Create Automation Rule
| securityhub_create_automation_rule | R Documentation |
Creates an automation rule based on input parameters¶
Description¶
Creates an automation rule based on input parameters.
Usage¶
securityhub_create_automation_rule(Tags, RuleStatus, RuleOrder,
RuleName, Description, IsTerminal, Criteria, Actions)
Arguments¶
TagsUser-defined tags associated with an automation rule.
RuleStatusWhether the rule is active after it is created. If this parameter is equal to
ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, usebatch_update_automation_rules.RuleOrder[required] An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
RuleName[required] The name of the rule.
Description[required] A description of the rule.
IsTerminalSpecifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
Criteria[required] A set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.
Actions[required] One or more actions to update finding fields if a finding matches the conditions specified in
Criteria.
Value¶
A list with the following syntax:
Request syntax¶
svc$create_automation_rule(
Tags = list(
"string"
),
RuleStatus = "ENABLED"|"DISABLED",
RuleOrder = 123,
RuleName = "string",
Description = "string",
IsTerminal = TRUE|FALSE,
Criteria = list(
ProductArn = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
AwsAccountId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
Id = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
GeneratorId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
Type = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
FirstObservedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
LastObservedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
CreatedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
UpdatedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
Confidence = list(
list(
Gte = 123.0,
Lte = 123.0,
Eq = 123.0,
Gt = 123.0,
Lt = 123.0
)
),
Criticality = list(
list(
Gte = 123.0,
Lte = 123.0,
Eq = 123.0,
Gt = 123.0,
Lt = 123.0
)
),
Title = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
Description = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
SourceUrl = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ProductName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
CompanyName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
SeverityLabel = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceType = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourcePartition = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceRegion = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceTags = list(
list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceDetailsOther = list(
list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ComplianceStatus = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ComplianceSecurityControlId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ComplianceAssociatedStandardsId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
VerificationState = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
WorkflowStatus = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
RecordState = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
RelatedFindingsProductArn = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
RelatedFindingsId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
NoteText = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
NoteUpdatedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
NoteUpdatedBy = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
UserDefinedFields = list(
list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceApplicationArn = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceApplicationName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
AwsAccountName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
)
),
Actions = list(
list(
Type = "FINDING_FIELDS_UPDATE",
FindingFieldsUpdate = list(
Note = list(
Text = "string",
UpdatedBy = "string"
),
Severity = list(
Normalized = 123,
Product = 123.0,
Label = "INFORMATIONAL"|"LOW"|"MEDIUM"|"HIGH"|"CRITICAL"
),
VerificationState = "UNKNOWN"|"TRUE_POSITIVE"|"FALSE_POSITIVE"|"BENIGN_POSITIVE",
Confidence = 123,
Criticality = 123,
Types = list(
"string"
),
UserDefinedFields = list(
"string"
),
Workflow = list(
Status = "NEW"|"NOTIFIED"|"RESOLVED"|"SUPPRESSED"
),
RelatedFindings = list(
list(
ProductArn = "string",
Id = "string"
)
)
)
)
)
)
Examples¶
## Not run:
# The following example creates an automation rule.
svc$create_automation_rule(
Actions = list(
list(
FindingFieldsUpdate = list(
Note = list(
Text = "This is a critical S3 bucket, please look into this ASAP",
UpdatedBy = "test-user"
),
Severity = list(
Label = "CRITICAL"
)
),
Type = "FINDING_FIELDS_UPDATE"
)
),
Criteria = list(
ComplianceStatus = list(
list(
Comparison = "EQUALS",
Value = "FAILED"
)
),
ProductName = list(
list(
Comparison = "EQUALS",
Value = "Security Hub"
)
),
RecordState = list(
list(
Comparison = "EQUALS",
Value = "ACTIVE"
)
),
ResourceId = list(
list(
Comparison = "EQUALS",
Value = "arn:aws:s3:::examplebucket/developers/design_info.doc"
)
),
WorkflowStatus = list(
list(
Comparison = "EQUALS",
Value = "NEW"
)
)
),
Description = "Elevate finding severity to Critical for important resources",
IsTerminal = FALSE,
RuleName = "Elevate severity for important resources",
RuleOrder = 1L,
RuleStatus = "ENABLED",
Tags = list(
`important-resources-rule` = "s3-bucket"
)
)
## End(Not run)