Insight is the Schema for the Insights API. Provides a Security Hub custom insight resource.
Type
CRD
Group
securityhub.aws.upbound.io
Version
v1beta1
apiVersion: securityhub.aws.upbound.io/v1beta1
kind: Insight
InsightSpec defines the desired state of Insight
No description provided.
A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.
AWS account ID that a finding is generated in. See String_Filter below for more details.
The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details.
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details.
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details.
A finding's description. See String Filter below for more details.
The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.
The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.
The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details.
The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details.
The finding provider value for the severity label. See String Filter below for more details.
The finding provider's original value for the severity. See String Filter below for more details.
One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding. Valid namespace values include: Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, and Sensitive Data Identifications. See String Filter below for more details.
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details.
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details.
The security findings provider-specific identifier for a finding. See String Filter below for more details.
A keyword for a finding. See Keyword Filter below for more details.
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details.
The name of the malware that was observed. See String Filter below for more details.
The filesystem path of the malware that was observed. See String Filter below for more details.
The state of the malware that was observed. See String Filter below for more details.
The type of the malware that was observed. See String Filter below for more details.
The destination domain of network-related information about a finding. See String Filter below for more details.
The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details.
The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details.
Indicates the direction of network traffic associated with a finding. See String Filter below for more details.
The protocol of network-related information about a finding. See String Filter below for more details.
The source domain of network-related information about a finding. See String Filter below for more details.
The source IPv4 address of network-related information about a finding. See Ip Filter below for more details.
The source IPv6 address of network-related information about a finding. See Ip Filter below for more details.
The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details.
The text of a note. See String Filter below for more details.
The principal that created a note. See String Filter below for more details.
The name of the process. See String Filter below for more details.
The path to the process executable. See String Filter below for more details.
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details.
A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format. See Map Filter below for more details.
The name of the solution (product) that generates findings. See String Filter below for more details.
The recommendation of what to do about the issue described in a finding. See String Filter below for more details.
The updated record state for the finding. See String Filter below for more details.
The solution-generated identifier for a related finding. See String Filter below for more details.
The ARN of the solution that generated a related finding. See String Filter below for more details.
The IAM profile ARN of the instance. See String Filter below for more details.
The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details.
The IPv4 addresses associated with the instance. See Ip Filter below for more details.
The IPv6 addresses associated with the instance. See Ip Filter below for more details.
The key name associated with the instance. See String Filter below for more details.
The identifier of the subnet that the instance was launched in. See String Filter below for more details.
The instance type of the instance. See String Filter below for more details.
The identifier of the VPC that the instance was launched in. See String Filter below for more details.
The status of the IAM access key related to a finding. See String Filter below for more details.
The user associated with the IAM access key related to a finding. See String Filter below for more details.
The canonical user ID of the owner of the S3 bucket. See String Filter below for more details.
The display name of the owner of the S3 bucket. See String Filter below for more details.
The identifier of the image related to a finding. See String Filter below for more details.
The name of the image related to a finding. See String Filter below for more details.
The name of the container related to a finding. See String Filter below for more details.
The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details.
The canonical identifier for the given resource type. See String Filter below for more details.
The canonical AWS partition name that the Region is assigned to. See String Filter below for more details.
The canonical AWS external Region name where this resource is located. See String Filter below for more details.
A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details.
Specifies the type of the resource that details are provided for. See String Filter below for more details.
The label of a finding's severity. See String Filter below for more details.
A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details.
The category of a threat intelligence indicator. See String Filter below for more details.
The source of the threat intelligence. See String Filter below for more details.
The URL for more details from the source of the threat intelligence. See String Filter below for more details.
The type of a threat intelligence indicator. See String Filter below for more details.
The value of a threat intelligence indicator. See String Filter below for more details.
A finding's title. See String Filter below for more details.
A finding type in the format of namespace/category/classifier that classifies a finding. See String Filter below for more details.
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details.
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details.
The veracity of a finding. See String Filter below for more details.
The status of the investigation into a finding. See Workflow Status Filter below for more details.
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
InsightStatus defines the observed state of Insight.
Conditions of the resource.
example
apiVersion: securityhub.aws.upbound.io/v1beta1
kind: Insight
metadata:
annotations:
meta.upbound.io/example-id: securityhub/v1beta1/insight
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
filters:
- awsAccountId:
- comparison: EQUALS
value: "1234567890"
- comparison: EQUALS
value: "09876543210"
groupByAttribute: AwsAccountId
name: example-insight
region: us-west-1
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.