Copyright | (c) 2013-2021 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Synopsis
- data AwsSecurityFindingFilters = AwsSecurityFindingFilters' {
- resourceAwsIamAccessKeyPrincipalName :: Maybe [StringFilter]
- resourceAwsIamAccessKeyCreatedAt :: Maybe [DateFilter]
- malwarePath :: Maybe [StringFilter]
- resourceDetailsOther :: Maybe [MapFilter]
- productName :: Maybe [StringFilter]
- resourceAwsEc2InstanceSubnetId :: Maybe [StringFilter]
- workflowState :: Maybe [StringFilter]
- resourceContainerImageId :: Maybe [StringFilter]
- relatedFindingsProductArn :: Maybe [StringFilter]
- criticality :: Maybe [NumberFilter]
- resourceId :: Maybe [StringFilter]
- resourceAwsIamAccessKeyUserName :: Maybe [StringFilter]
- processParentPid :: Maybe [NumberFilter]
- resourceAwsEc2InstanceType :: Maybe [StringFilter]
- resourceRegion :: Maybe [StringFilter]
- recordState :: Maybe [StringFilter]
- networkSourceIpV6 :: Maybe [IpFilter]
- resourceType :: Maybe [StringFilter]
- productFields :: Maybe [MapFilter]
- noteText :: Maybe [StringFilter]
- resourceContainerImageName :: Maybe [StringFilter]
- createdAt :: Maybe [DateFilter]
- threatIntelIndicatorCategory :: Maybe [StringFilter]
- severityProduct :: Maybe [NumberFilter]
- companyName :: Maybe [StringFilter]
- findingProviderFieldsSeverityLabel :: Maybe [StringFilter]
- networkProtocol :: Maybe [StringFilter]
- resourceAwsEc2InstanceImageId :: Maybe [StringFilter]
- resourcePartition :: Maybe [StringFilter]
- resourceAwsEc2InstanceIpV6Addresses :: Maybe [IpFilter]
- resourceTags :: Maybe [MapFilter]
- resourceAwsEc2InstanceLaunchedAt :: Maybe [DateFilter]
- networkSourceDomain :: Maybe [StringFilter]
- networkDestinationPort :: Maybe [NumberFilter]
- noteUpdatedBy :: Maybe [StringFilter]
- malwareName :: Maybe [StringFilter]
- findingProviderFieldsTypes :: Maybe [StringFilter]
- threatIntelIndicatorValue :: Maybe [StringFilter]
- malwareState :: Maybe [StringFilter]
- awsAccountId :: Maybe [StringFilter]
- complianceStatus :: Maybe [StringFilter]
- networkDestinationIpV4 :: Maybe [IpFilter]
- findingProviderFieldsRelatedFindingsId :: Maybe [StringFilter]
- firstObservedAt :: Maybe [DateFilter]
- threatIntelIndicatorLastObservedAt :: Maybe [DateFilter]
- recommendationText :: Maybe [StringFilter]
- resourceContainerLaunchedAt :: Maybe [DateFilter]
- networkSourceMac :: Maybe [StringFilter]
- confidence :: Maybe [NumberFilter]
- relatedFindingsId :: Maybe [StringFilter]
- processName :: Maybe [StringFilter]
- findingProviderFieldsSeverityOriginal :: Maybe [StringFilter]
- workflowStatus :: Maybe [StringFilter]
- resourceAwsS3BucketOwnerName :: Maybe [StringFilter]
- findingProviderFieldsCriticality :: Maybe [NumberFilter]
- findingProviderFieldsRelatedFindingsProductArn :: Maybe [StringFilter]
- resourceAwsEc2InstanceVpcId :: Maybe [StringFilter]
- networkSourcePort :: Maybe [NumberFilter]
- resourceContainerName :: Maybe [StringFilter]
- severityNormalized :: Maybe [NumberFilter]
- resourceAwsEc2InstanceKeyName :: Maybe [StringFilter]
- networkDestinationDomain :: Maybe [StringFilter]
- processLaunchedAt :: Maybe [DateFilter]
- id :: Maybe [StringFilter]
- severityLabel :: Maybe [StringFilter]
- resourceAwsIamAccessKeyStatus :: Maybe [StringFilter]
- resourceAwsS3BucketOwnerId :: Maybe [StringFilter]
- threatIntelIndicatorType :: Maybe [StringFilter]
- resourceAwsIamUserUserName :: Maybe [StringFilter]
- noteUpdatedAt :: Maybe [DateFilter]
- title :: Maybe [StringFilter]
- region :: Maybe [StringFilter]
- threatIntelIndicatorSource :: Maybe [StringFilter]
- type' :: Maybe [StringFilter]
- networkSourceIpV4 :: Maybe [IpFilter]
- resourceAwsEc2InstanceIamInstanceProfileArn :: Maybe [StringFilter]
- updatedAt :: Maybe [DateFilter]
- processTerminatedAt :: Maybe [DateFilter]
- networkDestinationIpV6 :: Maybe [IpFilter]
- threatIntelIndicatorSourceUrl :: Maybe [StringFilter]
- networkDirection :: Maybe [StringFilter]
- description :: Maybe [StringFilter]
- verificationState :: Maybe [StringFilter]
- sourceUrl :: Maybe [StringFilter]
- processPath :: Maybe [StringFilter]
- processPid :: Maybe [NumberFilter]
- generatorId :: Maybe [StringFilter]
- productArn :: Maybe [StringFilter]
- lastObservedAt :: Maybe [DateFilter]
- findingProviderFieldsConfidence :: Maybe [NumberFilter]
- userDefinedFields :: Maybe [MapFilter]
- resourceAwsEc2InstanceIpV4Addresses :: Maybe [IpFilter]
- malwareType :: Maybe [StringFilter]
- keyword :: Maybe [KeywordFilter]
- newAwsSecurityFindingFilters :: AwsSecurityFindingFilters
- awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_malwarePath :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceDetailsOther :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter])
- awsSecurityFindingFilters_productName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_workflowState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceContainerImageId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_relatedFindingsProductArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_criticality :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_resourceId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_processParentPid :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceRegion :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_recordState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkSourceIpV6 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter])
- awsSecurityFindingFilters_resourceType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_productFields :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter])
- awsSecurityFindingFilters_noteText :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceContainerImageName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_createdAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_threatIntelIndicatorCategory :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_severityProduct :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_companyName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_findingProviderFieldsSeverityLabel :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkProtocol :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceImageId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourcePartition :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter])
- awsSecurityFindingFilters_resourceTags :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_networkSourceDomain :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkDestinationPort :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_noteUpdatedBy :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_malwareName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_findingProviderFieldsTypes :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_threatIntelIndicatorValue :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_malwareState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_awsAccountId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_complianceStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkDestinationIpV4 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter])
- awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_firstObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_recommendationText :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceContainerLaunchedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_networkSourceMac :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_confidence :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_relatedFindingsId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_processName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_workflowStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsS3BucketOwnerName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_findingProviderFieldsCriticality :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkSourcePort :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_resourceContainerName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_severityNormalized :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkDestinationDomain :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_processLaunchedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_id :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_severityLabel :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsS3BucketOwnerId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_threatIntelIndicatorType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_resourceAwsIamUserUserName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_noteUpdatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_title :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_region :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_threatIntelIndicatorSource :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_type :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkSourceIpV4 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_updatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_processTerminatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_networkDestinationIpV6 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter])
- awsSecurityFindingFilters_threatIntelIndicatorSourceUrl :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_networkDirection :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_description :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_verificationState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_sourceUrl :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_processPath :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_processPid :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_generatorId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_productArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_lastObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter])
- awsSecurityFindingFilters_findingProviderFieldsConfidence :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter])
- awsSecurityFindingFilters_userDefinedFields :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter])
- awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter])
- awsSecurityFindingFilters_malwareType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter])
- awsSecurityFindingFilters_keyword :: Lens' AwsSecurityFindingFilters (Maybe [KeywordFilter])
Documentation
data AwsSecurityFindingFilters Source #
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.
