEc2InstanceType []InsightStringFilter
    The instance type of the instance.
    ResourceAwsEc2InstanceVpcId []InsightStringFilter
    The identifier of the VPC that the instance was launched in.
    ResourceAwsIamAccessKeyCreatedAt []InsightDateFilter
    The creation date/time of the IAM access key related to a finding.
    ResourceAwsIamAccessKeyPrincipalName []InsightStringFilter
    The name of the principal that is associated with an IAM access key.
    ResourceAwsIamAccessKeyStatus []InsightStringFilter
    The status of the IAM access key related to a finding.
    ResourceAwsIamAccessKeyUserName []InsightStringFilter
    The user associated with the IAM access key related to a finding.
    ResourceAwsIamUserUserName []InsightStringFilter
    The name of an IAM user.
    ResourceAwsS3BucketOwnerId []InsightStringFilter
    The canonical user ID of the owner of the S3 bucket.
    ResourceAwsS3BucketOwnerName []InsightStringFilter
    The display name of the owner of the S3 bucket.
    ResourceContainerImageId []InsightStringFilter
    The identifier of the image related to a finding.
    ResourceContainerImageName []InsightStringFilter
    The name of the image related to a finding.
    ResourceContainerLaunchedAt []InsightDateFilter
    A timestamp that identifies when the container was started.
    ResourceContainerName []InsightStringFilter
    The name of the container related to a finding.
    ResourceDetailsOther []InsightMapFilter
    The details of a resource that doesn't have a specific subfield for the resource type defined.
    ResourceId []InsightStringFilter
    The canonical identifier for the given resource type.
    ResourcePartition []InsightStringFilter
    The canonical AWS partition name that the Region is assigned to.
    ResourceRegion []InsightStringFilter
    The canonical AWS external Region name where this resource is located.
    ResourceTags []InsightMapFilter
    A list of AWS tags associated with a resource at the time the finding was processed.
    ResourceType []InsightStringFilter
    Specifies the type of the resource that details are provided for.
    Sample []InsightBooleanFilter
    Indicates whether or not sample findings are included in the filter results.
    SeverityLabel []InsightStringFilter
    The label of a finding's severity.
    SeverityNormalized []InsightNumberFilter
    The normalized severity of a finding.
    SeverityProduct []InsightNumberFilter
    The native severity as defined by the security findings provider's solution that generated the finding.
    SourceUrl []InsightStringFilter
    A URL that links to a page about the current finding in the security findings provider's solution.
    ThreatIntelIndicatorCategory []InsightStringFilter
    The category of a threat intelligence indicator.
    ThreatIntelIndicatorLastObservedAt []InsightDateFilter
    A timestamp that identifies the last observation of a threat intelligence indicator.
    ThreatIntelIndicatorSource []InsightStringFilter
    The source of the threat intelligence.
    ThreatIntelIndicatorSourceUrl []InsightStringFilter
    The URL for more details from the source of the threat intelligence.
    ThreatIntelIndicatorType []InsightStringFilter
    The type of a threat intelligence indicator.
    ThreatIntelIndicatorValue []InsightStringFilter
    The value of a threat intelligence indicator.
    Title []InsightStringFilter
    A finding's title.
    Type []InsightStringFilter
    A finding type in the format of namespace/category/classifier that classifies a finding.
    UpdatedAt []InsightDateFilter
    An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
    UserDefinedFields []InsightMapFilter
    A list of name/value string pairs associated with the finding.
    VerificationState []InsightStringFilter
    The veracity of a finding.
    VulnerabilitiesExploitAvailable []InsightStringFilter
    Indicates whether a software vulnerability in your environment has a known exploit.
    VulnerabilitiesFixAvailable []InsightStringFilter
    Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
    WorkflowState []InsightStringFilter
    The workflow state of a finding.
    WorkflowStatus []InsightStringFilter
    The status of the investigation into a finding.
    awsAccountId List<InsightStringFilter>
    The AWS account ID in which a finding is generated.
    awsAccountName List<InsightStringFilter>
    The name of the AWS account in which a finding is generated.
    companyName List<InsightStringFilter>
    The name of the findings provider (company) that owns the solution (product) that generates findings.
    complianceAssociatedStandardsId List<InsightStringFilter>
    The unique identifier of a standard in which a control is enabled.
    complianceSecurityControlId List<InsightStringFilter>
    The unique identifier of a control across standards.
    complianceSecurityControlParametersName List<InsightStringFilter>
    The name of a security control parameter.
    complianceSecurityControlParametersValue List<InsightStringFilter>
    The current value of a security control parameter.
    complianceStatus List<InsightStringFilter>
    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
    confidence List<InsightNumberFilter>
    A finding's confidence.
    createdAt List<InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
    criticality List<InsightNumberFilter>
    The level of importance assigned to the resources associated with the finding.
    description List<InsightStringFilter>
    A finding's description.
    findingProviderFieldsConfidence List<InsightNumberFilter>
    The finding provider value for the finding confidence.
    findingProviderFieldsCriticality List<InsightNumberFilter>
    The finding provider value for the level of importance assigned to the resources associated with the findings.
    findingProviderFieldsRelatedFindingsId List<InsightStringFilter>
    The finding identifier of a related finding that is identified by the finding provider.
    findingProviderFieldsRelatedFindingsProductArn List<InsightStringFilter>
    The ARN of the solution that generated a related finding that is identified by the finding provider.
    findingProviderFieldsSeverityLabel List<InsightStringFilter>
    The finding provider value for the severity label.
    findingProviderFieldsSeverityOriginal List<InsightStringFilter>
    The finding provider's original value for the severity.
    findingProviderFieldsTypes List<InsightStringFilter>
    One or more finding types that the finding provider assigned to the finding.
    firstObservedAt List<InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
    generatorId List<InsightStringFilter>
    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
    id List<InsightStringFilter>
    The security findings provider-specific identifier for a finding.
    keyword List<InsightKeywordFilter>
    A keyword for a finding.
    lastObservedAt List<InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
    malwareName List<InsightStringFilter>
    The name of the malware that was observed.
    malwarePath List<InsightStringFilter>
