Class: Aws::SecurityHub::Types::FindingProviderFields

Inherits:
Struct
  • Object
show all
Includes:
Aws::Structure
Defined in:
lib/aws-sdk-securityhub/types.rb

Overview

In a [ BatchImportFindings ][1] request, finding providers use FindingProviderFields to provide and update values for the following fields:

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

The preceding fields are nested under the FindingProviderFields object, but also have analogues of the same name as top-level ASFF fields. When a new finding is sent to Security Hub by a finding provider, Security Hub populates the FindingProviderFields object automatically, if it is empty, based on the corresponding top-level fields.

Finding providers can update FindingProviderFields only by using the BatchImportFindings operation. Finding providers can’t update this object with the [ BatchUpdateFindings ][2] operation. Customers can update the top-level fields by using the BatchUpdateFindings operation. Customers can’t update FindingProviderFields.

For information about how Security Hub handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see [Using FindingProviderFields ][3] in the *Security Hub User Guide*.

[1]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html [2]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html [3]: docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchimportfindings.html#batchimportfindings-findingproviderfields

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#confidenceInteger

A finding’s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

  • (Integer) 


24940
24941
24942
24943
24944
24945
24946
24947
24948
 
# File 'lib/aws-sdk-securityhub/types.rb', line 24940

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#criticalityInteger

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Integer) 


24940
24941
24942
24943
24944
24945
24946
24947
24948
 
# File 'lib/aws-sdk-securityhub/types.rb', line 24940

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#related_findingsArray<Types::RelatedFinding>

A list of findings that are related to the current finding.

Returns:



24940
24941
24942
24943
24944
24945
24946
24947
24948
 
# File 'lib/aws-sdk-securityhub/types.rb', line 24940

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#severityTypes::FindingProviderSeverity

The severity of a finding.

Returns:



24940
24941
24942
24943
24944
24945
24946
24947
24948
 
# File 'lib/aws-sdk-securityhub/types.rb', line 24940

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#typesArray<String>

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Returns:

  • (Array<String>) 


24940
24941
24942
24943
24944
24945
24946
24947
24948
 
# File 'lib/aws-sdk-securityhub/types.rb', line 24940

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end