aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * The `AWS::SecurityHub::AutomationRule` resource specifies an automation rule based on input parameters. * * For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* . * * @cloudformationResource AWS::SecurityHub::AutomationRule * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html */ export declare class CfnAutomationRule extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAutomationRule from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAutomationRule; /** * A timestamp that indicates when the rule was created. * * Uses the `date-time` format specified in [RFC 3339 section 5.6, Internet Date/Time Format](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc3339#section-5.6) . The value cannot contain spaces. For example, `2020-03-22T13:22:13.933Z` . * * @cloudformationAttribute CreatedAt */ readonly attrCreatedAt: string; /** * The principal that created the rule. For example, `arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe` . * * @cloudformationAttribute CreatedBy */ readonly attrCreatedBy: string; /** * The Amazon Resource Name (ARN) of the automation rule that you create. For example, `arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111` . * * @cloudformationAttribute RuleArn */ readonly attrRuleArn: string; /** * A timestamp that indicates when the rule was most recently updated. * * Uses the `date-time` format specified in [RFC 3339 section 5.6, Internet Date/Time Format](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc3339#section-5.6) . The value cannot contain spaces. For example, `2020-03-22T13:22:13.933Z` . * * @cloudformationAttribute UpdatedAt */ readonly attrUpdatedAt: string; /** * One or more actions to update finding fields if a finding matches the conditions specified in `Criteria` . */ actions?: Array<CfnAutomationRule.AutomationRulesActionProperty | cdk.IResolvable> | cdk.IResolvable; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * A set of [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding. */ criteria?: CfnAutomationRule.AutomationRulesFindingFiltersProperty | cdk.IResolvable; /** * A description of the rule. */ description?: string; /** * Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. */ isTerminal?: boolean | cdk.IResolvable; /** * The name of the rule. */ ruleName?: string; /** * An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. */ ruleOrder?: number; /** * Whether the rule is active after it is created. */ ruleStatus?: string; /** * User-defined tags associated with an automation rule. */ tags?: Record<string, string>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnAutomationRuleProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAutomationRule { /** * One or more actions to update finding fields if a finding matches the defined criteria of the rule. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesaction.html */ interface AutomationRulesActionProperty { /** * Specifies that the automation rule action is an update to a finding field. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesaction.html#cfn-securityhub-automationrule-automationrulesaction-findingfieldsupdate */ readonly findingFieldsUpdate: CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty | cdk.IResolvable; /** * Specifies that the rule action should update the `Types` finding field. * * The `Types` finding field classifies findings in the format of namespace/category/classifier. For more information, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *AWS Security Hub User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesaction.html#cfn-securityhub-automationrule-automationrulesaction-type */ readonly type: string; } /** * Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html */ interface AutomationRulesFindingFieldsUpdateProperty { /** * The rule action updates the `Confidence` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-confidence */ readonly confidence?: number; /** * The rule action updates the `Criticality` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-criticality */ readonly criticality?: number; /** * The rule action will update the `Note` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-note */ readonly note?: cdk.IResolvable | CfnAutomationRule.NoteUpdateProperty; /** * The rule action will update the `RelatedFindings` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-relatedfindings */ readonly relatedFindings?: Array<cdk.IResolvable | CfnAutomationRule.RelatedFindingProperty> | cdk.IResolvable; /** * The rule action will update the `Severity` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-severity */ readonly severity?: cdk.IResolvable | CfnAutomationRule.SeverityUpdateProperty; /** * The rule action updates the `Types` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-types */ readonly types?: Array<string>; /** * The rule action updates the `UserDefinedFields` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-userdefinedfields */ readonly userDefinedFields?: cdk.IResolvable | Record<string, string>; /** * The rule action updates the `VerificationState` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-verificationstate */ readonly verificationState?: string; /** * The rule action will update the `Workflow` field of a finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-workflow */ readonly workflow?: cdk.IResolvable | CfnAutomationRule.WorkflowUpdateProperty; } /** * The updated note. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-noteupdate.html */ interface NoteUpdateProperty { /** * The updated note text. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-noteupdate.html#cfn-securityhub-automationrule-noteupdate-text */ readonly text: string; /** * The principal that updated the note. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-noteupdate.html#cfn-securityhub-automationrule-noteupdate-updatedby */ readonly updatedBy: any | cdk.IResolvable; } /** * Provides details about a list of findings that the current finding relates to. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-relatedfinding.html */ interface RelatedFindingProperty { /** * The product-generated identifier for a related finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-relatedfinding.html#cfn-securityhub-automationrule-relatedfinding-id */ readonly id: any | cdk.IResolvable; /** * The Amazon Resource Name (ARN) for the product that generated a related finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-relatedfinding.html#cfn-securityhub-automationrule-relatedfinding-productarn */ readonly productArn: string; } /** * Used to update information about the investigation into the finding. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-workflowupdate.html */ interface WorkflowUpdateProperty { /** * The status of the investigation into the finding. * * The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the same issue. * * The allowed values are the following. * * - `NEW` - The initial state of a finding, before it is reviewed. * * Security Hub also resets `WorkFlowStatus` from `NOTIFIED` or `RESOLVED` to `NEW` in the following cases: * * - The record state changes from `ARCHIVED` to `ACTIVE` . * - The compliance status changes from `PASSED` to either `WARNING` , `FAILED` , or `NOT_AVAILABLE` . * - `NOTIFIED` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. * - `RESOLVED` - The finding was reviewed and remediated and is now considered resolved. * - `SUPPRESSED` - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-workflowupdate.html#cfn-securityhub-automationrule-workflowupdate-status */ readonly status: string; } /** * Updates to the severity information for a finding. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-severityupdate.html */ interface SeverityUpdateProperty { /** * The severity value of the finding. The allowed values are the following. * * - `INFORMATIONAL` - No issue was found. * - `LOW` - The issue does not require action on its own. * - `MEDIUM` - The issue must be addressed but not urgently. * - `HIGH` - The issue must be addressed as a priority. * - `CRITICAL` - The issue must be remediated immediately to avoid it escalating. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-severityupdate.html#cfn-securityhub-automationrule-severityupdate-label */ readonly label?: string; /** * The normalized severity for the finding. This attribute is to be deprecated in favor of `Label` . * * If you provide `Normalized` and do not provide `Label` , `Label` is set automatically as follows. * * - 0 - `INFORMATIONAL` * - 1–39 - `LOW` * - 40–69 - `MEDIUM` * - 70–89 - `HIGH` * - 90–100 - `CRITICAL` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-severityupdate.html#cfn-securityhub-automationrule-severityupdate-normalized */ readonly normalized?: number; /** * The native severity as defined by the AWS service or integrated partner product that generated the finding. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-severityupdate.html#cfn-securityhub-automationrule-severityupdate-product */ readonly product?: number; } /** * The criteria that determine which findings a rule applies to. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html */ interface AutomationRulesFindingFiltersProperty { /** * The AWS account ID in which a finding was generated. * * Array Members: Minimum number of 1 item. Maximum number of 100 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-awsaccountid */ readonly awsAccountId?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The name of the company for the product that generated the finding. * * For control-based findings, the company is AWS . * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-companyname */ readonly companyName?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The unique identifier of a standard in which a control is enabled. * * This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API response. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-complianceassociatedstandardsid */ readonly complianceAssociatedStandardsId?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The security control ID for which a finding was generated. Security control IDs are the same across standards. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-compliancesecuritycontrolid */ readonly complianceSecurityControlId?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The result of a security check. This field is only used for findings generated from controls. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-compliancestatus */ readonly complianceStatus?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. * * `Confidence` is scored on a 0–100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *AWS Security Hub User Guide* . * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-confidence */ readonly confidence?: Array<cdk.IResolvable | CfnAutomationRule.NumberFilterProperty> | cdk.IResolvable; /** * A timestamp that indicates when this finding record was created. * * This field accepts only the specified formats. Timestamps can end with `Z` or `("+" / "-") time-hour [":" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: * * - `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` ) * - `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` ) * - `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` ) * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-createdat */ readonly createdAt?: Array<CfnAutomationRule.DateFilterProperty | cdk.IResolvable> | cdk.IResolvable; /** * The level of importance that is assigned to the resources that are associated with a finding. * * `Criticality` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of `0` means that the underlying resources have no criticality, and a score of `100` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *AWS Security Hub User Guide* . * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-criticality */ readonly criticality?: Array<cdk.IResolvable | CfnAutomationRule.NumberFilterProperty> | cdk.IResolvable; /** * A finding's description. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-description */ readonly description?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. * * This field accepts only the specified formats. Timestamps can end with `Z` or `("+" / "-") time-hour [":" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: * * - `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` ) * - `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` ) * - `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` ) * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-firstobservedat */ readonly firstObservedAt?: Array<CfnAutomationRule.DateFilterProperty | cdk.IResolvable> | cdk.IResolvable; /** * The identifier for the solution-specific component that generated a finding. * * Array Members: Minimum number of 1 item. Maximum number of 100 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-generatorid */ readonly generatorId?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The product-specific identifier for a finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-id */ readonly id?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. * * This field accepts only the specified formats. Timestamps can end with `Z` or `("+" / "-") time-hour [":" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: * * - `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` ) * - `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` ) * - `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` ) * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-lastobservedat */ readonly lastObservedAt?: Array<CfnAutomationRule.DateFilterProperty | cdk.IResolvable> | cdk.IResolvable; /** * The text of a user-defined note that's added to a finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-notetext */ readonly noteText?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The timestamp of when the note was updated. * * This field accepts only the specified formats. Timestamps can end with `Z` or `("+" / "-") time-hour [":" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: * * - `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` ) * - `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` ) * - `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` ) * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-noteupdatedat */ readonly noteUpdatedAt?: Array<CfnAutomationRule.DateFilterProperty | cdk.IResolvable> | cdk.IResolvable; /** * The principal that created a note. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-noteupdatedby */ readonly noteUpdatedBy?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-productarn */ readonly productArn?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-productname */ readonly productName?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * Provides the current state of a finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-recordstate */ readonly recordState?