    The filesystem path of the malware that was observed.
    malwareState List<InsightStringFilter>
    The state of the malware that was observed.
    malwareType List<InsightStringFilter>
    The type of the malware that was observed.
    networkDestinationDomain List<InsightStringFilter>
    The destination domain of network-related information about a finding.
    networkDestinationIpV4 List<InsightIpFilter>
    The destination IPv4 address of network-related information about a finding.
    networkDestinationIpV6 List<InsightIpFilter>
    The destination IPv6 address of network-related information about a finding.
    networkDestinationPort List<InsightNumberFilter>
    The destination port of network-related information about a finding.
    networkDirection List<InsightStringFilter>
    Indicates the direction of network traffic associated with a finding.
    networkProtocol List<InsightStringFilter>
    The protocol of network-related information about a finding.
    networkSourceDomain List<InsightStringFilter>
    The source domain of network-related information about a finding.
    networkSourceIpV4 List<InsightIpFilter>
    The source IPv4 address of network-related information about a finding.
    networkSourceIpV6 List<InsightIpFilter>
    The source IPv6 address of network-related information about a finding.
    networkSourceMac List<InsightStringFilter>
    The source media access control (MAC) address of network-related information about a finding.
    networkSourcePort List<InsightNumberFilter>
    The source port of network-related information about a finding.
    noteText List<InsightStringFilter>
    The text of a note.
    noteUpdatedAt List<InsightDateFilter>
    The timestamp of when the note was updated.
    noteUpdatedBy List<InsightStringFilter>
    The principal that created a note.
    processLaunchedAt List<InsightDateFilter>
    A timestamp that identifies when the process was launched.
    processName List<InsightStringFilter>
    The name of the process.
    processParentPid List<InsightNumberFilter>
    The parent process ID.
    processPath List<InsightStringFilter>
    The path to the process executable.
    processPid List<InsightNumberFilter>
    The process ID.
    processTerminatedAt List<InsightDateFilter>
    A timestamp that identifies when the process was terminated.
    productArn List<InsightStringFilter>
    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
    productFields List<InsightMapFilter>
    A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
    productName List<InsightStringFilter>
    The name of the solution (product) that generates findings.
    recommendationText List<InsightStringFilter>
    The recommendation of what to do about the issue described in a finding.
    recordState List<InsightStringFilter>
    The updated record state for the finding.
    region List<InsightStringFilter>
    The Region from which the finding was generated.
    relatedFindingsId List<InsightStringFilter>
    The solution-generated identifier for a related finding.
    relatedFindingsProductArn List<InsightStringFilter>
    The ARN of the solution that generated a related finding.
    resourceApplicationArn List<InsightStringFilter>
    The ARN of the application that is related to a finding.
    resourceApplicationName List<InsightStringFilter>
    The name of the application that is related to a finding.
    resourceAwsEc2InstanceIamInstanceProfileArn List<InsightStringFilter>
    The IAM profile ARN of the instance.
    resourceAwsEc2InstanceImageId List<InsightStringFilter>
    The Amazon Machine Image (AMI) ID of the instance.
    resourceAwsEc2InstanceIpV4Addresses List<InsightIpFilter>
    The IPv4 addresses associated with the instance.
    resourceAwsEc2InstanceIpV6Addresses List<InsightIpFilter>
    The IPv6 addresses associated with the instance.
    resourceAwsEc2InstanceKeyName List<InsightStringFilter>
    The key name associated with the instance.
    resourceAwsEc2InstanceLaunchedAt List<InsightDateFilter>
    The date and time the instance was launched.
    resourceAwsEc2InstanceSubnetId List<InsightStringFilter>
    The identifier of the subnet that the instance was launched in.
    resourceAwsEc2InstanceType List<InsightStringFilter>
    The instance type of the instance.
    resourceAwsEc2InstanceVpcId List<InsightStringFilter>
    The identifier of the VPC that the instance was launched in.
    resourceAwsIamAccessKeyCreatedAt List<InsightDateFilter>
    The creation date/time of the IAM access key related to a finding.
    resourceAwsIamAccessKeyPrincipalName List<InsightStringFilter>
    The name of the principal that is associated with an IAM access key.
    resourceAwsIamAccessKeyStatus List<InsightStringFilter>
    The status of the IAM access key related to a finding.
    resourceAwsIamAccessKeyUserName List<InsightStringFilter>
    The user associated with the IAM access key related to a finding.
    resourceAwsIamUserUserName List<InsightStringFilter>
    The name of an IAM user.
    resourceAwsS3BucketOwnerId List<InsightStringFilter>
    The canonical user ID of the owner of the S3 bucket.
    resourceAwsS3BucketOwnerName List<InsightStringFilter>
    The display name of the owner of the S3 bucket.
    resourceContainerImageId List<InsightStringFilter>
    The identifier of the image related to a finding.
    resourceContainerImageName List<InsightStringFilter>
    The name of the image related to a finding.
    resourceContainerLaunchedAt List<InsightDateFilter>
    A timestamp that identifies when the container was started.
    resourceContainerName List<InsightStringFilter>
    The name of the container related to a finding.
    resourceDetailsOther List<InsightMapFilter>
    The details of a resource that doesn't have a specific subfield for the resource type defined.
    resourceId List<InsightStringFilter>
    The canonical identifier for the given resource type.
    resourcePartition List<InsightStringFilter>
    The canonical AWS partition name that the Region is assigned to.
    resourceRegion List<InsightStringFilter>
    The canonical AWS external Region name where this resource is located.
    resourceTags List<InsightMapFilter>
    A list of AWS tags associated with a resource at the time the finding was processed.
    resourceType List<InsightStringFilter>
    Specifies the type of the resource that details are provided for.
    sample List<InsightBooleanFilter>
    Indicates whether or not sample findings are included in the filter results.
    severityLabel List<InsightStringFilter>
    The label of a finding's severity.
    severityNormalized List<InsightNumberFilter>
    The normalized severity of a finding.
    severityProduct List<InsightNumberFilter>
    The native severity as defined by the security findings provider's solution that generated the finding.
    sourceUrl List<InsightStringFilter>
    A URL that links to a page about the current finding in the security findings provider's solution.
    threatIntelIndicatorCategory List<InsightStringFilter>
    The category of a threat intelligence indicator.
    threatIntelIndicatorLastObservedAt List<InsightDateFilter>
