Struct aws_sdk_securityhub::types::AwsSecurityFinding

#[non_exhaustive]
pub struct AwsSecurityFinding {

    pub schema_version: Option<String>,
    pub id: Option<String>,
    pub product_arn: Option<String>,
    pub product_name: Option<String>,
    pub company_name: Option<String>,
    pub region: Option<String>,
    pub generator_id: Option<String>,
    pub aws_account_id: Option<String>,
    pub types: Option<Vec<String>>,
    pub first_observed_at: Option<String>,
    pub last_observed_at: Option<String>,
    pub created_at: Option<String>,
    pub updated_at: Option<String>,
    pub severity: Option<Severity>,
    pub confidence: i32,
    pub criticality: i32,
    pub title: Option<String>,
    pub description: Option<String>,
    pub remediation: Option<Remediation>,
    pub source_url: Option<String>,
    pub product_fields: Option<HashMap<String, String>>,
    pub user_defined_fields: Option<HashMap<String, String>>,
    pub malware: Option<Vec<Malware>>,
    pub network: Option<Network>,
    pub network_path: Option<Vec<NetworkPathComponent>>,
    pub process: Option<ProcessDetails>,
    pub threats: Option<Vec<Threat>>,
    pub threat_intel_indicators: Option<Vec<ThreatIntelIndicator>>,
    pub resources: Option<Vec<Resource>>,
    pub compliance: Option<Compliance>,
    pub verification_state: Option<VerificationState>,
    pub workflow_state: Option<WorkflowState>,
    pub workflow: Option<Workflow>,
    pub record_state: Option<RecordState>,
    pub related_findings: Option<Vec<RelatedFinding>>,
    pub note: Option<Note>,
    pub vulnerabilities: Option<Vec<Vulnerability>>,
    pub patch_summary: Option<PatchSummary>,
    pub action: Option<Action>,
    pub finding_provider_fields: Option<FindingProviderFields>,
    pub sample: bool,
}

Provides a consistent format for Security Hub findings. AwsSecurityFinding format allows you to share findings between Amazon Web Services security services and third-party solutions.

A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

schema_version: Option<String>

The schema version that a finding is formatted for.

id: Option<String>

The security findings provider-specific identifier for a finding.

product_arn: Option<String>

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

product_name: Option<String>

The name of the product that generated the finding.

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

When you use the Security Hub console or API to filter findings by product name, you use this attribute.

company_name: Option<String>

The name of the company for the product that generated the finding.

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

When you use the Security Hub console or API to filter findings by company name, you use this attribute.

region: Option<String>

The Region from which the finding was generated.

Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

generator_id: Option<String>

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

aws_account_id: Option<String>

The Amazon Web Services account ID that a finding is generated in.

types: Option<Vec<String>>

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

first_observed_at: Option<String>

Indicates when the security findings provider first observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

last_observed_at: Option<String>

Indicates when the security findings provider most recently observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

created_at: Option<String>

Indicates when the security findings provider created the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

updated_at: Option<String>

Indicates when the security findings provider last updated the finding record.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

severity: Option<Severity>

A finding's severity.

confidence: i32

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

criticality: i32

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

title: Option<String>

A finding's title.

In this release, Title is a required property.

description: Option<String>

A finding's description.

In this release, Description is a required property.

remediation: Option<Remediation>

A data type that describes the remediation options for a finding.

source_url: Option<String>

A URL that links to a page about the current finding in the security findings provider's solution.

product_fields: Option<HashMap<String, String>>

A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

user_defined_fields: Option<HashMap<String, String>>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

malware: Option<Vec<Malware>>

A list of malware related to a finding.

network: Option<Network>

The details of network-related information about a finding.

network_path: Option<Vec<NetworkPathComponent>>

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

process: Option<ProcessDetails>

The details of process-related information about a finding.

threats: Option<Vec<Threat>>

Details about the threat detected in a security finding and the file paths that were affected by the threat.

threat_intel_indicators: Option<Vec<ThreatIntelIndicator>>

Threat intelligence details related to a finding.

resources: Option<Vec<Resource>>

A set of resource data types that describe the resources that the finding refers to.

compliance: Option<Compliance>

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

verification_state: Option<VerificationState>

Indicates the veracity of a finding.

workflow_state: Option<WorkflowState>

The workflow state of a finding.

workflow: Option<Workflow>

Provides information about the status of the investigation into a finding.

record_state: Option<RecordState>

The record state of a finding.

related_findings: Option<Vec<RelatedFinding>>

A list of related findings.

note: Option<Note>

A user-defined note added to a finding.

vulnerabilities: Option<Vec<Vulnerability>>

Provides a list of vulnerabilities associated with the findings.

patch_summary: Option<PatchSummary>

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

action: Option<Action>

Provides details about an action that affects or that was taken on a resource.

finding_provider_fields: Option<FindingProviderFields>

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

sample: bool

Indicates whether the finding is a sample finding.

Implementations

impl AwsSecurityFinding

pub fn schema_version(&self) -> Option<&str>

The schema version that a finding is formatted for.

pub fn id(&self) -> Option<&str>

The security findings provider-specific identifier for a finding.

pub fn product_arn(&self) -> Option<&str>

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

pub fn product_name(&self) -> Option<&str>

The name of the product that generated the finding.

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

When you use the Security Hub console or API to filter findings by product name, you use this attribute.

pub fn company_name(&self) -> Option<&str>

The name of the company for the product that generated the finding.

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

When you use the Security Hub console or API to filter findings by company name, you use this attribute.

pub fn region(&self) -> Option<&str>

The Region from which the finding was generated.

Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

pub fn generator_id(&self) -> Option<&str>

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

pub fn aws_account_id(&self) -> Option<&str>

The Amazon Web Services account ID that a finding is generated in.

pub fn types(&self) -> Option<&[String]>

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

pub fn first_observed_at(&self) -> Option<&str>

Indicates when the security findings provider first observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

pub fn last_observed_at(&self) -> Option<&str>

Indicates when the security findings provider most recently observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

pub fn created_at(&self) -> Option<&str>

Indicates when the security findings provider created the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

pub fn updated_at(&self) -> Option<&str>

Indicates when the security findings provider last updated the finding record.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

pub fn severity(&self) -> Option<&Severity>

A finding's severity.

pub fn confidence(&self) -> i32

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

pub fn criticality(&self) -> i32

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

pub fn title(&self) -> Option<&str>

A finding's title.

In this release, Title is a required property.

pub fn description(&self) -> Option<&str>

A finding's description.

In this release, Description is a required property.

pub fn remediation(&self) -> Option<&Remediation>

A data type that describes the remediation options for a finding.

pub fn source_url(&self) -> Option<&str>

A URL that links to a page about the current finding in the security findings provider's solution.

pub fn product_fields(&self) -> Option<&HashMap<String, String>>

A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

pub fn user_defined_fields(&self) -> Option<&HashMap<String, String>>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

pub fn malware(&self) -> Option<&[Malware]>

A list of malware related to a finding.

pub fn network(&self) -> Option<&Network>

The details of network-related information about a finding.

pub fn network_path(&self) -> Option<&[NetworkPathComponent]>

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

pub fn process(&self) -> Option<&ProcessDetails>

The details of process-related information about a finding.

pub fn threats(&self) -> Option<&[Threat]>

Details about the threat detected in a security finding and the file paths that were affected by the threat.

pub fn threat_intel_indicators(&self) -> Option<&[ThreatIntelIndicator]>

Threat intelligence details related to a finding.

pub fn resources(&self) -> Option<&[Resource]>

A set of resource data types that describe the resources that the finding refers to.

pub fn compliance(&self) -> Option<&Compliance>

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

pub fn verification_state(&self) -> Option<&VerificationState>

Indicates the veracity of a finding.

pub fn workflow_state(&self) -> Option<&WorkflowState>

The workflow state of a finding.

pub fn workflow(&self) -> Option<&Workflow>

Provides information about the status of the investigation into a finding.

pub fn record_state(&self) -> Option<&RecordState>

The record state of a finding.

pub fn related_findings(&self) -> Option<&[RelatedFinding]>

A list of related findings.

pub fn note(&self) -> Option<&Note>

A user-defined note added to a finding.

pub fn vulnerabilities(&self) -> Option<&[Vulnerability]>

Provides a list of vulnerabilities associated with the findings.

pub fn patch_summary(&self) -> Option<&PatchSummary>

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

pub fn action(&self) -> Option<&Action>

Provides details about an action that affects or that was taken on a resource.

pub fn finding_provider_fields(&self) -> Option<&FindingProviderFields>

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

pub fn sample(&self) -> bool

Indicates whether the finding is a sample finding.

impl AwsSecurityFinding

pub fn builder() -> AwsSecurityFindingBuilder

Creates a new builder-style object to manufacture AwsSecurityFinding.

Trait Implementations

impl Clone for AwsSecurityFinding

fn clone(&self) -> AwsSecurityFinding

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AwsSecurityFinding

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq<AwsSecurityFinding> for AwsSecurityFinding

fn eq(&self, other: &AwsSecurityFinding) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for AwsSecurityFinding