guardduty_create_filter: Creates a filter using the specified finding criteria

In paws.security.identity: 'Amazon Web Services' Security, Identity, & Compliance Services

Creates a filter using the specified finding criteria

Description

Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.

See https://www.paws-r-sdk.com/docs/guardduty_create_filter/ for full documentation.

Usage

guardduty_create_filter(
  DetectorId,
  Name,
  Description = NULL,
  Action = NULL,
  Rank = NULL,
  FindingCriteria,
  ClientToken = NULL,
  Tags = NULL
)

Arguments

DetectorId	[required] The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
Name	[required] The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
Description	The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, ⁠[ ]⁠, and ⁠( )⁠), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. [ ]: R:%20
Action	Specifies the action that is to be applied to the findings that match the filter.
Rank	Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria	[required] Represents the criteria to be used in the filter for querying findings. You can only use the following attributes to query findings: accountId id region severity To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition: Low: ⁠["1", "2", "3"]⁠ Medium: ⁠["4", "5", "6"]⁠ High: ⁠["7", "8", "9"]⁠ For more information, see Severity levels for GuardDuty findings. type updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds. resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.outpostArn resource.resourceType resource.s3BucketDetails.publicAccess.effectivePermissions resource.s3BucketDetails.name resource.s3BucketDetails.tags.key resource.s3BucketDetails.tags.value resource.s3BucketDetails.type service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.errorCode service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.ipAddressV6 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.dnsRequestAction.domainWithSuffix service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.remoteIpDetails.city.cityName service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.ipAddressV6 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.action.awsApiCallAction.remoteAccountDetails.affiliated service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4 service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6 service.action.kubernetesApiCallAction.namespace service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn service.action.kubernetesApiCallAction.requestUri service.action.kubernetesApiCallAction.statusCode service.action.networkConnectionAction.localIpDetails.ipAddressV4 service.action.networkConnectionAction.localIpDetails.ipAddressV6 service.action.networkConnectionAction.protocol service.action.awsApiCallAction.serviceName service.action.awsApiCallAction.remoteAccountDetails.accountId service.additionalInfo.threatListName service.resourceRole resource.eksClusterDetails.name resource.kubernetesDetails.kubernetesWorkloadDetails.name resource.kubernetesDetails.kubernetesWorkloadDetails.namespace resource.kubernetesDetails.kubernetesUserDetails.username resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix service.ebsVolumeScanDetails.scanId service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash resource.ecsClusterDetails.name resource.ecsClusterDetails.taskDetails.containers.image resource.ecsClusterDetails.taskDetails.definitionArn resource.containerDetails.image resource.rdsDbInstanceDetails.dbInstanceIdentifier resource.rdsDbInstanceDetails.dbClusterIdentifier resource.rdsDbInstanceDetails.engine resource.rdsDbUserDetails.user resource.rdsDbInstanceDetails.tags.key resource.rdsDbInstanceDetails.tags.value service.runtimeDetails.process.executableSha256 service.runtimeDetails.process.name service.runtimeDetails.process.name resource.lambdaDetails.functionName resource.lambdaDetails.functionArn resource.lambdaDetails.tags.key resource.lambdaDetails.tags.value
ClientToken	The idempotency token for the create request.
Tags	The tags to be added to a new filter resource.

paws.security.identity documentation built on Sept. 12, 2024, 6:30 a.m.