    A timestamp that identifies the last observation of a threat intelligence indicator.
    threatIntelIndicatorSource List<InsightStringFilter>
    The source of the threat intelligence.
    threatIntelIndicatorSourceUrl List<InsightStringFilter>
    The URL for more details from the source of the threat intelligence.
    threatIntelIndicatorType List<InsightStringFilter>
    The type of a threat intelligence indicator.
    threatIntelIndicatorValue List<InsightStringFilter>
    The value of a threat intelligence indicator.
    title List<InsightStringFilter>
    A finding's title.
    type List<InsightStringFilter>
    A finding type in the format of namespace/category/classifier that classifies a finding.
    updatedAt List<InsightDateFilter>
    An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
    userDefinedFields List<InsightMapFilter>
    A list of name/value string pairs associated with the finding.
    verificationState List<InsightStringFilter>
    The veracity of a finding.
    vulnerabilitiesExploitAvailable List<InsightStringFilter>
    Indicates whether a software vulnerability in your environment has a known exploit.
    vulnerabilitiesFixAvailable List<InsightStringFilter>
    Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
    workflowState List<InsightStringFilter>
    The workflow state of a finding.
    workflowStatus List<InsightStringFilter>
    The status of the investigation into a finding.
    awsAccountId InsightStringFilter[]
    The AWS account ID in which a finding is generated.
    awsAccountName InsightStringFilter[]
    The name of the AWS account in which a finding is generated.
    companyName InsightStringFilter[]
    The name of the findings provider (company) that owns the solution (product) that generates findings.
    complianceAssociatedStandardsId InsightStringFilter[]
    The unique identifier of a standard in which a control is enabled.
    complianceSecurityControlId InsightStringFilter[]
    The unique identifier of a control across standards.
    complianceSecurityControlParametersName InsightStringFilter[]
    The name of a security control parameter.
    complianceSecurityControlParametersValue InsightStringFilter[]
    The current value of a security control parameter.
    complianceStatus InsightStringFilter[]
    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
    confidence InsightNumberFilter[]
    A finding's confidence.
    createdAt InsightDateFilter[]
    An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
    criticality InsightNumberFilter[]
    The level of importance assigned to the resources associated with the finding.
    description InsightStringFilter[]
    A finding's description.
    findingProviderFieldsConfidence InsightNumberFilter[]
    The finding provider value for the finding confidence.
    findingProviderFieldsCriticality InsightNumberFilter[]
    The finding provider value for the level of importance assigned to the resources associated with the findings.
    findingProviderFieldsRelatedFindingsId InsightStringFilter[]
    The finding identifier of a related finding that is identified by the finding provider.
    findingProviderFieldsRelatedFindingsProductArn InsightStringFilter[]
    The ARN of the solution that generated a related finding that is identified by the finding provider.
    findingProviderFieldsSeverityLabel InsightStringFilter[]
    The finding provider value for the severity label.
    findingProviderFieldsSeverityOriginal InsightStringFilter[]
    The finding provider's original value for the severity.
    findingProviderFieldsTypes InsightStringFilter[]
    One or more finding types that the finding provider assigned to the finding.
    firstObservedAt InsightDateFilter[]
    An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
    generatorId InsightStringFilter[]
    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
    id InsightStringFilter[]
    The security findings provider-specific identifier for a finding.
    keyword InsightKeywordFilter[]
    A keyword for a finding.
    lastObservedAt InsightDateFilter[]
    An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
    malwareName InsightStringFilter[]
    The name of the malware that was observed.
    malwarePath InsightStringFilter[]
    The filesystem path of the malware that was observed.
    malwareState InsightStringFilter[]
    The state of the malware that was observed.
    malwareType InsightStringFilter[]
    The type of the malware that was observed.
    networkDestinationDomain InsightStringFilter[]
    The destination domain of network-related information about a finding.
    networkDestinationIpV4 InsightIpFilter[]
    The destination IPv4 address of network-related information about a finding.
    networkDestinationIpV6 InsightIpFilter[]
    The destination IPv6 address of network-related information about a finding.
    networkDestinationPort InsightNumberFilter[]
    The destination port of network-related information about a finding.
    networkDirection InsightStringFilter[]
    Indicates the direction of network traffic associated with a finding.
    networkProtocol InsightStringFilter[]
    The protocol of network-related information about a finding.
    networkSourceDomain InsightStringFilter[]
    The source domain of network-related information about a finding.
    networkSourceIpV4 InsightIpFilter[]
    The source IPv4 address of network-related information about a finding.
    networkSourceIpV6 InsightIpFilter[]
    The source IPv6 address of network-related information about a finding.
    networkSourceMac InsightStringFilter[]
    The source media access control (MAC) address of network-related information about a finding.
    networkSourcePort InsightNumberFilter[]
    The source port of network-related information about a finding.
    noteText InsightStringFilter[]
    The text of a note.
    noteUpdatedAt InsightDateFilter[]
    The timestamp of when the note was updated.
    noteUpdatedBy InsightStringFilter[]
    The principal that created a note.
    processLaunchedAt InsightDateFilter[]
    A timestamp that identifies when the process was launched.
    processName InsightStringFilter[]
    The name of the process.
    processParentPid InsightNumberFilter[]
    The parent process ID.
    processPath InsightStringFilter[]
    The path to the process executable.
    processPid InsightNumberFilter[]
    The process ID.
    processTerminatedAt InsightDateFilter[]
    A timestamp that identifies when the process was terminated.
    productArn InsightStringFilter[]
    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
    productFields InsightMapFilter[]
    A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
    productName InsightStringFilter[]
    The name of the solution (product) that generates findings.
    recommendationText InsightStringFilter[]
    The recommendation of what to do about the issue described in a finding.
    recordState InsightStringFilter[]
    The updated record state for the finding.
    region InsightStringFilter[]
    The Region from which the finding was generated.
