libZSservicesZSamazonka-securityhubZSamazonka-securityhub
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

Description

 
Synopsis

Documentation

data AwsSecurityFindingFilters Source #

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

See: newAwsSecurityFindingFilters smart constructor.

Constructors

AwsSecurityFindingFilters' 

Fields

Instances

Instances details
Eq AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

Read AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

Show AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

Generic AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

Associated Types

type Rep AwsSecurityFindingFilters :: Type -> Type #

NFData AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

Hashable AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

ToJSON AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

FromJSON AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

type Rep AwsSecurityFindingFilters Source # 
Instance details

Defined in Amazonka.SecurityHub.Types.AwsSecurityFindingFilters

type Rep AwsSecurityFindingFilters = D1 ('MetaData "AwsSecurityFindingFilters" "Amazonka.SecurityHub.Types.AwsSecurityFindingFilters" "libZSservicesZSamazonka-securityhubZSamazonka-securityhub" 'False) (C1 ('MetaCons "AwsSecurityFindingFilters'" 'PrefixI 'True) ((((((S1 ('MetaSel ('Just "resourceAwsIamAccessKeyPrincipalName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "resourceAwsIamAccessKeyCreatedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter]))) :*: (S1 ('MetaSel ('Just "malwarePath") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "resourceDetailsOther") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [MapFilter])) :*: S1 ('MetaSel ('Just "productName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "resourceAwsEc2InstanceSubnetId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "workflowState") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "resourceContainerImageId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "relatedFindingsProductArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "criticality") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: S1 ('MetaSel ('Just "resourceId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))))) :*: (((S1 ('MetaSel ('Just "resourceAwsIamAccessKeyUserName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "processParentPid") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: S1 ('MetaSel ('Just "resourceAwsEc2InstanceType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "resourceRegion") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "recordState") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "networkSourceIpV6") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpFilter]))))) :*: ((S1 ('MetaSel ('Just "resourceType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "productFields") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [MapFilter])) :*: S1 ('MetaSel ('Just "noteText") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "resourceContainerImageName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "createdAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])) :*: S1 ('MetaSel ('Just "threatIntelIndicatorCategory") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))))) :*: ((((S1 ('MetaSel ('Just "severityProduct") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: (S1 ('MetaSel ('Just "companyName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "findingProviderFieldsSeverityLabel") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "networkProtocol") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "resourceAwsEc2InstanceImageId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "resourcePartition") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "resourceAwsEc2InstanceIpV6Addresses") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpFilter])) :*: (S1 ('MetaSel ('Just "resourceTags") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [MapFilter])) :*: S1 ('MetaSel ('Just "resourceAwsEc2InstanceLaunchedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])))) :*: (S1 ('MetaSel ('Just "networkSourceDomain") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "networkDestinationPort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: S1 ('MetaSel ('Just "noteUpdatedBy") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))))) :*: (((S1 ('MetaSel ('Just "malwareName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "findingProviderFieldsTypes") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "threatIntelIndicatorValue") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "malwareState") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "awsAccountId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "complianceStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "networkDestinationIpV4") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpFilter])) :*: (S1 ('MetaSel ('Just "findingProviderFieldsRelatedFindingsId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "firstObservedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])))) :*: (S1 ('MetaSel ('Just "threatIntelIndicatorLastObservedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])) :*: (S1 ('MetaSel ('Just "recommendationText") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "resourceContainerLaunchedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])))))))) :*: (((((S1 ('MetaSel ('Just "networkSourceMac") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "confidence") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter]))) :*: (S1 ('MetaSel ('Just "relatedFindingsId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "processName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "findingProviderFieldsSeverityOriginal") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "workflowStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "resourceAwsS3BucketOwnerName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "findingProviderFieldsCriticality") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])))) :*: (S1 ('MetaSel ('Just "findingProviderFieldsRelatedFindingsProductArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "resourceAwsEc2InstanceVpcId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "networkSourcePort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])))))) :*: (((S1 ('MetaSel ('Just "resourceContainerName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "severityNormalized") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: S1 ('MetaSel ('Just "resourceAwsEc2InstanceKeyName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "networkDestinationDomain") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "processLaunchedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])) :*: S1 ('MetaSel ('Just "id") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "severityLabel") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "resourceAwsIamAccessKeyStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "resourceAwsS3BucketOwnerId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "threatIntelIndicatorType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "resourceAwsIamUserUserName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "noteUpdatedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter]))))))) :*: ((((S1 ('MetaSel ('Just "title") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "region") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "threatIntelIndicatorSource") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "type'") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "networkSourceIpV4") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpFilter])) :*: S1 ('MetaSel ('Just "resourceAwsEc2InstanceIamInstanceProfileArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "updatedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])) :*: (S1 ('MetaSel ('Just "processTerminatedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])) :*: S1 ('MetaSel ('Just "networkDestinationIpV6") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpFilter])))) :*: (S1 ('MetaSel ('Just "threatIntelIndicatorSourceUrl") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "networkDirection") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "description") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))))) :*: (((S1 ('MetaSel ('Just "verificationState") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: (S1 ('MetaSel ('Just "sourceUrl") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "processPath") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])))) :*: (S1 ('MetaSel ('Just "processPid") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: (S1 ('MetaSel ('Just "generatorId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "productArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter]))))) :*: ((S1 ('MetaSel ('Just "lastObservedAt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [DateFilter])) :*: (S1 ('MetaSel ('Just "findingProviderFieldsConfidence") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [NumberFilter])) :*: S1 ('MetaSel ('Just "userDefinedFields") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [MapFilter])))) :*: (S1 ('MetaSel ('Just "resourceAwsEc2InstanceIpV4Addresses") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpFilter])) :*: (S1 ('MetaSel ('Just "malwareType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StringFilter])) :*: S1 ('MetaSel ('Just "keyword") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [KeywordFilter]))))))))))

