AWS Native v0.108.3, Jun 12 24

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.securityhub.AutomationRule

Explore with Pulumi AI

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

pulumi/pulumi-aws-native

Example Usage

Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
    {
        RuleName = "Example rule name",
        RuleOrder = 5,
        Description = "Example rule description.",
        IsTerminal = false,
        RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
        Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
        {
            ProductName = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "GuardDuty",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "SecurityHub",
                },
            },
            CompanyName = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "AWS",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "Private",
                },
            },
            ProductArn = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
                },
            },
            AwsAccountId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "123456789012",
                },
            },
            Id = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-finding-id",
                },
            },
            GeneratorId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-generator-id",
                },
            },
            Type = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "type-1",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "type-2",
                },
            },
            Description = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "description1",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "description2",
                },
            },
            SourceUrl = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "https",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "ftp",
                },
            },
            Title = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "title-1",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "title-2",
                },
            },
            SeverityLabel = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "LOW",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "HIGH",
                },
            },
            ResourceType = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "AwsEc2Instance",
                },
            },
            ResourcePartition = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "aws",
                },
            },
            ResourceId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "i-1234567890",
                },
            },
            ResourceRegion = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "us-west",
                },
            },
            ComplianceStatus = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "FAILED",
                },
            },
            ComplianceSecurityControlId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "EC2.3",
                },
            },
            ComplianceAssociatedStandardsId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                },
            },
            VerificationState = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "BENIGN_POSITIVE",
                },
            },
            RecordState = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "ACTIVE",
                },
            },
            RelatedFindingsProductArn = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
                },
            },
            RelatedFindingsId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-finding-id-2",
                },
            },
            NoteText = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-note-text",
                },
            },
            NoteUpdatedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            NoteUpdatedBy = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "sechub",
                },
            },
            WorkflowStatus = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "NEW",
                },
            },
            FirstObservedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            LastObservedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            CreatedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            UpdatedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    Start = "2023-04-25T17:05:54.832Z",
                    End = "2023-05-25T17:05:54.832Z",
                },
            },
            ResourceTags = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "department",
                    Value = "security",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "department",
                    Value = "operations",
                },
            },
            UserDefinedFields = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                    Key = "key1",
                    Value = "security",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                    Key = "key2",
                    Value = "operations",
                },
            },
            ResourceDetailsOther = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "area",
                    Value = "na",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "department",
                    Value = "sales",
                },
            },
            Confidence = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                {
                    Gte = 50,
                    Lte = 95,
                },
            },
            Criticality = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                {
                    Gte = 50,
                    Lte = 95,
                },
            },
        },
        Actions = new[]
        {
            new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
            {
                Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
                FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
                {
                    Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
                    {
                        Product = 50,
                        Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
                        Normalized = 60,
                    },
                    Types = new[]
                    {
                        "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                        "Industry Compliance",
                    },
                    Confidence = 98,
                    Criticality = 95,
                    UserDefinedFields = 
                    {
                        { "key1", "value1" },
                        { "key2", "value2" },
                    },
                    RelatedFindings = new[]
                    {
                        new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                        {
                            ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                            Id = "sample-finding-id-1",
                        },
                        new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                        {
                            ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                            Id = "sample-finding-id-2",
                        },
                    },
                    Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
                    {
                        Text = "sample-note-text",
                        UpdatedBy = "sechub",
                    },
                    VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
                    Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
                    {
                        Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
                    },
                },
            },
        },
        Tags = 
        {
            { "sampleTag", "sampleValue" },
            { "organizationUnit", "pnw" },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
			RuleName:    pulumi.String("Example rule name"),
			RuleOrder:   pulumi.Int(5),
			Description: pulumi.String("Example rule description."),
			IsTerminal:  pulumi.Bool(false),
			RuleStatus:  securityhub.AutomationRuleRuleStatusEnabled,
			Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
				ProductName: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("GuardDuty"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("SecurityHub"),
					},
				},
				CompanyName: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("AWS"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("Private"),
					},
				},
				ProductArn: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
					},
				},
				AwsAccountId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("123456789012"),
					},
				},
				Id: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-finding-id"),
					},
				},
				GeneratorId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-generator-id"),
					},
				},
				Type: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("type-1"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("type-2"),
					},
				},
				Description: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("description1"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("description2"),
					},
				},
				SourceUrl: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("https"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("ftp"),
					},
				},
				Title: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("title-1"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("title-2"),
					},
				},
				SeverityLabel: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("LOW"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("HIGH"),
					},
				},
				ResourceType: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("AwsEc2Instance"),
					},
				},
				ResourcePartition: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("aws"),
					},
				},
				ResourceId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("i-1234567890"),
					},
				},
				ResourceRegion: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("us-west"),
					},
				},
				ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("FAILED"),
					},
				},
				ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("EC2.3"),
					},
				},
				ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
					},
				},
				VerificationState: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("BENIGN_POSITIVE"),
					},
				},
				RecordState: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("ACTIVE"),
					},
				},
				RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
					},
				},
				RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-finding-id-2"),
					},
				},
				NoteText: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-note-text"),
					},
				},
				NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("sechub"),
					},
				},
				WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("NEW"),
					},
				},
				FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				LastObservedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				CreatedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				UpdatedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						Start: pulumi.String("2023-04-25T17:05:54.832Z"),
						End:   pulumi.String("2023-05-25T17:05:54.832Z"),
					},
				},
				ResourceTags: securityhub.AutomationRuleMapFilterArray{
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("department"),
						Value:      pulumi.String("security"),
					},
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("department"),
						Value:      pulumi.String("operations"),
					},
				},
				UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
						Key:        pulumi.String("key1"),
						Value:      pulumi.String("security"),
					},
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
						Key:        pulumi.String("key2"),
						Value:      pulumi.String("operations"),
					},
				},
				ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("area"),
						Value:      pulumi.String("na"),
					},
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("department"),
						Value:      pulumi.String("sales"),
					},
				},
				Confidence: securityhub.AutomationRuleNumberFilterArray{
					&securityhub.AutomationRuleNumberFilterArgs{
						Gte: pulumi.Float64(50),
						Lte: pulumi.Float64(95),
					},
				},
				Criticality: securityhub.AutomationRuleNumberFilterArray{
					&securityhub.AutomationRuleNumberFilterArgs{
						Gte: pulumi.Float64(50),
						Lte: pulumi.Float64(95),
					},
				},
			},
			Actions: securityhub.AutomationRulesActionArray{
				&securityhub.AutomationRulesActionArgs{
					Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
					FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
						Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
							Product:    pulumi.Float64(50),
							Label:      securityhub.AutomationRuleSeverityUpdateLabelMedium,
							Normalized: pulumi.Int(60),
						},
						Types: pulumi.StringArray{
							pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
							pulumi.String("Industry Compliance"),
						},
						Confidence:  pulumi.Int(98),
						Criticality: pulumi.Int(95),
						UserDefinedFields: pulumi.StringMap{
							"key1": pulumi.String("value1"),
							"key2": pulumi.String("value2"),
						},
						RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
							&securityhub.AutomationRuleRelatedFindingArgs{
								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
								Id:         pulumi.String("sample-finding-id-1"),
							},
							&securityhub.AutomationRuleRelatedFindingArgs{
								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
								Id:         pulumi.String("sample-finding-id-2"),
							},
						},
						Note: &securityhub.AutomationRuleNoteUpdateArgs{
							Text:      pulumi.String("sample-note-text"),
							UpdatedBy: pulumi.String("sechub"),
						},
						VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
						Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
							Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
						},
					},
				},
			},
			Tags: pulumi.StringMap{
				"sampleTag":        pulumi.String("sampleValue"),
				"organizationUnit": pulumi.String("pnw"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
    rule_name="Example rule name",
    rule_order=5,
    description="Example rule description.",
    is_terminal=False,
    rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
    criteria=aws_native.securityhub.AutomationRulesFindingFiltersArgs(
        product_name=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="GuardDuty",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="SecurityHub",
            ),
        ],
        company_name=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="AWS",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="Private",
            ),
        ],
        product_arn=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="arn:aws:securityhub:us-west-2:123456789012:product/aws",
            ),
        ],
        aws_account_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="123456789012",
        )],
        id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-finding-id",
        )],
        generator_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-generator-id",
        )],
        type=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="type-1",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="type-2",
            ),
        ],
        description=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="description1",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="description2",
            ),
        ],
        source_url=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="https",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="ftp",
            ),
        ],
        title=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="title-1",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="title-2",
            ),
        ],
        severity_label=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="LOW",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="HIGH",
            ),
        ],
        resource_type=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="AwsEc2Instance",
        )],
        resource_partition=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="aws",
        )],
        resource_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
            value="i-1234567890",
        )],
        resource_region=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
            value="us-west",
        )],
        compliance_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="FAILED",
        )],
        compliance_security_control_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="EC2.3",
        )],
        compliance_associated_standards_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="ruleset/cis-aws-foundations-benchmark/v/1.2.0",
        )],
        verification_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="BENIGN_POSITIVE",
        )],
        record_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="ACTIVE",
        )],
        related_findings_product_arn=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="arn:aws:securityhub:eu-central-1::product/aws/securityhub",
        )],
        related_findings_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-finding-id-2",
        )],
        note_text=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-note-text",
        )],
        note_updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        note_updated_by=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
            value="sechub",
        )],
        workflow_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="NEW",
        )],
        first_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        last_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        created_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            start="2023-04-25T17:05:54.832Z",
            end="2023-05-25T17:05:54.832Z",
        )],
        resource_tags=[
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="department",
                value="security",
            ),
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="department",
                value="operations",
            ),
        ],
        user_defined_fields=[
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                key="key1",
                value="security",
            ),
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                key="key2",
                value="operations",
            ),
        ],
        resource_details_other=[
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="area",
                value="na",
            ),
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="department",
                value="sales",
            ),
        ],
        confidence=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
            gte=50,
            lte=95,
        )],
        criticality=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
            gte=50,
            lte=95,
        )],
    ),
    actions=[aws_native.securityhub.AutomationRulesActionArgs(
        type=aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
        finding_fields_update=aws_native.securityhub.AutomationRulesFindingFieldsUpdateArgs(
            severity=aws_native.securityhub.AutomationRuleSeverityUpdateArgs(
                product=50,
                label=aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
                normalized=60,
            ),
            types=[
                "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                "Industry Compliance",
            ],
            confidence=98,
            criticality=95,
            user_defined_fields={
                "key1": "value1",
                "key2": "value2",
            },
            related_findings=[
                aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                    product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id="sample-finding-id-1",
                ),
                aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                    product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id="sample-finding-id-2",
                ),
            ],
            note=aws_native.securityhub.AutomationRuleNoteUpdateArgs(
                text="sample-note-text",
                updated_by="sechub",
            ),
            verification_state=aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
            workflow=aws_native.securityhub.AutomationRuleWorkflowUpdateArgs(
                status=aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
            ),
        ),
    )],
    tags={
        "sampleTag": "sampleValue",
        "organizationUnit": "pnw",
    })