See: newAwsSecurityFindingFilters
smart constructor.
AwsSecurityFindingFilters' | |
|
Instances
newAwsSecurityFindingFilters :: AwsSecurityFindingFilters Source #
Create a value of AwsSecurityFindingFilters
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceAwsIamAccessKeyPrincipalName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName
- The name of the principal that is associated with an IAM access key.
$sel:resourceAwsIamAccessKeyCreatedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt
- The creation date/time of the IAM access key related to a finding.
$sel:malwarePath:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_malwarePath
- The filesystem path of the malware that was observed.
$sel:resourceDetailsOther:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceDetailsOther
- The details of a resource that doesn't have a specific subfield for the
resource type defined.
$sel:productName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_productName
- The name of the solution (product) that generates findings.
Note that this is a filter against the aws/securityhub/ProductName
field in ProductFields
. It is not a filter for the top-level
ProductName
field.
$sel:resourceAwsEc2InstanceSubnetId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId
- The identifier of the subnet that the instance was launched in.
$sel:workflowState:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_workflowState
- The workflow state of a finding.
Note that this field is deprecated. To search for a finding based on its
workflow status, use WorkflowStatus
.
$sel:resourceContainerImageId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceContainerImageId
- The identifier of the image related to a finding.
$sel:relatedFindingsProductArn:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_relatedFindingsProductArn
- The ARN of the solution that generated a related finding.
$sel:criticality:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_criticality
- The level of importance assigned to the resources associated with the
finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
$sel:resourceId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceId
- The canonical identifier for the given resource type.
$sel:resourceAwsIamAccessKeyUserName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName
- The user associated with the IAM access key related to a finding.
$sel:processParentPid:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_processParentPid
- The parent process ID.
$sel:resourceAwsEc2InstanceType:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceType
- The instance type of the instance.
$sel:resourceRegion:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceRegion
- The canonical Amazon Web Services external Region name where this
resource is located.
$sel:recordState:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_recordState
- The updated record state for the finding.
$sel:networkSourceIpV6:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkSourceIpV6
- The source IPv6 address of network-related information about a finding.
$sel:resourceType:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceType
- Specifies the type of the resource that details are provided for.
$sel:productFields:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_productFields
- A data type where security-findings providers can include additional
solution-specific details that aren't part of the defined
AwsSecurityFinding
format.
$sel:noteText:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_noteText
- The text of a note.
$sel:resourceContainerImageName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceContainerImageName
- The name of the image related to a finding.
$sel:createdAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_createdAt
- An ISO8601-formatted timestamp that indicates when the security-findings
provider captured the potential security issue that a finding captured.
$sel:threatIntelIndicatorCategory:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_threatIntelIndicatorCategory
- The category of a threat intelligence indicator.
$sel:severityProduct:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_severityProduct
- The native severity as defined by the security-findings provider's
solution that generated the finding.
$sel:companyName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_companyName
- The name of the findings provider (company) that owns the solution
(product) that generates findings.
Note that this is a filter against the aws/securityhub/CompanyName
field in ProductFields
. It is not a filter for the top-level
CompanyName
field.
$sel:findingProviderFieldsSeverityLabel:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsSeverityLabel
- The finding provider value for the severity label.
$sel:networkProtocol:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkProtocol
- The protocol of network-related information about a finding.
$sel:resourceAwsEc2InstanceImageId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceImageId
- The Amazon Machine Image (AMI) ID of the instance.
$sel:resourcePartition:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourcePartition
- The canonical Amazon Web Services partition name that the Region is
assigned to.
$sel:resourceAwsEc2InstanceIpV6Addresses:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses
- The IPv6 addresses associated with the instance.
$sel:resourceTags:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceTags
- A list of Amazon Web Services tags associated with a resource at the
time the finding was processed.
$sel:resourceAwsEc2InstanceLaunchedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt
- The date and time the instance was launched.
$sel:networkSourceDomain:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkSourceDomain
- The source domain of network-related information about a finding.
$sel:networkDestinationPort:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkDestinationPort
- The destination port of network-related information about a finding.
