aws-native.securityhub.getInsight

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

Using getInsight

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getInsight(args: GetInsightArgs, opts?: InvokeOptions): Promise<GetInsightResult>
function getInsightOutput(args: GetInsightOutputArgs, opts?: InvokeOptions): Output<GetInsightResult>

def get_insight(insight_arn: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetInsightResult
def get_insight_output(insight_arn: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetInsightResult]

func LookupInsight(ctx *Context, args *LookupInsightArgs, opts ...InvokeOption) (*LookupInsightResult, error)
func LookupInsightOutput(ctx *Context, args *LookupInsightOutputArgs, opts ...InvokeOption) LookupInsightResultOutput

> Note: This function is named LookupInsight in the Go SDK.

public static class GetInsight 
{
    public static Task<GetInsightResult> InvokeAsync(GetInsightArgs args, InvokeOptions? opts = null)
    public static Output<GetInsightResult> Invoke(GetInsightInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetInsightResult> getInsight(GetInsightArgs args, InvokeOptions options)
public static Output<GetInsightResult> getInsight(GetInsightArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:securityhub:getInsight
  arguments:
    # arguments dictionary

The following arguments are supported:

InsightArn string: The ARN of a Security Hub insight

InsightArn string: The ARN of a Security Hub insight

insightArn String: The ARN of a Security Hub insight

insightArn string: The ARN of a Security Hub insight

insight_arn str: The ARN of a Security Hub insight

insightArn String: The ARN of a Security Hub insight

getInsight Result

The following output properties are available:

Filters Pulumi.AwsNative.SecurityHub.Outputs.InsightAwsSecurityFindingFilters: One or more attributes used to filter the findings included in the insight
GroupByAttribute string: The grouping attribute for the insight's findings
InsightArn string: The ARN of a Security Hub insight
Name string: The name of a Security Hub insight

Filters InsightAwsSecurityFindingFilters: One or more attributes used to filter the findings included in the insight
GroupByAttribute string: The grouping attribute for the insight's findings
InsightArn string: The ARN of a Security Hub insight
Name string: The name of a Security Hub insight

filters InsightAwsSecurityFindingFilters: One or more attributes used to filter the findings included in the insight
groupByAttribute String: The grouping attribute for the insight's findings
insightArn String: The ARN of a Security Hub insight
name String: The name of a Security Hub insight

filters InsightAwsSecurityFindingFilters: One or more attributes used to filter the findings included in the insight
groupByAttribute string: The grouping attribute for the insight's findings
insightArn string: The ARN of a Security Hub insight
name string: The name of a Security Hub insight

filters InsightAwsSecurityFindingFilters: One or more attributes used to filter the findings included in the insight
group_by_attribute str: The grouping attribute for the insight's findings
insight_arn str: The ARN of a Security Hub insight
name str: The name of a Security Hub insight

filters Property Map: One or more attributes used to filter the findings included in the insight
groupByAttribute String: The grouping attribute for the insight's findings
insightArn String: The ARN of a Security Hub insight
name String: The name of a Security Hub insight

Supporting Types

InsightAwsSecurityFindingFilters

AwsAccountId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The AWS account ID in which a finding is generated.
AwsAccountName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the AWS account in which a finding is generated.
CompanyName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the findings provider (company) that owns the solution (product) that generates findings.
ComplianceAssociatedStandardsId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The unique identifier of a standard in which a control is enabled.
ComplianceSecurityControlId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The unique identifier of a control across standards.
ComplianceSecurityControlParametersName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of a security control parameter.
ComplianceSecurityControlParametersValue List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The current value of a security control parameter.
ComplianceStatus List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
Confidence List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: A finding's confidence.
CreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
Criticality List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The level of importance assigned to the resources associated with the finding.
Description List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: A finding's description.
FindingProviderFieldsConfidence List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The finding provider value for the finding confidence.
FindingProviderFieldsCriticality List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The finding provider value for the level of importance assigned to the resources associated with the findings.
FindingProviderFieldsRelatedFindingsId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The finding identifier of a related finding that is identified by the finding provider.
FindingProviderFieldsRelatedFindingsProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The ARN of the solution that generated a related finding that is identified by the finding provider.
FindingProviderFieldsSeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The finding provider value for the severity label.
FindingProviderFieldsSeverityOriginal List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The finding provider's original value for the severity.
FindingProviderFieldsTypes List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: One or more finding types that the finding provider assigned to the finding.
FirstObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
GeneratorId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
Id List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The security findings provider-specific identifier for a finding.
Keyword List<Pulumi.AwsNative.SecurityHub.Inputs.InsightKeywordFilter>: A keyword for a finding.
LastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
MalwareName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the malware that was observed.
MalwarePath List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The filesystem path of the malware that was observed.
MalwareState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The state of the malware that was observed.
MalwareType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The type of the malware that was observed.
NetworkDestinationDomain List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The destination domain of network-related information about a finding.
NetworkDestinationIpV4 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>: The destination IPv4 address of network-related information about a finding.
NetworkDestinationIpV6 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>: The destination IPv6 address of network-related information about a finding.
NetworkDestinationPort List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The destination port of network-related information about a finding.
NetworkDirection List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: Indicates the direction of network traffic associated with a finding.
NetworkProtocol List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The protocol of network-related information about a finding.
NetworkSourceDomain List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The source domain of network-related information about a finding.
NetworkSourceIpV4 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>: The source IPv4 address of network-related information about a finding.
NetworkSourceIpV6 List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>: The source IPv6 address of network-related information about a finding.