import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
    ruleName: "Example rule name",
    ruleOrder: 5,
    description: "Example rule description.",
    isTerminal: false,
    ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
    criteria: {
        productName: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "GuardDuty",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "SecurityHub",
            },
        ],
        companyName: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "AWS",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "Private",
            },
        ],
        productArn: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
            },
        ],
        awsAccountId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "123456789012",
        }],
        id: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-finding-id",
        }],
        generatorId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-generator-id",
        }],
        type: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "type-1",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "type-2",
            },
        ],
        description: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "description1",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "description2",
            },
        ],
        sourceUrl: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "https",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "ftp",
            },
        ],
        title: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "title-1",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "title-2",
            },
        ],
        severityLabel: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "LOW",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "HIGH",
            },
        ],
        resourceType: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "AwsEc2Instance",
        }],
        resourcePartition: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "aws",
        }],
        resourceId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
            value: "i-1234567890",
        }],
        resourceRegion: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
            value: "us-west",
        }],
        complianceStatus: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "FAILED",
        }],
        complianceSecurityControlId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "EC2.3",
        }],
        complianceAssociatedStandardsId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
        }],
        verificationState: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "BENIGN_POSITIVE",
        }],
        recordState: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "ACTIVE",
        }],
        relatedFindingsProductArn: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
        }],
        relatedFindingsId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-finding-id-2",
        }],
        noteText: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-note-text",
        }],
        noteUpdatedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        noteUpdatedBy: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
            value: "sechub",
        }],
        workflowStatus: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "NEW",
        }],
        firstObservedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        lastObservedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        createdAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        updatedAt: [{
            start: "2023-04-25T17:05:54.832Z",
            end: "2023-05-25T17:05:54.832Z",
        }],
        resourceTags: [
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "department",
                value: "security",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "department",
                value: "operations",
            },
        ],
        userDefinedFields: [
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                key: "key1",
                value: "security",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                key: "key2",
                value: "operations",
            },
        ],
        resourceDetailsOther: [
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "area",
                value: "na",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "department",
                value: "sales",
            },
        ],
        confidence: [{
            gte: 50,
            lte: 95,
        }],
        criticality: [{
            gte: 50,
            lte: 95,
        }],
    },
    actions: [{
        type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
        findingFieldsUpdate: {
            severity: {
                product: 50,
                label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
                normalized: 60,
            },
            types: [
                "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                "Industry Compliance",
            ],
            confidence: 98,
            criticality: 95,
            userDefinedFields: {
                key1: "value1",
                key2: "value2",
            },
            relatedFindings: [
                {
                    productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id: "sample-finding-id-1",
                },
                {
                    productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id: "sample-finding-id-2",
                },
            ],
            note: {
                text: "sample-note-text",
                updatedBy: "sechub",
            },
            verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
            workflow: {
                status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
            },
        },
    }],
    tags: {
        sampleTag: "sampleValue",
        organizationUnit: "pnw",
    },
});

Coming soon!

Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
    {
        RuleName = "Example rule name",
        RuleOrder = 5,
        Description = "Example rule description.",
        IsTerminal = false,
        RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
        Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
        {
            ProductName = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "GuardDuty",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "SecurityHub",
                },
            },
            CompanyName = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "AWS",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "Private",
                },
            },
            ProductArn = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
                },
            },
            AwsAccountId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "123456789012",
                },
            },
            Id = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-finding-id",
                },
            },
            GeneratorId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-generator-id",
                },
            },
            Type = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "type-1",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "type-2",
                },
            },
            Description = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "description1",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "description2",
                },
            },
            SourceUrl = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "https",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "ftp",
                },
            },
            Title = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "title-1",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "title-2",
                },
            },
            SeverityLabel = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "LOW",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "HIGH",
                },
            },
            ResourceType = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "AwsEc2Instance",
                },
            },
            ResourcePartition = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "aws",
                },
            },
            ResourceId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "i-1234567890",
                },
            },
            ResourceRegion = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "us-west",
                },
            },
            ComplianceStatus = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "FAILED",
                },
            },
            ComplianceSecurityControlId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "EC2.3",
                },
            },
            ComplianceAssociatedStandardsId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                },
            },
            VerificationState = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "BENIGN_POSITIVE",
                },
            },
            RecordState = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "ACTIVE",
                },
            },
            RelatedFindingsProductArn = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
                },
            },
            RelatedFindingsId = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-finding-id-2",
                },
            },
            NoteText = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "example-note-text",
                },
            },
            NoteUpdatedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            NoteUpdatedBy = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
                    Value = "sechub",
                },
            },
            WorkflowStatus = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
                    Value = "NEW",
                },
            },
            FirstObservedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            LastObservedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            CreatedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
                    {
                        Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
                        Value = 5,
                    },
                },
            },
            UpdatedAt = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
                {
                    Start = "2023-04-25T17:05:54.832Z",
                    End = "2023-05-25T17:05:54.832Z",
                },
            },
            ResourceTags = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "department",
                    Value = "security",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "department",
                    Value = "operations",
                },
            },
            UserDefinedFields = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                    Key = "key1",
                    Value = "security",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
                    Key = "key2",
                    Value = "operations",
                },
            },
            ResourceDetailsOther = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "area",
                    Value = "na",
                },
                new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
                {
                    Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
                    Key = "department",
                    Value = "sales",
                },
            },
            Confidence = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                {
                    Gte = 50,
                    Lte = 95,
                },
            },
            Criticality = new[]
            {
                new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
                {
                    Gte = 50,
                    Lte = 95,
                },
            },
        },
        Actions = new[]
        {
            new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
            {
                Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
                FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
                {
                    Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
                    {
                        Product = 50,
                        Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
                        Normalized = 60,
                    },
                    Types = new[]
                    {
                        "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                        "Industry Compliance",
                    },
                    Confidence = 98,
                    Criticality = 95,
                    UserDefinedFields = 
                    {
                        { "key1", "value1" },
                        { "key2", "value2" },
                    },
                    RelatedFindings = new[]
                    {
                        new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                        {
                            ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                            Id = "sample-finding-id-1",
                        },
                        new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
                        {
                            ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                            Id = "sample-finding-id-2",
                        },
                    },
                    Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
                    {
                        Text = "sample-note-text",
                        UpdatedBy = "sechub",
                    },
                    VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
                    Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
                    {
                        Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
                    },
                },
            },
        },
        Tags = 
        {
            { "sampleTag", "sampleValue" },
            { "organizationUnit", "pnw" },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
			RuleName:    pulumi.String("Example rule name"),
			RuleOrder:   pulumi.Int(5),
			Description: pulumi.String("Example rule description."),
			IsTerminal:  pulumi.Bool(false),
			RuleStatus:  securityhub.AutomationRuleRuleStatusEnabled,
			Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
				ProductName: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("GuardDuty"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("SecurityHub"),
					},
				},
				CompanyName: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("AWS"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("Private"),
					},
				},
				ProductArn: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
					},
				},
				AwsAccountId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("123456789012"),
					},
				},
				Id: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-finding-id"),
					},
				},
				GeneratorId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-generator-id"),
					},
				},
				Type: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("type-1"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("type-2"),
					},
				},
				Description: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("description1"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("description2"),
					},
				},
				SourceUrl: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("https"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("ftp"),
					},
				},
				Title: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("title-1"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("title-2"),
					},
				},
				SeverityLabel: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("LOW"),
					},
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("HIGH"),
					},
				},
				ResourceType: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("AwsEc2Instance"),
					},
				},
				ResourcePartition: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("aws"),
					},
				},
				ResourceId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("i-1234567890"),
					},
				},
				ResourceRegion: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("us-west"),
					},
				},
				ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("FAILED"),
					},
				},
				ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("EC2.3"),
					},
				},
				ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
					},
				},
				VerificationState: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("BENIGN_POSITIVE"),
					},
				},
				RecordState: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("ACTIVE"),
					},
				},
				RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
					},
				},
				RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-finding-id-2"),
					},
				},
				NoteText: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("example-note-text"),
					},
				},
				NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
						Value:      pulumi.String("sechub"),
					},
				},
				WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
					&securityhub.AutomationRuleStringFilterArgs{
						Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
						Value:      pulumi.String("NEW"),
					},
				},
				FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				LastObservedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				CreatedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						DateRange: &securityhub.AutomationRuleDateRangeArgs{
							Unit:  securityhub.AutomationRuleDateRangeUnitDays,
							Value: pulumi.Float64(5),
						},
					},
				},
				UpdatedAt: securityhub.AutomationRuleDateFilterArray{
					&securityhub.AutomationRuleDateFilterArgs{
						Start: pulumi.String("2023-04-25T17:05:54.832Z"),
						End:   pulumi.String("2023-05-25T17:05:54.832Z"),
					},
				},
				ResourceTags: securityhub.AutomationRuleMapFilterArray{
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("department"),
						Value:      pulumi.String("security"),
					},
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("department"),
						Value:      pulumi.String("operations"),
					},
				},
				UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
						Key:        pulumi.String("key1"),
						Value:      pulumi.String("security"),
					},
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
						Key:        pulumi.String("key2"),
						Value:      pulumi.String("operations"),
					},
				},
				ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("area"),
						Value:      pulumi.String("na"),
					},
					&securityhub.AutomationRuleMapFilterArgs{
						Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
						Key:        pulumi.String("department"),
						Value:      pulumi.String("sales"),
					},
				},
				Confidence: securityhub.AutomationRuleNumberFilterArray{
					&securityhub.AutomationRuleNumberFilterArgs{
						Gte: pulumi.Float64(50),
						Lte: pulumi.Float64(95),
					},
				},
				Criticality: securityhub.AutomationRuleNumberFilterArray{
					&securityhub.AutomationRuleNumberFilterArgs{
						Gte: pulumi.Float64(50),
						Lte: pulumi.Float64(95),
					},
				},
			},
			Actions: securityhub.AutomationRulesActionArray{
				&securityhub.AutomationRulesActionArgs{
					Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
					FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
						Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
							Product:    pulumi.Float64(50),
							Label:      securityhub.AutomationRuleSeverityUpdateLabelMedium,
							Normalized: pulumi.Int(60),
						},
						Types: pulumi.StringArray{
							pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
							pulumi.String("Industry Compliance"),
						},
						Confidence:  pulumi.Int(98),
						Criticality: pulumi.Int(95),
						UserDefinedFields: pulumi.StringMap{
							"key1": pulumi.String("value1"),
							"key2": pulumi.String("value2"),
						},
						RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
							&securityhub.AutomationRuleRelatedFindingArgs{
								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
								Id:         pulumi.String("sample-finding-id-1"),
							},
							&securityhub.AutomationRuleRelatedFindingArgs{
								ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
								Id:         pulumi.String("sample-finding-id-2"),
							},
						},
						Note: &securityhub.AutomationRuleNoteUpdateArgs{
							Text:      pulumi.String("sample-note-text"),
							UpdatedBy: pulumi.String("sechub"),
						},
						VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
						Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
							Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
						},
					},
				},
			},
			Tags: pulumi.StringMap{
				"sampleTag":        pulumi.String("sampleValue"),
				"organizationUnit": pulumi.String("pnw"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
    rule_name="Example rule name",
    rule_order=5,
    description="Example rule description.",
    is_terminal=False,
    rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
    criteria=aws_native.securityhub.AutomationRulesFindingFiltersArgs(
        product_name=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="GuardDuty",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="SecurityHub",
            ),
        ],
        company_name=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="AWS",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="Private",
            ),
        ],
        product_arn=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="arn:aws:securityhub:us-west-2:123456789012:product/aws",
            ),
        ],
        aws_account_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="123456789012",
        )],
        id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-finding-id",
        )],
        generator_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-generator-id",
        )],
        type=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="type-1",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="type-2",
            ),
        ],
        description=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="description1",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="description2",
            ),
        ],
        source_url=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="https",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="ftp",
            ),
        ],
        title=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="title-1",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
                value="title-2",
            ),
        ],
        severity_label=[
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="LOW",
            ),
            aws_native.securityhub.AutomationRuleStringFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
                value="HIGH",
            ),
        ],
        resource_type=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="AwsEc2Instance",
        )],
        resource_partition=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="aws",
        )],
        resource_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
            value="i-1234567890",
        )],
        resource_region=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
            value="us-west",
        )],
        compliance_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="FAILED",
        )],
        compliance_security_control_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="EC2.3",
        )],
        compliance_associated_standards_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="ruleset/cis-aws-foundations-benchmark/v/1.2.0",
        )],
        verification_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="BENIGN_POSITIVE",
        )],
        record_state=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="ACTIVE",
        )],
        related_findings_product_arn=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="arn:aws:securityhub:eu-central-1::product/aws/securityhub",
        )],
        related_findings_id=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-finding-id-2",
        )],
        note_text=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="example-note-text",
        )],
        note_updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        note_updated_by=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
            value="sechub",
        )],
        workflow_status=[aws_native.securityhub.AutomationRuleStringFilterArgs(
            comparison=aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
            value="NEW",
        )],
        first_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        last_observed_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        created_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            date_range=aws_native.securityhub.AutomationRuleDateRangeArgs(
                unit=aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
                value=5,
            ),
        )],
        updated_at=[aws_native.securityhub.AutomationRuleDateFilterArgs(
            start="2023-04-25T17:05:54.832Z",
            end="2023-05-25T17:05:54.832Z",
        )],
        resource_tags=[
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="department",
                value="security",
            ),
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="department",
                value="operations",
            ),
        ],
        user_defined_fields=[
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                key="key1",
                value="security",
            ),
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
                key="key2",
                value="operations",
            ),
        ],
        resource_details_other=[
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="area",
                value="na",
            ),
            aws_native.securityhub.AutomationRuleMapFilterArgs(
                comparison=aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
                key="department",
                value="sales",
            ),
        ],
        confidence=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
            gte=50,
            lte=95,
        )],
        criticality=[aws_native.securityhub.AutomationRuleNumberFilterArgs(
            gte=50,
            lte=95,
        )],
    ),
    actions=[aws_native.securityhub.AutomationRulesActionArgs(
        type=aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
        finding_fields_update=aws_native.securityhub.AutomationRulesFindingFieldsUpdateArgs(
            severity=aws_native.securityhub.AutomationRuleSeverityUpdateArgs(
                product=50,
                label=aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
                normalized=60,
            ),
            types=[
                "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                "Industry Compliance",
            ],
            confidence=98,
            criticality=95,
            user_defined_fields={
                "key1": "value1",
                "key2": "value2",
            },
            related_findings=[
                aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                    product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id="sample-finding-id-1",
                ),
                aws_native.securityhub.AutomationRuleRelatedFindingArgs(
                    product_arn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id="sample-finding-id-2",
                ),
            ],
            note=aws_native.securityhub.AutomationRuleNoteUpdateArgs(
                text="sample-note-text",
                updated_by="sechub",
            ),
            verification_state=aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
            workflow=aws_native.securityhub.AutomationRuleWorkflowUpdateArgs(
                status=aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
            ),
        ),
    )],
    tags={
        "sampleTag": "sampleValue",
        "organizationUnit": "pnw",
    })

