Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.GuardDuty.CreateFilter

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Creates a filter using the specified finding criteria.

Synopsis

data CreateFilter = CreateFilter' {
- clientToken :: Maybe Text
- action :: Maybe FilterAction
- description :: Maybe Text
- rank :: Maybe Natural
- tags :: Maybe (HashMap Text Text)
- detectorId :: Text
- name :: Text
- findingCriteria :: FindingCriteria
}
newCreateFilter :: Text -> Text -> FindingCriteria -> CreateFilter
createFilter_clientToken :: Lens' CreateFilter (Maybe Text)
createFilter_action :: Lens' CreateFilter (Maybe FilterAction)
createFilter_description :: Lens' CreateFilter (Maybe Text)
createFilter_rank :: Lens' CreateFilter (Maybe Natural)
createFilter_tags :: Lens' CreateFilter (Maybe (HashMap Text Text))
createFilter_detectorId :: Lens' CreateFilter Text
createFilter_name :: Lens' CreateFilter Text
createFilter_findingCriteria :: Lens' CreateFilter FindingCriteria
data CreateFilterResponse = CreateFilterResponse' {
- httpStatus :: Int
- name :: Text
}
newCreateFilterResponse :: Int -> Text -> CreateFilterResponse
createFilterResponse_httpStatus :: Lens' CreateFilterResponse Int
createFilterResponse_name :: Lens' CreateFilterResponse Text

Creating a Request

data CreateFilter Source #

See: newCreateFilter smart constructor.

Constructors

CreateFilter'

Fields

clientToken :: Maybe Text
The idempotency token for the create request.
action :: Maybe FilterAction
Specifies the action that is to be applied to the findings that match the filter.
description :: Maybe Text
The description of the filter.
rank :: Maybe Natural
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
tags :: Maybe (HashMap Text Text)
The tags to be added to a new filter resource.
detectorId :: Text
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
name :: Text
The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
findingCriteria :: FindingCriteria
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
- accountId
- region
- confidence
- id
- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.outpostArn
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.resourceType
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.additionalInfo.threatListName
- service.archived
  When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
- service.resourceRole
- severity
- type
- updatedAt
  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Instances

Instances details

Eq CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods (==) :: CreateFilter -> CreateFilter -> Bool # (/=) :: CreateFilter -> CreateFilter -> Bool #
Read CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods readsPrec :: Int -> ReadS CreateFilter # readList :: ReadS [CreateFilter] # readPrec :: ReadPrec CreateFilter # readListPrec :: ReadPrec [CreateFilter] #
Show CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods showsPrec :: Int -> CreateFilter -> ShowS # show :: CreateFilter -> String # showList :: [CreateFilter] -> ShowS #
Generic CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Associated Types type Rep CreateFilter :: Type -> Type # Methods from :: CreateFilter -> Rep CreateFilter x # to :: Rep CreateFilter x -> CreateFilter #
NFData CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods rnf :: CreateFilter -> () #
Hashable CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods hashWithSalt :: Int -> CreateFilter -> Int # hash :: CreateFilter -> Int #
ToJSON CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods toJSON :: CreateFilter -> Value # toEncoding :: CreateFilter -> Encoding # toJSONList :: [CreateFilter] -> Value # toEncodingList :: [CreateFilter] -> Encoding #
AWSRequest CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Associated Types type AWSResponse CreateFilter # Methods request :: CreateFilter -> Request CreateFilter # response :: MonadResource m => Logger -> Service -> Proxy CreateFilter -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse CreateFilter))) #
ToHeaders CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods toHeaders :: CreateFilter -> [Header] #
ToPath CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods toPath :: CreateFilter -> ByteString #
ToQuery CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods toQuery :: CreateFilter -> QueryString #
type Rep CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter type Rep CreateFilter = D1 ('MetaData "CreateFilter" "Amazonka.GuardDuty.CreateFilter" "libZSservicesZSamazonka-guarddutyZSamazonka-guardduty" 'False) (C1 ('MetaCons "CreateFilter'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "clientToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "action") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe FilterAction))) :: (S1 ('MetaSel ('Just "description") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "rank") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)))) :: ((S1 ('MetaSel ('Just "tags") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (HashMap Text Text))) :: S1 ('MetaSel ('Just "detectorId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)) :: (S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "findingCriteria") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 FindingCriteria)))))
type AWSResponse CreateFilter Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter type AWSResponse CreateFilter = CreateFilterResponse

newCreateFilter Source #

Arguments

:: Text	`$sel:detectorId:CreateFilter'`
-> Text	`$sel:name:CreateFilter'`
-> FindingCriteria	`$sel:findingCriteria:CreateFilter'`
-> CreateFilter

Create a value of CreateFilter with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:clientToken:CreateFilter', createFilter_clientToken - The idempotency token for the create request.

