Create Automation Rule
| securityhub_create_automation_rule | R Documentation |
Creates an automation rule based on input parameters¶
Description¶
Creates an automation rule based on input parameters.
Usage¶
securityhub_create_automation_rule(Tags, RuleStatus, RuleOrder,
RuleName, Description, IsTerminal, Criteria, Actions)
Arguments¶
Tags |
User-defined tags associated with an automation rule. |
RuleStatus |
Whether the rule is active after it is created. If this parameter
is equal to |
RuleOrder |
[required] An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first. |
RuleName |
[required] The name of the rule. |
Description |
[required] A description of the rule. |
IsTerminal |
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. |
Criteria |
[required] A set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding. |
Actions |
[required] One or more actions to update finding fields if a
finding matches the conditions specified in
|
Value¶
A list with the following syntax:
list(
RuleArn = "string"
)
Request syntax¶
svc$create_automation_rule(
Tags = list(
"string"
),
RuleStatus = "ENABLED"|"DISABLED",
RuleOrder = 123,
RuleName = "string",
Description = "string",
IsTerminal = TRUE|FALSE,
Criteria = list(
ProductArn = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
AwsAccountId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
Id = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
GeneratorId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
Type = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
FirstObservedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
LastObservedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
CreatedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
UpdatedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
Confidence = list(
list(
Gte = 123.0,
Lte = 123.0,
Eq = 123.0,
Gt = 123.0,
Lt = 123.0
)
),
Criticality = list(
list(
Gte = 123.0,
Lte = 123.0,
Eq = 123.0,
Gt = 123.0,
Lt = 123.0
)
),
Title = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
Description = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
SourceUrl = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ProductName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
CompanyName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
SeverityLabel = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceType = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourcePartition = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceRegion = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceTags = list(
list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceDetailsOther = list(
list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ComplianceStatus = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ComplianceSecurityControlId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ComplianceAssociatedStandardsId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
VerificationState = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
WorkflowStatus = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
RecordState = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
RelatedFindingsProductArn = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
RelatedFindingsId = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
NoteText = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
NoteUpdatedAt = list(
list(
Start = "string",
End = "string",
DateRange = list(
Value = 123,
Unit = "DAYS"
)
)
),
NoteUpdatedBy = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
UserDefinedFields = list(
list(
Key = "string",
Value = "string",
Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceApplicationArn = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
ResourceApplicationName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
),
AwsAccountName = list(
list(
Value = "string",
Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
)
)
),
Actions = list(
list(
Type = "FINDING_FIELDS_UPDATE",
FindingFieldsUpdate = list(
Note = list(
Text = "string",
UpdatedBy = "string"
),
Severity = list(
Normalized = 123,
Product = 123.0,
Label = "INFORMATIONAL"|"LOW"|"MEDIUM"|"HIGH"|"CRITICAL"
),
VerificationState = "UNKNOWN"|"TRUE_POSITIVE"|"FALSE_POSITIVE"|"BENIGN_POSITIVE",
Confidence = 123,
Criticality = 123,
Types = list(
"string"
),
UserDefinedFields = list(
"string"
),
Workflow = list(
Status = "NEW"|"NOTIFIED"|"RESOLVED"|"SUPPRESSED"
),
RelatedFindings = list(
list(
ProductArn = "string",
Id = "string"
)
)
)
)
)
)