NetworkSourceMac List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The source media access control (MAC) address of network-related information about a finding.
NetworkSourcePort List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The source port of network-related information about a finding.
NoteText List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The text of a note.
NoteUpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: The timestamp of when the note was updated.
NoteUpdatedBy List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The principal that created a note.
ProcessLaunchedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: A timestamp that identifies when the process was launched.
ProcessName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the process.
ProcessParentPid List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The parent process ID.
ProcessPath List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The path to the process executable.
ProcessPid List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The process ID.
ProcessTerminatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: A timestamp that identifies when the process was terminated.
ProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
ProductFields List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
ProductName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the solution (product) that generates findings.
RecommendationText List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The recommendation of what to do about the issue described in a finding.
RecordState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The updated record state for the finding.
Region List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The Region from which the finding was generated.
RelatedFindingsId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The solution-generated identifier for a related finding.
RelatedFindingsProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The ARN of the solution that generated a related finding.
ResourceApplicationArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The ARN of the application that is related to a finding.
ResourceApplicationName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the application that is related to a finding.
ResourceAwsEc2InstanceIamInstanceProfileArn List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The IAM profile ARN of the instance.
ResourceAwsEc2InstanceImageId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The Amazon Machine Image (AMI) ID of the instance.
ResourceAwsEc2InstanceIpV4Addresses List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>: The IPv4 addresses associated with the instance.
ResourceAwsEc2InstanceIpV6Addresses List<Pulumi.AwsNative.SecurityHub.Inputs.InsightIpFilter>: The IPv6 addresses associated with the instance.
ResourceAwsEc2InstanceKeyName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The key name associated with the instance.
ResourceAwsEc2InstanceLaunchedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: The date and time the instance was launched.
ResourceAwsEc2InstanceSubnetId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The identifier of the subnet that the instance was launched in.
ResourceAwsEc2InstanceType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The instance type of the instance.
ResourceAwsEc2InstanceVpcId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The identifier of the VPC that the instance was launched in.
ResourceAwsIamAccessKeyCreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: The creation date/time of the IAM access key related to a finding.
ResourceAwsIamAccessKeyPrincipalName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the principal that is associated with an IAM access key.
ResourceAwsIamAccessKeyStatus List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The status of the IAM access key related to a finding.
ResourceAwsIamAccessKeyUserName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The user associated with the IAM access key related to a finding.
ResourceAwsIamUserUserName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of an IAM user.
ResourceAwsS3BucketOwnerId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The canonical user ID of the owner of the S3 bucket.
ResourceAwsS3BucketOwnerName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The display name of the owner of the S3 bucket.
ResourceContainerImageId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The identifier of the image related to a finding.
ResourceContainerImageName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the image related to a finding.
ResourceContainerLaunchedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: A timestamp that identifies when the container was started.
ResourceContainerName List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The name of the container related to a finding.
ResourceDetailsOther List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>: The details of a resource that doesn't have a specific subfield for the resource type defined.
ResourceId List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The canonical identifier for the given resource type.
ResourcePartition List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The canonical AWS partition name that the Region is assigned to.
ResourceRegion List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The canonical AWS external Region name where this resource is located.
ResourceTags List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>: A list of AWS tags associated with a resource at the time the finding was processed.
ResourceType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: Specifies the type of the resource that details are provided for.
Sample List<Pulumi.AwsNative.SecurityHub.Inputs.InsightBooleanFilter>: Indicates whether or not sample findings are included in the filter results.
SeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The label of a finding's severity.
SeverityNormalized List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The normalized severity of a finding.
SeverityProduct List<Pulumi.AwsNative.SecurityHub.Inputs.InsightNumberFilter>: The native severity as defined by the security findings provider's solution that generated the finding.
SourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: A URL that links to a page about the current finding in the security findings provider's solution.
ThreatIntelIndicatorCategory List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The category of a threat intelligence indicator.
ThreatIntelIndicatorLastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: A timestamp that identifies the last observation of a threat intelligence indicator.
ThreatIntelIndicatorSource List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The source of the threat intelligence.
ThreatIntelIndicatorSourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The URL for more details from the source of the threat intelligence.
ThreatIntelIndicatorType List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The type of a threat intelligence indicator.
ThreatIntelIndicatorValue List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The value of a threat intelligence indicator.
Title List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: A finding's title.
Type List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: A finding type in the format of namespace/category/classifier that classifies a finding.
UpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
UserDefinedFields List<Pulumi.AwsNative.SecurityHub.Inputs.InsightMapFilter>: A list of name/value string pairs associated with the finding.
VerificationState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The veracity of a finding.
VulnerabilitiesExploitAvailable List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: Indicates whether a software vulnerability in your environment has a known exploit.
VulnerabilitiesFixAvailable List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
WorkflowState List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The workflow state of a finding.
WorkflowStatus List<Pulumi.AwsNative.SecurityHub.Inputs.InsightStringFilter>: The status of the investigation into a finding.

