Marketplace
BrowsePublish
Marketplace
You are viewing an outdated version of provider-aws.Go to Latest
upbound/provider-aws@v1.1.0
Insight
securityhub.aws.upbound.io
Insight
upbound/provider-aws@v1.1.0securityhub.aws.upbound.io

Insight is the Schema for the Insights API. Provides a Security Hub custom insight resource.

Type

CRD

Group

securityhub.aws.upbound.io

Version

v1beta1

apiVersion: securityhub.aws.upbound.io/v1beta1

kind: Insight

API Documentation
apiVersion
string
kind
string
metadata
object
spec
object
object

InsightSpec defines the desired state of Insight

forProvider
requiredobject
requiredobject

No description provided.

filters
array
array

A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.

array

AWS account ID that a finding is generated in. See String_Filter below for more details.

value
string
array

The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details.

value
string
array

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details.

value
string
array

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

A finding's description. See String Filter below for more details.

value
string
array

The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details.

value
string
array

The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details.

value
string
array

The finding provider value for the severity label. See String Filter below for more details.

value
string
array

The finding provider's original value for the severity. See String Filter below for more details.

value
string
array

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding. Valid namespace values include: Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, and Sensitive Data Identifications. See String Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details.

value
string
id
array
array

The security findings provider-specific identifier for a finding. See String Filter below for more details.

value
string
keyword
array
array

A keyword for a finding. See Keyword Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the malware that was observed. See String Filter below for more details.

value
string
array

The filesystem path of the malware that was observed. See String Filter below for more details.

value
string
array

The state of the malware that was observed. See String Filter below for more details.

value
string
array

The type of the malware that was observed. See String Filter below for more details.

value
string
array

The destination domain of network-related information about a finding. See String Filter below for more details.

value
string
array

The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The destination port of network-related information about a finding. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

Indicates the direction of network traffic associated with a finding. See String Filter below for more details.

value
string
array

The protocol of network-related information about a finding. See String Filter below for more details.

value
string
array

The source domain of network-related information about a finding. See String Filter below for more details.

value
string
array

The source IPv4 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The source IPv6 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details.

value
string
array

The source port of network-related information about a finding. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The text of a note. See String Filter below for more details.

value
string
array

The timestamp of when the note was updated. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The principal that created a note. See String Filter below for more details.

value
string
array

The date/time that the process was launched. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the process. See String Filter below for more details.

value
string
array

The parent process ID. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The path to the process executable. See String Filter below for more details.

value
string
array

The process ID. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The date/time that the process was terminated. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details.

value
string
array

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format. See Map Filter below for more details.

key
string
value
string
array

The name of the solution (product) that generates findings. See String Filter below for more details.

value
string
array

The recommendation of what to do about the issue described in a finding. See String Filter below for more details.

value
string
array

The updated record state for the finding. See String Filter below for more details.

value
string
array

The solution-generated identifier for a related finding. See String Filter below for more details.

value
string
array

The ARN of the solution that generated a related finding. See String Filter below for more details.

value
string
array

The IAM profile ARN of the instance. See String Filter below for more details.

value
string
array

The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details.

value
string
array

The IPv4 addresses associated with the instance. See Ip Filter below for more details.

cidr
string
array

The IPv6 addresses associated with the instance. See Ip Filter below for more details.

cidr
string
array

The key name associated with the instance. See String Filter below for more details.

value
string
array

The date and time the instance was launched. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The identifier of the subnet that the instance was launched in. See String Filter below for more details.

value
string
array

The instance type of the instance. See String Filter below for more details.

value
string
array

The identifier of the VPC that the instance was launched in. See String Filter below for more details.

value
string
array

The creation date/time of the IAM access key related to a finding. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The status of the IAM access key related to a finding. See String Filter below for more details.

value
string
array

The user associated with the IAM access key related to a finding. See String Filter below for more details.

value
string
array

The canonical user ID of the owner of the S3 bucket. See String Filter below for more details.

value
string
array

The display name of the owner of the S3 bucket. See String Filter below for more details.

value
string
array

The identifier of the image related to a finding. See String Filter below for more details.

