Class: Aws::SecurityHub::Types::FindingProviderFields

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb

Overview

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update values for the following fields:

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

The preceding fields are nested under the FindingProviderFields object, but also have analogues of the same name as top-level ASFF fields. When a new finding is sent to Security Hub by a finding provider, Security Hub populates the FindingProviderFields object automatically, if it is empty, based on the corresponding top-level fields.

Finding providers can update FindingProviderFields only by using the BatchImportFindings operation. Finding providers can't update this object with the BatchUpdateFindings operation. Customers can update the top-level fields by using the BatchUpdateFindings operation. Customers can't update FindingProviderFields.

For information about how Security Hub handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see Using FindingProviderFields in the Security Hub User Guide.

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#confidenceInteger

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

  • (Integer) 


25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#criticalityInteger

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Integer) 


25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#related_findingsArray<Types::RelatedFinding>

A list of findings that are related to the current finding.

Returns:



25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#severityTypes::FindingProviderSeverity

The severity of a finding.

Returns:



25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#typesArray<String>

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Returns:

  • (Array<String>) 


25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end