View on GitHub
AwsSecurityFindingFilters Structure Reference
AwsSecurityFindingFilters
public struct AwsSecurityFindingFilters : AWSShapeUndocumented
-
Declaration
Swift
public static var _members: [AWSShapeMember] -
The AWS account ID that a finding is generated in.
Declaration
Swift
public let awsAccountId: [StringFilter]? -
The name of the findings provider (company) that owns the solution (product) that generates findings.
Declaration
Swift
public let companyName: [StringFilter]? -
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.
Declaration
Swift
public let complianceStatus: [StringFilter]? -
A finding’s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
Declaration
Swift
public let confidence: [NumberFilter]? -
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
Declaration
Swift
public let createdAt: [DateFilter]? -
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Declaration
Swift
public let criticality: [NumberFilter]? -
A finding’s description.
Declaration
Swift
public let description: [StringFilter]? -
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
Declaration
Swift
public let firstObservedAt: [DateFilter]? -
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers’ solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
Declaration
Swift
public let generatorId: [StringFilter]? -
The security findings provider-specific identifier for a finding.
Declaration
Swift
public let id: [StringFilter]? -
A keyword for a finding.
Declaration
Swift
public let keyword: [KeywordFilter]? -
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
Declaration
Swift
public let lastObservedAt: [DateFilter]? -
The name of the malware that was observed.
Declaration
Swift
public let malwareName: [StringFilter]? -
The filesystem path of the malware that was observed.
Declaration
Swift
public let malwarePath: [StringFilter]? -
The state of the malware that was observed.
Declaration
Swift
public let malwareState: [StringFilter]? -
The type of the malware that was observed.
Declaration
Swift
public let malwareType: [StringFilter]? -
The destination domain of network-related information about a finding.
Declaration
Swift
public let networkDestinationDomain: [StringFilter]? -
The destination IPv4 address of network-related information about a finding.
Declaration
Swift
public let networkDestinationIpV4: [IpFilter]? -
The destination IPv6 address of network-related information about a finding.
Declaration
Swift
public let networkDestinationIpV6: [IpFilter]? -
The destination port of network-related information about a finding.
Declaration
Swift
public let networkDestinationPort: [NumberFilter]? -
Indicates the direction of network traffic associated with a finding.
Declaration
Swift
public let networkDirection: [StringFilter]? -
The protocol of network-related information about a finding.
Declaration
Swift
public let networkProtocol: [StringFilter]? -
The source domain of network-related information about a finding.
Declaration
Swift
public let networkSourceDomain: [StringFilter]? -
The source IPv4 address of network-related information about a finding.
Declaration
Swift
public let networkSourceIpV4: [IpFilter]? -
The source IPv6 address of network-related information about a finding.
Declaration
Swift
public let networkSourceIpV6: [IpFilter]? -
The source media access control (MAC) address of network-related information about a finding.
Declaration
Swift
public let networkSourceMac: [StringFilter]? -
The source port of network-related information about a finding.
Declaration
Swift
public let networkSourcePort: [NumberFilter]? -
The text of a note.
Declaration
Swift
public let noteText: [StringFilter]? -
The timestamp of when the note was updated.
Declaration
Swift
public let noteUpdatedAt: [DateFilter]? -
The principal that created a note.
Declaration
Swift
public let noteUpdatedBy: [StringFilter]? -
The date/time that the process was launched.
Declaration
Swift
public let processLaunchedAt: [DateFilter]? -
The name of the process.
Declaration
Swift
public let processName: [StringFilter]? -
The parent process ID.
Declaration
Swift
public let processParentPid: [NumberFilter]? -
The path to the process executable.
Declaration
Swift
public let processPath: [StringFilter]? -
The process ID.
Declaration
Swift
public let processPid: [NumberFilter]? -
The date/time that the process was terminated.
Declaration
Swift
public let processTerminatedAt: [DateFilter]? -
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider’s product (solution that generates findings) is registered with Security Hub.
Declaration
Swift
public let productArn: [StringFilter]? -
A data type where security-findings providers can include additional solution-specific details that aren’t part of the defined AwsSecurityFinding format.