value
string
array

The name of the image related to a finding. See String Filter below for more details.

value
string
array

The date/time that the container was started. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the container related to a finding. See String Filter below for more details.

value
string
array

The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details.

key
string
value
string
array

The canonical identifier for the given resource type. See String Filter below for more details.

value
string
array

The canonical AWS partition name that the Region is assigned to. See String Filter below for more details.

value
string
array

The canonical AWS external Region name where this resource is located. See String Filter below for more details.

value
string
array

A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details.

key
string
value
string
array

Specifies the type of the resource that details are provided for. See String Filter below for more details.

value
string
array

The label of a finding's severity. See String Filter below for more details.

value
string
array

A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details.

value
string
array

The category of a threat intelligence indicator. See String Filter below for more details.

value
string
array

The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The source of the threat intelligence. See String Filter below for more details.

value
string
array

The URL for more details from the source of the threat intelligence. See String Filter below for more details.

value
string
array

The type of a threat intelligence indicator. See String Filter below for more details.

value
string
array

The value of a threat intelligence indicator. See String Filter below for more details.

value
string
title
array
array

A finding's title. See String Filter below for more details.

value
string
type
array
array

A finding type in the format of namespace/category/classifier that classifies a finding. See String Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details.

key
string
value
string
array

The veracity of a finding. See String Filter below for more details.

value
string
array

The status of the investigation into a finding. See Workflow Status Filter below for more details.

value
string
name
string
region
requiredstring
object

THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.

filters
array
array

A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.

array

AWS account ID that a finding is generated in. See String_Filter below for more details.

value
string
array

The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details.

value
string
array

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details.

value
string
array

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

A finding's description. See String Filter below for more details.

value
string
array

The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details.

value
string
array

The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details.

value
string
array

The finding provider value for the severity label. See String Filter below for more details.

value
string
array

The finding provider's original value for the severity. See String Filter below for more details.

value
string
array

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding. Valid namespace values include: Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, and Sensitive Data Identifications. See String Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details.

value
string
id
array
array

The security findings provider-specific identifier for a finding. See String Filter below for more details.

value
string
keyword
array
array

A keyword for a finding. See Keyword Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the malware that was observed. See String Filter below for more details.

value
string
array

The filesystem path of the malware that was observed. See String Filter below for more details.

value
string
array

The state of the malware that was observed. See String Filter below for more details.

value
string
array

The type of the malware that was observed. See String Filter below for more details.

value
string
array

The destination domain of network-related information about a finding. See String Filter below for more details.

value
string
array

The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The destination port of network-related information about a finding. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

Indicates the direction of network traffic associated with a finding. See String Filter below for more details.

value
string
array

The protocol of network-related information about a finding. See String Filter below for more details.

value
string
array

The source domain of network-related information about a finding. See String Filter below for more details.

value
string
array

The source IPv4 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The source IPv6 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details.

value
string
array

The source port of network-related information about a finding. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The text of a note. See String Filter below for more details.

value
string
array

The timestamp of when the note was updated. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The principal that created a note. See String Filter below for more details.

value
string
array

The date/time that the process was launched. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the process. See String Filter below for more details.

value
string
array

The parent process ID. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The path to the process executable. See String Filter below for more details.

value
string
array

The process ID. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The date/time that the process was terminated. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details.

value
string
array

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format. See Map Filter below for more details.

key
string
value
string
array

The name of the solution (product) that generates findings. See String Filter below for more details.

value
string
array

The recommendation of what to do about the issue described in a finding. See String Filter below for more details.

value
string
array

The updated record state for the finding. See String Filter below for more details.

value
string
array

The solution-generated identifier for a related finding. See String Filter below for more details.

value
string
array

The ARN of the solution that generated a related finding. See String Filter below for more details.

value
string
array

The IAM profile ARN of the instance. See String Filter below for more details.

value
string
array

The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details.

value
string
array

The IPv4 addresses associated with the instance. See Ip Filter below for more details.

cidr
string
array

The IPv6 addresses associated with the instance. See Ip Filter below for more details.