$sel:noteUpdatedBy:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_noteUpdatedBy
- The principal that created a note.
$sel:malwareName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_malwareName
- The name of the malware that was observed.
$sel:findingProviderFieldsTypes:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsTypes
- One or more finding types that the finding provider assigned to the
finding. Uses the format of namespace/category/classifier
that
classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
$sel:threatIntelIndicatorValue:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_threatIntelIndicatorValue
- The value of a threat intelligence indicator.
$sel:malwareState:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_malwareState
- The state of the malware that was observed.
$sel:awsAccountId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_awsAccountId
- The Amazon Web Services account ID that a finding is generated in.
$sel:complianceStatus:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_complianceStatus
- Exclusive to findings that are generated as the result of a check run
against a specific rule in a supported standard, such as CIS Amazon Web
Services Foundations. Contains security standard-related finding
details.
$sel:networkDestinationIpV4:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkDestinationIpV4
- The destination IPv4 address of network-related information about a
finding.
$sel:findingProviderFieldsRelatedFindingsId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId
- The finding identifier of a related finding that is identified by the
finding provider.
$sel:firstObservedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_firstObservedAt
- An ISO8601-formatted timestamp that indicates when the security-findings
provider first observed the potential security issue that a finding
captured.
$sel:threatIntelIndicatorLastObservedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt
- The date/time of the last observation of a threat intelligence
indicator.
$sel:recommendationText:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_recommendationText
- The recommendation of what to do about the issue described in a finding.
$sel:resourceContainerLaunchedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceContainerLaunchedAt
- The date/time that the container was started.
$sel:networkSourceMac:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkSourceMac
- The source media access control (MAC) address of network-related
information about a finding.
$sel:confidence:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_confidence
- A finding's confidence. Confidence is defined as the likelihood that a
finding accurately identifies the behavior or issue that it was intended
to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
$sel:relatedFindingsId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_relatedFindingsId
- The solution-generated identifier for a related finding.
$sel:processName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_processName
- The name of the process.
$sel:findingProviderFieldsSeverityOriginal:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal
- The finding provider's original value for the severity.
$sel:workflowStatus:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_workflowStatus
- The status of the investigation into a finding. Allowed values are the
following.
NEW
- The initial state of a finding, before it is reviewed.Security Hub also resets the workflow status from
NOTIFIED
orRESOLVED
toNEW
in the following cases:- The record state changes from
ARCHIVED
toACTIVE
. - The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.
- The record state changes from
NOTIFIED
- Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.SUPPRESSED
- The finding will not be reviewed again and will not be acted upon.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.
$sel:resourceAwsS3BucketOwnerName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsS3BucketOwnerName
- The display name of the owner of the S3 bucket.
$sel:findingProviderFieldsCriticality:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsCriticality
- The finding provider value for the level of importance assigned to the
resources associated with the findings.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
$sel:findingProviderFieldsRelatedFindingsProductArn:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn
- The ARN of the solution that generated a related finding that is
identified by the finding provider.
$sel:resourceAwsEc2InstanceVpcId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId
- The identifier of the VPC that the instance was launched in.
$sel:networkSourcePort:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkSourcePort
- The source port of network-related information about a finding.
$sel:resourceContainerName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceContainerName
- The name of the container related to a finding.
$sel:severityNormalized:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_severityNormalized
- The normalized severity of a finding.
$sel:resourceAwsEc2InstanceKeyName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName
- The key name associated with the instance.
$sel:networkDestinationDomain:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkDestinationDomain
- The destination domain of network-related information about a finding.
$sel:processLaunchedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_processLaunchedAt
- The date/time that the process was launched.
$sel:id:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_id
- The security findings provider-specific identifier for a finding.
$sel:severityLabel:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_severityLabel
- The label of a finding's severity.
$sel:resourceAwsIamAccessKeyStatus:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus
- The status of the IAM access key related to a finding.
$sel:resourceAwsS3BucketOwnerId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsS3BucketOwnerId
- The canonical user ID of the owner of the S3 bucket.