Declaration
Swift
public let productFields: [MapFilter]? -
The name of the solution (product) that generates findings.
Declaration
Swift
public let productName: [StringFilter]? -
The recommendation of what to do about the issue described in a finding.
Declaration
Swift
public let recommendationText: [StringFilter]? -
The updated record state for the finding.
Declaration
Swift
public let recordState: [StringFilter]? -
The solution-generated identifier for a related finding.
Declaration
Swift
public let relatedFindingsId: [StringFilter]? -
The ARN of the solution that generated a related finding.
Declaration
Swift
public let relatedFindingsProductArn: [StringFilter]? -
The IAM profile ARN of the instance.
Declaration
Swift
public let resourceAwsEc2InstanceIamInstanceProfileArn: [StringFilter]? -
The Amazon Machine Image (AMI) ID of the instance.
Declaration
Swift
public let resourceAwsEc2InstanceImageId: [StringFilter]? -
The IPv4 addresses associated with the instance.
Declaration
Swift
public let resourceAwsEc2InstanceIpV4Addresses: [IpFilter]? -
The IPv6 addresses associated with the instance.
Declaration
Swift
public let resourceAwsEc2InstanceIpV6Addresses: [IpFilter]? -
The key name associated with the instance.
Declaration
Swift
public let resourceAwsEc2InstanceKeyName: [StringFilter]? -
The date and time the instance was launched.
Declaration
Swift
public let resourceAwsEc2InstanceLaunchedAt: [DateFilter]? -
The identifier of the subnet that the instance was launched in.
Declaration
Swift
public let resourceAwsEc2InstanceSubnetId: [StringFilter]? -
The instance type of the instance.
Declaration
Swift
public let resourceAwsEc2InstanceType: [StringFilter]? -
The identifier of the VPC that the instance was launched in.
Declaration
Swift
public let resourceAwsEc2InstanceVpcId: [StringFilter]? -
The creation date/time of the IAM access key related to a finding.
Declaration
Swift
public let resourceAwsIamAccessKeyCreatedAt: [DateFilter]? -
The status of the IAM access key related to a finding.
Declaration
Swift
public let resourceAwsIamAccessKeyStatus: [StringFilter]? -
The user associated with the IAM access key related to a finding.
Declaration
Swift
public let resourceAwsIamAccessKeyUserName: [StringFilter]? -
The canonical user ID of the owner of the S3 bucket.
Declaration
Swift
public let resourceAwsS3BucketOwnerId: [StringFilter]? -
The display name of the owner of the S3 bucket.
Declaration
Swift
public let resourceAwsS3BucketOwnerName: [StringFilter]? -
The identifier of the image related to a finding.
Declaration
Swift
public let resourceContainerImageId: [StringFilter]? -
The name of the image related to a finding.
Declaration
Swift
public let resourceContainerImageName: [StringFilter]? -
The date/time that the container was started.
Declaration
Swift
public let resourceContainerLaunchedAt: [DateFilter]? -
The name of the container related to a finding.
Declaration
Swift
public let resourceContainerName: [StringFilter]? -
The details of a resource that doesn’t have a specific subfield for the resource type defined.
Declaration
Swift
public let resourceDetailsOther: [MapFilter]? -
The canonical identifier for the given resource type.
Declaration
Swift
public let resourceId: [StringFilter]? -
The canonical AWS partition name that the Region is assigned to.
Declaration
Swift
public let resourcePartition: [StringFilter]? -
The canonical AWS external Region name where this resource is located.
Declaration
Swift
public let resourceRegion: [StringFilter]? -
A list of AWS tags associated with a resource at the time the finding was processed.
Declaration
Swift
public let resourceTags: [MapFilter]? -
Specifies the type of the resource that details are provided for.
Declaration
Swift
public let resourceType: [StringFilter]? -
The label of a finding’s severity.
Declaration
Swift
public let severityLabel: [StringFilter]? -
The normalized severity of a finding.
Declaration
Swift
public let severityNormalized: [NumberFilter]? -
The native severity as defined by the security-findings provider’s solution that generated the finding.
Declaration
Swift
public let severityProduct: [NumberFilter]? -
A URL that links to a page about the current finding in the security-findings provider’s solution.
Declaration
Swift
public let sourceUrl: [StringFilter]? -
The category of a threat intelligence indicator.
Declaration
Swift
public let threatIntelIndicatorCategory: [StringFilter]? -
The date/time of the last observation of a threat intelligence indicator.
Declaration
Swift
public let threatIntelIndicatorLastObservedAt: [DateFilter]? -
The source of the threat intelligence.
Declaration
Swift
public let threatIntelIndicatorSource: [StringFilter]? -
The URL for more details from the source of the threat intelligence.
Declaration
Swift
public let threatIntelIndicatorSourceUrl: [StringFilter]? -
The type of a threat intelligence indicator.
Declaration
Swift
public let threatIntelIndicatorType: [StringFilter]? -
The value of a threat intelligence indicator.
Declaration
Swift
public let threatIntelIndicatorValue: [StringFilter]? -
A finding’s title.
Declaration
Swift
public let title: [StringFilter]? -
A finding type in the format of namespace/category/classifier that classifies a finding.
Declaration
Swift
public let type: [StringFilter]? -
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
Declaration
Swift
public let updatedAt: [DateFilter]? -
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Declaration
Swift
public let userDefinedFields: [MapFilter]? -
The veracity of a finding.
Declaration
Swift
public let verificationState: [StringFilter]? -
The workflow state of a finding. Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.
Declaration
Swift
public let workflowState: [StringFilter]? -
The status of the investigation into a finding. Allowed values are the following. NEW - The initial state of a finding, before it is reviewed. NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. SUPPRESSED - The finding will not be reviewed again and will not be acted upon. RESOLVED - The finding was reviewed and remediated and is now considered resolved.
Declaration
Swift
public let workflowStatus: [StringFilter]? -
init(awsAccountId:companyName:complianceStatus:confidence:createdAt:criticality:description:firstObservedAt:generatorId:id:keyword:lastObservedAt:malwareName:malwarePath:malwareState:malwareType:networkDestinationDomain:networkDestinationIpV4:networkDestinationIpV6:networkDestinationPort:networkDirection:networkProtocol:networkSourceDomain:networkSourceIpV4:networkSourceIpV6:networkSourceMac:networkSourcePort:noteText:noteUpdatedAt:noteUpdatedBy:processLaunchedAt:processName:processParentPid:processPath:processPid:processTerminatedAt:productArn:productFields:productName:recommendationText:recordState:relatedFindingsId:relatedFindingsProductArn:resourceAwsEc2InstanceIamInstanceProfileArn:resourceAwsEc2InstanceImageId:resourceAwsEc2InstanceIpV4Addresses:resourceAwsEc2InstanceIpV6Addresses:resourceAwsEc2InstanceKeyName:resourceAwsEc2InstanceLaunchedAt:resourceAwsEc2InstanceSubnetId:resourceAwsEc2InstanceType:resourceAwsEc2InstanceVpcId:resourceAwsIamAccessKeyCreatedAt:resourceAwsIamAccessKeyStatus:resourceAwsIamAccessKeyUserName:resourceAwsS3BucketOwnerId:resourceAwsS3BucketOwnerName:resourceContainerImageId:resourceContainerImageName:resourceContainerLaunchedAt:resourceContainerName:resourceDetailsOther:resourceId:resourcePartition:resourceRegion:resourceTags:resourceType:severityLabel:severityNormalized:severityProduct:sourceUrl:threatIntelIndicatorCategory:threatIntelIndicatorLastObservedAt:threatIntelIndicatorSource:threatIntelIndicatorSourceUrl:threatIntelIndicatorType:threatIntelIndicatorValue:title:type:updatedAt:userDefinedFields:verificationState:workflowState:workflowStatus:)Undocumented
Declaration
Swift
