Create Automation Rule V2
| securityhub_create_automation_rule_v2 | R Documentation |
Creates a V2 automation rule¶
Description¶
Creates a V2 automation rule.
Usage¶
securityhub_create_automation_rule_v2(RuleName, RuleStatus, Description,
RuleOrder, Criteria, Actions, Tags, ClientToken)
Arguments¶
RuleName |
[required] The name of the V2 automation rule. |
RuleStatus |
The status of the V2 automation rule. |
Description |
[required] A description of the V2 automation rule. |
RuleOrder |
[required] The value for the rule priority. |
Criteria |
[required] The filtering type and configuration of the automation rule. |
Actions |
[required] A list of actions to be performed when the rule criteria is met. |
Tags |
A list of key-value pairs associated with the V2 automation rule. |
ClientToken |
A unique identifier used to ensure idempotency. |
Value¶
A list with the following syntax:
list(
RuleArn = "string",
RuleId = "string"
)
Request syntax¶
svc$create_automation_rule_v2(
RuleName = "string",
RuleStatus = "ENABLED"|"DISABLED",
Description = "string",
RuleOrder = 123.0,
Criteria = list(
OcsfFindingCriteria = list(
CompositeFilters = list(
list(
StringFilters = list(
list(
FieldName = "metadata.uid"|"activity_name"|"cloud.account.uid"|"cloud.provider"|"cloud.region"|"compliance.assessments.category"|"compliance.assessments.name"|"compliance.control"|"compliance.status"|"compliance.standards"|"finding_info.desc"|"finding_info.src_url"|"finding_info.title"|"finding_info.types"|"finding_info.uid"|"finding_info.related_events.traits.category"|"finding_info.related_events.uid"|"finding_info.related_events.product.uid"|"finding_info.related_events.title"|"metadata.product.name"|"metadata.product.uid"|"metadata.product.vendor_name"|"remediation.desc"|"remediation.references"|"resources.cloud_partition"|"resources.region"|"resources.type"|"resources.uid"|"severity"|"status"|"comment"|"vulnerabilities.fix_coverage"|"class_name"|"databucket.encryption_details.algorithm"|"databucket.encryption_details.key_uid"|"databucket.file.data_classifications.classifier_details.type"|"evidences.actor.user.account.uid"|"evidences.api.operation"|"evidences.api.response.error_message"|"evidences.api.service.name"|"evidences.connection_info.direction"|"evidences.connection_info.protocol_name"|"evidences.dst_endpoint.autonomous_system.name"|"evidences.dst_endpoint.location.city"|"evidences.dst_endpoint.location.country"|"evidences.src_endpoint.autonomous_system.name"|"evidences.src_endpoint.hostname"|"evidences.src_endpoint.location.city"|"evidences.src_endpoint.location.country"|"finding_info.analytic.name"|"malware.name"|"malware_scan_info.uid"|"malware.severity"|"resources.cloud_function.layers.uid_alt"|"resources.cloud_function.runtime"|"resources.cloud_function.user.uid"|"resources.device.encryption_details.key_uid"|"resources.device.image.uid"|"resources.image.architecture"|"resources.image.registry_uid"|"resources.image.repository_name"|"resources.image.uid"|"resources.subnet_info.uid"|"resources.vpc_uid"|"vulnerabilities.affected_code.file.path"|"vulnerabilities.affected_packages.name"|"vulnerabilities.cve.epss.score"|"vulnerabilities.cve.uid"|"vulnerabilities.related_vulnerabilities"|"cloud.account.name"|"vendor_attributes.severity",
Filter = list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"|"CONTAINS_WORD"
)
)
),
DateFilters = list(
list(
FieldName = "finding_info.created_time_dt"|"finding_info.first_seen_time_dt"|"finding_info.last_seen_time_dt"|"finding_info.modified_time_dt"|"resources.image.created_time_dt"|"resources.image.last_used_time_dt"|"resources.modified_time_dt",
Filter = list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS",
Comparison = "WITHIN"|"OLDER_THAN"
)
)
)
),
BooleanFilters = list(
list(
FieldName = "compliance.assessments.meets_criteria"|"vulnerabilities.is_exploit_available"|"vulnerabilities.is_fix_available",
Filter = list(
Value = TRUE|FALSE
)
)
),
NumberFilters = list(
list(
FieldName = "activity_id"|"compliance.status_id"|"confidence_score"|"severity_id"|"status_id"|"finding_info.related_events_count"|"evidences.api.response.code"|"evidences.dst_endpoint.autonomous_system.number"|"evidences.dst_endpoint.port"|"evidences.src_endpoint.autonomous_system.number"|"evidences.src_endpoint.port"|"resources.image.in_use_count"|"vulnerabilities.cve.cvss.base_score"|"vendor_attributes.severity_id",
Filter = list(
Gte = 123.0,
Lte = 123.0,
Eq = 123.0,
Gt = 123.0,
Lt = 123.0
)
)
),
MapFilters = list(
list(
FieldName = "resources.tags"|"compliance.control_parameters"|"databucket.tags"|"finding_info.tags",
Filter = list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
)
),
IpFilters = list(
list(
FieldName = "evidences.dst_endpoint.ip"|"evidences.src_endpoint.ip",
Filter = list(
Cidr = "string"
)
)
),
NestedCompositeFilters = list(),
Operator = "AND"|"OR"
)
),
CompositeOperator = "AND"|"OR"
)
),
Actions = list(
list(
Type = "FINDING_FIELDS_UPDATE"|"EXTERNAL_INTEGRATION",
FindingFieldsUpdate = list(
SeverityId = 123,
Comment = "string",
StatusId = 123
),
ExternalIntegrationConfiguration = list(
ConnectorArn = "string"
)
)
),
Tags = list(
"string"
),
ClientToken = "string"
)