AwsAccountId []InsightStringFilter: The AWS account ID in which a finding is generated.
AwsAccountName []InsightStringFilter: The name of the AWS account in which a finding is generated.
CompanyName []InsightStringFilter: The name of the findings provider (company) that owns the solution (product) that generates findings.
ComplianceAssociatedStandardsId []InsightStringFilter: The unique identifier of a standard in which a control is enabled.
ComplianceSecurityControlId []InsightStringFilter: The unique identifier of a control across standards.
ComplianceSecurityControlParametersName []InsightStringFilter: The name of a security control parameter.
ComplianceSecurityControlParametersValue []InsightStringFilter: The current value of a security control parameter.
ComplianceStatus []InsightStringFilter: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
Confidence []InsightNumberFilter: A finding's confidence.
CreatedAt []InsightDateFilter: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
Criticality []InsightNumberFilter: The level of importance assigned to the resources associated with the finding.
Description []InsightStringFilter: A finding's description.
FindingProviderFieldsConfidence []InsightNumberFilter: The finding provider value for the finding confidence.
FindingProviderFieldsCriticality []InsightNumberFilter: The finding provider value for the level of importance assigned to the resources associated with the findings.
FindingProviderFieldsRelatedFindingsId []InsightStringFilter: The finding identifier of a related finding that is identified by the finding provider.
FindingProviderFieldsRelatedFindingsProductArn []InsightStringFilter: The ARN of the solution that generated a related finding that is identified by the finding provider.
FindingProviderFieldsSeverityLabel []InsightStringFilter: The finding provider value for the severity label.
FindingProviderFieldsSeverityOriginal []InsightStringFilter: The finding provider's original value for the severity.
FindingProviderFieldsTypes []InsightStringFilter: One or more finding types that the finding provider assigned to the finding.
FirstObservedAt []InsightDateFilter: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
GeneratorId []InsightStringFilter: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
Id []InsightStringFilter: The security findings provider-specific identifier for a finding.
Keyword []InsightKeywordFilter: A keyword for a finding.
LastObservedAt []InsightDateFilter: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
MalwareName []InsightStringFilter: The name of the malware that was observed.
MalwarePath []InsightStringFilter: The filesystem path of the malware that was observed.
MalwareState []InsightStringFilter: The state of the malware that was observed.
MalwareType []InsightStringFilter: The type of the malware that was observed.
NetworkDestinationDomain []InsightStringFilter: The destination domain of network-related information about a finding.
NetworkDestinationIpV4 []InsightIpFilter: The destination IPv4 address of network-related information about a finding.
NetworkDestinationIpV6 []InsightIpFilter: The destination IPv6 address of network-related information about a finding.
NetworkDestinationPort []InsightNumberFilter: The destination port of network-related information about a finding.
NetworkDirection []InsightStringFilter: Indicates the direction of network traffic associated with a finding.
NetworkProtocol []InsightStringFilter: The protocol of network-related information about a finding.
NetworkSourceDomain []InsightStringFilter: The source domain of network-related information about a finding.
NetworkSourceIpV4 []InsightIpFilter: The source IPv4 address of network-related information about a finding.
NetworkSourceIpV6 []InsightIpFilter: The source IPv6 address of network-related information about a finding.
NetworkSourceMac []InsightStringFilter: The source media access control (MAC) address of network-related information about a finding.
NetworkSourcePort []InsightNumberFilter: The source port of network-related information about a finding.
NoteText []InsightStringFilter: The text of a note.
NoteUpdatedAt []InsightDateFilter: The timestamp of when the note was updated.
NoteUpdatedBy []InsightStringFilter: The principal that created a note.
ProcessLaunchedAt []InsightDateFilter: A timestamp that identifies when the process was launched.
ProcessName []InsightStringFilter: The name of the process.
ProcessParentPid []InsightNumberFilter: The parent process ID.
ProcessPath []InsightStringFilter: The path to the process executable.
ProcessPid []InsightNumberFilter: The process ID.
ProcessTerminatedAt []InsightDateFilter: A timestamp that identifies when the process was terminated.
ProductArn []InsightStringFilter: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
ProductFields []InsightMapFilter: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
ProductName []InsightStringFilter: The name of the solution (product) that generates findings.
RecommendationText []InsightStringFilter: The recommendation of what to do about the issue described in a finding.
RecordState []InsightStringFilter: The updated record state for the finding.
Region []InsightStringFilter: The Region from which the finding was generated.
RelatedFindingsId []InsightStringFilter: The solution-generated identifier for a related finding.
RelatedFindingsProductArn []InsightStringFilter: The ARN of the solution that generated a related finding.
ResourceApplicationArn []InsightStringFilter: The ARN of the application that is related to a finding.
ResourceApplicationName []InsightStringFilter: The name of the application that is related to a finding.
ResourceAwsEc2InstanceIamInstanceProfileArn []InsightStringFilter: The IAM profile ARN of the instance.
ResourceAwsEc2InstanceImageId []InsightStringFilter: The Amazon Machine Image (AMI) ID of the instance.
ResourceAwsEc2InstanceIpV4Addresses []InsightIpFilter: The IPv4 addresses associated with the instance.
ResourceAwsEc2InstanceIpV6Addresses []InsightIpFilter: The IPv6 addresses associated with the instance.
ResourceAwsEc2InstanceKeyName []InsightStringFilter: The key name associated with the instance.
ResourceAwsEc2InstanceLaunchedAt []InsightDateFilter: The date and time the instance was launched.
ResourceAwsEc2InstanceSubnetId []InsightStringFilter: The identifier of the subnet that the instance was launched in.
ResourceAwsEc2InstanceType []InsightStringFilter: The instance type of the instance.
ResourceAwsEc2InstanceVpcId []InsightStringFilter: The identifier of the VPC that the instance was launched in.
ResourceAwsIamAccessKeyCreatedAt []InsightDateFilter: The creation date/time of the IAM access key related to a finding.
ResourceAwsIamAccessKeyPrincipalName []InsightStringFilter: The name of the principal that is associated with an IAM access key.
ResourceAwsIamAccessKeyStatus []InsightStringFilter: The status of the IAM access key related to a finding.
ResourceAwsIamAccessKeyUserName []InsightStringFilter: The user associated with the IAM access key related to a finding.
ResourceAwsIamUserUserName []InsightStringFilter: The name of an IAM user.
ResourceAwsS3BucketOwnerId []InsightStringFilter: The canonical user ID of the owner of the S3 bucket.
ResourceAwsS3BucketOwnerName []InsightStringFilter: The display name of the owner of the S3 bucket.
ResourceContainerImageId []InsightStringFilter: The identifier of the image related to a finding.
ResourceContainerImageName []InsightStringFilter: The name of the image related to a finding.
ResourceContainerLaunchedAt []InsightDateFilter: A timestamp that identifies when the container was started.
ResourceContainerName []InsightStringFilter: The name of the container related to a finding.
ResourceDetailsOther []InsightMapFilter: The details of a resource that doesn't have a specific subfield for the resource type defined.
ResourceId []InsightStringFilter: The canonical identifier for the given resource type.
ResourcePartition []InsightStringFilter: The canonical AWS partition name that the Region is assigned to.
ResourceRegion []InsightStringFilter: The canonical AWS external Region name where this resource is located.
ResourceTags []InsightMapFilter: A list of AWS tags associated with a resource at the time the finding was processed.
ResourceType []InsightStringFilter: Specifies the type of the resource that details are provided for.
Sample []InsightBooleanFilter: Indicates whether or not sample findings are included in the filter results.
SeverityLabel []InsightStringFilter: The label of a finding's severity.
SeverityNormalized []InsightNumberFilter: The normalized severity of a finding.
SeverityProduct []InsightNumberFilter: The native severity as defined by the security findings provider's solution that generated the finding.
SourceUrl []InsightStringFilter: A URL that links to a page about the current finding in the security findings provider's solution.
ThreatIntelIndicatorCategory []InsightStringFilter: The category of a threat intelligence indicator.
ThreatIntelIndicatorLastObservedAt []InsightDateFilter: A timestamp that identifies the last observation of a threat intelligence indicator.
ThreatIntelIndicatorSource []InsightStringFilter: The source of the threat intelligence.
ThreatIntelIndicatorSourceUrl []InsightStringFilter: The URL for more details from the source of the threat intelligence.
ThreatIntelIndicatorType []InsightStringFilter: The type of a threat intelligence indicator.
ThreatIntelIndicatorValue []InsightStringFilter: The value of a threat intelligence indicator.
Title []InsightStringFilter: A finding's title.
Type []InsightStringFilter: A finding type in the format of namespace/category/classifier that classifies a finding.
UpdatedAt []InsightDateFilter: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
UserDefinedFields []InsightMapFilter: A list of name/value string pairs associated with the finding.
VerificationState []InsightStringFilter: The veracity of a finding.
VulnerabilitiesExploitAvailable []InsightStringFilter: Indicates whether a software vulnerability in your environment has a known exploit.
VulnerabilitiesFixAvailable []InsightStringFilter: Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
WorkflowState []InsightStringFilter: The workflow state of a finding.
WorkflowStatus []InsightStringFilter: The status of the investigation into a finding.

