Security Hub Automation Rule

This table represents the Security Hub Automation Rule resource from Amazon Web Services.

aws.securityhub_automation_rule

Fields

TitleIDTypeData TypeDescription
_keycorestring
account_idcorestring
actionscorejsonOne or more actions to update finding fields if a finding matches the defined criteria of the rule.
created_atcoretimestampA timestamp that indicates when the rule was created. For more information about the validation and formatting of timestamp fields in Security Hub, see <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps">Timestamps</a>.
created_bycorestringThe principal that created a rule.
criteriacorejsonA set of <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html">Amazon Web Services Security Finding Format</a> finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.
descriptioncorestringA description of the rule.
is_terminalcoreboolSpecifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
rule_arncorestringThe Amazon Resource Name (ARN) of a rule.
rule_namecorestringThe name of the rule.
rule_ordercoreint64An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
rule_statuscorestringWhether the rule is active after it is created. If this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings and finding updates after the rule is created.
tagscorehstore
updated_atcoretimestampA timestamp that indicates when the rule was most recently updated. For more information about the validation and formatting of timestamp fields in Security Hub, see <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps">Timestamps</a>.