    relatedFindingsId InsightStringFilter[]
    The solution-generated identifier for a related finding.
    relatedFindingsProductArn InsightStringFilter[]
    The ARN of the solution that generated a related finding.
    resourceApplicationArn InsightStringFilter[]
    The ARN of the application that is related to a finding.
    resourceApplicationName InsightStringFilter[]
    The name of the application that is related to a finding.
    resourceAwsEc2InstanceIamInstanceProfileArn InsightStringFilter[]
    The IAM profile ARN of the instance.
    resourceAwsEc2InstanceImageId InsightStringFilter[]
    The Amazon Machine Image (AMI) ID of the instance.
    resourceAwsEc2InstanceIpV4Addresses InsightIpFilter[]
    The IPv4 addresses associated with the instance.
    resourceAwsEc2InstanceIpV6Addresses InsightIpFilter[]
    The IPv6 addresses associated with the instance.
    resourceAwsEc2InstanceKeyName InsightStringFilter[]
    The key name associated with the instance.
    resourceAwsEc2InstanceLaunchedAt InsightDateFilter[]
    The date and time the instance was launched.
    resourceAwsEc2InstanceSubnetId InsightStringFilter[]
    The identifier of the subnet that the instance was launched in.
    resourceAwsEc2InstanceType InsightStringFilter[]
    The instance type of the instance.
    resourceAwsEc2InstanceVpcId InsightStringFilter[]
    The identifier of the VPC that the instance was launched in.
    resourceAwsIamAccessKeyCreatedAt InsightDateFilter[]
    The creation date/time of the IAM access key related to a finding.
    resourceAwsIamAccessKeyPrincipalName InsightStringFilter[]
    The name of the principal that is associated with an IAM access key.
    resourceAwsIamAccessKeyStatus InsightStringFilter[]
    The status of the IAM access key related to a finding.
    resourceAwsIamAccessKeyUserName InsightStringFilter[]
    The user associated with the IAM access key related to a finding.
    resourceAwsIamUserUserName InsightStringFilter[]
    The name of an IAM user.
    resourceAwsS3BucketOwnerId InsightStringFilter[]
    The canonical user ID of the owner of the S3 bucket.
    resourceAwsS3BucketOwnerName InsightStringFilter[]
    The display name of the owner of the S3 bucket.
    resourceContainerImageId InsightStringFilter[]
    The identifier of the image related to a finding.
    resourceContainerImageName InsightStringFilter[]
    The name of the image related to a finding.
    resourceContainerLaunchedAt InsightDateFilter[]
    A timestamp that identifies when the container was started.
    resourceContainerName InsightStringFilter[]
    The name of the container related to a finding.
    resourceDetailsOther InsightMapFilter[]
    The details of a resource that doesn't have a specific subfield for the resource type defined.
    resourceId InsightStringFilter[]
    The canonical identifier for the given resource type.
    resourcePartition InsightStringFilter[]
    The canonical AWS partition name that the Region is assigned to.
    resourceRegion InsightStringFilter[]
    The canonical AWS external Region name where this resource is located.
    resourceTags InsightMapFilter[]
    A list of AWS tags associated with a resource at the time the finding was processed.
    resourceType InsightStringFilter[]
    Specifies the type of the resource that details are provided for.
    sample InsightBooleanFilter[]
    Indicates whether or not sample findings are included in the filter results.
    severityLabel InsightStringFilter[]
    The label of a finding's severity.
    severityNormalized InsightNumberFilter[]
    The normalized severity of a finding.
    severityProduct InsightNumberFilter[]
    The native severity as defined by the security findings provider's solution that generated the finding.
    sourceUrl InsightStringFilter[]
    A URL that links to a page about the current finding in the security findings provider's solution.
    threatIntelIndicatorCategory InsightStringFilter[]
    The category of a threat intelligence indicator.
    threatIntelIndicatorLastObservedAt InsightDateFilter[]
    A timestamp that identifies the last observation of a threat intelligence indicator.
    threatIntelIndicatorSource InsightStringFilter[]
    The source of the threat intelligence.
    threatIntelIndicatorSourceUrl InsightStringFilter[]
    The URL for more details from the source of the threat intelligence.
    threatIntelIndicatorType InsightStringFilter[]
    The type of a threat intelligence indicator.
    threatIntelIndicatorValue InsightStringFilter[]
    The value of a threat intelligence indicator.
    title InsightStringFilter[]
    A finding's title.
    type InsightStringFilter[]
    A finding type in the format of namespace/category/classifier that classifies a finding.
    updatedAt InsightDateFilter[]
    An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
    userDefinedFields InsightMapFilter[]
    A list of name/value string pairs associated with the finding.
    verificationState InsightStringFilter[]
    The veracity of a finding.
    vulnerabilitiesExploitAvailable InsightStringFilter[]
    Indicates whether a software vulnerability in your environment has a known exploit.
    vulnerabilitiesFixAvailable InsightStringFilter[]
    Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
    workflowState InsightStringFilter[]
    The workflow state of a finding.
    workflowStatus InsightStringFilter[]
    The status of the investigation into a finding.
    aws_account_id Sequence[InsightStringFilter]
    The AWS account ID in which a finding is generated.
    aws_account_name Sequence[InsightStringFilter]
    The name of the AWS account in which a finding is generated.
    company_name Sequence[InsightStringFilter]
    The name of the findings provider (company) that owns the solution (product) that generates findings.
    compliance_associated_standards_id Sequence[InsightStringFilter]
    The unique identifier of a standard in which a control is enabled.
    compliance_security_control_id Sequence[InsightStringFilter]
    The unique identifier of a control across standards.
    compliance_security_control_parameters_name Sequence[InsightStringFilter]
    The name of a security control parameter.
    compliance_security_control_parameters_value Sequence[InsightStringFilter]
    The current value of a security control parameter.
    compliance_status Sequence[InsightStringFilter]
    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
    confidence Sequence[InsightNumberFilter]
    A finding's confidence.
    created_at Sequence[InsightDateFilter]
    An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
    criticality Sequence[InsightNumberFilter]
    The level of importance assigned to the resources associated with the finding.
    description Sequence[InsightStringFilter]
    A finding's description.
    finding_provider_fields_confidence Sequence[InsightNumberFilter]
    The finding provider value for the finding confidence.
    finding_provider_fields_criticality Sequence[InsightNumberFilter]
    The finding provider value for the level of importance assigned to the resources associated with the findings.
    finding_provider_fields_related_findings_id Sequence[InsightStringFilter]
    The finding identifier of a related finding that is identified by the finding provider.
    finding_provider_fields_related_findings_product_arn Sequence[InsightStringFilter]
    The ARN of the solution that generated a related finding that is identified by the finding provider.
    finding_provider_fields_severity_label Sequence[InsightStringFilter]
    The finding provider value for the severity label.
    finding_provider_fields_severity_original Sequence[InsightStringFilter]
    The finding provider's original value for the severity.
    finding_provider_fields_types Sequence[InsightStringFilter]
    One or more finding types that the finding provider assigned to the finding.
    first_observed_at Sequence[InsightDateFilter]
    An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
    generator_id Sequence[InsightStringFilter]
    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
    id Sequence[InsightStringFilter]
    The security findings provider-specific identifier for a finding.
    keyword Sequence[InsightKeywordFilter]
    A keyword for a finding.
    last_observed_at Sequence[InsightDateFilter]
    An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
    malware_name Sequence[InsightStringFilter]
    The name of the malware that was observed.
    malware_path Sequence[InsightStringFilter]
    The filesystem path of the malware that was observed.
    malware_state Sequence[InsightStringFilter]
    The state of the malware that was observed.
    malware_type Sequence[InsightStringFilter]
    The type of the malware that was observed.
    network_destination_domain Sequence[InsightStringFilter]
    The destination domain of network-related information about a finding.
    network_destination_ip_v4 Sequence[InsightIpFilter]
    The destination IPv4 address of network-related information about a finding.
    network_destination_ip_v6 Sequence[InsightIpFilter]
    The destination IPv6 address of network-related information about a finding.
    network_destination_port Sequence[InsightNumberFilter]
    The destination port of network-related information about a finding.
    network_direction Sequence[InsightStringFilter]
    Indicates the direction of network traffic associated with a finding.
    network_protocol Sequence[InsightStringFilter]
    The protocol of network-related information about a finding.
    network_source_domain Sequence[InsightStringFilter]
    The source domain of network-related information about a finding.
    network_source_ip_v4 Sequence[InsightIpFilter]
    The source IPv4 address of network-related information about a finding.
    network_source_ip_v6 Sequence[InsightIpFilter]
    The source IPv6 address of network-related information about a finding.
    network_source_mac Sequence[InsightStringFilter]
    The source media access control (MAC) address of network-related information about a finding.
    network_source_port Sequence[InsightNumberFilter]
    The source port of network-related information about a finding.
    note_text Sequence[InsightStringFilter]
    The text of a note.
    note_updated_at Sequence[InsightDateFilter]
    The timestamp of when the note was updated.
    note_updated_by Sequence[InsightStringFilter]
    The principal that created a note.
    process_launched_at Sequence[InsightDateFilter]
    A timestamp that identifies when the process was launched.
    process_name Sequence[InsightStringFilter]
    The name of the process.
    process_parent_pid Sequence[InsightNumberFilter]
    The parent process ID.
    process_path Sequence[InsightStringFilter]
    The path to the process executable.
    process_pid Sequence[InsightNumberFilter]
    The process ID.
    process_terminated_at Sequence[InsightDateFilter]
    A timestamp that identifies when the process was terminated.
    product_arn Sequence[InsightStringFilter]
    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
    product_fields Sequence[InsightMapFilter]
    A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
    product_name Sequence[InsightStringFilter]
    The name of the solution (product) that generates findings.
    recommendation_text Sequence[InsightStringFilter]
    The recommendation of what to do about the issue described in a finding.
    record_state Sequence[InsightStringFilter]
    The updated record state for the finding.
    region Sequence[InsightStringFilter]
    The Region from which the finding was generated.
    related_findings_id Sequence[InsightStringFilter]
    The solution-generated identifier for a related finding.
    related_findings_product_arn Sequence[InsightStringFilter]
    The ARN of the solution that generated a related finding.
    resource_application_arn Sequence[InsightStringFilter]
    The ARN of the application that is related to a finding.
    resource_application_name Sequence[InsightStringFilter]
    The name of the application that is related to a finding.
    resource_aws_ec2_instance_iam_instance_profile_arn Sequence[InsightStringFilter]
    The IAM profile ARN of the instance.
    resource_aws_ec2_instance_image_id Sequence[InsightStringFilter]
    The Amazon Machine Image (AMI) ID of the instance.
    resource_aws_ec2_instance_ip_v4_addresses Sequence[InsightIpFilter]
    The IPv4 addresses associated with the instance.
    resource_aws_ec2_instance_ip_v6_addresses Sequence[InsightIpFilter]
    The IPv6 addresses associated with the instance.
    resource_aws_ec2_instance_key_name Sequence[InsightStringFilter]
    The key name associated with the instance.
    resource_aws_ec2_instance_launched_at Sequence[InsightDateFilter]
    The date and time the instance was launched.
    resource_aws_ec2_instance_subnet_id Sequence[InsightStringFilter]
    The identifier of the subnet that the instance was launched in.
    resource_aws_ec2_instance_type Sequence[InsightStringFilter]
    The instance type of the instance.
    resource_aws_ec2_instance_vpc_id Sequence[InsightStringFilter]
    The identifier of the VPC that the instance was launched in.
    resource_aws_iam_access_key_created_at Sequence[InsightDateFilter]
    The creation date/time of the IAM access key related to a finding.
    resource_aws_iam_access_key_principal_name Sequence[InsightStringFilter]
    The name of the principal that is associated with an IAM access key.
    resource_aws_iam_access_key_status Sequence[InsightStringFilter]
    The status of the IAM access key related to a finding.
    resource_aws_iam_access_key_user_name Sequence[InsightStringFilter]
    The user associated with the IAM access key related to a finding.
    resource_aws_iam_user_user_name Sequence[InsightStringFilter]
    The name of an IAM user.
    resource_aws_s3_bucket_owner_id Sequence[InsightStringFilter]
    The canonical user ID of the owner of the S3 bucket.
    resource_aws_s3_bucket_owner_name Sequence[InsightStringFilter]
    The display name of the owner of the S3 bucket.
    resource_container_image_id Sequence[InsightStringFilter]
    The identifier of the image related to a finding.
    resource_container_image_name Sequence[InsightStringFilter]