$sel:threatIntelIndicatorType:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_threatIntelIndicatorType
- The type of a threat intelligence indicator.
$sel:resourceAwsIamUserUserName:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsIamUserUserName
- The name of an IAM user.
$sel:noteUpdatedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_noteUpdatedAt
- The timestamp of when the note was updated.
$sel:title:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_title
- A finding's title.
$sel:region:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_region
- The Region from which the finding was generated.
$sel:threatIntelIndicatorSource:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_threatIntelIndicatorSource
- The source of the threat intelligence.
$sel:type':AwsSecurityFindingFilters'
, awsSecurityFindingFilters_type
- A finding type in the format of namespace/category/classifier
that
classifies a finding.
$sel:networkSourceIpV4:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkSourceIpV4
- The source IPv4 address of network-related information about a finding.
$sel:resourceAwsEc2InstanceIamInstanceProfileArn:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn
- The IAM profile ARN of the instance.
$sel:updatedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_updatedAt
- An ISO8601-formatted timestamp that indicates when the security-findings
provider last updated the finding record.
$sel:processTerminatedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_processTerminatedAt
- The date/time that the process was terminated.
$sel:networkDestinationIpV6:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkDestinationIpV6
- The destination IPv6 address of network-related information about a
finding.
$sel:threatIntelIndicatorSourceUrl:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_threatIntelIndicatorSourceUrl
- The URL for more details from the source of the threat intelligence.
$sel:networkDirection:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_networkDirection
- Indicates the direction of network traffic associated with a finding.
$sel:description:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_description
- A finding's description.
$sel:verificationState:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_verificationState
- The veracity of a finding.
$sel:sourceUrl:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_sourceUrl
- A URL that links to a page about the current finding in the
security-findings provider's solution.
$sel:processPath:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_processPath
- The path to the process executable.
$sel:processPid:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_processPid
- The process ID.
$sel:generatorId:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_generatorId
- The identifier for the solution-specific component (a discrete unit of
logic) that generated a finding. In various security-findings
providers' solutions, this generator can be called a rule, a check, a
detector, a plugin, etc.
$sel:productArn:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_productArn
- The ARN generated by Security Hub that uniquely identifies a third-party
company (security findings provider) after this provider's product
(solution that generates findings) is registered with Security Hub.
$sel:lastObservedAt:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_lastObservedAt
- An ISO8601-formatted timestamp that indicates when the security-findings
provider most recently observed the potential security issue that a
finding captured.
$sel:findingProviderFieldsConfidence:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_findingProviderFieldsConfidence
- The finding provider value for the finding confidence. Confidence is
defined as the likelihood that a finding accurately identifies the
behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
$sel:userDefinedFields:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_userDefinedFields
- A list of name/value string pairs associated with the finding. These
are custom, user-defined fields added to a finding.
$sel:resourceAwsEc2InstanceIpV4Addresses:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses
- The IPv4 addresses associated with the instance.
$sel:malwareType:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_malwareType
- The type of the malware that was observed.
$sel:keyword:AwsSecurityFindingFilters'
, awsSecurityFindingFilters_keyword
- A keyword for a finding.
awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the principal that is associated with an IAM access key.
awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The creation date/time of the IAM access key related to a finding.
awsSecurityFindingFilters_malwarePath :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The filesystem path of the malware that was observed.
awsSecurityFindingFilters_resourceDetailsOther :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #
The details of a resource that doesn't have a specific subfield for the resource type defined.
awsSecurityFindingFilters_productName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the solution (product) that generates findings.
Note that this is a filter against the aws/securityhub/ProductName
field in ProductFields
. It is not a filter for the top-level
ProductName
field.
awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The identifier of the subnet that the instance was launched in.
awsSecurityFindingFilters_workflowState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The workflow state of a finding.