newAwsSecurityFindingFilters :: AwsSecurityFindingFilters Source #

Create a value of AwsSecurityFindingFilters with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:resourceAwsIamAccessKeyPrincipalName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName - The name of the principal that is associated with an IAM access key.

$sel:resourceAwsIamAccessKeyCreatedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt - The creation date/time of the IAM access key related to a finding.

$sel:malwarePath:AwsSecurityFindingFilters', awsSecurityFindingFilters_malwarePath - The filesystem path of the malware that was observed.

$sel:resourceDetailsOther:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceDetailsOther - The details of a resource that doesn't have a specific subfield for the resource type defined.

$sel:productName:AwsSecurityFindingFilters', awsSecurityFindingFilters_productName - The name of the solution (product) that generates findings.

Note that this is a filter against the aws/securityhub/ProductName field in ProductFields. It is not a filter for the top-level ProductName field.

$sel:resourceAwsEc2InstanceSubnetId:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId - The identifier of the subnet that the instance was launched in.

$sel:workflowState:AwsSecurityFindingFilters', awsSecurityFindingFilters_workflowState - The workflow state of a finding.

Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

$sel:resourceContainerImageId:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceContainerImageId - The identifier of the image related to a finding.

$sel:relatedFindingsProductArn:AwsSecurityFindingFilters', awsSecurityFindingFilters_relatedFindingsProductArn - The ARN of the solution that generated a related finding.

$sel:criticality:AwsSecurityFindingFilters', awsSecurityFindingFilters_criticality - The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

$sel:resourceId:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceId - The canonical identifier for the given resource type.

$sel:resourceAwsIamAccessKeyUserName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName - The user associated with the IAM access key related to a finding.

$sel:processParentPid:AwsSecurityFindingFilters', awsSecurityFindingFilters_processParentPid - The parent process ID.

$sel:resourceAwsEc2InstanceType:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceType - The instance type of the instance.

$sel:resourceRegion:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceRegion - The canonical Amazon Web Services external Region name where this resource is located.

$sel:recordState:AwsSecurityFindingFilters', awsSecurityFindingFilters_recordState - The updated record state for the finding.

$sel:networkSourceIpV6:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkSourceIpV6 - The source IPv6 address of network-related information about a finding.

$sel:resourceType:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceType - Specifies the type of the resource that details are provided for.

$sel:productFields:AwsSecurityFindingFilters', awsSecurityFindingFilters_productFields - A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

$sel:noteText:AwsSecurityFindingFilters', awsSecurityFindingFilters_noteText - The text of a note.

$sel:resourceContainerImageName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceContainerImageName - The name of the image related to a finding.

$sel:createdAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_createdAt - An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

$sel:threatIntelIndicatorCategory:AwsSecurityFindingFilters', awsSecurityFindingFilters_threatIntelIndicatorCategory - The category of a threat intelligence indicator.

$sel:severityProduct:AwsSecurityFindingFilters', awsSecurityFindingFilters_severityProduct - The native severity as defined by the security-findings provider's solution that generated the finding.

$sel:companyName:AwsSecurityFindingFilters', awsSecurityFindingFilters_companyName - The name of the findings provider (company) that owns the solution (product) that generates findings.