    The name of the image related to a finding.
    resource_container_launched_at Sequence[InsightDateFilter]
    A timestamp that identifies when the container was started.
    resource_container_name Sequence[InsightStringFilter]
    The name of the container related to a finding.
    resource_details_other Sequence[InsightMapFilter]
    The details of a resource that doesn't have a specific subfield for the resource type defined.
    resource_id Sequence[InsightStringFilter]
    The canonical identifier for the given resource type.
    resource_partition Sequence[InsightStringFilter]
    The canonical AWS partition name that the Region is assigned to.
    resource_region Sequence[InsightStringFilter]
    The canonical AWS external Region name where this resource is located.
    resource_tags Sequence[InsightMapFilter]
    A list of AWS tags associated with a resource at the time the finding was processed.
    resource_type Sequence[InsightStringFilter]
    Specifies the type of the resource that details are provided for.
    sample Sequence[InsightBooleanFilter]
    Indicates whether or not sample findings are included in the filter results.
    severity_label Sequence[InsightStringFilter]
    The label of a finding's severity.
    severity_normalized Sequence[InsightNumberFilter]
    The normalized severity of a finding.
    severity_product Sequence[InsightNumberFilter]
    The native severity as defined by the security findings provider's solution that generated the finding.
    source_url Sequence[InsightStringFilter]
    A URL that links to a page about the current finding in the security findings provider's solution.
    threat_intel_indicator_category Sequence[InsightStringFilter]
    The category of a threat intelligence indicator.
    threat_intel_indicator_last_observed_at Sequence[InsightDateFilter]
    A timestamp that identifies the last observation of a threat intelligence indicator.
    threat_intel_indicator_source Sequence[InsightStringFilter]
    The source of the threat intelligence.
    threat_intel_indicator_source_url Sequence[InsightStringFilter]
    The URL for more details from the source of the threat intelligence.
    threat_intel_indicator_type Sequence[InsightStringFilter]
    The type of a threat intelligence indicator.
    threat_intel_indicator_value Sequence[InsightStringFilter]
    The value of a threat intelligence indicator.
    title Sequence[InsightStringFilter]
    A finding's title.
    type Sequence[InsightStringFilter]
    A finding type in the format of namespace/category/classifier that classifies a finding.
    updated_at Sequence[InsightDateFilter]
    An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
    user_defined_fields Sequence[InsightMapFilter]
    A list of name/value string pairs associated with the finding.
    verification_state Sequence[InsightStringFilter]
    The veracity of a finding.
    vulnerabilities_exploit_available Sequence[InsightStringFilter]
    Indicates whether a software vulnerability in your environment has a known exploit.
    vulnerabilities_fix_available Sequence[InsightStringFilter]
    Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
    workflow_state Sequence[InsightStringFilter]
    The workflow state of a finding.
    workflow_status Sequence[InsightStringFilter]
    The status of the investigation into a finding.
    awsAccountId List<Property Map>
    The AWS account ID in which a finding is generated.
    awsAccountName List<Property Map>
    The name of the AWS account in which a finding is generated.
    companyName List<Property Map>
    The name of the findings provider (company) that owns the solution (product) that generates findings.
    complianceAssociatedStandardsId List<Property Map>
    The unique identifier of a standard in which a control is enabled.
    complianceSecurityControlId List<Property Map>
    The unique identifier of a control across standards.
    complianceSecurityControlParametersName List<Property Map>
    The name of a security control parameter.
    complianceSecurityControlParametersValue List<Property Map>
    The current value of a security control parameter.
    complianceStatus List<Property Map>
    Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
    confidence List<Property Map>
    A finding's confidence.
    createdAt List<Property Map>
    An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
    criticality List<Property Map>
    The level of importance assigned to the resources associated with the finding.
    description List<Property Map>
    A finding's description.
    findingProviderFieldsConfidence List<Property Map>
    The finding provider value for the finding confidence.
    findingProviderFieldsCriticality List<Property Map>
    The finding provider value for the level of importance assigned to the resources associated with the findings.
    findingProviderFieldsRelatedFindingsId List<Property Map>
    The finding identifier of a related finding that is identified by the finding provider.
    findingProviderFieldsRelatedFindingsProductArn List<Property Map>
    The ARN of the solution that generated a related finding that is identified by the finding provider.
    findingProviderFieldsSeverityLabel List<Property Map>
    The finding provider value for the severity label.
    findingProviderFieldsSeverityOriginal List<Property Map>
    The finding provider's original value for the severity.
    findingProviderFieldsTypes List<Property Map>
    One or more finding types that the finding provider assigned to the finding.
    firstObservedAt List<Property Map>
    An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
    generatorId List<Property Map>
    The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
    id List<Property Map>
    The security findings provider-specific identifier for a finding.
    keyword List<Property Map>
    A keyword for a finding.
    lastObservedAt List<Property Map>
    An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
    malwareName List<Property Map>
    The name of the malware that was observed.
    malwarePath List<Property Map>
    The filesystem path of the malware that was observed.
    malwareState List<Property Map>
    The state of the malware that was observed.
    malwareType List<Property Map>
    The type of the malware that was observed.
    networkDestinationDomain List<Property Map>
    The destination domain of network-related information about a finding.
    networkDestinationIpV4 List<Property Map>
    The destination IPv4 address of network-related information about a finding.
    networkDestinationIpV6 List<Property Map>
    The destination IPv6 address of network-related information about a finding.
    networkDestinationPort List<Property Map>
    The destination port of network-related information about a finding.
    networkDirection List<Property Map>
    Indicates the direction of network traffic associated with a finding.
    networkProtocol List<Property Map>
    The protocol of network-related information about a finding.
    networkSourceDomain List<Property Map>