Note that this field is deprecated. To search for a finding based on its
workflow status, use WorkflowStatus
.
awsSecurityFindingFilters_resourceContainerImageId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The identifier of the image related to a finding.
awsSecurityFindingFilters_relatedFindingsProductArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The ARN of the solution that generated a related finding.
awsSecurityFindingFilters_criticality :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
awsSecurityFindingFilters_resourceId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The canonical identifier for the given resource type.
awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The user associated with the IAM access key related to a finding.
awsSecurityFindingFilters_processParentPid :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The parent process ID.
awsSecurityFindingFilters_resourceAwsEc2InstanceType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The instance type of the instance.
awsSecurityFindingFilters_resourceRegion :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The canonical Amazon Web Services external Region name where this resource is located.
awsSecurityFindingFilters_recordState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The updated record state for the finding.
awsSecurityFindingFilters_networkSourceIpV6 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #
The source IPv6 address of network-related information about a finding.
awsSecurityFindingFilters_resourceType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
Specifies the type of the resource that details are provided for.
awsSecurityFindingFilters_productFields :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #
A data type where security-findings providers can include additional
solution-specific details that aren't part of the defined
AwsSecurityFinding
format.
awsSecurityFindingFilters_noteText :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The text of a note.
awsSecurityFindingFilters_resourceContainerImageName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the image related to a finding.
awsSecurityFindingFilters_createdAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
awsSecurityFindingFilters_threatIntelIndicatorCategory :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The category of a threat intelligence indicator.
awsSecurityFindingFilters_severityProduct :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The native severity as defined by the security-findings provider's solution that generated the finding.
awsSecurityFindingFilters_companyName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the findings provider (company) that owns the solution (product) that generates findings.
Note that this is a filter against the aws/securityhub/CompanyName
field in ProductFields
. It is not a filter for the top-level
CompanyName
field.
awsSecurityFindingFilters_findingProviderFieldsSeverityLabel :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The finding provider value for the severity label.
awsSecurityFindingFilters_networkProtocol :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The protocol of network-related information about a finding.
awsSecurityFindingFilters_resourceAwsEc2InstanceImageId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The Amazon Machine Image (AMI) ID of the instance.
awsSecurityFindingFilters_resourcePartition :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The canonical Amazon Web Services partition name that the Region is assigned to.
awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #
The IPv6 addresses associated with the instance.
awsSecurityFindingFilters_resourceTags :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #
A list of Amazon Web Services tags associated with a resource at the time the finding was processed.
awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The date and time the instance was launched.
awsSecurityFindingFilters_networkSourceDomain :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The source domain of network-related information about a finding.
awsSecurityFindingFilters_networkDestinationPort :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The destination port of network-related information about a finding.
awsSecurityFindingFilters_noteUpdatedBy :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The principal that created a note.
awsSecurityFindingFilters_malwareName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the malware that was observed.
awsSecurityFindingFilters_findingProviderFieldsTypes :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
One or more finding types that the finding provider assigned to the
finding. Uses the format of namespace/category/classifier
that
classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
awsSecurityFindingFilters_threatIntelIndicatorValue :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The value of a threat intelligence indicator.
awsSecurityFindingFilters_malwareState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The state of the malware that was observed.
awsSecurityFindingFilters_awsAccountId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The Amazon Web Services account ID that a finding is generated in.
awsSecurityFindingFilters_complianceStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.
awsSecurityFindingFilters_networkDestinationIpV4 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #
The destination IPv4 address of network-related information about a finding.
awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The finding identifier of a related finding that is identified by the finding provider.
awsSecurityFindingFilters_firstObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The date/time of the last observation of a threat intelligence indicator.
awsSecurityFindingFilters_recommendationText :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The recommendation of what to do about the issue described in a finding.
awsSecurityFindingFilters_resourceContainerLaunchedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The date/time that the container was started.
awsSecurityFindingFilters_networkSourceMac :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The source media access control (MAC) address of network-related information about a finding.
awsSecurityFindingFilters_confidence :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
awsSecurityFindingFilters_relatedFindingsId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The solution-generated identifier for a related finding.
awsSecurityFindingFilters_processName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the process.
awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The finding provider's original value for the severity.
awsSecurityFindingFilters_workflowStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The status of the investigation into a finding. Allowed values are the following.
NEW
- The initial state of a finding, before it is reviewed.Security Hub also resets the workflow status from
NOTIFIED
orRESOLVED
toNEW
in the following cases:- The record state changes from
ARCHIVED
toACTIVE
. - The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.