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The product-generated identifier for a related finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-relatedfindingsid */ readonly relatedFindingsId?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The ARN for the product that generated a related finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-relatedfindingsproductarn */ readonly relatedFindingsProductArn?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * Custom fields and values about the resource that a finding pertains to. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-resourcedetailsother */ readonly resourceDetailsOther?: Array<cdk.IResolvable | CfnAutomationRule.MapFilterProperty> | cdk.IResolvable; /** * The identifier for the given resource type. * * For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource. * * Array Members: Minimum number of 1 item. Maximum number of 100 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-resourceid */ readonly resourceId?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The partition in which the resource that the finding pertains to is located. * * A partition is a group of AWS Regions . Each AWS account is scoped to one partition. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-resourcepartition */ readonly resourcePartition?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The AWS Region where the resource that a finding pertains to is located. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-resourceregion */ readonly resourceRegion?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * A list of AWS tags associated with a resource at the time the finding was processed. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-resourcetags */ readonly resourceTags?: Array<cdk.IResolvable | CfnAutomationRule.MapFilterProperty> | cdk.IResolvable; /** * A finding's title. * * Array Members: Minimum number of 1 item. Maximum number of 100 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-resourcetype */ readonly resourceType?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * The severity value of the finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-severitylabel */ readonly severityLabel?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * Provides a URL that links to a page about the current finding in the finding product. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-sourceurl */ readonly sourceUrl?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * A finding's title. * * Array Members: Minimum number of 1 item. Maximum number of 100 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-title */ readonly title?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * One or more finding types in the format of namespace/category/classifier that classify a finding. * * For a list of namespaces, classifiers, and categories, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *AWS Security Hub User Guide* . * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-type */ readonly type?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * A timestamp that indicates when the finding record was most recently updated. * * This field accepts only the specified formats. Timestamps can end with `Z` or `("+" / "-") time-hour [":" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: * * - `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` ) * - `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` ) * - `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` ) * - `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` ) * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-updatedat */ readonly updatedAt?: Array<CfnAutomationRule.DateFilterProperty | cdk.IResolvable> | cdk.IResolvable; /** * A list of user-defined name and value string pairs added to a finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-userdefinedfields */ readonly userDefinedFields?: Array<cdk.IResolvable | CfnAutomationRule.MapFilterProperty> | cdk.IResolvable; /** * Provides the veracity of a finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-verificationstate */ readonly verificationState?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; /** * Provides information about the status of the investigation into a finding. * * Array Members: Minimum number of 1 item. Maximum number of 20 items. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfilters.html#cfn-securityhub-automationrule-automationrulesfindingfilters-workflowstatus */ readonly workflowStatus?: Array<cdk.IResolvable | CfnAutomationRule.StringFilterProperty> | cdk.IResolvable; } /** * A string filter for filtering AWS Security Hub findings. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-stringfilter.html */ interface StringFilterProperty { /** * The condition to apply to a string value when filtering Security Hub findings. * * To search for values that have the filter value, use one of the following comparison operators: * * - To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront. * - To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` . * - To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match. * * `CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title. * * To search for values that don’t have the filter value, use one of the following comparison operators: * * - To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront. * - To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` . * - To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` . * * `NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title. * * You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. * * You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters. * * For example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` . * * - `ResourceType PREFIX AwsIam` * - `ResourceType PREFIX AwsEc2` * - `ResourceType NOT_EQUALS AwsIamPolicy` * - `ResourceType NOT_EQUALS AwsEc2NetworkInterface` * * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-stringfilter.html#cfn-securityhub-automationrule-stringfilter-comparison */ readonly comparison: string; /** * The string filter value. * * Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there's no match. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-stringfilter.html#cfn-securityhub-automationrule-stringfilter-value */ readonly value: string; } /** * A map filter for filtering AWS Security Hub findings. * * Each map filter provides the field to check for, the value to check for, and the comparison operator. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-mapfilter.html */ interface MapFilterProperty { /** * The condition to apply to the key value when filtering Security Hub findings with a map filter. * * To search for values that have the filter value, use one of the following comparison operators: * * - To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match. * - To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag. * * `CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values. * * To search for values that don't have the filter value, use one of the following comparison operators: * * - To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag. * - To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don’t have the value `Finance` for the `Department` tag. * * `NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values. * * `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. * * You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. * * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guid