$sel:action:CreateFilter', createFilter_action - Specifies the action that is to be applied to the findings that match the filter.

$sel:description:CreateFilter', createFilter_description - The description of the filter.

$sel:rank:CreateFilter', createFilter_rank - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

$sel:tags:CreateFilter', createFilter_tags - The tags to be added to a new filter resource.

$sel:detectorId:CreateFilter', createFilter_detectorId - The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

$sel:name:CreateFilter', createFilter_name - The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

$sel:findingCriteria:CreateFilter', createFilter_findingCriteria - Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.outpostArn
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Request Lenses

createFilter_clientToken :: Lens' CreateFilter (Maybe Text) Source #

The idempotency token for the create request.

createFilter_action :: Lens' CreateFilter (Maybe FilterAction) Source #

Specifies the action that is to be applied to the findings that match the filter.

createFilter_description :: Lens' CreateFilter (Maybe Text) Source #

The description of the filter.

createFilter_rank :: Lens' CreateFilter (Maybe Natural) Source #

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

createFilter_tags :: Lens' CreateFilter (Maybe (HashMap Text Text)) Source #

The tags to be added to a new filter resource.

createFilter_detectorId :: Lens' CreateFilter Text Source #

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

createFilter_name :: Lens' CreateFilter Text Source #

The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

createFilter_findingCriteria :: Lens' CreateFilter FindingCriteria Source #

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.outpostArn
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Destructuring the Response

data CreateFilterResponse Source #

See: newCreateFilterResponse smart constructor.

Constructors

CreateFilterResponse'
Fields httpStatus :: Int The response's http status code. name :: Text The name of the successfully created filter.

Instances

Instances details

Eq CreateFilterResponse Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods (==) :: CreateFilterResponse -> CreateFilterResponse -> Bool # (/=) :: CreateFilterResponse -> CreateFilterResponse -> Bool #
Read CreateFilterResponse Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods readsPrec :: Int -> ReadS CreateFilterResponse # readList :: ReadS [CreateFilterResponse] # readPrec :: ReadPrec CreateFilterResponse # readListPrec :: ReadPrec [CreateFilterResponse] #
Show CreateFilterResponse Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods showsPrec :: Int -> CreateFilterResponse -> ShowS # show :: CreateFilterResponse -> String # showList :: [CreateFilterResponse] -> ShowS #
Generic CreateFilterResponse Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Associated Types type Rep CreateFilterResponse :: Type -> Type # Methods from :: CreateFilterResponse -> Rep CreateFilterResponse x # to :: Rep CreateFilterResponse x -> CreateFilterResponse #
NFData CreateFilterResponse Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter Methods rnf :: CreateFilterResponse -> () #
type Rep CreateFilterResponse Source #
Instance details Defined in Amazonka.GuardDuty.CreateFilter type Rep CreateFilterResponse = D1 ('MetaData "CreateFilterResponse" "Amazonka.GuardDuty.CreateFilter" "libZSservicesZSamazonka-guarddutyZSamazonka-guardduty" 'False) (C1 ('MetaCons "CreateFilterResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int) :*: S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))

newCreateFilterResponse Source #

Arguments

:: Int	`$sel:httpStatus:CreateFilterResponse'`
-> Text	`$sel:name:CreateFilter'`
-> CreateFilterResponse

Create a value of CreateFilterResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:httpStatus:CreateFilterResponse', createFilterResponse_httpStatus - The response's http status code.

$sel:name:CreateFilter', createFilterResponse_name - The name of the successfully created filter.

Response Lenses

createFilterResponse_httpStatus :: Lens' CreateFilterResponse Int Source #

The response's http status code.

createFilterResponse_name :: Lens' CreateFilterResponse Text Source #

The name of the successfully created filter.