Note that this is a filter against the aws/securityhub/CompanyName field in ProductFields. It is not a filter for the top-level CompanyName field.

$sel:findingProviderFieldsSeverityLabel:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsSeverityLabel - The finding provider value for the severity label.

$sel:networkProtocol:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkProtocol - The protocol of network-related information about a finding.

$sel:resourceAwsEc2InstanceImageId:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceImageId - The Amazon Machine Image (AMI) ID of the instance.

$sel:resourcePartition:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourcePartition - The canonical Amazon Web Services partition name that the Region is assigned to.

$sel:resourceAwsEc2InstanceIpV6Addresses:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses - The IPv6 addresses associated with the instance.

$sel:resourceTags:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceTags - A list of Amazon Web Services tags associated with a resource at the time the finding was processed.

$sel:resourceAwsEc2InstanceLaunchedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt - The date and time the instance was launched.

$sel:networkSourceDomain:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkSourceDomain - The source domain of network-related information about a finding.

$sel:networkDestinationPort:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkDestinationPort - The destination port of network-related information about a finding.

$sel:noteUpdatedBy:AwsSecurityFindingFilters', awsSecurityFindingFilters_noteUpdatedBy - The principal that created a note.

$sel:malwareName:AwsSecurityFindingFilters', awsSecurityFindingFilters_malwareName - The name of the malware that was observed.

$sel:findingProviderFieldsTypes:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsTypes - One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

$sel:threatIntelIndicatorValue:AwsSecurityFindingFilters', awsSecurityFindingFilters_threatIntelIndicatorValue - The value of a threat intelligence indicator.

$sel:malwareState:AwsSecurityFindingFilters', awsSecurityFindingFilters_malwareState - The state of the malware that was observed.

$sel:awsAccountId:AwsSecurityFindingFilters', awsSecurityFindingFilters_awsAccountId - The Amazon Web Services account ID that a finding is generated in.

$sel:complianceStatus:AwsSecurityFindingFilters', awsSecurityFindingFilters_complianceStatus - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

$sel:networkDestinationIpV4:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkDestinationIpV4 - The destination IPv4 address of network-related information about a finding.

$sel:findingProviderFieldsRelatedFindingsId:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId - The finding identifier of a related finding that is identified by the finding provider.

$sel:firstObservedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_firstObservedAt - An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

$sel:threatIntelIndicatorLastObservedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt - The date/time of the last observation of a threat intelligence indicator.

$sel:recommendationText:AwsSecurityFindingFilters', awsSecurityFindingFilters_recommendationText - The recommendation of what to do about the issue described in a finding.

$sel:resourceContainerLaunchedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceContainerLaunchedAt - The date/time that the container was started.

$sel:networkSourceMac:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkSourceMac - The source media access control (MAC) address of network-related information about a finding.

$sel:confidence:AwsSecurityFindingFilters', awsSecurityFindingFilters_confidence - A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

$sel:relatedFindingsId:AwsSecurityFindingFilters', awsSecurityFindingFilters_relatedFindingsId - The solution-generated identifier for a related finding.

$sel:processName:AwsSecurityFindingFilters', awsSecurityFindingFilters_processName - The name of the process.

$sel:findingProviderFieldsSeverityOriginal:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal - The finding provider's original value for the severity.

$sel:workflowStatus:AwsSecurityFindingFilters', awsSecurityFindingFilters_workflowStatus - The status of the investigation into a finding. Allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE.
    • The compliance status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
  • NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
  • SUPPRESSED - The finding will not be reviewed again and will not be acted upon.
  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

$sel:resourceAwsS3BucketOwnerName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsS3BucketOwnerName - The display name of the owner of the S3 bucket.

$sel:findingProviderFieldsCriticality:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsCriticality - The finding provider value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

$sel:findingProviderFieldsRelatedFindingsProductArn:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn - The ARN of the solution that generated a related finding that is identified by the finding provider.

$sel:resourceAwsEc2InstanceVpcId:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId - The identifier of the VPC that the instance was launched in.

$sel:networkSourcePort:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkSourcePort - The source port of network-related information about a finding.

$sel:resourceContainerName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceContainerName - The name of the container related to a finding.

$sel:severityNormalized:AwsSecurityFindingFilters', awsSecurityFindingFilters_severityNormalized - The normalized severity of a finding.

$sel:resourceAwsEc2InstanceKeyName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName - The key name associated with the instance.

$sel:networkDestinationDomain:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkDestinationDomain - The destination domain of network-related information about a finding.

$sel:processLaunchedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_processLaunchedAt - The date/time that the process was launched.

$sel:id:AwsSecurityFindingFilters', awsSecurityFindingFilters_id - The security findings provider-specific identifier for a finding.

$sel:severityLabel:AwsSecurityFindingFilters', awsSecurityFindingFilters_severityLabel - The label of a finding's severity.

$sel:resourceAwsIamAccessKeyStatus:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus - The status of the IAM access key related to a finding.

$sel:resourceAwsS3BucketOwnerId:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsS3BucketOwnerId - The canonical user ID of the owner of the S3 bucket.

$sel:threatIntelIndicatorType:AwsSecurityFindingFilters', awsSecurityFindingFilters_threatIntelIndicatorType - The type of a threat intelligence indicator.

$sel:resourceAwsIamUserUserName:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsIamUserUserName - The name of an IAM user.

$sel:noteUpdatedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_noteUpdatedAt - The timestamp of when the note was updated.

$sel:title:AwsSecurityFindingFilters', awsSecurityFindingFilters_title - A finding's title.

$sel:region:AwsSecurityFindingFilters', awsSecurityFindingFilters_region - The Region from which the finding was generated.

$sel:threatIntelIndicatorSource:AwsSecurityFindingFilters', awsSecurityFindingFilters_threatIntelIndicatorSource - The source of the threat intelligence.

$sel:type':AwsSecurityFindingFilters', awsSecurityFindingFilters_type - A finding type in the format of namespace/category/classifier that classifies a finding.

$sel:networkSourceIpV4:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkSourceIpV4 - The source IPv4 address of network-related information about a finding.

$sel:resourceAwsEc2InstanceIamInstanceProfileArn:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn - The IAM profile ARN of the instance.

$sel:updatedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_updatedAt - An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

$sel:processTerminatedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_processTerminatedAt - The date/time that the process was terminated.

$sel:networkDestinationIpV6:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkDestinationIpV6 - The destination IPv6 address of network-related information about a finding.

$sel:threatIntelIndicatorSourceUrl:AwsSecurityFindingFilters', awsSecurityFindingFilters_threatIntelIndicatorSourceUrl - The URL for more details from the source of the threat intelligence.

$sel:networkDirection:AwsSecurityFindingFilters', awsSecurityFindingFilters_networkDirection - Indicates the direction of network traffic associated with a finding.

$sel:description:AwsSecurityFindingFilters', awsSecurityFindingFilters_description - A finding's description.

$sel:verificationState:AwsSecurityFindingFilters', awsSecurityFindingFilters_verificationState - The veracity of a finding.

$sel:sourceUrl:AwsSecurityFindingFilters', awsSecurityFindingFilters_sourceUrl - A URL that links to a page about the current finding in the security-findings provider's solution.

$sel:processPath:AwsSecurityFindingFilters', awsSecurityFindingFilters_processPath - The path to the process executable.

$sel:processPid:AwsSecurityFindingFilters', awsSecurityFindingFilters_processPid - The process ID.

$sel:generatorId:AwsSecurityFindingFilters', awsSecurityFindingFilters_generatorId - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

$sel:productArn:AwsSecurityFindingFilters', awsSecurityFindingFilters_productArn - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.

$sel:lastObservedAt:AwsSecurityFindingFilters', awsSecurityFindingFilters_lastObservedAt - An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

$sel:findingProviderFieldsConfidence:AwsSecurityFindingFilters', awsSecurityFindingFilters_findingProviderFieldsConfidence - The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

$sel:userDefinedFields:AwsSecurityFindingFilters', awsSecurityFindingFilters_userDefinedFields - A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

$sel:resourceAwsEc2InstanceIpV4Addresses:AwsSecurityFindingFilters', awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses - The IPv4 addresses associated with the instance.

$sel:malwareType:AwsSecurityFindingFilters', awsSecurityFindingFilters_malwareType - The type of the malware that was observed.

$sel:keyword:AwsSecurityFindingFilters', awsSecurityFindingFilters_keyword - A keyword for a finding.

awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The name of the principal that is associated with an IAM access key.

awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #

The creation date/time of the IAM access key related to a finding.

awsSecurityFindingFilters_malwarePath :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The filesystem path of the malware that was observed.

awsSecurityFindingFilters_resourceDetailsOther :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #

The details of a resource that doesn't have a specific subfield for the resource type defined.

awsSecurityFindingFilters_productName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The name of the solution (product) that generates findings.

