CfnAutomationRuleProps
- class aws_cdk.aws_securityhub.CfnAutomationRuleProps(*, actions, criteria, description, rule_name, rule_order, is_terminal=None, rule_status=None, tags=None)
Bases:
objectProperties for defining a
CfnAutomationRule.- Parameters:
actions (
Union[IResolvable,Sequence[Union[IResolvable,AutomationRulesActionProperty,Dict[str,Any]]]]) – One or more actions to update finding fields if a finding matches the conditions specified inCriteria.criteria (
Union[IResolvable,AutomationRulesFindingFiltersProperty,Dict[str,Any]]) – A set of AWS Security Finding Format (ASFF) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.description (
str) – A description of the rule.rule_name (
str) – The name of the rule.rule_order (
Union[int,float]) – An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.is_terminal (
Union[bool,IResolvable,None]) – Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.rule_status (
Optional[str]) – Whether the rule is active after it is created. If this parameter is equal toENABLED, Security Hub applies the rule to findings and finding updates after the rule is created.tags (
Optional[Mapping[str,str]]) – User-defined tags associated with an automation rule.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub # id: Any # updated_by: Any cfn_automation_rule_props = securityhub.CfnAutomationRuleProps( actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty( finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty( confidence=123, criticality=123, note=securityhub.CfnAutomationRule.NoteUpdateProperty( text="text", updated_by=updated_by ), related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty( id=id, product_arn="productArn" )], severity=securityhub.CfnAutomationRule.SeverityUpdateProperty( label="label", normalized=123, product=123 ), types=["types"], user_defined_fields={ "user_defined_fields_key": "userDefinedFields" }, verification_state="verificationState", workflow=securityhub.CfnAutomationRule.WorkflowUpdateProperty( status="status" ) ), type="type" )], criteria=securityhub.CfnAutomationRule.AutomationRulesFindingFiltersProperty( aws_account_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], company_name=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_associated_standards_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_status=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], confidence=[securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )], created_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], criticality=[securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )], description=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], first_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], generator_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], last_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_text=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], note_updated_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_updated_by=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], product_arn=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], product_name=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], record_state=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], related_findings_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], related_findings_product_arn=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_details_other=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_partition=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_region=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_tags=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_type=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], severity_label=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], source_url=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], title=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], type=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], updated_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], user_defined_fields=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], verification_state=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], workflow_status=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )] ), description="description", rule_name="ruleName", rule_order=123, # the properties below are optional is_terminal=False, rule_status="ruleStatus", tags={ "tags_key": "tags" } )
Attributes
- actions
One or more actions to update finding fields if a finding matches the conditions specified in
Criteria.
- criteria
//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html>`_ finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
- See:
- Type:
A set of `AWS Security Finding Format (ASFF) <https
- description
A description of the rule.
- is_terminal
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.
This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.
- rule_name
The name of the rule.
- rule_order
An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.
Security Hub applies rules with lower values for this parameter first.
- rule_status
Whether the rule is active after it is created.
If this parameter is equal to
ENABLED, Security Hub applies the rule to findings and finding updates after the rule is created.
- tags
User-defined tags associated with an automation rule.