    The source domain of network-related information about a finding.
    networkSourceIpV4 List<Property Map>
    The source IPv4 address of network-related information about a finding.
    networkSourceIpV6 List<Property Map>
    The source IPv6 address of network-related information about a finding.
    networkSourceMac List<Property Map>
    The source media access control (MAC) address of network-related information about a finding.
    networkSourcePort List<Property Map>
    The source port of network-related information about a finding.
    noteText List<Property Map>
    The text of a note.
    noteUpdatedAt List<Property Map>
    The timestamp of when the note was updated.
    noteUpdatedBy List<Property Map>
    The principal that created a note.
    processLaunchedAt List<Property Map>
    A timestamp that identifies when the process was launched.
    processName List<Property Map>
    The name of the process.
    processParentPid List<Property Map>
    The parent process ID.
    processPath List<Property Map>
    The path to the process executable.
    processPid List<Property Map>
    The process ID.
    processTerminatedAt List<Property Map>
    A timestamp that identifies when the process was terminated.
    productArn List<Property Map>
    The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
    productFields List<Property Map>
    A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
    productName List<Property Map>
    The name of the solution (product) that generates findings.
    recommendationText List<Property Map>
    The recommendation of what to do about the issue described in a finding.
    recordState List<Property Map>
    The updated record state for the finding.
    region List<Property Map>
    The Region from which the finding was generated.
    relatedFindingsId List<Property Map>
    The solution-generated identifier for a related finding.
    relatedFindingsProductArn List<Property Map>
    The ARN of the solution that generated a related finding.
    resourceApplicationArn List<Property Map>
    The ARN of the application that is related to a finding.
    resourceApplicationName List<Property Map>
    The name of the application that is related to a finding.
    resourceAwsEc2InstanceIamInstanceProfileArn List<Property Map>
    The IAM profile ARN of the instance.
    resourceAwsEc2InstanceImageId List<Property Map>
    The Amazon Machine Image (AMI) ID of the instance.
    resourceAwsEc2InstanceIpV4Addresses List<Property Map>
    The IPv4 addresses associated with the instance.
    resourceAwsEc2InstanceIpV6Addresses List<Property Map>
    The IPv6 addresses associated with the instance.
    resourceAwsEc2InstanceKeyName List<Property Map>
    The key name associated with the instance.
    resourceAwsEc2InstanceLaunchedAt List<Property Map>
    The date and time the instance was launched.
    resourceAwsEc2InstanceSubnetId List<Property Map>
    The identifier of the subnet that the instance was launched in.
    resourceAwsEc2InstanceType List<Property Map>
    The instance type of the instance.
    resourceAwsEc2InstanceVpcId List<Property Map>
    The identifier of the VPC that the instance was launched in.
    resourceAwsIamAccessKeyCreatedAt List<Property Map>
    The creation date/time of the IAM access key related to a finding.
    resourceAwsIamAccessKeyPrincipalName List<Property Map>
    The name of the principal that is associated with an IAM access key.
    resourceAwsIamAccessKeyStatus List<Property Map>
    The status of the IAM access key related to a finding.
    resourceAwsIamAccessKeyUserName List<Property Map>
    The user associated with the IAM access key related to a finding.
    resourceAwsIamUserUserName List<Property Map>
    The name of an IAM user.
    resourceAwsS3BucketOwnerId List<Property Map>
    The canonical user ID of the owner of the S3 bucket.
    resourceAwsS3BucketOwnerName List<Property Map>
    The display name of the owner of the S3 bucket.
    resourceContainerImageId List<Property Map>
    The identifier of the image related to a finding.
    resourceContainerImageName List<Property Map>
    The name of the image related to a finding.
    resourceContainerLaunchedAt List<Property Map>
    A timestamp that identifies when the container was started.
    resourceContainerName List<Property Map>
    The name of the container related to a finding.
    resourceDetailsOther List<Property Map>
    The details of a resource that doesn't have a specific subfield for the resource type defined.
    resourceId List<Property Map>
    The canonical identifier for the given resource type.
    resourcePartition List<Property Map>
    The canonical AWS partition name that the Region is assigned to.
    resourceRegion List<Property Map>
    The canonical AWS external Region name where this resource is located.
    resourceTags List<Property Map>
    A list of AWS tags associated with a resource at the time the finding was processed.
    resourceType List<Property Map>
    Specifies the type of the resource that details are provided for.
    sample List<Property Map>
    Indicates whether or not sample findings are included in the filter results.
    severityLabel List<Property Map>
    The label of a finding's severity.
    severityNormalized List<Property Map>
    The normalized severity of a finding.
    severityProduct List<Property Map>
    The native severity as defined by the security findings provider's solution that generated the finding.
    sourceUrl List<Property Map>
    A URL that links to a page about the current finding in the security findings provider's solution.
    threatIntelIndicatorCategory List<Property Map>
    The category of a threat intelligence indicator.
    threatIntelIndicatorLastObservedAt List<Property Map>
    A timestamp that identifies the last observation of a threat intelligence indicator.
    threatIntelIndicatorSource List<Property Map>
    The source of the threat intelligence.
    threatIntelIndicatorSourceUrl List<Property Map>
    The URL for more details from the source of the threat intelligence.
    threatIntelIndicatorType List<Property Map>
    The type of a threat intelligence indicator.
    threatIntelIndicatorValue List<Property Map>
    The value of a threat intelligence indicator.
    title List<Property Map>
    A finding's title.
    type List<Property Map>
    A finding type in the format of namespace/category/classifier that classifies a finding.
    updatedAt List<Property Map>
    An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
    userDefinedFields List<Property Map>
    A list of name/value string pairs associated with the finding.
    verificationState List<Property Map>
    The veracity of a finding.
    vulnerabilitiesExploitAvailable List<Property Map>
    Indicates whether a software vulnerability in your environment has a known exploit.
    vulnerabilitiesFixAvailable List<Property Map>
    Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
    workflowState List<Property Map>
    The workflow state of a finding.
    workflowStatus List<Property Map>
    The status of the investigation into a finding.