- The record state changes from
NOTIFIED
- Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.SUPPRESSED
- The finding will not be reviewed again and will not be acted upon.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.
awsSecurityFindingFilters_resourceAwsS3BucketOwnerName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The display name of the owner of the S3 bucket.
awsSecurityFindingFilters_findingProviderFieldsCriticality :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The finding provider value for the level of importance assigned to the resources associated with the findings.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The ARN of the solution that generated a related finding that is identified by the finding provider.
awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The identifier of the VPC that the instance was launched in.
awsSecurityFindingFilters_networkSourcePort :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The source port of network-related information about a finding.
awsSecurityFindingFilters_resourceContainerName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of the container related to a finding.
awsSecurityFindingFilters_severityNormalized :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The normalized severity of a finding.
awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The key name associated with the instance.
awsSecurityFindingFilters_networkDestinationDomain :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The destination domain of network-related information about a finding.
awsSecurityFindingFilters_processLaunchedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The date/time that the process was launched.
awsSecurityFindingFilters_id :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The security findings provider-specific identifier for a finding.
awsSecurityFindingFilters_severityLabel :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The label of a finding's severity.
awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The status of the IAM access key related to a finding.
awsSecurityFindingFilters_resourceAwsS3BucketOwnerId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The canonical user ID of the owner of the S3 bucket.
awsSecurityFindingFilters_threatIntelIndicatorType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The type of a threat intelligence indicator.
awsSecurityFindingFilters_resourceAwsIamUserUserName :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The name of an IAM user.
awsSecurityFindingFilters_noteUpdatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The timestamp of when the note was updated.
awsSecurityFindingFilters_title :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
A finding's title.
awsSecurityFindingFilters_region :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The Region from which the finding was generated.
awsSecurityFindingFilters_threatIntelIndicatorSource :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The source of the threat intelligence.
awsSecurityFindingFilters_type :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
A finding type in the format of namespace/category/classifier
that
classifies a finding.
awsSecurityFindingFilters_networkSourceIpV4 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #
The source IPv4 address of network-related information about a finding.
awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The IAM profile ARN of the instance.
awsSecurityFindingFilters_updatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
awsSecurityFindingFilters_processTerminatedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
The date/time that the process was terminated.
awsSecurityFindingFilters_networkDestinationIpV6 :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #
The destination IPv6 address of network-related information about a finding.
awsSecurityFindingFilters_threatIntelIndicatorSourceUrl :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The URL for more details from the source of the threat intelligence.
awsSecurityFindingFilters_networkDirection :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
Indicates the direction of network traffic associated with a finding.
awsSecurityFindingFilters_description :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
A finding's description.
awsSecurityFindingFilters_verificationState :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The veracity of a finding.
awsSecurityFindingFilters_sourceUrl :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
A URL that links to a page about the current finding in the security-findings provider's solution.
awsSecurityFindingFilters_processPath :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The path to the process executable.
awsSecurityFindingFilters_processPid :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The process ID.
awsSecurityFindingFilters_generatorId :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
awsSecurityFindingFilters_productArn :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
awsSecurityFindingFilters_lastObservedAt :: Lens' AwsSecurityFindingFilters (Maybe [DateFilter]) Source #
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
awsSecurityFindingFilters_findingProviderFieldsConfidence :: Lens' AwsSecurityFindingFilters (Maybe [NumberFilter]) Source #
The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
awsSecurityFindingFilters_userDefinedFields :: Lens' AwsSecurityFindingFilters (Maybe [MapFilter]) Source #
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses :: Lens' AwsSecurityFindingFilters (Maybe [IpFilter]) Source #
The IPv4 addresses associated with the instance.
awsSecurityFindingFilters_malwareType :: Lens' AwsSecurityFindingFilters (Maybe [StringFilter]) Source #
The type of the malware that was observed.
awsSecurityFindingFilters_keyword :: Lens' AwsSecurityFindingFilters (Maybe [KeywordFilter]) Source #
A keyword for a finding.