import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
    ruleName: "Example rule name",
    ruleOrder: 5,
    description: "Example rule description.",
    isTerminal: false,
    ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
    criteria: {
        productName: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "GuardDuty",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "SecurityHub",
            },
        ],
        companyName: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "AWS",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "Private",
            },
        ],
        productArn: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
            },
        ],
        awsAccountId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "123456789012",
        }],
        id: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-finding-id",
        }],
        generatorId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-generator-id",
        }],
        type: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "type-1",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "type-2",
            },
        ],
        description: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "description1",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "description2",
            },
        ],
        sourceUrl: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "https",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "ftp",
            },
        ],
        title: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "title-1",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
                value: "title-2",
            },
        ],
        severityLabel: [
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "LOW",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
                value: "HIGH",
            },
        ],
        resourceType: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "AwsEc2Instance",
        }],
        resourcePartition: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "aws",
        }],
        resourceId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
            value: "i-1234567890",
        }],
        resourceRegion: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
            value: "us-west",
        }],
        complianceStatus: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "FAILED",
        }],
        complianceSecurityControlId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "EC2.3",
        }],
        complianceAssociatedStandardsId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
        }],
        verificationState: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "BENIGN_POSITIVE",
        }],
        recordState: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "ACTIVE",
        }],
        relatedFindingsProductArn: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
        }],
        relatedFindingsId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-finding-id-2",
        }],
        noteText: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "example-note-text",
        }],
        noteUpdatedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        noteUpdatedBy: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
            value: "sechub",
        }],
        workflowStatus: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "NEW",
        }],
        firstObservedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        lastObservedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        createdAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 5,
            },
        }],
        updatedAt: [{
            start: "2023-04-25T17:05:54.832Z",
            end: "2023-05-25T17:05:54.832Z",
        }],
        resourceTags: [
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "department",
                value: "security",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "department",
                value: "operations",
            },
        ],
        userDefinedFields: [
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                key: "key1",
                value: "security",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
                key: "key2",
                value: "operations",
            },
        ],
        resourceDetailsOther: [
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "area",
                value: "na",
            },
            {
                comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
                key: "department",
                value: "sales",
            },
        ],
        confidence: [{
            gte: 50,
            lte: 95,
        }],
        criticality: [{
            gte: 50,
            lte: 95,
        }],
    },
    actions: [{
        type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
        findingFieldsUpdate: {
            severity: {
                product: 50,
                label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
                normalized: 60,
            },
            types: [
                "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
                "Industry Compliance",
            ],
            confidence: 98,
            criticality: 95,
            userDefinedFields: {
                key1: "value1",
                key2: "value2",
            },
            relatedFindings: [
                {
                    productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id: "sample-finding-id-1",
                },
                {
                    productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
                    id: "sample-finding-id-2",
                },
            ],
            note: {
                text: "sample-note-text",
                updatedBy: "sechub",
            },
            verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
            workflow: {
                status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
            },
        },
    }],
    tags: {
        sampleTag: "sampleValue",
        organizationUnit: "pnw",
    },
});

Coming soon!

Create AutomationRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AutomationRule(name: string, args?: AutomationRuleArgs, opts?: CustomResourceOptions);

@overload
def AutomationRule(resource_name: str,
                   args: Optional[AutomationRuleArgs] = None,
                   opts: Optional[ResourceOptions] = None)

@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[AutomationRulesActionArgs]] = None,
                   criteria: Optional[AutomationRulesFindingFiltersArgs] = None,
                   description: Optional[str] = None,
                   is_terminal: Optional[bool] = None,
                   rule_name: Optional[str] = None,
                   rule_order: Optional[int] = None,
                   rule_status: Optional[AutomationRuleRuleStatus] = None,
                   tags: Optional[Mapping[str, str]] = None)

func NewAutomationRule(ctx *Context, name string, args *AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)

public AutomationRule(string name, AutomationRuleArgs? args = null, CustomResourceOptions? opts = null)

public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)

type: aws-native:securityhub:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

Coming soon!

Coming soon!

Coming soon!

