[−][src]Struct rusoto_securityhub::AwsSecurityFindingFilters
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
Fields
aws_account_id: Option<Vec<StringFilter>>The AWS account ID that a finding is generated in.
company_name: Option<Vec<StringFilter>>The name of the findings provider (company) that owns the solution (product) that generates findings.
compliance_status: Option<Vec<StringFilter>>Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.
confidence: Option<Vec<NumberFilter>>A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
created_at: Option<Vec<DateFilter>>An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
criticality: Option<Vec<NumberFilter>>The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
description: Option<Vec<StringFilter>>A finding's description.
first_observed_at: Option<Vec<DateFilter>>An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
generator_id: Option<Vec<StringFilter>>The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
id: Option<Vec<StringFilter>>The security findings provider-specific identifier for a finding.
keyword: Option<Vec<KeywordFilter>>A keyword for a finding.
last_observed_at: Option<Vec<DateFilter>>An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
malware_name: Option<Vec<StringFilter>>The name of the malware that was observed.
malware_path: Option<Vec<StringFilter>>The filesystem path of the malware that was observed.
malware_state: Option<Vec<StringFilter>>The state of the malware that was observed.
malware_type: Option<Vec<StringFilter>>The type of the malware that was observed.
network_destination_domain: Option<Vec<StringFilter>>The destination domain of network-related information about a finding.
network_destination_ip_v4: Option<Vec<IpFilter>>The destination IPv4 address of network-related information about a finding.
network_destination_ip_v6: Option<Vec<IpFilter>>The destination IPv6 address of network-related information about a finding.
network_destination_port: Option<Vec<NumberFilter>>The destination port of network-related information about a finding.
network_direction: Option<Vec<StringFilter>>Indicates the direction of network traffic associated with a finding.
network_protocol: Option<Vec<StringFilter>>The protocol of network-related information about a finding.
network_source_domain: Option<Vec<StringFilter>>The source domain of network-related information about a finding.
network_source_ip_v4: Option<Vec<IpFilter>>The source IPv4 address of network-related information about a finding.
network_source_ip_v6: Option<Vec<IpFilter>>The source IPv6 address of network-related information about a finding.
network_source_mac: Option<Vec<StringFilter>>The source media access control (MAC) address of network-related information about a finding.
network_source_port: Option<Vec<NumberFilter>>The source port of network-related information about a finding.
note_text: Option<Vec<StringFilter>>The text of a note.
note_updated_at: Option<Vec<DateFilter>>The timestamp of when the note was updated.
note_updated_by: Option<Vec<StringFilter>>The principal that created a note.
process_launched_at: Option<Vec<DateFilter>>The date/time that the process was launched.
process_name: Option<Vec<StringFilter>>The name of the process.
process_parent_pid: Option<Vec<NumberFilter>>The parent process ID.
process_path: Option<Vec<StringFilter>>The path to the process executable.
process_pid: Option<Vec<NumberFilter>>The process ID.
process_terminated_at: Option<Vec<DateFilter>>The date/time that the process was terminated.
product_arn: Option<Vec<StringFilter>>The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
product_fields: Option<Vec<MapFilter>>A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
product_name: Option<Vec<StringFilter>>The name of the solution (product) that generates findings.
recommendation_text: Option<Vec<StringFilter>>The recommendation of what to do about the issue described in a finding.
record_state: Option<Vec<StringFilter>>The updated record state for the finding.
The solution-generated identifier for a related finding.
The ARN of the solution that generated a related finding.
resource_aws_ec_2_instance_iam_instance_profile_arn: Option<Vec<StringFilter>>The IAM profile ARN of the instance.
resource_aws_ec_2_instance_image_id: Option<Vec<StringFilter>>The Amazon Machine Image (AMI) ID of the instance.
resource_aws_ec_2_instance_ip_v4_addresses: Option<Vec<IpFilter>>The IPv4 addresses associated with the instance.
resource_aws_ec_2_instance_ip_v6_addresses: Option<Vec<IpFilter>>The IPv6 addresses associated with the instance.
resource_aws_ec_2_instance_key_name: Option<Vec<StringFilter>>The key name associated with the instance.
resource_aws_ec_2_instance_launched_at: Option<Vec<DateFilter>>The date and time the instance was launched.
resource_aws_ec_2_instance_subnet_id: Option<Vec<StringFilter>>The identifier of the subnet that the instance was launched in.
resource_aws_ec_2_instance_type: Option<Vec<StringFilter>>The instance type of the instance.
resource_aws_ec_2_instance_vpc_id: Option<Vec<StringFilter>>The identifier of the VPC that the instance was launched in.
resource_aws_iam_access_key_created_at: Option<Vec<DateFilter>>The creation date/time of the IAM access key related to a finding.
resource_aws_iam_access_key_status: Option<Vec<StringFilter>>The status of the IAM access key related to a finding.
resource_aws_iam_access_key_user_name: Option<Vec<StringFilter>>The user associated with the IAM access key related to a finding.
resource_aws_s3_bucket_owner_id: Option<Vec<StringFilter>>The canonical user ID of the owner of the S3 bucket.
resource_aws_s3_bucket_owner_name: Option<Vec<StringFilter>>The display name of the owner of the S3 bucket.
resource_container_image_id: Option<Vec<StringFilter>>The identifier of the image related to a finding.
resource_container_image_name: Option<Vec<StringFilter>>The name of the image related to a finding.
resource_container_launched_at: Option<Vec<DateFilter>>The date/time that the container was started.
resource_container_name: Option<Vec<StringFilter>>The name of the container related to a finding.
resource_details_other: Option<Vec<MapFilter>>The details of a resource that doesn't have a specific subfield for the resource type defined.
resource_id: Option<Vec<StringFilter>>The canonical identifier for the given resource type.
resource_partition: Option<Vec<StringFilter>>The canonical AWS partition name that the Region is assigned to.
resource_region: Option<Vec<StringFilter>>The canonical AWS external Region name where this resource is located.
A list of AWS tags associated with a resource at the time the finding was processed.
resource_type: Option<Vec<StringFilter>>Specifies the type of the resource that details are provided for.
severity_label: Option<Vec<StringFilter>>The label of a finding's severity.
severity_normalized: Option<Vec<NumberFilter>>The normalized severity of a finding.
severity_product: Option<Vec<NumberFilter>>The native severity as defined by the security-findings provider's solution that generated the finding.
source_url: Option<Vec<StringFilter>>A URL that links to a page about the current finding in the security-findings provider's solution.
threat_intel_indicator_category: Option<Vec<StringFilter>>The category of a threat intelligence indicator.
threat_intel_indicator_last_observed_at: Option<Vec<DateFilter>>The date/time of the last observation of a threat intelligence indicator.
threat_intel_indicator_source: Option<Vec<StringFilter>>The source of the threat intelligence.
threat_intel_indicator_source_url: Option<Vec<StringFilter>>The URL for more details from the source of the threat intelligence.
threat_intel_indicator_type: Option<Vec<StringFilter>>The type of a threat intelligence indicator.
threat_intel_indicator_value: Option<Vec<StringFilter>>The value of a threat intelligence indicator.
title: Option<Vec<StringFilter>>A finding's title.
type_: Option<Vec<StringFilter>>A finding type in the format of namespace/category/classifier that classifies a finding.
updated_at: Option<Vec<DateFilter>>An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
user_defined_fields: Option<Vec<MapFilter>>A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
verification_state: Option<Vec<StringFilter>>The veracity of a finding.
workflow_state: Option<Vec<StringFilter>>The workflow state of a finding.
workflow_status: Option<Vec<StringFilter>>The status of the investigation into a finding. Allowed values are the following.
-
NEW- The initial state of a finding, before it is reviewed. -
NOTIFIED- Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. -
SUPPRESSED- The finding will not be reviewed again and will not be acted upon. -
RESOLVED- The finding was reviewed and remediated and is now considered resolved.
Trait Implementations
impl Clone for AwsSecurityFindingFilters[src]
pub fn clone(&self) -> AwsSecurityFindingFilters[src]
pub fn clone_from(&mut self, source: &Self)1.0.0[src]
impl Debug for AwsSecurityFindingFilters[src]
impl Default for AwsSecurityFindingFilters[src]
pub fn default() -> AwsSecurityFindingFilters[src]
impl<'de> Deserialize<'de> for AwsSecurityFindingFilters[src]
pub fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>, [src]
__D: Deserializer<'de>,
impl PartialEq<AwsSecurityFindingFilters> for AwsSecurityFindingFilters[src]
pub fn eq(&self, other: &AwsSecurityFindingFilters) -> bool[src]
pub fn ne(&self, other: &AwsSecurityFindingFilters) -> bool[src]
impl Serialize for AwsSecurityFindingFilters[src]
pub fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
__S: Serializer, [src]
__S: Serializer,
impl StructuralPartialEq for AwsSecurityFindingFilters[src]
Auto Trait Implementations
impl RefUnwindSafe for AwsSecurityFindingFilters[src]
impl Send for AwsSecurityFindingFilters[src]
impl Sync for AwsSecurityFindingFilters[src]
impl Unpin for AwsSecurityFindingFilters[src]
impl UnwindSafe for AwsSecurityFindingFilters[src]
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized, [src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T[src]
impl<T> DeserializeOwned for T where
T: for<'de> Deserialize<'de>, [src]
T: for<'de> Deserialize<'de>,
impl<T> From<T> for T[src]
impl<T> Instrument for T[src]
pub fn instrument(self, span: Span) -> Instrumented<Self>[src]
pub fn in_current_span(self) -> Instrumented<Self>[src]
impl<T> Instrument for T[src]
pub fn instrument(self, span: Span) -> Instrumented<Self>[src]
pub fn in_current_span(self) -> Instrumented<Self>[src]
impl<T, U> Into<U> for T where
U: From<T>, [src]
U: From<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T> ToOwned for T where
T: Clone, [src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T[src]
pub fn clone_into(&self, target: &mut T)[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,