cidr
string
array

The key name associated with the instance. See String Filter below for more details.

value
string
array

The date and time the instance was launched. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The identifier of the subnet that the instance was launched in. See String Filter below for more details.

value
string
array

The instance type of the instance. See String Filter below for more details.

value
string
array

The identifier of the VPC that the instance was launched in. See String Filter below for more details.

value
string
array

The creation date/time of the IAM access key related to a finding. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The status of the IAM access key related to a finding. See String Filter below for more details.

value
string
array

The user associated with the IAM access key related to a finding. See String Filter below for more details.

value
string
array

The canonical user ID of the owner of the S3 bucket. See String Filter below for more details.

value
string
array

The display name of the owner of the S3 bucket. See String Filter below for more details.

value
string
array

The identifier of the image related to a finding. See String Filter below for more details.

value
string
array

The name of the image related to a finding. See String Filter below for more details.

value
string
array

The date/time that the container was started. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the container related to a finding. See String Filter below for more details.

value
string
array

The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details.

key
string
value
string
array

The canonical identifier for the given resource type. See String Filter below for more details.

value
string
array

The canonical AWS partition name that the Region is assigned to. See String Filter below for more details.

value
string
array

The canonical AWS external Region name where this resource is located. See String Filter below for more details.

value
string
array

A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details.

key
string
value
string
array

Specifies the type of the resource that details are provided for. See String Filter below for more details.

value
string
array

The label of a finding's severity. See String Filter below for more details.

value
string
array

A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details.

value
string
array

The category of a threat intelligence indicator. See String Filter below for more details.

value
string
array

The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The source of the threat intelligence. See String Filter below for more details.

value
string
array

The URL for more details from the source of the threat intelligence. See String Filter below for more details.

value
string
array

The type of a threat intelligence indicator. See String Filter below for more details.

value
string
array

The value of a threat intelligence indicator. See String Filter below for more details.

value
string
title
array
array

A finding's title. See String Filter below for more details.

value
string
type
array
array

A finding type in the format of namespace/category/classifier that classifies a finding. See String Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details.

key
string
value
string
array

The veracity of a finding. See String Filter below for more details.

value
string
array

The status of the investigation into a finding. See Workflow Status Filter below for more details.

value
string
name
string
array

THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md

object

ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
object

PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.

configRef
object
object

SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
metadata
object
object

Metadata is the metadata for connection secret.

labels
object
type
string
name
requiredstring
object

WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.

name
requiredstring
namespace
requiredstring
status
object
object

InsightStatus defines the observed state of Insight.

object

No description provided.

arn
string
filters
array
array

A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.

array

AWS account ID that a finding is generated in. See String_Filter below for more details.

value
string
array

The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details.

value
string
array

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details.

value
string
array

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

A finding's description. See String Filter below for more details.

value
string
array

The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details.

value
string
array

The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details.

value
string
array

The finding provider value for the severity label. See String Filter below for more details.

value
string
array

The finding provider's original value for the severity. See String Filter below for more details.

value
string
array

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding. Valid namespace values include: Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, and Sensitive Data Identifications. See String Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details.

value
string
id
array
array

The security findings provider-specific identifier for a finding. See String Filter below for more details.

value
string
keyword
array
array

A keyword for a finding. See Keyword Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the malware that was observed. See String Filter below for more details.

value
string
array

The filesystem path of the malware that was observed. See String Filter below for more details.

value
string
array

The state of the malware that was observed. See String Filter below for more details.

value
string
array

The type of the malware that was observed. See String Filter below for more details.

value
string
array

The destination domain of network-related information about a finding. See String Filter below for more details.

value
string
array

The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The destination port of network-related information about a finding. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

Indicates the direction of network traffic associated with a finding. See String Filter below for more details.

value
string
array

The protocol of network-related information about a finding. See String Filter below for more details.

value
string
array

The source domain of network-related information about a finding. See String Filter below for more details.

value
string
array

The source IPv4 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The source IPv6 address of network-related information about a finding. See Ip Filter below for more details.

cidr
string
array

The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details.

value
string
array

The source port of network-related information about a finding. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The text of a note. See String Filter below for more details.

value
string
array

The timestamp of when the note was updated. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The principal that created a note. See String Filter below for more details.

value
string
array

The date/time that the process was launched. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the process. See String Filter below for more details.

value
string
array

The parent process ID. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The path to the process executable. See String Filter below for more details.

value
string
array

The process ID. See Number Filter below for more details.

eq
string
gte
string
lte
string
array

The date/time that the process was terminated. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details.

value
string
array

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format. See Map Filter below for more details.

key
string
value
string
array

The name of the solution (product) that generates findings. See String Filter below for more details.

value
string
array

The recommendation of what to do about the issue described in a finding. See String Filter below for more details.

value
string
array

The updated record state for the finding. See String Filter below for more details.

value
string
array

The solution-generated identifier for a related finding. See String Filter below for more details.

value
string
array

The ARN of the solution that generated a related finding. See String Filter below for more details.

value
string
array

The IAM profile ARN of the instance. See String Filter below for more details.

value
string
array

The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details.

value
string
array

The IPv4 addresses associated with the instance. See Ip Filter below for more details.

cidr
string
array

The IPv6 addresses associated with the instance. See Ip Filter below for more details.

cidr
string
array

The key name associated with the instance. See String Filter below for more details.

value
string
array

The date and time the instance was launched. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The identifier of the subnet that the instance was launched in. See String Filter below for more details.

value
string
array

The instance type of the instance. See String Filter below for more details.

value
string
array

The identifier of the VPC that the instance was launched in. See String Filter below for more details.

value
string
array

The creation date/time of the IAM access key related to a finding. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The status of the IAM access key related to a finding. See String Filter below for more details.

value
string
array

The user associated with the IAM access key related to a finding. See String Filter below for more details.

value
string
array

The canonical user ID of the owner of the S3 bucket. See String Filter below for more details.

value
string
array

The display name of the owner of the S3 bucket. See String Filter below for more details.

value
string
array

The identifier of the image related to a finding. See String Filter below for more details.

value
string
array

The name of the image related to a finding. See String Filter below for more details.

value
string
array

The date/time that the container was started. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The name of the container related to a finding. See String Filter below for more details.

value
string
array

The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details.

key
string
value
string
array

The canonical identifier for the given resource type. See String Filter below for more details.

value
string
array

The canonical AWS partition name that the Region is assigned to. See String Filter below for more details.

value
string
array

The canonical AWS external Region name where this resource is located. See String Filter below for more details.

value
string
array

A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details.

key
string
value
string
array

Specifies the type of the resource that details are provided for. See String Filter below for more details.

value
string
array

The label of a finding's severity. See String Filter below for more details.

value
string
array

A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details.

value
string
array

The category of a threat intelligence indicator. See String Filter below for more details.

value
string
array

The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

The source of the threat intelligence. See String Filter below for more details.

value
string
array

The URL for more details from the source of the threat intelligence. See String Filter below for more details.

value
string
array

The type of a threat intelligence indicator. See String Filter below for more details.

value
string
array

The value of a threat intelligence indicator. See String Filter below for more details.

value
string
title
array
array

A finding's title. See String Filter below for more details.

value
string
type
array
array

A finding type in the format of namespace/category/classifier that classifies a finding. See String Filter below for more details.

value
string
array

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details.

array

A configuration block of the date range for the date filter. See date_range below for more details.

unit
string
value
number
end
string
start
string
array

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details.

key
string
value
string
array

The veracity of a finding. See String Filter below for more details.

value
string
array

The status of the investigation into a finding. See Workflow Status Filter below for more details.

value
string
id
string
name
string
array

Conditions of the resource.

lastTransitionTime
requiredstring
message
string
reason
requiredstring
status
requiredstring
type
requiredstring
Marketplace

Discover the building blocks for your internal cloud platform.

© 2022 Upbound, Inc.

SolutionsProvidersConfigurations
LearnDocumentationTry for Free
MorePrivacy PolicyTerms & Conditions
Marketplace

© 2022 Upbound, Inc.

Marketplace

Discover the building blocksfor your internal cloud platform.