Note that this is a filter against the aws/securityhub/ProductName field in ProductFields. It is not a filter for the top-level ProductName field.

awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The identifier of the subnet that the instance was launched in.

awsSecurityFindingFilters_workflowState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The workflow state of a finding.

Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

awsSecurityFindingFilters_relatedFindingsProductArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The ARN of the solution that generated a related finding.

awsSecurityFindingFilters_criticality :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

awsSecurityFindingFilters_resourceId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The canonical identifier for the given resource type.

awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The user associated with the IAM access key related to a finding.

awsSecurityFindingFilters_resourceRegion :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The canonical Amazon Web Services external Region name where this resource is located.

awsSecurityFindingFilters_networkSourceIpV6 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #

The source IPv6 address of network-related information about a finding.

awsSecurityFindingFilters_resourceType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

Specifies the type of the resource that details are provided for.

awsSecurityFindingFilters_productFields :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

awsSecurityFindingFilters_createdAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

awsSecurityFindingFilters_severityProduct :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

The native severity as defined by the security-findings provider's solution that generated the finding.

awsSecurityFindingFilters_companyName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The name of the findings provider (company) that owns the solution (product) that generates findings.

Note that this is a filter against the aws/securityhub/CompanyName field in ProductFields. It is not a filter for the top-level CompanyName field.

awsSecurityFindingFilters_networkProtocol :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The protocol of network-related information about a finding.

awsSecurityFindingFilters_resourcePartition :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The canonical Amazon Web Services partition name that the Region is assigned to.

awsSecurityFindingFilters_resourceTags :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #

A list of Amazon Web Services tags associated with a resource at the time the finding was processed.

awsSecurityFindingFilters_networkSourceDomain :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The source domain of network-related information about a finding.

awsSecurityFindingFilters_networkDestinationPort :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

The destination port of network-related information about a finding.

awsSecurityFindingFilters_findingProviderFieldsTypes :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

awsSecurityFindingFilters_awsAccountId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The Amazon Web Services account ID that a finding is generated in.

awsSecurityFindingFilters_complianceStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

awsSecurityFindingFilters_networkDestinationIpV4 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #

The destination IPv4 address of network-related information about a finding.

awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The finding identifier of a related finding that is identified by the finding provider.

awsSecurityFindingFilters_firstObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #

The date/time of the last observation of a threat intelligence indicator.

awsSecurityFindingFilters_recommendationText :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The recommendation of what to do about the issue described in a finding.

awsSecurityFindingFilters_networkSourceMac :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The source media access control (MAC) address of network-related information about a finding.

awsSecurityFindingFilters_confidence :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

awsSecurityFindingFilters_relatedFindingsId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The solution-generated identifier for a related finding.

awsSecurityFindingFilters_workflowStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The status of the investigation into a finding. Allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE.
    • The compliance status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
  • NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
  • SUPPRESSED - The finding will not be reviewed again and will not be acted upon.
  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

awsSecurityFindingFilters_findingProviderFieldsCriticality :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

The finding provider value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The ARN of the solution that generated a related finding that is identified by the finding provider.

awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The identifier of the VPC that the instance was launched in.

awsSecurityFindingFilters_networkSourcePort :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

The source port of network-related information about a finding.

awsSecurityFindingFilters_networkDestinationDomain :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The destination domain of network-related information about a finding.

awsSecurityFindingFilters_id :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The security findings provider-specific identifier for a finding.

awsSecurityFindingFilters_region :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The Region from which the finding was generated.

awsSecurityFindingFilters_type :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

A finding type in the format of namespace/category/classifier that classifies a finding.

awsSecurityFindingFilters_networkSourceIpV4 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #

The source IPv4 address of network-related information about a finding.

awsSecurityFindingFilters_updatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

awsSecurityFindingFilters_networkDestinationIpV6 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #

The destination IPv6 address of network-related information about a finding.

awsSecurityFindingFilters_threatIntelIndicatorSourceUrl :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The URL for more details from the source of the threat intelligence.

awsSecurityFindingFilters_networkDirection :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

Indicates the direction of network traffic associated with a finding.

awsSecurityFindingFilters_sourceUrl :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

A URL that links to a page about the current finding in the security-findings provider's solution.

awsSecurityFindingFilters_generatorId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

awsSecurityFindingFilters_productArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.

awsSecurityFindingFilters_lastObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

awsSecurityFindingFilters_findingProviderFieldsConfidence :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #

The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

awsSecurityFindingFilters_userDefinedFields :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.