aws-cdk-lib.aws_securityhub.CfnAutomationRuleProps

interface CfnAutomationRuleProps

LanguageType name
.NETAmazon.CDK.AWS.SecurityHub.CfnAutomationRuleProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssecurityhub#CfnAutomationRuleProps
Javasoftware.amazon.awscdk.services.securityhub.CfnAutomationRuleProps
Pythonaws_cdk.aws_securityhub.CfnAutomationRuleProps
TypeScript aws-cdk-lib » aws_securityhub » CfnAutomationRuleProps

Properties for defining a CfnAutomationRule.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_securityhub as securityhub } from 'aws-cdk-lib';

declare const id: any;
declare const updatedBy: any;
const cfnAutomationRuleProps: securityhub.CfnAutomationRuleProps = {
  actions: [{
    findingFieldsUpdate: {
      confidence: 123,
      criticality: 123,
      note: {
        text: 'text',
        updatedBy: updatedBy,
      },
      relatedFindings: [{
        id: id,
        productArn: 'productArn',
      }],
      severity: {
        label: 'label',
        normalized: 123,
        product: 123,
      },
      types: ['types'],
      userDefinedFields: {
        userDefinedFieldsKey: 'userDefinedFields',
      },
      verificationState: 'verificationState',
      workflow: {
        status: 'status',
      },
    },
    type: 'type',
  }],
  criteria: {
    awsAccountId: [{
      comparison: 'comparison',
      value: 'value',
    }],
    companyName: [{
      comparison: 'comparison',
      value: 'value',
    }],
    complianceAssociatedStandardsId: [{
      comparison: 'comparison',
      value: 'value',
    }],
    complianceSecurityControlId: [{
      comparison: 'comparison',
      value: 'value',
    }],
    complianceStatus: [{
      comparison: 'comparison',
      value: 'value',
    }],
    confidence: [{
      eq: 123,
      gte: 123,
      lte: 123,
    }],
    createdAt: [{
      dateRange: {
        unit: 'unit',
        value: 123,
      },
      end: 'end',
      start: 'start',
    }],
    criticality: [{
      eq: 123,
      gte: 123,
      lte: 123,
    }],
    description: [{
      comparison: 'comparison',
      value: 'value',
    }],
    firstObservedAt: [{
      dateRange: {
        unit: 'unit',
        value: 123,
      },
      end: 'end',
      start: 'start',
    }],
    generatorId: [{
      comparison: 'comparison',
      value: 'value',
    }],
    id: [{
      comparison: 'comparison',
      value: 'value',
    }],
    lastObservedAt: [{
      dateRange: {
        unit: 'unit',
        value: 123,
      },
      end: 'end',
      start: 'start',
    }],
    noteText: [{
      comparison: 'comparison',
      value: 'value',
    }],
    noteUpdatedAt: [{
      dateRange: {
        unit: 'unit',
        value: 123,
      },
      end: 'end',
      start: 'start',
    }],
    noteUpdatedBy: [{
      comparison: 'comparison',
      value: 'value',
    }],
    productArn: [{
      comparison: 'comparison',
      value: 'value',
    }],
    productName: [{
      comparison: 'comparison',
      value: 'value',
    }],
    recordState: [{
      comparison: 'comparison',
      value: 'value',
    }],
    relatedFindingsId: [{
      comparison: 'comparison',
      value: 'value',
    }],
    relatedFindingsProductArn: [{
      comparison: 'comparison',
      value: 'value',
    }],
    resourceDetailsOther: [{
      comparison: 'comparison',
      key: 'key',
      value: 'value',
    }],
    resourceId: [{
      comparison: 'comparison',
      value: 'value',
    }],
    resourcePartition: [{
      comparison: 'comparison',
      value: 'value',
    }],
    resourceRegion: [{
      comparison: 'comparison',
      value: 'value',
    }],
    resourceTags: [{
      comparison: 'comparison',
      key: 'key',
      value: 'value',
    }],
    resourceType: [{
      comparison: 'comparison',
      value: 'value',
    }],
    severityLabel: [{
      comparison: 'comparison',
      value: 'value',
    }],
    sourceUrl: [{
      comparison: 'comparison',
      value: 'value',
    }],
    title: [{
      comparison: 'comparison',
      value: 'value',
    }],
    type: [{
      comparison: 'comparison',
      value: 'value',
    }],
    updatedAt: [{
      dateRange: {
        unit: 'unit',
        value: 123,
      },
      end: 'end',
      start: 'start',
    }],
    userDefinedFields: [{
      comparison: 'comparison',
      key: 'key',
      value: 'value',
    }],
    verificationState: [{
      comparison: 'comparison',
      value: 'value',
    }],
    workflowStatus: [{
      comparison: 'comparison',
      value: 'value',
    }],
  },
  description: 'description',
  isTerminal: false,
  ruleName: 'ruleName',
  ruleOrder: 123,
  ruleStatus: 'ruleStatus',
  tags: {
    tagsKey: 'tags',
  },
};

Properties

NameTypeDescription
actions?IResolvable | IResolvable | AutomationRulesActionProperty[]One or more actions to update finding fields if a finding matches the defined criteria of the rule.
criteria?IResolvable | AutomationRulesFindingFiltersPropertyA set of AWS Security Finding Format finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.
description?stringA description of the rule.
isTerminal?boolean | IResolvableSpecifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.
ruleName?stringThe name of the rule.
ruleOrder?numberAn integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.
ruleStatus?stringWhether the rule is active after it is created.
tags?{ [string]: string }User-defined tags that help you label the purpose of a rule.

actions?

Type: IResolvable | IResolvable | AutomationRulesActionProperty[] (optional)

One or more actions to update finding fields if a finding matches the defined criteria of the rule.


criteria?

Type: IResolvable | AutomationRulesFindingFiltersProperty (optional)

A set of AWS Security Finding Format finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.


description?

Type: string (optional)

A description of the rule.


isTerminal?

Type: boolean | IResolvable (optional)

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.

This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this field is set to true for a rule, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. The default value of this field is false .


ruleName?

Type: string (optional)

The name of the rule.


ruleOrder?

Type: number (optional)

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.

Security Hub applies rules with lower values for this parameter first.


ruleStatus?

Type: string (optional)

Whether the rule is active after it is created.

If this parameter is equal to ENABLED , Security Hub applies the rule to findings and finding updates after the rule is created.


tags?

Type: { [string]: string } (optional)

User-defined tags that help you label the purpose of a rule.