Coming soon!

const automationRuleResource = new aws_native.securityhub.AutomationRule("automationRuleResource", {
    actions: [{
        findingFieldsUpdate: {
            confidence: 0,
            criticality: 0,
            note: {
                text: "string",
                updatedBy: "string",
            },
            relatedFindings: [{
                id: "string",
                productArn: "string",
            }],
            severity: {
                label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Informational,
                normalized: 0,
                product: 0,
            },
            types: ["string"],
            userDefinedFields: {
                string: "string",
            },
            verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.Unknown,
            workflow: {
                status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.New,
            },
        },
        type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
    }],
    criteria: {
        awsAccountId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        companyName: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        complianceAssociatedStandardsId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        complianceSecurityControlId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        complianceStatus: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        confidence: [{
            eq: 0,
            gte: 0,
            lte: 0,
        }],
        createdAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 0,
            },
            end: "string",
            start: "string",
        }],
        criticality: [{
            eq: 0,
            gte: 0,
            lte: 0,
        }],
        description: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        firstObservedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 0,
            },
            end: "string",
            start: "string",
        }],
        generatorId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        id: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        lastObservedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 0,
            },
            end: "string",
            start: "string",
        }],
        noteText: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        noteUpdatedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 0,
            },
            end: "string",
            start: "string",
        }],
        noteUpdatedBy: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        productArn: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        productName: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        recordState: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        relatedFindingsId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        relatedFindingsProductArn: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        resourceDetailsOther: [{
            comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
            key: "string",
            value: "string",
        }],
        resourceId: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        resourcePartition: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        resourceRegion: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        resourceTags: [{
            comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
            key: "string",
            value: "string",
        }],
        resourceType: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        severityLabel: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        sourceUrl: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        title: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        type: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        updatedAt: [{
            dateRange: {
                unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
                value: 0,
            },
            end: "string",
            start: "string",
        }],
        userDefinedFields: [{
            comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
            key: "string",
            value: "string",
        }],
        verificationState: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
        workflowStatus: [{
            comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
            value: "string",
        }],
    },
    description: "string",
    isTerminal: false,
    ruleName: "string",
    ruleOrder: 0,
    ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
    tags: {
        string: "string",
    },
});

Coming soon!

AutomationRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AutomationRule resource accepts the following input properties:

Actions List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesAction>: One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
Criteria Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesFindingFilters: A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
Description string: A description of the rule.
IsTerminal bool: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
RuleName string: The name of the rule.
RuleOrder int: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
RuleStatus Pulumi.AwsNative.SecurityHub.AutomationRuleRuleStatus: Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
Tags Dictionary<string, string>: User-defined tags associated with an automation rule.

Actions []AutomationRulesActionArgs: One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
Criteria AutomationRulesFindingFiltersArgs: A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
Description string: A description of the rule.
IsTerminal bool: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
RuleName string: The name of the rule.
RuleOrder int: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
RuleStatus AutomationRuleRuleStatus: Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
Tags map[string]string: User-defined tags associated with an automation rule.

actions List<AutomationRulesAction>: One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
criteria AutomationRulesFindingFilters: A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
description String: A description of the rule.
isTerminal Boolean: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
ruleName String: The name of the rule.
ruleOrder Integer: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
ruleStatus AutomationRuleRuleStatus: Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
tags Map<String,String>: User-defined tags associated with an automation rule.

actions AutomationRulesAction[]: One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
criteria AutomationRulesFindingFilters: A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
description string: A description of the rule.
isTerminal boolean: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
ruleName string: The name of the rule.
ruleOrder number: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
ruleStatus AutomationRuleRuleStatus: Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
tags {[key: string]: string}: User-defined tags associated with an automation rule.

actions Sequence[AutomationRulesActionArgs]: One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
criteria AutomationRulesFindingFiltersArgs: A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
description str: A description of the rule.
is_terminal bool: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
rule_name str: The name of the rule.
rule_order int: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
rule_status AutomationRuleRuleStatus: Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
tags Mapping[str, str]: User-defined tags associated with an automation rule.

actions List<Property Map>: One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
criteria Property Map: A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
description String: A description of the rule.
isTerminal Boolean: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
ruleName String: The name of the rule.
ruleOrder Number: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
ruleStatus "ENABLED" | "DISABLED": Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
tags Map<String>: User-defined tags associated with an automation rule.

Outputs

All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

CreatedAt string

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

CreatedBy string

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

Id string

The provider-assigned unique ID for this managed resource.

RuleArn string

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

UpdatedAt string

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

CreatedAt string

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

CreatedBy string

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

Id string

The provider-assigned unique ID for this managed resource.

RuleArn string

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

UpdatedAt string

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdAt String

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdBy String

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

id String

The provider-assigned unique ID for this managed resource.

ruleArn String

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

updatedAt String

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdAt string

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdBy string

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

id string

The provider-assigned unique ID for this managed resource.

ruleArn string

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

updatedAt string

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

created_at str

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

created_by str

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

id str

The provider-assigned unique ID for this managed resource.

rule_arn str

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

updated_at str

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdAt String

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdBy String

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

id String

The provider-assigned unique ID for this managed resource.

ruleArn String

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

updatedAt String

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

Supporting Types

AutomationRuleDateFilter, AutomationRuleDateFilterArgs

DateRange Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateRange

A date range for the date filter.

End string

A timestamp that provides the end date for the date filter.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Start string

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

DateRange AutomationRuleDateRange

A date range for the date filter.

End string

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Start string

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

dateRange AutomationRuleDateRange

A date range for the date filter.

end String

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start String

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

dateRange AutomationRuleDateRange

A date range for the date filter.

end string

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start string

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

date_range AutomationRuleDateRange

A date range for the date filter.

end str

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start str

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

dateRange Property Map

A date range for the date filter.

end String

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start String

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

AutomationRuleDateRange, AutomationRuleDateRangeArgs

Unit Pulumi.AwsNative.SecurityHub.AutomationRuleDateRangeUnit: A date range unit for the date filter.
Value double: A date range value for the date filter.

Unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
Value float64: A date range value for the date filter.

unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
value Double: A date range value for the date filter.

unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
value number: A date range value for the date filter.

unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
value float: A date range value for the date filter.

unit "DAYS": A date range unit for the date filter.
value Number: A date range value for the date filter.

AutomationRuleDateRangeUnit, AutomationRuleDateRangeUnitArgs

Days: DAYS

AutomationRuleDateRangeUnitDays: DAYS

Days: DAYS

Days: DAYS

DAYS: DAYS

"DAYS": DAYS

AutomationRuleMapFilter, AutomationRuleMapFilterArgs

Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Key string

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

Value string

The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.

Comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Key string

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

Value string

comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key String

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value String

comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key string

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value string

comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key str

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value str

comparison "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key String

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value String

AutomationRuleMapFilterComparison, AutomationRuleMapFilterComparisonArgs

EqualsValue: EQUALS
NotEquals: NOT_EQUALS
Contains: CONTAINS
NotContains: NOT_CONTAINS

AutomationRuleMapFilterComparisonEquals: EQUALS
AutomationRuleMapFilterComparisonNotEquals: NOT_EQUALS
AutomationRuleMapFilterComparisonContains: CONTAINS
AutomationRuleMapFilterComparisonNotContains: NOT_CONTAINS

Equals: EQUALS
NotEquals: NOT_EQUALS
Contains: CONTAINS
NotContains: NOT_CONTAINS

Equals: EQUALS
NotEquals: NOT_EQUALS
Contains: CONTAINS
NotContains: NOT_CONTAINS

EQUALS: EQUALS
NOT_EQUALS: NOT_EQUALS
CONTAINS: CONTAINS
NOT_CONTAINS: NOT_CONTAINS

"EQUALS": EQUALS
"NOT_EQUALS": NOT_EQUALS
"CONTAINS": CONTAINS
"NOT_CONTAINS": NOT_CONTAINS

AutomationRuleNoteUpdate, AutomationRuleNoteUpdateArgs

Text string: The updated note text.
UpdatedBy string: The principal that updated the note.

Text string: The updated note text.
UpdatedBy string: The principal that updated the note.

text String: The updated note text.
updatedBy String: The principal that updated the note.

text string: The updated note text.
updatedBy string: The principal that updated the note.

text str: The updated note text.
updated_by str: The principal that updated the note.

text String: The updated note text.
updatedBy String: The principal that updated the note.

AutomationRuleNumberFilter, AutomationRuleNumberFilterArgs

Eq double: The equal-to condition to be applied to a single field when querying for findings.
Gte double: The greater-than-equal condition to be applied to a single field when querying for findings.
Lte double: The less-than-equal condition to be applied to a single field when querying for findings.

Eq float64: The equal-to condition to be applied to a single field when querying for findings.
Gte float64: The greater-than-equal condition to be applied to a single field when querying for findings.
Lte float64: The less-than-equal condition to be applied to a single field when querying for findings.

eq Double: The equal-to condition to be applied to a single field when querying for findings.
gte Double: The greater-than-equal condition to be applied to a single field when querying for findings.
lte Double: The less-than-equal condition to be applied to a single field when querying for findings.

eq number: The equal-to condition to be applied to a single field when querying for findings.
gte number: The greater-than-equal condition to be applied to a single field when querying for findings.
lte number: The less-than-equal condition to be applied to a single field when querying for findings.

eq float: The equal-to condition to be applied to a single field when querying for findings.
gte float: The greater-than-equal condition to be applied to a single field when querying for findings.
lte float: The less-than-equal condition to be applied to a single field when querying for findings.

eq Number: The equal-to condition to be applied to a single field when querying for findings.
gte Number: The greater-than-equal condition to be applied to a single field when querying for findings.
lte Number: The less-than-equal condition to be applied to a single field when querying for findings.

AutomationRuleRelatedFinding, AutomationRuleRelatedFindingArgs

Id string

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn string

The Amazon Resource Name (ARN) for the product that generated a related finding.

Id string

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn string

The Amazon Resource Name (ARN) for the product that generated a related finding.

id String

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn String

The Amazon Resource Name (ARN) for the product that generated a related finding.

id string

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn string

The Amazon Resource Name (ARN) for the product that generated a related finding.

id str

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

product_arn str

The Amazon Resource Name (ARN) for the product that generated a related finding.

id String

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn String

The Amazon Resource Name (ARN) for the product that generated a related finding.

AutomationRuleRuleStatus, AutomationRuleRuleStatusArgs

Enabled: ENABLED
Disabled: DISABLED

AutomationRuleRuleStatusEnabled: ENABLED
AutomationRuleRuleStatusDisabled: DISABLED

Enabled: ENABLED
Disabled: DISABLED

Enabled: ENABLED
Disabled: DISABLED

ENABLED: ENABLED
DISABLED: DISABLED

"ENABLED": ENABLED
"DISABLED": DISABLED

AutomationRuleSeverityUpdate, AutomationRuleSeverityUpdateArgs

Label Pulumi.AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

Normalized int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

Product double

The native severity as defined by the AWS service or integrated partner product that generated the finding.

Label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

Normalized int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

Product float64

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized Integer

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product Double

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized number

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product number

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product float

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized Number

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product Number

The native severity as defined by the AWS service or integrated partner product that generated the finding.

AutomationRuleSeverityUpdateLabel, AutomationRuleSeverityUpdateLabelArgs

Informational: INFORMATIONAL
Low: LOW
Medium: MEDIUM
High: HIGH
Critical: CRITICAL

AutomationRuleSeverityUpdateLabelInformational: INFORMATIONAL
AutomationRuleSeverityUpdateLabelLow: LOW
AutomationRuleSeverityUpdateLabelMedium: MEDIUM
AutomationRuleSeverityUpdateLabelHigh: HIGH
AutomationRuleSeverityUpdateLabelCritical: CRITICAL

Informational: INFORMATIONAL
Low: LOW
Medium: MEDIUM
High: HIGH
Critical: CRITICAL

Informational: INFORMATIONAL
Low: LOW
Medium: MEDIUM
High: HIGH
Critical: CRITICAL

INFORMATIONAL: INFORMATIONAL
LOW: LOW
MEDIUM: MEDIUM
HIGH: HIGH
CRITICAL: CRITICAL

"INFORMATIONAL": INFORMATIONAL
"LOW": LOW
"MEDIUM": MEDIUM
"HIGH": HIGH
"CRITICAL": CRITICAL

AutomationRuleStringFilter, AutomationRuleStringFilterArgs

Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Value string

The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.

Comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Value string

comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value String

comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value string

comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value str

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value String

AutomationRuleStringFilterComparison, AutomationRuleStringFilterComparisonArgs

EqualsValue: EQUALS
Prefix: PREFIX
NotEquals: NOT_EQUALS
PrefixNotEquals: PREFIX_NOT_EQUALS
Contains: CONTAINS
NotContains: NOT_CONTAINS

AutomationRuleStringFilterComparisonEquals: EQUALS
AutomationRuleStringFilterComparisonPrefix: PREFIX
AutomationRuleStringFilterComparisonNotEquals: NOT_EQUALS
AutomationRuleStringFilterComparisonPrefixNotEquals: PREFIX_NOT_EQUALS
AutomationRuleStringFilterComparisonContains: CONTAINS
AutomationRuleStringFilterComparisonNotContains: NOT_CONTAINS

Equals: EQUALS
Prefix: PREFIX
NotEquals: NOT_EQUALS
PrefixNotEquals: PREFIX_NOT_EQUALS
Contains: CONTAINS
NotContains: NOT_CONTAINS

Equals: EQUALS
Prefix: PREFIX
NotEquals: NOT_EQUALS
PrefixNotEquals: PREFIX_NOT_EQUALS
Contains: CONTAINS
NotContains: NOT_CONTAINS

EQUALS: EQUALS
PREFIX: PREFIX
NOT_EQUALS: NOT_EQUALS
PREFIX_NOT_EQUALS: PREFIX_NOT_EQUALS
CONTAINS: CONTAINS
NOT_CONTAINS: NOT_CONTAINS

"EQUALS": EQUALS
"PREFIX": PREFIX
"NOT_EQUALS": NOT_EQUALS
"PREFIX_NOT_EQUALS": PREFIX_NOT_EQUALS
"CONTAINS": CONTAINS
"NOT_CONTAINS": NOT_CONTAINS

AutomationRuleWorkflowUpdate, AutomationRuleWorkflowUpdateArgs

Status Pulumi.AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

Status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status "NEW" | "NOTIFIED" | "RESOLVED" | "SUPPRESSED"

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

AutomationRuleWorkflowUpdateStatus, AutomationRuleWorkflowUpdateStatusArgs

New: NEW
Notified: NOTIFIED
Resolved: RESOLVED
Suppressed: SUPPRESSED

AutomationRuleWorkflowUpdateStatusNew: NEW
AutomationRuleWorkflowUpdateStatusNotified: NOTIFIED
AutomationRuleWorkflowUpdateStatusResolved: RESOLVED
AutomationRuleWorkflowUpdateStatusSuppressed: SUPPRESSED

New: NEW
Notified: NOTIFIED
Resolved: RESOLVED
Suppressed: SUPPRESSED

New: NEW
Notified: NOTIFIED
Resolved: RESOLVED
Suppressed: SUPPRESSED

NEW: NEW
NOTIFIED: NOTIFIED
RESOLVED: RESOLVED
SUPPRESSED: SUPPRESSED

"NEW": NEW
"NOTIFIED": NOTIFIED
"RESOLVED": RESOLVED
"SUPPRESSED": SUPPRESSED

AutomationRulesAction, AutomationRulesActionArgs

FindingFieldsUpdate Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
Type Pulumi.AwsNative.SecurityHub.AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