awsAccountId List<InsightStringFilter>: The AWS account ID in which a finding is generated.
awsAccountName List<InsightStringFilter>: The name of the AWS account in which a finding is generated.
companyName List<InsightStringFilter>: The name of the findings provider (company) that owns the solution (product) that generates findings.
complianceAssociatedStandardsId List<InsightStringFilter>: The unique identifier of a standard in which a control is enabled.
complianceSecurityControlId List<InsightStringFilter>: The unique identifier of a control across standards.
complianceSecurityControlParametersName List<InsightStringFilter>: The name of a security control parameter.
complianceSecurityControlParametersValue List<InsightStringFilter>: The current value of a security control parameter.
complianceStatus List<InsightStringFilter>: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
confidence List<InsightNumberFilter>: A finding's confidence.
createdAt List<InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
criticality List<InsightNumberFilter>: The level of importance assigned to the resources associated with the finding.
description List<InsightStringFilter>: A finding's description.
findingProviderFieldsConfidence List<InsightNumberFilter>: The finding provider value for the finding confidence.
findingProviderFieldsCriticality List<InsightNumberFilter>: The finding provider value for the level of importance assigned to the resources associated with the findings.
findingProviderFieldsRelatedFindingsId List<InsightStringFilter>: The finding identifier of a related finding that is identified by the finding provider.
findingProviderFieldsRelatedFindingsProductArn List<InsightStringFilter>: The ARN of the solution that generated a related finding that is identified by the finding provider.
findingProviderFieldsSeverityLabel List<InsightStringFilter>: The finding provider value for the severity label.
findingProviderFieldsSeverityOriginal List<InsightStringFilter>: The finding provider's original value for the severity.
findingProviderFieldsTypes List<InsightStringFilter>: One or more finding types that the finding provider assigned to the finding.
firstObservedAt List<InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
generatorId List<InsightStringFilter>: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
id List<InsightStringFilter>: The security findings provider-specific identifier for a finding.
keyword List<InsightKeywordFilter>: A keyword for a finding.
lastObservedAt List<InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
malwareName List<InsightStringFilter>: The name of the malware that was observed.
malwarePath List<InsightStringFilter>: The filesystem path of the malware that was observed.
malwareState List<InsightStringFilter>: The state of the malware that was observed.
malwareType List<InsightStringFilter>: The type of the malware that was observed.
networkDestinationDomain List<InsightStringFilter>: The destination domain of network-related information about a finding.
networkDestinationIpV4 List<InsightIpFilter>: The destination IPv4 address of network-related information about a finding.
networkDestinationIpV6 List<InsightIpFilter>: The destination IPv6 address of network-related information about a finding.
networkDestinationPort List<InsightNumberFilter>: The destination port of network-related information about a finding.
networkDirection List<InsightStringFilter>: Indicates the direction of network traffic associated with a finding.
networkProtocol List<InsightStringFilter>: The protocol of network-related information about a finding.
networkSourceDomain List<InsightStringFilter>: The source domain of network-related information about a finding.
networkSourceIpV4 List<InsightIpFilter>: The source IPv4 address of network-related information about a finding.
networkSourceIpV6 List<InsightIpFilter>: The source IPv6 address of network-related information about a finding.
networkSourceMac List<InsightStringFilter>: The source media access control (MAC) address of network-related information about a finding.
networkSourcePort List<InsightNumberFilter>: The source port of network-related information about a finding.
noteText List<InsightStringFilter>: The text of a note.
noteUpdatedAt List<InsightDateFilter>: The timestamp of when the note was updated.
noteUpdatedBy List<InsightStringFilter>: The principal that created a note.
processLaunchedAt List<InsightDateFilter>: A timestamp that identifies when the process was launched.
processName List<InsightStringFilter>: The name of the process.
processParentPid List<InsightNumberFilter>: The parent process ID.
processPath List<InsightStringFilter>: The path to the process executable.
processPid List<InsightNumberFilter>: The process ID.
processTerminatedAt List<InsightDateFilter>: A timestamp that identifies when the process was terminated.
productArn List<InsightStringFilter>: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
productFields List<InsightMapFilter>: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
productName List<InsightStringFilter>: The name of the solution (product) that generates findings.
recommendationText List<InsightStringFilter>: The recommendation of what to do about the issue described in a finding.
recordState List<InsightStringFilter>: The updated record state for the finding.
region List<InsightStringFilter>: The Region from which the finding was generated.
relatedFindingsId List<InsightStringFilter>: The solution-generated identifier for a related finding.
relatedFindingsProductArn List<InsightStringFilter>: The ARN of the solution that generated a related finding.
resourceApplicationArn List<InsightStringFilter>: The ARN of the application that is related to a finding.
resourceApplicationName List<InsightStringFilter>: The name of the application that is related to a finding.
resourceAwsEc2InstanceIamInstanceProfileArn List<InsightStringFilter>: The IAM profile ARN of the instance.
resourceAwsEc2InstanceImageId List<InsightStringFilter>: The Amazon Machine Image (AMI) ID of the instance.
resourceAwsEc2InstanceIpV4Addresses List<InsightIpFilter>: The IPv4 addresses associated with the instance.
resourceAwsEc2InstanceIpV6Addresses List<InsightIpFilter>: The IPv6 addresses associated with the instance.
resourceAwsEc2InstanceKeyName List<InsightStringFilter>: The key name associated with the instance.
resourceAwsEc2InstanceLaunchedAt List<InsightDateFilter>: The date and time the instance was launched.
resourceAwsEc2InstanceSubnetId List<InsightStringFilter>: The identifier of the subnet that the instance was launched in.
resourceAwsEc2InstanceType List<InsightStringFilter>: The instance type of the instance.
resourceAwsEc2InstanceVpcId List<InsightStringFilter>: The identifier of the VPC that the instance was launched in.
resourceAwsIamAccessKeyCreatedAt List<InsightDateFilter>: The creation date/time of the IAM access key related to a finding.
resourceAwsIamAccessKeyPrincipalName List<InsightStringFilter>: The name of the principal that is associated with an IAM access key.
resourceAwsIamAccessKeyStatus List<InsightStringFilter>: The status of the IAM access key related to a finding.
resourceAwsIamAccessKeyUserName List<InsightStringFilter>: The user associated with the IAM access key related to a finding.
resourceAwsIamUserUserName List<InsightStringFilter>: The name of an IAM user.
resourceAwsS3BucketOwnerId List<InsightStringFilter>: The canonical user ID of the owner of the S3 bucket.
resourceAwsS3BucketOwnerName List<InsightStringFilter>: The display name of the owner of the S3 bucket.
resourceContainerImageId List<InsightStringFilter>: The identifier of the image related to a finding.
resourceContainerImageName List<InsightStringFilter>: The name of the image related to a finding.
resourceContainerLaunchedAt List<InsightDateFilter>: A timestamp that identifies when the container was started.
resourceContainerName List<InsightStringFilter>: The name of the container related to a finding.
resourceDetailsOther List<InsightMapFilter>: The details of a resource that doesn't have a specific subfield for the resource type defined.
resourceId List<InsightStringFilter>: The canonical identifier for the given resource type.
resourcePartition List<InsightStringFilter>: The canonical AWS partition name that the Region is assigned to.
resourceRegion List<InsightStringFilter>: The canonical AWS external Region name where this resource is located.
resourceTags List<InsightMapFilter>: A list of AWS tags associated with a resource at the time the finding was processed.
resourceType List<InsightStringFilter>: Specifies the type of the resource that details are provided for.
sample List<InsightBooleanFilter>: Indicates whether or not sample findings are included in the filter results.
severityLabel List<InsightStringFilter>: The label of a finding's severity.
severityNormalized List<InsightNumberFilter>: The normalized severity of a finding.
severityProduct List<InsightNumberFilter>: The native severity as defined by the security findings provider's solution that generated the finding.
sourceUrl List<InsightStringFilter>: A URL that links to a page about the current finding in the security findings provider's solution.
threatIntelIndicatorCategory List<InsightStringFilter>: The category of a threat intelligence indicator.
threatIntelIndicatorLastObservedAt List<InsightDateFilter>: A timestamp that identifies the last observation of a threat intelligence indicator.
threatIntelIndicatorSource List<InsightStringFilter>: The source of the threat intelligence.
threatIntelIndicatorSourceUrl List<InsightStringFilter>: The URL for more details from the source of the threat intelligence.
threatIntelIndicatorType List<InsightStringFilter>: The type of a threat intelligence indicator.
threatIntelIndicatorValue List<InsightStringFilter>: The value of a threat intelligence indicator.
title List<InsightStringFilter>: A finding's title.
type List<InsightStringFilter>: A finding type in the format of namespace/category/classifier that classifies a finding.
updatedAt List<InsightDateFilter>: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
userDefinedFields List<InsightMapFilter>: A list of name/value string pairs associated with the finding.
verificationState List<InsightStringFilter>: The veracity of a finding.
vulnerabilitiesExploitAvailable List<InsightStringFilter>: Indicates whether a software vulnerability in your environment has a known exploit.
vulnerabilitiesFixAvailable List<InsightStringFilter>: Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
workflowState List<InsightStringFilter>: The workflow state of a finding.
workflowStatus List<InsightStringFilter>: The status of the investigation into a finding.

awsAccountId InsightStringFilter[]: The AWS account ID in which a finding is generated.
awsAccountName InsightStringFilter[]: The name of the AWS account in which a finding is generated.
companyName InsightStringFilter[]: The name of the findings provider (company) that owns the solution (product) that generates findings.
complianceAssociatedStandardsId InsightStringFilter[]: The unique identifier of a standard in which a control is enabled.
complianceSecurityControlId InsightStringFilter[]: The unique identifier of a control across standards.
complianceSecurityControlParametersName InsightStringFilter[]: The name of a security control parameter.
complianceSecurityControlParametersValue InsightStringFilter[]: The current value of a security control parameter.
complianceStatus InsightStringFilter[]: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
confidence InsightNumberFilter[]: A finding's confidence.
createdAt InsightDateFilter[]: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
criticality InsightNumberFilter[]: The level of importance assigned to the resources associated with the finding.
description InsightStringFilter[]: A finding's description.
findingProviderFieldsConfidence InsightNumberFilter[]: The finding provider value for the finding confidence.
findingProviderFieldsCriticality InsightNumberFilter[]: The finding provider value for the level of importance assigned to the resources associated with the findings.
findingProviderFieldsRelatedFindingsId InsightStringFilter[]: The finding identifier of a related finding that is identified by the finding provider.
findingProviderFieldsRelatedFindingsProductArn InsightStringFilter[]: The ARN of the solution that generated a related finding that is identified by the finding provider.
findingProviderFieldsSeverityLabel InsightStringFilter[]: The finding provider value for the severity label.
findingProviderFieldsSeverityOriginal InsightStringFilter[]: The finding provider's original value for the severity.
findingProviderFieldsTypes InsightStringFilter[]: One or more finding types that the finding provider assigned to the finding.
firstObservedAt InsightDateFilter[]: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
generatorId InsightStringFilter[]: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
id InsightStringFilter[]: The security findings provider-specific identifier for a finding.
keyword InsightKeywordFilter[]: A keyword for a finding.
lastObservedAt InsightDateFilter[]: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
malwareName InsightStringFilter[]: The name of the malware that was observed.
malwarePath InsightStringFilter[]: The filesystem path of the malware that was observed.
malwareState InsightStringFilter[]: The state of the malware that was observed.
malwareType InsightStringFilter[]: The type of the malware that was observed.
networkDestinationDomain InsightStringFilter[]: The destination domain of network-related information about a finding.
networkDestinationIpV4 InsightIpFilter[]: The destination IPv4 address of network-related information about a finding.
networkDestinationIpV6 InsightIpFilter[]: The destination IPv6 address of network-related information about a finding.
networkDestinationPort InsightNumberFilter[]: The destination port of network-related information about a finding.
networkDirection InsightStringFilter[]: Indicates the direction of network traffic associated with a finding.
networkProtocol InsightStringFilter[]: The protocol of network-related information about a finding.
networkSourceDomain InsightStringFilter[]: The source domain of network-related information about a finding.
networkSourceIpV4 InsightIpFilter[]: The source IPv4 address of network-related information about a finding.
networkSourceIpV6 InsightIpFilter[]: The source IPv6 address of network-related information about a finding.
networkSourceMac InsightStringFilter[]: The source media access control (MAC) address of network-related information about a finding.
networkSourcePort InsightNumberFilter[]: The source port of network-related information about a finding.
noteText InsightStringFilter[]: The text of a note.
noteUpdatedAt InsightDateFilter[]: The timestamp of when the note was updated.
noteUpdatedBy InsightStringFilter[]: The principal that created a note.
processLaunchedAt InsightDateFilter[]: A timestamp that identifies when the process was launched.
processName InsightStringFilter[]: The name of the process.
processParentPid InsightNumberFilter[]: The parent process ID.
processPath InsightStringFilter[]: The path to the process executable.
processPid InsightNumberFilter[]: The process ID.
processTerminatedAt InsightDateFilter[]: A timestamp that identifies when the process was terminated.
productArn InsightStringFilter[]: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
productFields InsightMapFilter[]: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
productName InsightStringFilter[]: The name of the solution (product) that generates findings.
recommendationText InsightStringFilter[]: The recommendation of what to do about the issue described in a finding.
recordState InsightStringFilter[]: The updated record state for the finding.
region InsightStringFilter[]: The Region from which the finding was generated.
relatedFindingsId InsightStringFilter[]: The solution-generated identifier for a related finding.
relatedFindingsProductArn InsightStringFilter[]: The ARN of the solution that generated a related finding.
resourceApplicationArn InsightStringFilter[]: The ARN of the application that is related to a finding.
resourceApplicationName InsightStringFilter[]: The name of the application that is related to a finding.
resourceAwsEc2InstanceIamInstanceProfileArn InsightStringFilter[]: The IAM profile ARN of the instance.
resourceAwsEc2InstanceImageId InsightStringFilter[]: The Amazon Machine Image (AMI) ID of the instance.
resourceAwsEc2InstanceIpV4Addresses InsightIpFilter[]: The IPv4 addresses associated with the instance.
resourceAwsEc2InstanceIpV6Addresses InsightIpFilter[]: The IPv6 addresses associated with the instance.
resourceAwsEc2InstanceKeyName InsightStringFilter[]: The key name associated with the instance.
resourceAwsEc2InstanceLaunchedAt InsightDateFilter[]: The date and time the instance was launched.
resourceAwsEc2InstanceSubnetId InsightStringFilter[]: The identifier of the subnet that the instance was launched in.
resourceAwsEc2InstanceType InsightStringFilter[]: The instance type of the instance.
resourceAwsEc2InstanceVpcId InsightStringFilter[]: The identifier of the VPC that the instance was launched in.
resourceAwsIamAccessKeyCreatedAt InsightDateFilter[]: The creation date/time of the IAM access key related to a finding.
resourceAwsIamAccessKeyPrincipalName InsightStringFilter[]: The name of the principal that is associated with an IAM access key.
resourceAwsIamAccessKeyStatus InsightStringFilter[]: The status of the IAM access key related to a finding.
resourceAwsIamAccessKeyUserName InsightStringFilter[]: The user associated with the IAM access key related to a finding.
resourceAwsIamUserUserName InsightStringFilter[]: The name of an IAM user.
resourceAwsS3BucketOwnerId InsightStringFilter[]: The canonical user ID of the owner of the S3 bucket.
resourceAwsS3BucketOwnerName InsightStringFilter[]: The display name of the owner of the S3 bucket.
resourceContainerImageId InsightStringFilter[]: The identifier of the image related to a finding.
resourceContainerImageName InsightStringFilter[]: The name of the image related to a finding.
resourceContainerLaunchedAt InsightDateFilter[]: A timestamp that identifies when the container was started.
resourceContainerName InsightStringFilter[]: The name of the container related to a finding.
resourceDetailsOther InsightMapFilter[]: The details of a resource that doesn't have a specific subfield for the resource type defined.
resourceId InsightStringFilter[]: The canonical identifier for the given resource type.
resourcePartition InsightStringFilter[]: The canonical AWS partition name that the Region is assigned to.
resourceRegion InsightStringFilter[]: The canonical AWS external Region name where this resource is located.
resourceTags InsightMapFilter[]: A list of AWS tags associated with a resource at the time the finding was processed.
resourceType InsightStringFilter[]: Specifies the type of the resource that details are provided for.
sample InsightBooleanFilter[]: Indicates whether or not sample findings are included in the filter results.
severityLabel InsightStringFilter[]: The label of a finding's severity.
severityNormalized InsightNumberFilter[]: The normalized severity of a finding.
severityProduct InsightNumberFilter[]: The native severity as defined by the security findings provider's solution that generated the finding.
sourceUrl InsightStringFilter[]: A URL that links to a page about the current finding in the security findings provider's solution.
threatIntelIndicatorCategory InsightStringFilter[]: The category of a threat intelligence indicator.
threatIntelIndicatorLastObservedAt InsightDateFilter[]: A timestamp that identifies the last observation of a threat intelligence indicator.
threatIntelIndicatorSource InsightStringFilter[]: The source of the threat intelligence.
threatIntelIndicatorSourceUrl InsightStringFilter[]: The URL for more details from the source of the threat intelligence.
threatIntelIndicatorType InsightStringFilter[]: The type of a threat intelligence indicator.
threatIntelIndicatorValue InsightStringFilter[]: The value of a threat intelligence indicator.
title InsightStringFilter[]: A finding's title.
type InsightStringFilter[]: A finding type in the format of namespace/category/classifier that classifies a finding.
updatedAt InsightDateFilter[]: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
userDefinedFields InsightMapFilter[]: A list of name/value string pairs associated with the finding.
verificationState InsightStringFilter[]: The veracity of a finding.
vulnerabilitiesExploitAvailable InsightStringFilter[]: Indicates whether a software vulnerability in your environment has a known exploit.
vulnerabilitiesFixAvailable InsightStringFilter[]: Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
workflowState InsightStringFilter[]: The workflow state of a finding.
workflowStatus InsightStringFilter[]: The status of the investigation into a finding.

aws_account_id Sequence[InsightStringFilter]: The AWS account ID in which a finding is generated.
aws_account_name Sequence[InsightStringFilter]: The name of the AWS account in which a finding is generated.
company_name Sequence[InsightStringFilter]: The name of the findings provider (company) that owns the solution (product) that generates findings.
compliance_associated_standards_id Sequence[InsightStringFilter]: The unique identifier of a standard in which a control is enabled.
compliance_security_control_id Sequence[InsightStringFilter]: The unique identifier of a control across standards.
compliance_security_control_parameters_name Sequence[InsightStringFilter]: The name of a security control parameter.
compliance_security_control_parameters_value Sequence[InsightStringFilter]: The current value of a security control parameter.
compliance_status Sequence[InsightStringFilter]: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
confidence Sequence[InsightNumberFilter]: A finding's confidence.
created_at Sequence[InsightDateFilter]: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
criticality Sequence[InsightNumberFilter]: The level of importance assigned to the resources associated with the finding.
description Sequence[InsightStringFilter]: A finding's description.
finding_provider_fields_confidence Sequence[InsightNumberFilter]: The finding provider value for the finding confidence.
finding_provider_fields_criticality Sequence[InsightNumberFilter]: The finding provider value for the level of importance assigned to the resources associated with the findings.
finding_provider_fields_related_findings_id Sequence[InsightStringFilter]: The finding identifier of a related finding that is identified by the finding provider.
finding_provider_fields_related_findings_product_arn Sequence[InsightStringFilter]: The ARN of the solution that generated a related finding that is identified by the finding provider.
finding_provider_fields_severity_label Sequence[InsightStringFilter]: The finding provider value for the severity label.
finding_provider_fields_severity_original Sequence[InsightStringFilter]: The finding provider's original value for the severity.
finding_provider_fields_types Sequence[InsightStringFilter]: One or more finding types that the finding provider assigned to the finding.
first_observed_at Sequence[InsightDateFilter]: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
generator_id Sequence[InsightStringFilter]: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
id Sequence[InsightStringFilter]: The security findings provider-specific identifier for a finding.
keyword Sequence[InsightKeywordFilter]: A keyword for a finding.
last_observed_at Sequence[InsightDateFilter]: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
malware_name Sequence[InsightStringFilter]: The name of the malware that was observed.
malware_path Sequence[InsightStringFilter]: The filesystem path of the malware that was observed.
malware_state Sequence[InsightStringFilter]: The state of the malware that was observed.
malware_type Sequence[InsightStringFilter]: The type of the malware that was observed.
network_destination_domain Sequence[InsightStringFilter]: The destination domain of network-related information about a finding.
network_destination_ip_v4 Sequence[InsightIpFilter]: The destination IPv4 address of network-related information about a finding.
network_destination_ip_v6 Sequence[InsightIpFilter]: The destination IPv6 address of network-related information about a finding.
network_destination_port Sequence[InsightNumberFilter]: The destination port of network-related information about a finding.
network_direction Sequence[InsightStringFilter]: Indicates the direction of network traffic associated with a finding.
network_protocol Sequence[InsightStringFilter]: The protocol of network-related information about a finding.
network_source_domain Sequence[InsightStringFilter]: The source domain of network-related information about a finding.
network_source_ip_v4 Sequence[InsightIpFilter]: The source IPv4 address of network-related information about a finding.
network_source_ip_v6 Sequence[InsightIpFilter]: The source IPv6 address of network-related information about a finding.
network_source_mac Sequence[InsightStringFilter]: The source media access control (MAC) address of network-related information about a finding.
network_source_port Sequence[InsightNumberFilter]: The source port of network-related information about a finding.
note_text Sequence[InsightStringFilter]: The text of a note.
note_updated_at Sequence[InsightDateFilter]: The timestamp of when the note was updated.
note_updated_by Sequence[InsightStringFilter]: The principal that created a note.
process_launched_at Sequence[InsightDateFilter]: A timestamp that identifies when the process was launched.
process_name Sequence[InsightStringFilter]: The name of the process.
process_parent_pid Sequence[InsightNumberFilter]: The parent process ID.
process_path Sequence[InsightStringFilter]: The path to the process executable.
process_pid Sequence[InsightNumberFilter]: The process ID.
process_terminated_at Sequence[InsightDateFilter]: A timestamp that identifies when the process was terminated.
product_arn Sequence[InsightStringFilter]: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
product_fields Sequence[InsightMapFilter]: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
product_name Sequence[InsightStringFilter]: The name of the solution (product) that generates findings.
recommendation_text Sequence[InsightStringFilter]: The recommendation of what to do about the issue described in a finding.
record_state Sequence[InsightStringFilter]: The updated record state for the finding.
region Sequence[InsightStringFilter]: The Region from which the finding was generated.
related_findings_id Sequence[InsightStringFilter]: The solution-generated identifier for a related finding.
related_findings_product_arn Sequence[InsightStringFilter]: The ARN of the solution that generated a related finding.
resource_application_arn Sequence[InsightStringFilter]: The ARN of the application that is related to a finding.
resource_application_name Sequence[InsightStringFilter]: The name of the application that is related to a finding.
resource_aws_ec2_instance_iam_instance_profile_arn Sequence[InsightStringFilter]: The IAM profile ARN of the instance.
resource_aws_ec2_instance_image_id Sequence[InsightStringFilter]: The Amazon Machine Image (AMI) ID of the instance.
resource_aws_ec2_instance_ip_v4_addresses Sequence[InsightIpFilter]: The IPv4 addresses associated with the instance.
resource_aws_ec2_instance_ip_v6_addresses Sequence[InsightIpFilter]: The IPv6 addresses associated with the instance.
resource_aws_ec2_instance_key_name Sequence[InsightStringFilter]: The key name associated with the instance.
resource_aws_ec2_instance_launched_at Sequence[InsightDateFilter]: The date and time the instance was launched.
resource_aws_ec2_instance_subnet_id Sequence[InsightStringFilter]: The identifier of the subnet that the instance was launched in.
resource_aws_ec2_instance_type Sequence[InsightStringFilter]: The instance type of the instance.
resource_aws_ec2_instance_vpc_id Sequence[InsightStringFilter]: The identifier of the VPC that the instance was launched in.
resource_aws_iam_access_key_created_at Sequence[InsightDateFilter]: The creation date/time of the IAM access key related to a finding.
resource_aws_iam_access_key_principal_name Sequence[InsightStringFilter]: The name of the principal that is associated with an IAM access key.
resource_aws_iam_access_key_status Sequence[InsightStringFilter]: The status of the IAM access key related to a finding.
resource_aws_iam_access_key_user_name Sequence[InsightStringFilter]: The user associated with the IAM access key related to a finding.
resource_aws_iam_user_user_name Sequence[InsightStringFilter]: The name of an IAM user.
resource_aws_s3_bucket_owner_id Sequence[InsightStringFilter]: The canonical user ID of the owner of the S3 bucket.
resource_aws_s3_bucket_owner_name Sequence[InsightStringFilter]: The display name of the owner of the S3 bucket.
resource_container_image_id Sequence[InsightStringFilter]: The identifier of the image related to a finding.
resource_container_image_name Sequence[InsightStringFilter]: The name of the image related to a finding.
resource_container_launched_at Sequence[InsightDateFilter]: A timestamp that identifies when the container was started.
resource_container_name Sequence[InsightStringFilter]: The name of the container related to a finding.
resource_details_other Sequence[InsightMapFilter]: The details of a resource that doesn't have a specific subfield for the resource type defined.
resource_id Sequence[InsightStringFilter]: The canonical identifier for the given resource type.
resource_partition Sequence[InsightStringFilter]: The canonical AWS partition name that the Region is assigned to.
resource_region Sequence[InsightStringFilter]: The canonical AWS external Region name where this resource is located.
resource_tags Sequence[InsightMapFilter]: A list of AWS tags associated with a resource at the time the finding was processed.
resource_type Sequence[InsightStringFilter]: Specifies the type of the resource that details are provided for.
sample Sequence[InsightBooleanFilter]: Indicates whether or not sample findings are included in the filter results.
severity_label Sequence[InsightStringFilter]: The label of a finding's severity.
severity_normalized Sequence[InsightNumberFilter]: The normalized severity of a finding.
severity_product Sequence[InsightNumberFilter]: The native severity as defined by the security findings provider's solution that generated the finding.
source_url Sequence[InsightStringFilter]: A URL that links to a page about the current finding in the security findings provider's solution.
threat_intel_indicator_category Sequence[InsightStringFilter]: The category of a threat intelligence indicator.
threat_intel_indicator_last_observed_at Sequence[InsightDateFilter]: A timestamp that identifies the last observation of a threat intelligence indicator.
threat_intel_indicator_source Sequence[InsightStringFilter]: The source of the threat intelligence.
threat_intel_indicator_source_url Sequence[InsightStringFilter]: The URL for more details from the source of the threat intelligence.
threat_intel_indicator_type Sequence[InsightStringFilter]: The type of a threat intelligence indicator.
threat_intel_indicator_value Sequence[InsightStringFilter]: The value of a threat intelligence indicator.
title Sequence[InsightStringFilter]: A finding's title.
type Sequence[InsightStringFilter]: A finding type in the format of namespace/category/classifier that classifies a finding.
updated_at Sequence[InsightDateFilter]: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
user_defined_fields Sequence[InsightMapFilter]: A list of name/value string pairs associated with the finding.
verification_state Sequence[InsightStringFilter]: The veracity of a finding.
vulnerabilities_exploit_available Sequence[InsightStringFilter]: Indicates whether a software vulnerability in your environment has a known exploit.
vulnerabilities_fix_available Sequence[InsightStringFilter]: Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
workflow_state Sequence[InsightStringFilter]: The workflow state of a finding.
workflow_status Sequence[InsightStringFilter]: The status of the investigation into a finding.

