AWS::SecurityHub::AutomationRule AutomationRulesFindingFieldsUpdate - AWS CloudFormation
SyntaxProperties

AWS::SecurityHub::AutomationRule AutomationRulesFindingFieldsUpdate

Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Confidence" : Integer,
  "Criticality" : Integer,
  "Note" : NoteUpdate,
  "RelatedFindings" : [ RelatedFinding, ... ],
  "Severity" : SeverityUpdate,
  "Types" : [ String, ... ],
  "UserDefinedFields" : {Key: Value, ...},
  "VerificationState" : String,
  "Workflow" : WorkflowUpdate
}

Properties

Confidence

The rule action updates the Confidence field of a finding.

Required: No

Type: Integer

Minimum: 0

Maximum: 100

Update requires: No interruption

Criticality

The rule action updates the Criticality field of a finding.

Required: No

Type: Integer

Minimum: 0

Maximum: 100

Update requires: No interruption

Note

The rule action will update the Note field of a finding.

Required: No

Type: NoteUpdate

Update requires: No interruption

RelatedFindings

The rule action will update the RelatedFindings field of a finding.

Required: No

Type: Array of RelatedFinding

Minimum: 1

Maximum: 10

Update requires: No interruption

Severity

The rule action will update the Severity field of a finding.

Required: No

Type: SeverityUpdate

Update requires: No interruption

Types

The rule action updates the Types field of a finding.

Required: No

Type: Array of String

Maximum: 50

Update requires: No interruption

UserDefinedFields

The rule action updates the UserDefinedFields field of a finding.

Required: No

Type: Object of String

Pattern: ^[-_+=.:/@\w\s]{1,128}$

Minimum: 0

Maximum: 1024

Update requires: No interruption

VerificationState

The rule action updates the VerificationState field of a finding.

Required: No

Type: String

Allowed values: UNKNOWN | TRUE_POSITIVE | FALSE_POSITIVE | BENIGN_POSITIVE

Update requires: No interruption

Workflow

The rule action will update the Workflow field of a finding.

Required: No

Type: WorkflowUpdate

Update requires: No interruption