Class: Aws::GuardDuty::Types::CreateFilterRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::GuardDuty::Types::CreateFilterRequest
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-guardduty/types.rb
Overview
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#action ⇒ String
Specifies the action that is to be applied to the findings that match the filter.
-
#client_token ⇒ String
The idempotency token for the create request.
-
#description ⇒ String
The description of the filter.
-
#detector_id ⇒ String
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
-
#finding_criteria ⇒ Types::FindingCriteria
Represents the criteria to be used in the filter for querying findings.
-
#name ⇒ String
The name of the filter.
-
#rank ⇒ Integer
Specifies the position of the filter in the list of current filters.
-
#tags ⇒ Hash<String,String>
The tags to be added to a new filter resource.
Instance Attribute Details
#action ⇒ String
Specifies the action that is to be applied to the findings that match the filter.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#client_token ⇒ String
The idempotency token for the create request.
**A suitable default value is auto-generated.** You should normally not need to pass this option.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#description ⇒ String
The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (‘{ }`, `[ ]`, and `( )`), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#detector_id ⇒ String
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#finding_criteria ⇒ Types::FindingCriteria
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
-
accountId
-
id
-
region
-
severity
To filter on the basis of severity, the API and CLI use the following input list for the [FindingCriteria] condition:
-
Low: ‘[“1”, “2”, “3”]`
-
Medium: ‘[“4”, “5”, “6”]`
-
High: ‘[“7”, “8”, “9”]`
For more information, see [Severity levels for GuardDuty findings].
-
-
type
-
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
-
resource.accessKeyDetails.accessKeyId
-
resource.accessKeyDetails.principalId
-
resource.accessKeyDetails.userName
-
resource.accessKeyDetails.userType
-
resource.instanceDetails.iamInstanceProfile.id
-
resource.instanceDetails.imageId
-
resource.instanceDetails.instanceId
-
resource.instanceDetails.tags.key
-
resource.instanceDetails.tags.value
-
resource.instanceDetails.networkInterfaces.ipv6Addresses
-
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
-
resource.instanceDetails.networkInterfaces.publicDnsName
-
resource.instanceDetails.networkInterfaces.publicIp
-
resource.instanceDetails.networkInterfaces.securityGroups.groupId
-
resource.instanceDetails.networkInterfaces.securityGroups.groupName
-
resource.instanceDetails.networkInterfaces.subnetId
-
resource.instanceDetails.networkInterfaces.vpcId
-
resource.instanceDetails.outpostArn
-
resource.resourceType
-
resource.s3BucketDetails.publicAccess.effectivePermissions
-
resource.s3BucketDetails.name
-
resource.s3BucketDetails.tags.key
-
resource.s3BucketDetails.tags.value
-
resource.s3BucketDetails.type
-
service.action.actionType
-
service.action.awsApiCallAction.api
-
service.action.awsApiCallAction.callerType
-
service.action.awsApiCallAction.errorCode
-
service.action.awsApiCallAction.remoteIpDetails.city.cityName
-
service.action.awsApiCallAction.remoteIpDetails.country.countryName
-
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
-
service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
-
service.action.awsApiCallAction.remoteIpDetails.organization.asn
-
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
-
service.action.awsApiCallAction.serviceName
-
service.action.dnsRequestAction.domain
-
service.action.dnsRequestAction.domainWithSuffix
-
service.action.networkConnectionAction.blocked
-
service.action.networkConnectionAction.connectionDirection
-
service.action.networkConnectionAction.localPortDetails.port
-
service.action.networkConnectionAction.protocol
-
service.action.networkConnectionAction.remoteIpDetails.city.cityName
-
service.action.networkConnectionAction.remoteIpDetails.country.countryName
-
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
-
service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
-
service.action.networkConnectionAction.remoteIpDetails.organization.asn
-
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
-
service.action.networkConnectionAction.remotePortDetails.port
-
service.action.awsApiCallAction.remoteAccountDetails.affiliated
-
service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
-
service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
-
service.action.kubernetesApiCallAction.namespace
-
service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
-
service.action.kubernetesApiCallAction.requestUri
-
service.action.kubernetesApiCallAction.statusCode
-
service.action.networkConnectionAction.localIpDetails.ipAddressV4
-
service.action.networkConnectionAction.localIpDetails.ipAddressV6
-
service.action.networkConnectionAction.protocol
-
service.action.awsApiCallAction.serviceName
-
service.action.awsApiCallAction.remoteAccountDetails.accountId
-
service.additionalInfo.threatListName
-
service.resourceRole
-
resource.eksClusterDetails.name
-
resource.kubernetesDetails.kubernetesWorkloadDetails.name
-
resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
-
resource.kubernetesDetails.kubernetesUserDetails.username
-
resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
-
resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
-
service.ebsVolumeScanDetails.scanId
-
service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
-
service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
-
service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
-
resource.ecsClusterDetails.name
-
resource.ecsClusterDetails.taskDetails.containers.image
-
resource.ecsClusterDetails.taskDetails.definitionArn
-
resource.containerDetails.image
-
resource.rdsDbInstanceDetails.dbInstanceIdentifier
-
resource.rdsDbInstanceDetails.dbClusterIdentifier
-
resource.rdsDbInstanceDetails.engine
-
resource.rdsDbUserDetails.user
-
resource.rdsDbInstanceDetails.tags.key
-
resource.rdsDbInstanceDetails.tags.value
-
service.runtimeDetails.process.executableSha256
-
service.runtimeDetails.process.name
-
service.runtimeDetails.process.name
-
resource.lambdaDetails.functionName
-
resource.lambdaDetails.functionArn
-
resource.lambdaDetails.tags.key
-
resource.lambdaDetails.tags.value
[1]: docs.aws.amazon.com/guardduty/latest/APIReference/API_FindingCriteria.html [2]: docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#name ⇒ String
The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#rank ⇒ Integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |
#tags ⇒ Hash<String,String>
The tags to be added to a new filter resource.
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
# File 'lib/aws-sdk-guardduty/types.rb', line 1444 class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end |