    InsightBooleanFilter

    Value bool
    The value of the boolean.
    Value bool
    The value of the boolean.
    value Boolean
    The value of the boolean.
    value boolean
    The value of the boolean.
    value bool
    The value of the boolean.
    value Boolean
    The value of the boolean.

    InsightDateFilter

    DateRange Pulumi.AwsNative.SecurityHub.Inputs.InsightDateRange
    A date range for the date filter.
    End string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    Start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    DateRange InsightDateRange
    A date range for the date filter.
    End string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    Start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange InsightDateRange
    A date range for the date filter.
    end String

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start String

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange InsightDateRange
    A date range for the date filter.
    end string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    date_range InsightDateRange
    A date range for the date filter.
    end str

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start str

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange Property Map
    A date range for the date filter.
    end String

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start String

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    InsightDateRange

    Unit Pulumi.AwsNative.SecurityHub.InsightDateRangeUnit
    A date range unit for the date filter.
    Value double
    A date range value for the date filter.
    Unit InsightDateRangeUnit
    A date range unit for the date filter.
    Value float64
    A date range value for the date filter.
    unit InsightDateRangeUnit
    A date range unit for the date filter.
    value Double
    A date range value for the date filter.
    unit InsightDateRangeUnit
    A date range unit for the date filter.
    value number
    A date range value for the date filter.
    unit InsightDateRangeUnit
    A date range unit for the date filter.
    value float
    A date range value for the date filter.
    unit "DAYS"
    A date range unit for the date filter.
    value Number
    A date range value for the date filter.

    InsightDateRangeUnit

    InsightIpFilter

    Cidr string
    A finding's CIDR value.
    Cidr string
    A finding's CIDR value.
    cidr String
    A finding's CIDR value.
    cidr string
    A finding's CIDR value.
    cidr str
    A finding's CIDR value.
    cidr String
    A finding's CIDR value.

    InsightKeywordFilter

    Value string
    A value for the keyword.
    Value string
    A value for the keyword.
    value String
    A value for the keyword.
    value string
    A value for the keyword.
    value str
    A value for the keyword.
    value String
    A value for the keyword.

    InsightMapFilter

    Comparison Pulumi.AwsNative.SecurityHub.InsightMapFilterComparison
    The condition to apply to the key value when filtering Security Hub findings with a map filter.
    Key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    Value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    Comparison InsightMapFilterComparison
    The condition to apply to the key value when filtering Security Hub findings with a map filter.
    Key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    Value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison InsightMapFilterComparison
    The condition to apply to the key value when filtering Security Hub findings with a map filter.
    key String
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value String
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison InsightMapFilterComparison
    The condition to apply to the key value when filtering Security Hub findings with a map filter.
    key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison InsightMapFilterComparison
    The condition to apply to the key value when filtering Security Hub findings with a map filter.
    key str
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value str
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison "EQUALS" | "NOT_EQUALS"
    The condition to apply to the key value when filtering Security Hub findings with a map filter.
    key String
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value String
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.

    InsightMapFilterComparison

    InsightNumberFilter

    Eq double
    The equal-to condition to be applied to a single field when querying for findings.
    Gte double
    The greater-than-equal condition to be applied to a single field when querying for findings.
    Lte double
    The less-than-equal condition to be applied to a single field when querying for findings.
    Eq float64
    The equal-to condition to be applied to a single field when querying for findings.
    Gte float64
    The greater-than-equal condition to be applied to a single field when querying for findings.
    Lte float64
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq Double
    The equal-to condition to be applied to a single field when querying for findings.
    gte Double
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte Double
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq number
    The equal-to condition to be applied to a single field when querying for findings.
    gte number
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte number
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq float
    The equal-to condition to be applied to a single field when querying for findings.
    gte float
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte float
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq Number
    The equal-to condition to be applied to a single field when querying for findings.
    gte Number
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte Number
    The less-than-equal condition to be applied to a single field when querying for findings.

    InsightStringFilter

    Comparison Pulumi.AwsNative.SecurityHub.InsightStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    Comparison InsightStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison InsightStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value String
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison InsightStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison InsightStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value str
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS"

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value String
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.

    InsightStringFilterComparison

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi