AutomationRulesConfig - AWS Security Hub

AutomationRulesConfig

Defines the configuration of an automation rule.

Contents

Actions

One or more actions to update finding fields if a finding matches the defined criteria of the rule.

Type: Array of AutomationRulesAction objects

Array Members: Fixed number of 1 item.

Required: No

CreatedAt

A timestamp that indicates when the rule was created.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: Timestamp

Required: No

CreatedBy

The principal that created a rule.

Type: String

Pattern: .*\S.*

Required: No

Criteria

A set of AWS Security Finding Format finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.

Type: AutomationRulesFindingFilters object

Required: No

Description

A description of the rule.

Type: String

Pattern: .*\S.*

Required: No

IsTerminal

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

Type: Boolean

Required: No

RuleArn

The Amazon Resource Name (ARN) of a rule.

Type: String

Pattern: .*\S.*

Required: No

RuleName

The name of the rule.

Type: String

Pattern: .*\S.*

Required: No

RuleOrder

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 1000.

Required: No

RuleStatus

Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created.

Type: String

Valid Values: ENABLED | DISABLED

Required: No

UpdatedAt

A timestamp that indicates when the rule was most recently updated.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: Timestamp

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: