AutomationRulesConfig
Defines the configuration of an automation rule.
Contents
- Actions
-
One or more actions to update finding fields if a finding matches the defined criteria of the rule.
Type: Array of AutomationRulesAction objects
Array Members: Fixed number of 1 item.
Required: No
- CreatedAt
-
A timestamp that indicates when the rule was created.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: Timestamp
Required: No
-
- CreatedBy
-
The principal that created a rule.
Type: String
Pattern:
.*\S.*
Required: No
- Criteria
-
A set of AWS Security Finding Format finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.
Type: AutomationRulesFindingFilters object
Required: No
- Description
-
A description of the rule.
Type: String
Pattern:
.*\S.*
Required: No
- IsTerminal
-
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
Type: Boolean
Required: No
- RuleArn
-
The Amazon Resource Name (ARN) of a rule.
Type: String
Pattern:
.*\S.*
Required: No
- RuleName
-
The name of the rule.
Type: String
Pattern:
.*\S.*
Required: No
- RuleOrder
-
An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 1000.
Required: No
- RuleStatus
-
Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, Security Hub starts applying the rule to findings and finding updates after the rule is created.Type: String
Valid Values:
ENABLED | DISABLED
Required: No
- UpdatedAt
-
A timestamp that indicates when the rule was most recently updated.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: Timestamp
Required: No
-
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: