AwsSecurityFindingFilters

rusoto_securityhub

Struct AwsSecurityFindingFilters 

Source 
pub struct AwsSecurityFindingFilters {
Show 84 fields
    pub aws_account_id: Option<Vec<StringFilter>>,
    pub company_name: Option<Vec<StringFilter>>,
    pub compliance_status: Option<Vec<StringFilter>>,
    pub confidence: Option<Vec<NumberFilter>>,
    pub created_at: Option<Vec<DateFilter>>,
    pub criticality: Option<Vec<NumberFilter>>,
    pub description: Option<Vec<StringFilter>>,
    pub first_observed_at: Option<Vec<DateFilter>>,
    pub generator_id: Option<Vec<StringFilter>>,
    pub id: Option<Vec<StringFilter>>,
    pub keyword: Option<Vec<KeywordFilter>>,
    pub last_observed_at: Option<Vec<DateFilter>>,
    pub malware_name: Option<Vec<StringFilter>>,
    pub malware_path: Option<Vec<StringFilter>>,
    pub malware_state: Option<Vec<StringFilter>>,
    pub malware_type: Option<Vec<StringFilter>>,
    pub network_destination_domain: Option<Vec<StringFilter>>,
    pub network_destination_ip_v4: Option<Vec<IpFilter>>,
    pub network_destination_ip_v6: Option<Vec<IpFilter>>,
    pub network_destination_port: Option<Vec<NumberFilter>>,
    pub network_direction: Option<Vec<StringFilter>>,
    pub network_protocol: Option<Vec<StringFilter>>,
    pub network_source_domain: Option<Vec<StringFilter>>,
    pub network_source_ip_v4: Option<Vec<IpFilter>>,
    pub network_source_ip_v6: Option<Vec<IpFilter>>,
    pub network_source_mac: Option<Vec<StringFilter>>,
    pub network_source_port: Option<Vec<NumberFilter>>,
    pub note_text: Option<Vec<StringFilter>>,
    pub note_updated_at: Option<Vec<DateFilter>>,
    pub note_updated_by: Option<Vec<StringFilter>>,
    pub process_launched_at: Option<Vec<DateFilter>>,
    pub process_name: Option<Vec<StringFilter>>,
    pub process_parent_pid: Option<Vec<NumberFilter>>,
    pub process_path: Option<Vec<StringFilter>>,
    pub process_pid: Option<Vec<NumberFilter>>,
    pub process_terminated_at: Option<Vec<DateFilter>>,
    pub product_arn: Option<Vec<StringFilter>>,
    pub product_fields: Option<Vec<MapFilter>>,
    pub product_name: Option<Vec<StringFilter>>,
    pub recommendation_text: Option<Vec<StringFilter>>,
    pub record_state: Option<Vec<StringFilter>>,
    pub related_findings_id: Option<Vec<StringFilter>>,
    pub related_findings_product_arn: Option<Vec<StringFilter>>,
    pub resource_aws_ec_2_instance_iam_instance_profile_arn: Option<Vec<StringFilter>>,
    pub resource_aws_ec_2_instance_image_id: Option<Vec<StringFilter>>,
    pub resource_aws_ec_2_instance_ip_v4_addresses: Option<Vec<IpFilter>>,
    pub resource_aws_ec_2_instance_ip_v6_addresses: Option<Vec<IpFilter>>,
    pub resource_aws_ec_2_instance_key_name: Option<Vec<StringFilter>>,
    pub resource_aws_ec_2_instance_launched_at: Option<Vec<DateFilter>>,
    pub resource_aws_ec_2_instance_subnet_id: Option<Vec<StringFilter>>,
    pub resource_aws_ec_2_instance_type: Option<Vec<StringFilter>>,
    pub resource_aws_ec_2_instance_vpc_id: Option<Vec<StringFilter>>,
    pub resource_aws_iam_access_key_created_at: Option<Vec<DateFilter>>,
    pub resource_aws_iam_access_key_status: Option<Vec<StringFilter>>,
    pub resource_aws_iam_access_key_user_name: Option<Vec<StringFilter>>,
    pub resource_aws_s3_bucket_owner_id: Option<Vec<StringFilter>>,
    pub resource_aws_s3_bucket_owner_name: Option<Vec<StringFilter>>,
    pub resource_container_image_id: Option<Vec<StringFilter>>,
    pub resource_container_image_name: Option<Vec<StringFilter>>,
    pub resource_container_launched_at: Option<Vec<DateFilter>>,
    pub resource_container_name: Option<Vec<StringFilter>>,
    pub resource_details_other: Option<Vec<MapFilter>>,
    pub resource_id: Option<Vec<StringFilter>>,
    pub resource_partition: Option<Vec<StringFilter>>,
    pub resource_region: Option<Vec<StringFilter>>,
    pub resource_tags: Option<Vec<MapFilter>>,
    pub resource_type: Option<Vec<StringFilter>>,
    pub severity_label: Option<Vec<StringFilter>>,
    pub severity_normalized: Option<Vec<NumberFilter>>,
    pub severity_product: Option<Vec<NumberFilter>>,
    pub source_url: Option<Vec<StringFilter>>,
    pub threat_intel_indicator_category: Option<Vec<StringFilter>>,
    pub threat_intel_indicator_last_observed_at: Option<Vec<DateFilter>>,
    pub threat_intel_indicator_source: Option<Vec<StringFilter>>,
    pub threat_intel_indicator_source_url: Option<Vec<StringFilter>>,
    pub threat_intel_indicator_type: Option<Vec<StringFilter>>,
    pub threat_intel_indicator_value: Option<Vec<StringFilter>>,
    pub title: Option<Vec<StringFilter>>,
    pub type_: Option<Vec<StringFilter>>,
    pub updated_at: Option<Vec<DateFilter>>,
    pub user_defined_fields: Option<Vec<MapFilter>>,
    pub verification_state: Option<Vec<StringFilter>>,
    pub workflow_state: Option<Vec<StringFilter>>,
    pub workflow_status: Option<Vec<StringFilter>>,

}
Expand description

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

Fields§

§aws_account_id: Option<Vec<StringFilter>>

The AWS account ID that a finding is generated in.

§company_name: Option<Vec<StringFilter>>

The name of the findings provider (company) that owns the solution (product) that generates findings.

§compliance_status: Option<Vec<StringFilter>>

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.

§confidence: Option<Vec<NumberFilter>>

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

§created_at: Option<Vec<DateFilter>>

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

§criticality: Option<Vec<NumberFilter>>

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

§description: Option<Vec<StringFilter>>

A finding's description.

§first_observed_at: Option<Vec<DateFilter>>

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

§generator_id: Option<Vec<StringFilter>>

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

§id: Option<Vec<StringFilter>>

The security findings provider-specific identifier for a finding.

§keyword: Option<Vec<KeywordFilter>>

A keyword for a finding.

§last_observed_at: Option<Vec<DateFilter>>

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

§malware_name: Option<Vec<StringFilter>>

The name of the malware that was observed.

§malware_path: Option<Vec<StringFilter>>

The filesystem path of the malware that was observed.

§malware_state: Option<Vec<StringFilter>>

The state of the malware that was observed.

§malware_type: Option<Vec<StringFilter>>

The type of the malware that was observed.

§network_destination_domain: Option<Vec<StringFilter>>

The destination domain of network-related information about a finding.

§network_destination_ip_v4: Option<Vec<IpFilter>>

The destination IPv4 address of network-related information about a finding.

§network_destination_ip_v6: Option<Vec<IpFilter>>

The destination IPv6 address of network-related information about a finding.

§network_destination_port: Option<Vec<NumberFilter>>

The destination port of network-related information about a finding.

§network_direction: Option<Vec<StringFilter>>

Indicates the direction of network traffic associated with a finding.

§network_protocol: Option<Vec<StringFilter>>

The protocol of network-related information about a finding.

§network_source_domain: Option<Vec<StringFilter>>

The source domain of network-related information about a finding.

§network_source_ip_v4: Option<Vec<IpFilter>>

The source IPv4 address of network-related information about a finding.

§network_source_ip_v6: Option<Vec<IpFilter>>

The source IPv6 address of network-related information about a finding.

§network_source_mac: Option<Vec<StringFilter>>

The source media access control (MAC) address of network-related information about a finding.

§network_source_port: Option<Vec<NumberFilter>>

The source port of network-related information about a finding.

§note_text: Option<Vec<StringFilter>>

The text of a note.

§note_updated_at: Option<Vec<DateFilter>>

The timestamp of when the note was updated.

§note_updated_by: Option<Vec<StringFilter>>

The principal that created a note.

§process_launched_at: Option<Vec<DateFilter>>

The date/time that the process was launched.

§process_name: Option<Vec<StringFilter>>

The name of the process.

§process_parent_pid: Option<Vec<NumberFilter>>

The parent process ID.

§process_path: Option<Vec<StringFilter>>

The path to the process executable.

§process_pid: Option<Vec<NumberFilter>>

The process ID.

§process_terminated_at: Option<Vec<DateFilter>>

The date/time that the process was terminated.

§product_arn: Option<Vec<StringFilter>>

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.

§product_fields: Option<Vec<MapFilter>>

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

§product_name: Option<Vec<StringFilter>>

The name of the solution (product) that generates findings.

§recommendation_text: Option<Vec<StringFilter>>

The recommendation of what to do about the issue described in a finding.

§record_state: Option<Vec<StringFilter>>

The updated record state for the finding.

§related_findings_id: Option<Vec<StringFilter>>

The solution-generated identifier for a related finding.

§related_findings_product_arn: Option<Vec<StringFilter>>

The ARN of the solution that generated a related finding.

§resource_aws_ec_2_instance_iam_instance_profile_arn: Option<Vec<StringFilter>>

The IAM profile ARN of the instance.

§resource_aws_ec_2_instance_image_id: Option<Vec<StringFilter>>

The Amazon Machine Image (AMI) ID of the instance.

§resource_aws_ec_2_instance_ip_v4_addresses: Option<Vec<IpFilter>>

The IPv4 addresses associated with the instance.

§resource_aws_ec_2_instance_ip_v6_addresses: Option<Vec<IpFilter>>

The IPv6 addresses associated with the instance.

§resource_aws_ec_2_instance_key_name: Option<Vec<StringFilter>>

The key name associated with the instance.

§resource_aws_ec_2_instance_launched_at: Option<Vec<DateFilter>>

The date and time the instance was launched.

§resource_aws_ec_2_instance_subnet_id: Option<Vec<StringFilter>>

The identifier of the subnet that the instance was launched in.

§resource_aws_ec_2_instance_type: Option<Vec<StringFilter>>

The instance type of the instance.

§resource_aws_ec_2_instance_vpc_id: Option<Vec<StringFilter>>

The identifier of the VPC that the instance was launched in.

§resource_aws_iam_access_key_created_at: Option<Vec<DateFilter>>

The creation date/time of the IAM access key related to a finding.

§resource_aws_iam_access_key_status: Option<Vec<StringFilter>>

The status of the IAM access key related to a finding.

§resource_aws_iam_access_key_user_name: Option<Vec<StringFilter>>

The user associated with the IAM access key related to a finding.

§resource_aws_s3_bucket_owner_id: Option<Vec<StringFilter>>

The canonical user ID of the owner of the S3 bucket.

§resource_aws_s3_bucket_owner_name: Option<Vec<StringFilter>>

The display name of the owner of the S3 bucket.

§resource_container_image_id: Option<Vec<StringFilter>>

The identifier of the image related to a finding.

§resource_container_image_name: Option<Vec<StringFilter>>

The name of the image related to a finding.

§resource_container_launched_at: Option<Vec<DateFilter>>

The date/time that the container was started.

§resource_container_name: Option<Vec<StringFilter>>

The name of the container related to a finding.

§resource_details_other: Option<Vec<MapFilter>>

The details of a resource that doesn't have a specific subfield for the resource type defined.

§resource_id: Option<Vec<StringFilter>>

The canonical identifier for the given resource type.

§resource_partition: Option<Vec<StringFilter>>

The canonical AWS partition name that the Region is assigned to.

§resource_region: Option<Vec<StringFilter>>

The canonical AWS external Region name where this resource is located.

§resource_tags: Option<Vec<MapFilter>>

A list of AWS tags associated with a resource at the time the finding was processed.

§resource_type: Option<Vec<StringFilter>>

Specifies the type of the resource that details are provided for.

§severity_label: Option<Vec<StringFilter>>

The label of a finding's severity.

§severity_normalized: Option<Vec<NumberFilter>>

The normalized severity of a finding.

§severity_product: Option<Vec<NumberFilter>>

The native severity as defined by the security-findings provider's solution that generated the finding.

§source_url: Option<Vec<StringFilter>>

A URL that links to a page about the current finding in the security-findings provider's solution.

§threat_intel_indicator_category: Option<Vec<StringFilter>>

The category of a threat intelligence indicator.

§threat_intel_indicator_last_observed_at: Option<Vec<DateFilter>>

The date/time of the last observation of a threat intelligence indicator.

§threat_intel_indicator_source: Option<Vec<StringFilter>>

The source of the threat intelligence.

§threat_intel_indicator_source_url: Option<Vec<StringFilter>>

The URL for more details from the source of the threat intelligence.

§threat_intel_indicator_type: Option<Vec<StringFilter>>

The type of a threat intelligence indicator.

§threat_intel_indicator_value: Option<Vec<StringFilter>>

The value of a threat intelligence indicator.

§title: Option<Vec<StringFilter>>

A finding's title.

§type_: Option<Vec<StringFilter>>

A finding type in the format of namespace/category/classifier that classifies a finding.

§updated_at: Option<Vec<DateFilter>>

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

§user_defined_fields: Option<Vec<MapFilter>>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

§verification_state: Option<Vec<StringFilter>>

The veracity of a finding.

§workflow_state: Option<Vec<StringFilter>>

The workflow state of a finding.

§workflow_status: Option<Vec<StringFilter>>

The status of the investigation into a finding. Allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

  • NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

  • SUPPRESSED - The finding will not be reviewed again and will not be acted upon.

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

Trait Implementations§

Source§

impl Clone for AwsSecurityFindingFilters

Source§

fn clone(&self) -> AwsSecurityFindingFilters

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AwsSecurityFindingFilters

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for AwsSecurityFindingFilters

Source§

fn default() -> AwsSecurityFindingFilters

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for AwsSecurityFindingFilters

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for AwsSecurityFindingFilters

Source§

fn eq(&self, other: &AwsSecurityFindingFilters) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for AwsSecurityFindingFilters

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for AwsSecurityFindingFilters

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,