Class: Aws::GuardDuty::Types::CreateFilterRequest

Inherits:

Struct

• Object
• Struct
• Aws::GuardDuty::Types::CreateFilterRequest

Includes:

Structure

Defined in:

lib/aws-sdk-guardduty/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #action ⇒ String

  Specifies the action that is to be applied to the findings that match the filter.

• #client_token ⇒ String

  The idempotency token for the create request.

• #description ⇒ String

  The description of the filter.

• #detector_id ⇒ String

  The detector ID associated with the GuardDuty account for which you want to create a filter.

• #finding_criteria ⇒ Types::FindingCriteria

  Represents the criteria to be used in the filter for querying findings.

• #name ⇒ String

  The name of the filter.

• #rank ⇒ Integer

  Specifies the position of the filter in the list of current filters.

• #tags ⇒ Hash<String,String>

  The tags to be added to a new filter resource.

Instance Attribute Details

#action ⇒ String

Specifies the action that is to be applied to the findings that match the filter.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#client_token ⇒ String

The idempotency token for the create request.

**A suitable default value is auto-generated.** You should normally not need to pass this option.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#description ⇒ String

The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (‘{ }`, `[ ]`, and `( )`), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#detector_id ⇒ String

The detector ID associated with the GuardDuty account for which you want to create a filter.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors] API.

[1]: docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#finding_criteria ⇒ Types::FindingCriteria

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

• accountId

• id

• region

• severity

  To filter on the basis of severity, the API and CLI use the following input list for the [FindingCriteria] condition:

  • Low: ‘[“1”, “2”, “3”]`

  • Medium: ‘[“4”, “5”, “6”]`

  • High: ‘[“7”, “8”]`

  • Critical: ‘[“9”, “10”]`

  For more information, see [Findings severity levels] in the *Amazon GuardDuty User Guide*.

• type

• updatedAt

  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

• resource.accessKeyDetails.accessKeyId

• resource.accessKeyDetails.principalId

• resource.accessKeyDetails.userName

• resource.accessKeyDetails.userType

• resource.instanceDetails.iamInstanceProfile.id

• resource.instanceDetails.imageId

• resource.instanceDetails.instanceId

• resource.instanceDetails.tags.key

• resource.instanceDetails.tags.value

• resource.instanceDetails.networkInterfaces.ipv6Addresses

• resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

• resource.instanceDetails.networkInterfaces.publicDnsName

• resource.instanceDetails.networkInterfaces.publicIp

• resource.instanceDetails.networkInterfaces.securityGroups.groupId

• resource.instanceDetails.networkInterfaces.securityGroups.groupName

• resource.instanceDetails.networkInterfaces.subnetId

• resource.instanceDetails.networkInterfaces.vpcId

• resource.instanceDetails.outpostArn

• resource.resourceType

• resource.s3BucketDetails.publicAccess.effectivePermissions

• resource.s3BucketDetails.name

• resource.s3BucketDetails.tags.key

• resource.s3BucketDetails.tags.value

• resource.s3BucketDetails.type

• service.action.actionType

• service.action.awsApiCallAction.api

• service.action.awsApiCallAction.callerType

• service.action.awsApiCallAction.errorCode

• service.action.awsApiCallAction.remoteIpDetails.city.cityName

• service.action.awsApiCallAction.remoteIpDetails.country.countryName

• service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

• service.action.awsApiCallAction.remoteIpDetails.ipAddressV6

• service.action.awsApiCallAction.remoteIpDetails.organization.asn

• service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

• service.action.awsApiCallAction.serviceName

• service.action.dnsRequestAction.domain

• service.action.dnsRequestAction.domainWithSuffix

• service.action.dnsRequestAction.vpcOwnerAccountId

• service.action.networkConnectionAction.blocked

• service.action.networkConnectionAction.connectionDirection

• service.action.networkConnectionAction.localPortDetails.port

• service.action.networkConnectionAction.protocol

• service.action.networkConnectionAction.remoteIpDetails.city.cityName

• service.action.networkConnectionAction.remoteIpDetails.country.countryName

• service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

• service.action.networkConnectionAction.remoteIpDetails.ipAddressV6

• service.action.networkConnectionAction.remoteIpDetails.organization.asn

• service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

• service.action.networkConnectionAction.remotePortDetails.port

• service.action.awsApiCallAction.remoteAccountDetails.affiliated

• service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

• service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6

• service.action.kubernetesApiCallAction.namespace

• service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn

• service.action.kubernetesApiCallAction.requestUri

• service.action.kubernetesApiCallAction.statusCode

• service.action.networkConnectionAction.localIpDetails.ipAddressV4

• service.action.networkConnectionAction.localIpDetails.ipAddressV6

• service.action.networkConnectionAction.protocol

• service.action.awsApiCallAction.serviceName

• service.action.awsApiCallAction.remoteAccountDetails.accountId

• service.additionalInfo.threatListName

• service.resourceRole

• resource.eksClusterDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

• resource.kubernetesDetails.kubernetesUserDetails.username

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

• service.ebsVolumeScanDetails.scanId

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

• resource.ecsClusterDetails.name

• resource.ecsClusterDetails.taskDetails.containers.image

• resource.ecsClusterDetails.taskDetails.definitionArn

• resource.containerDetails.image

• resource.rdsDbInstanceDetails.dbInstanceIdentifier

• resource.rdsDbInstanceDetails.dbClusterIdentifier

• resource.rdsDbInstanceDetails.engine

• resource.rdsDbUserDetails.user

• resource.rdsDbInstanceDetails.tags.key

• resource.rdsDbInstanceDetails.tags.value

• service.runtimeDetails.process.executableSha256

• service.runtimeDetails.process.name

• service.runtimeDetails.process.executablePath

• resource.lambdaDetails.functionName

• resource.lambdaDetails.functionArn

• resource.lambdaDetails.tags.key

• resource.lambdaDetails.tags.value

[1]: docs.aws.amazon.com/guardduty/latest/APIReference/API_FindingCriteria.html [2]: docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings-severity.html

Returns:

• (Types::FindingCriteria)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#name ⇒ String

The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#rank ⇒ Integer

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Returns:

• (Integer)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#tags ⇒ Hash<String,String>

The tags to be added to a new filter resource.

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-guardduty/types.rb', line 1738

class CreateFilterRequest < Struct.new(
  :detector_id,
  :name,
  :description,
  :action,
  :rank,
  :finding_criteria,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end