public init(awsAccountId: [StringFilter]? = nil, companyName: [StringFilter]? = nil, complianceStatus: [StringFilter]? = nil, confidence: [NumberFilter]? = nil, createdAt: [DateFilter]? = nil, criticality: [NumberFilter]? = nil, description: [StringFilter]? = nil, firstObservedAt: [DateFilter]? = nil, generatorId: [StringFilter]? = nil, id: [StringFilter]? = nil, keyword: [KeywordFilter]? = nil, lastObservedAt: [DateFilter]? = nil, malwareName: [StringFilter]? = nil, malwarePath: [StringFilter]? = nil, malwareState: [StringFilter]? = nil, malwareType: [StringFilter]? = nil, networkDestinationDomain: [StringFilter]? = nil, networkDestinationIpV4: [IpFilter]? = nil, networkDestinationIpV6: [IpFilter]? = nil, networkDestinationPort: [NumberFilter]? = nil, networkDirection: [StringFilter]? = nil, networkProtocol: [StringFilter]? = nil, networkSourceDomain: [StringFilter]? = nil, networkSourceIpV4: [IpFilter]? = nil, networkSourceIpV6: [IpFilter]? = nil, networkSourceMac: [StringFilter]? = nil, networkSourcePort: [NumberFilter]? = nil, noteText: [StringFilter]? = nil, noteUpdatedAt: [DateFilter]? = nil, noteUpdatedBy: [StringFilter]? = nil, processLaunchedAt: [DateFilter]? = nil, processName: [StringFilter]? = nil, processParentPid: [NumberFilter]? = nil, processPath: [StringFilter]? = nil, processPid: [NumberFilter]? = nil, processTerminatedAt: [DateFilter]? = nil, productArn: [StringFilter]? = nil, productFields: [MapFilter]? = nil, productName: [StringFilter]? = nil, recommendationText: [StringFilter]? = nil, recordState: [StringFilter]? = nil, relatedFindingsId: [StringFilter]? = nil, relatedFindingsProductArn: [StringFilter]? = nil, resourceAwsEc2InstanceIamInstanceProfileArn: [StringFilter]? = nil, resourceAwsEc2InstanceImageId: [StringFilter]? = nil, resourceAwsEc2InstanceIpV4Addresses: [IpFilter]? = nil, resourceAwsEc2InstanceIpV6Addresses: [IpFilter]? = nil, resourceAwsEc2InstanceKeyName: [StringFilter]? = nil, resourceAwsEc2InstanceLaunchedAt: [DateFilter]? = nil, resourceAwsEc2InstanceSubnetId: [StringFilter]? = nil, resourceAwsEc2InstanceType: [StringFilter]? = nil, resourceAwsEc2InstanceVpcId: [StringFilter]? = nil, resourceAwsIamAccessKeyCreatedAt: [DateFilter]? = nil, resourceAwsIamAccessKeyStatus: [StringFilter]? = nil, resourceAwsIamAccessKeyUserName: [StringFilter]? = nil, resourceAwsS3BucketOwnerId: [StringFilter]? = nil, resourceAwsS3BucketOwnerName: [StringFilter]? = nil, resourceContainerImageId: [StringFilter]? = nil, resourceContainerImageName: [StringFilter]? = nil, resourceContainerLaunchedAt: [DateFilter]? = nil, resourceContainerName: [StringFilter]? = nil, resourceDetailsOther: [MapFilter]? = nil, resourceId: [StringFilter]? = nil, resourcePartition: [StringFilter]? = nil, resourceRegion: [StringFilter]? = nil, resourceTags: [MapFilter]? = nil, resourceType: [StringFilter]? = nil, severityLabel: [StringFilter]? = nil, severityNormalized: [NumberFilter]? = nil, severityProduct: [NumberFilter]? = nil, sourceUrl: [StringFilter]? = nil, threatIntelIndicatorCategory: [StringFilter]? = nil, threatIntelIndicatorLastObservedAt: [DateFilter]? = nil, threatIntelIndicatorSource: [StringFilter]? = nil, threatIntelIndicatorSourceUrl: [StringFilter]? = nil, threatIntelIndicatorType: [StringFilter]? = nil, threatIntelIndicatorValue: [StringFilter]? = nil, title: [StringFilter]? = nil, type: [StringFilter]? = nil, updatedAt: [DateFilter]? = nil, userDefinedFields: [MapFilter]? = nil, verificationState: [StringFilter]? = nil, workflowState: [StringFilter]? = nil, workflowStatus: [StringFilter]? = nil) -
Declaration
Swift
public func validate(name: String) throws