FindingFieldsUpdate AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
Type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

findingFieldsUpdate AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

findingFieldsUpdate AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

finding_fields_update AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

findingFieldsUpdate Property Map: Specifies that the automation rule action is an update to a finding field.
type "FINDING_FIELDS_UPDATE": Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

AutomationRulesActionType, AutomationRulesActionTypeArgs

FindingFieldsUpdate: FINDING_FIELDS_UPDATE

AutomationRulesActionTypeFindingFieldsUpdate: FINDING_FIELDS_UPDATE

FindingFieldsUpdate: FINDING_FIELDS_UPDATE

FindingFieldsUpdate: FINDING_FIELDS_UPDATE

FINDING_FIELDS_UPDATE: FINDING_FIELDS_UPDATE

"FINDING_FIELDS_UPDATE": FINDING_FIELDS_UPDATE

AutomationRulesFindingFieldsUpdate, AutomationRulesFindingFieldsUpdateArgs

Confidence int: The rule action updates the Confidence field of a finding.
Criticality int: The rule action updates the Criticality field of a finding.
Note Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
RelatedFindings List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFinding>: The rule action will update the RelatedFindings field of a finding.
Severity Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
Types List<string>: The rule action updates the Types field of a finding.
UserDefinedFields Dictionary<string, string>: The rule action updates the UserDefinedFields field of a finding.
VerificationState Pulumi.AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
Workflow Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

Confidence int: The rule action updates the Confidence field of a finding.
Criticality int: The rule action updates the Criticality field of a finding.
Note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
RelatedFindings []AutomationRuleRelatedFinding: The rule action will update the RelatedFindings field of a finding.
Severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
Types []string: The rule action updates the Types field of a finding.
UserDefinedFields map[string]string: The rule action updates the UserDefinedFields field of a finding.
VerificationState AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
Workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence Integer: The rule action updates the Confidence field of a finding.
criticality Integer: The rule action updates the Criticality field of a finding.
note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
relatedFindings List<AutomationRuleRelatedFinding>: The rule action will update the RelatedFindings field of a finding.
severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
types List<String>: The rule action updates the Types field of a finding.
userDefinedFields Map<String,String>: The rule action updates the UserDefinedFields field of a finding.
verificationState AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence number: The rule action updates the Confidence field of a finding.
criticality number: The rule action updates the Criticality field of a finding.
note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
relatedFindings AutomationRuleRelatedFinding[]: The rule action will update the RelatedFindings field of a finding.
severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
types string[]: The rule action updates the Types field of a finding.
userDefinedFields {[key: string]: string}: The rule action updates the UserDefinedFields field of a finding.
verificationState AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence int: The rule action updates the Confidence field of a finding.
criticality int: The rule action updates the Criticality field of a finding.
note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
related_findings Sequence[AutomationRuleRelatedFinding]: The rule action will update the RelatedFindings field of a finding.
severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
types Sequence[str]: The rule action updates the Types field of a finding.
user_defined_fields Mapping[str, str]: The rule action updates the UserDefinedFields field of a finding.
verification_state AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence Number: The rule action updates the Confidence field of a finding.
criticality Number: The rule action updates the Criticality field of a finding.
note Property Map: The rule action will update the Note field of a finding.
relatedFindings List<Property Map>: The rule action will update the RelatedFindings field of a finding.
severity Property Map: The rule action will update the Severity field of a finding.
types List<String>: The rule action updates the Types field of a finding.
userDefinedFields Map<String>: The rule action updates the UserDefinedFields field of a finding.
verificationState "UNKNOWN" | "TRUE_POSITIVE" | "FALSE_POSITIVE" | "BENIGN_POSITIVE": The rule action updates the VerificationState field of a finding.
workflow Property Map: The rule action will update the Workflow field of a finding.

AutomationRulesFindingFieldsUpdateVerificationState, AutomationRulesFindingFieldsUpdateVerificationStateArgs

Unknown: UNKNOWN
TruePositive: TRUE_POSITIVE
FalsePositive: FALSE_POSITIVE
BenignPositive: BENIGN_POSITIVE

AutomationRulesFindingFieldsUpdateVerificationStateUnknown: UNKNOWN
AutomationRulesFindingFieldsUpdateVerificationStateTruePositive: TRUE_POSITIVE
AutomationRulesFindingFieldsUpdateVerificationStateFalsePositive: FALSE_POSITIVE
AutomationRulesFindingFieldsUpdateVerificationStateBenignPositive: BENIGN_POSITIVE

Unknown: UNKNOWN
TruePositive: TRUE_POSITIVE
FalsePositive: FALSE_POSITIVE
BenignPositive: BENIGN_POSITIVE

Unknown: UNKNOWN
TruePositive: TRUE_POSITIVE
FalsePositive: FALSE_POSITIVE
BenignPositive: BENIGN_POSITIVE

UNKNOWN: UNKNOWN
TRUE_POSITIVE: TRUE_POSITIVE
FALSE_POSITIVE: FALSE_POSITIVE
BENIGN_POSITIVE: BENIGN_POSITIVE

"UNKNOWN": UNKNOWN
"TRUE_POSITIVE": TRUE_POSITIVE
"FALSE_POSITIVE": FALSE_POSITIVE
"BENIGN_POSITIVE": BENIGN_POSITIVE

AutomationRulesFindingFilters, AutomationRulesFindingFiltersArgs

AwsAccountId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

CompanyName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceAssociatedStandardsId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceSecurityControlId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Confidence List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

CreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Criticality List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Description List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

FirstObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

GeneratorId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Id List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

LastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteText List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedBy List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RecordState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceDetailsOther List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

ResourcePartition List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceRegion List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceTags List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceType List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

SeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

SourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Title List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Type List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UserDefinedFields List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

VerificationState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

WorkflowStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

AwsAccountId []AutomationRuleStringFilter

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

CompanyName []AutomationRuleStringFilter

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceAssociatedStandardsId []AutomationRuleStringFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceSecurityControlId []AutomationRuleStringFilter

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceStatus []AutomationRuleStringFilter

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Confidence []AutomationRuleNumberFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

CreatedAt []AutomationRuleDateFilter

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Criticality []AutomationRuleNumberFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Description []AutomationRuleStringFilter

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

FirstObservedAt []AutomationRuleDateFilter

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

GeneratorId []AutomationRuleStringFilter

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Id []AutomationRuleStringFilter

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

LastObservedAt []AutomationRuleDateFilter

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteText []AutomationRuleStringFilter

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedAt []AutomationRuleDateFilter

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedBy []AutomationRuleStringFilter

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn []AutomationRuleStringFilter

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductName []AutomationRuleStringFilter

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RecordState []AutomationRuleStringFilter

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceDetailsOther []AutomationRuleMapFilter

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceId []AutomationRuleStringFilter

Array Members: Minimum number of 1 item. Maximum number of 100 items.

ResourcePartition []AutomationRuleStringFilter

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceRegion []AutomationRuleStringFilter

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceTags []AutomationRuleMapFilter

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceType []AutomationRuleStringFilter

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

SeverityLabel []AutomationRuleStringFilter

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

SourceUrl []AutomationRuleStringFilter

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Title []AutomationRuleStringFilter

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Type []AutomationRuleStringFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UpdatedAt []AutomationRuleDateFilter

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UserDefinedFields []AutomationRuleMapFilter

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

VerificationState []AutomationRuleStringFilter

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

WorkflowStatus []AutomationRuleStringFilter

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

awsAccountId List<AutomationRuleStringFilter>

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

companyName List<AutomationRuleStringFilter>

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceAssociatedStandardsId List<AutomationRuleStringFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceSecurityControlId List<AutomationRuleStringFilter>

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceStatus List<AutomationRuleStringFilter>

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence List<AutomationRuleNumberFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

createdAt List<AutomationRuleDateFilter>

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality List<AutomationRuleNumberFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description List<AutomationRuleStringFilter>

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

firstObservedAt List<AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generatorId List<AutomationRuleStringFilter>

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id List<AutomationRuleStringFilter>

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

lastObservedAt List<AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteText List<AutomationRuleStringFilter>

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedAt List<AutomationRuleDateFilter>

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedBy List<AutomationRuleStringFilter>

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn List<AutomationRuleStringFilter>

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productName List<AutomationRuleStringFilter>

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

recordState List<AutomationRuleStringFilter>

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceDetailsOther List<AutomationRuleMapFilter>

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceId List<AutomationRuleStringFilter>

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resourcePartition List<AutomationRuleStringFilter>

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceRegion List<AutomationRuleStringFilter>

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceTags List<AutomationRuleMapFilter>

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceType List<AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severityLabel List<AutomationRuleStringFilter>

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

sourceUrl List<AutomationRuleStringFilter>

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title List<AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type List<AutomationRuleStringFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updatedAt List<AutomationRuleDateFilter>

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

userDefinedFields List<AutomationRuleMapFilter>

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verificationState List<AutomationRuleStringFilter>

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflowStatus List<AutomationRuleStringFilter>

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

awsAccountId AutomationRuleStringFilter[]

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

companyName AutomationRuleStringFilter[]

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceAssociatedStandardsId AutomationRuleStringFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceSecurityControlId AutomationRuleStringFilter[]

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceStatus AutomationRuleStringFilter[]

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence AutomationRuleNumberFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

createdAt AutomationRuleDateFilter[]

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality AutomationRuleNumberFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description AutomationRuleStringFilter[]

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

firstObservedAt AutomationRuleDateFilter[]

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generatorId AutomationRuleStringFilter[]

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id AutomationRuleStringFilter[]

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

lastObservedAt AutomationRuleDateFilter[]

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteText AutomationRuleStringFilter[]

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedAt AutomationRuleDateFilter[]

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedBy AutomationRuleStringFilter[]

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn AutomationRuleStringFilter[]

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productName AutomationRuleStringFilter[]

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

recordState AutomationRuleStringFilter[]

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceDetailsOther AutomationRuleMapFilter[]

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceId AutomationRuleStringFilter[]

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resourcePartition AutomationRuleStringFilter[]

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceRegion AutomationRuleStringFilter[]

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceTags AutomationRuleMapFilter[]

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceType AutomationRuleStringFilter[]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severityLabel AutomationRuleStringFilter[]

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

sourceUrl AutomationRuleStringFilter[]

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title AutomationRuleStringFilter[]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type AutomationRuleStringFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updatedAt AutomationRuleDateFilter[]

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

userDefinedFields AutomationRuleMapFilter[]

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verificationState AutomationRuleStringFilter[]

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflowStatus AutomationRuleStringFilter[]

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

aws_account_id Sequence[AutomationRuleStringFilter]

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

company_name Sequence[AutomationRuleStringFilter]

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

compliance_associated_standards_id Sequence[AutomationRuleStringFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

compliance_security_control_id Sequence[AutomationRuleStringFilter]

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

compliance_status Sequence[AutomationRuleStringFilter]

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence Sequence[AutomationRuleNumberFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

created_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality Sequence[AutomationRuleNumberFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description Sequence[AutomationRuleStringFilter]

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

first_observed_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generator_id Sequence[AutomationRuleStringFilter]

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id Sequence[AutomationRuleStringFilter]

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

last_observed_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

note_text Sequence[AutomationRuleStringFilter]

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

note_updated_at Sequence[AutomationRuleDateFilter]

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

note_updated_by Sequence[AutomationRuleStringFilter]

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

product_arn Sequence[AutomationRuleStringFilter]

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

product_name Sequence[AutomationRuleStringFilter]

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

record_state Sequence[AutomationRuleStringFilter]

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_details_other Sequence[AutomationRuleMapFilter]

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_id Sequence[AutomationRuleStringFilter]

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resource_partition Sequence[AutomationRuleStringFilter]

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_region Sequence[AutomationRuleStringFilter]

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_tags Sequence[AutomationRuleMapFilter]

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_type Sequence[AutomationRuleStringFilter]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severity_label Sequence[AutomationRuleStringFilter]

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

source_url Sequence[AutomationRuleStringFilter]

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title Sequence[AutomationRuleStringFilter]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type Sequence[AutomationRuleStringFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updated_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

user_defined_fields Sequence[AutomationRuleMapFilter]

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verification_state Sequence[AutomationRuleStringFilter]

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflow_status Sequence[AutomationRuleStringFilter]

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

awsAccountId List<Property Map>

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

companyName List<Property Map>

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceAssociatedStandardsId List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceSecurityControlId List<Property Map>

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceStatus List<Property Map>

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

createdAt List<Property Map>

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description List<Property Map>

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

firstObservedAt List<Property Map>

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generatorId List<Property Map>

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id List<Property Map>

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

lastObservedAt List<Property Map>

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteText List<Property Map>

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedAt List<Property Map>

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedBy List<Property Map>

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn List<Property Map>

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productName List<Property Map>

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

recordState List<Property Map>

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceDetailsOther List<Property Map>

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceId List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resourcePartition List<Property Map>

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceRegion List<Property Map>

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceTags List<Property Map>

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceType List<Property Map>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severityLabel List<Property Map>

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

sourceUrl List<Property Map>

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title List<Property Map>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updatedAt List<Property Map>

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

userDefinedFields List<Property Map>

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verificationState List<Property Map>

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflowStatus List<Property Map>

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.securityhub.AutomationRule

On this page

On this page

Example Usage

Example

Example

Create AutomationRule Resource

Constructor syntax

Parameters

Example

AutomationRule Resource Properties

Inputs

Outputs

Supporting Types

AutomationRuleDateFilter, AutomationRuleDateFilterArgs

AutomationRuleDateRange, AutomationRuleDateRangeArgs

AutomationRuleDateRangeUnit, AutomationRuleDateRangeUnitArgs

AutomationRuleMapFilter, AutomationRuleMapFilterArgs

AutomationRuleMapFilterComparison, AutomationRuleMapFilterComparisonArgs

AutomationRuleNoteUpdate, AutomationRuleNoteUpdateArgs

AutomationRuleNumberFilter, AutomationRuleNumberFilterArgs

AutomationRuleRelatedFinding, AutomationRuleRelatedFindingArgs

AutomationRuleRuleStatus, AutomationRuleRuleStatusArgs

AutomationRuleSeverityUpdate, AutomationRuleSeverityUpdateArgs

AutomationRuleSeverityUpdateLabel, AutomationRuleSeverityUpdateLabelArgs

AutomationRuleStringFilter, AutomationRuleStringFilterArgs

AutomationRuleStringFilterComparison, AutomationRuleStringFilterComparisonArgs

AutomationRuleWorkflowUpdate, AutomationRuleWorkflowUpdateArgs

AutomationRuleWorkflowUpdateStatus, AutomationRuleWorkflowUpdateStatusArgs

AutomationRulesAction, AutomationRulesActionArgs

AutomationRulesActionType, AutomationRulesActionTypeArgs

AutomationRulesFindingFieldsUpdate, AutomationRulesFindingFieldsUpdateArgs

AutomationRulesFindingFieldsUpdateVerificationState, AutomationRulesFindingFieldsUpdateVerificationStateArgs

AutomationRulesFindingFilters, AutomationRulesFindingFiltersArgs

Package Details

On this page

On this page