awsAccountId List<Property Map>: The AWS account ID in which a finding is generated.
awsAccountName List<Property Map>: The name of the AWS account in which a finding is generated.
companyName List<Property Map>: The name of the findings provider (company) that owns the solution (product) that generates findings.
complianceAssociatedStandardsId List<Property Map>: The unique identifier of a standard in which a control is enabled.
complianceSecurityControlId List<Property Map>: The unique identifier of a control across standards.
complianceSecurityControlParametersName List<Property Map>: The name of a security control parameter.
complianceSecurityControlParametersValue List<Property Map>: The current value of a security control parameter.
complianceStatus List<Property Map>: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
confidence List<Property Map>: A finding's confidence.
createdAt List<Property Map>: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
criticality List<Property Map>: The level of importance assigned to the resources associated with the finding.
description List<Property Map>: A finding's description.
findingProviderFieldsConfidence List<Property Map>: The finding provider value for the finding confidence.
findingProviderFieldsCriticality List<Property Map>: The finding provider value for the level of importance assigned to the resources associated with the findings.
findingProviderFieldsRelatedFindingsId List<Property Map>: The finding identifier of a related finding that is identified by the finding provider.
findingProviderFieldsRelatedFindingsProductArn List<Property Map>: The ARN of the solution that generated a related finding that is identified by the finding provider.
findingProviderFieldsSeverityLabel List<Property Map>: The finding provider value for the severity label.
findingProviderFieldsSeverityOriginal List<Property Map>: The finding provider's original value for the severity.
findingProviderFieldsTypes List<Property Map>: One or more finding types that the finding provider assigned to the finding.
firstObservedAt List<Property Map>: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
generatorId List<Property Map>: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
id List<Property Map>: The security findings provider-specific identifier for a finding.
keyword List<Property Map>: A keyword for a finding.
lastObservedAt List<Property Map>: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
malwareName List<Property Map>: The name of the malware that was observed.
malwarePath List<Property Map>: The filesystem path of the malware that was observed.
malwareState List<Property Map>: The state of the malware that was observed.
malwareType List<Property Map>: The type of the malware that was observed.
networkDestinationDomain List<Property Map>: The destination domain of network-related information about a finding.
networkDestinationIpV4 List<Property Map>: The destination IPv4 address of network-related information about a finding.
networkDestinationIpV6 List<Property Map>: The destination IPv6 address of network-related information about a finding.
networkDestinationPort List<Property Map>: The destination port of network-related information about a finding.
networkDirection List<Property Map>: Indicates the direction of network traffic associated with a finding.
networkProtocol List<Property Map>: The protocol of network-related information about a finding.
networkSourceDomain List<Property Map>: The source domain of network-related information about a finding.
networkSourceIpV4 List<Property Map>: The source IPv4 address of network-related information about a finding.
networkSourceIpV6 List<Property Map>: The source IPv6 address of network-related information about a finding.
networkSourceMac List<Property Map>: The source media access control (MAC) address of network-related information about a finding.
networkSourcePort List<Property Map>: The source port of network-related information about a finding.
noteText List<Property Map>: The text of a note.
noteUpdatedAt List<Property Map>: The timestamp of when the note was updated.
noteUpdatedBy List<Property Map>: The principal that created a note.
processLaunchedAt List<Property Map>: A timestamp that identifies when the process was launched.
processName List<Property Map>: The name of the process.
processParentPid List<Property Map>: The parent process ID.
processPath List<Property Map>: The path to the process executable.
processPid List<Property Map>: The process ID.
processTerminatedAt List<Property Map>: A timestamp that identifies when the process was terminated.
productArn List<Property Map>: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
productFields List<Property Map>: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
productName List<Property Map>: The name of the solution (product) that generates findings.
recommendationText List<Property Map>: The recommendation of what to do about the issue described in a finding.
recordState List<Property Map>: The updated record state for the finding.
region List<Property Map>: The Region from which the finding was generated.
relatedFindingsId List<Property Map>: The solution-generated identifier for a related finding.
relatedFindingsProductArn List<Property Map>: The ARN of the solution that generated a related finding.
resourceApplicationArn List<Property Map>: The ARN of the application that is related to a finding.
resourceApplicationName List<Property Map>: The name of the application that is related to a finding.
resourceAwsEc2InstanceIamInstanceProfileArn List<Property Map>: The IAM profile ARN of the instance.
resourceAwsEc2InstanceImageId List<Property Map>: The Amazon Machine Image (AMI) ID of the instance.
resourceAwsEc2InstanceIpV4Addresses List<Property Map>: The IPv4 addresses associated with the instance.
resourceAwsEc2InstanceIpV6Addresses List<Property Map>: The IPv6 addresses associated with the instance.
resourceAwsEc2InstanceKeyName List<Property Map>: The key name associated with the instance.
resourceAwsEc2InstanceLaunchedAt List<Property Map>: The date and time the instance was launched.
resourceAwsEc2InstanceSubnetId List<Property Map>: The identifier of the subnet that the instance was launched in.
resourceAwsEc2InstanceType List<Property Map>: The instance type of the instance.
resourceAwsEc2InstanceVpcId List<Property Map>: The identifier of the VPC that the instance was launched in.
resourceAwsIamAccessKeyCreatedAt List<Property Map>: The creation date/time of the IAM access key related to a finding.
resourceAwsIamAccessKeyPrincipalName List<Property Map>: The name of the principal that is associated with an IAM access key.
resourceAwsIamAccessKeyStatus List<Property Map>: The status of the IAM access key related to a finding.
resourceAwsIamAccessKeyUserName List<Property Map>: The user associated with the IAM access key related to a finding.
resourceAwsIamUserUserName List<Property Map>: The name of an IAM user.
resourceAwsS3BucketOwnerId List<Property Map>: The canonical user ID of the owner of the S3 bucket.
resourceAwsS3BucketOwnerName List<Property Map>: The display name of the owner of the S3 bucket.
resourceContainerImageId List<Property Map>: The identifier of the image related to a finding.
resourceContainerImageName List<Property Map>: The name of the image related to a finding.
resourceContainerLaunchedAt List<Property Map>: A timestamp that identifies when the container was started.
resourceContainerName List<Property Map>: The name of the container related to a finding.
resourceDetailsOther List<Property Map>: The details of a resource that doesn't have a specific subfield for the resource type defined.
resourceId List<Property Map>: The canonical identifier for the given resource type.
resourcePartition List<Property Map>: The canonical AWS partition name that the Region is assigned to.
resourceRegion List<Property Map>: The canonical AWS external Region name where this resource is located.
resourceTags List<Property Map>: A list of AWS tags associated with a resource at the time the finding was processed.
resourceType List<Property Map>: Specifies the type of the resource that details are provided for.
sample List<Property Map>: Indicates whether or not sample findings are included in the filter results.
severityLabel List<Property Map>: The label of a finding's severity.
severityNormalized List<Property Map>: The normalized severity of a finding.
severityProduct List<Property Map>: The native severity as defined by the security findings provider's solution that generated the finding.
sourceUrl List<Property Map>: A URL that links to a page about the current finding in the security findings provider's solution.
threatIntelIndicatorCategory List<Property Map>: The category of a threat intelligence indicator.
threatIntelIndicatorLastObservedAt List<Property Map>: A timestamp that identifies the last observation of a threat intelligence indicator.
threatIntelIndicatorSource List<Property Map>: The source of the threat intelligence.
threatIntelIndicatorSourceUrl List<Property Map>: The URL for more details from the source of the threat intelligence.
threatIntelIndicatorType List<Property Map>: The type of a threat intelligence indicator.
threatIntelIndicatorValue List<Property Map>: The value of a threat intelligence indicator.
title List<Property Map>: A finding's title.
type List<Property Map>: A finding type in the format of namespace/category/classifier that classifies a finding.
updatedAt List<Property Map>: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
userDefinedFields List<Property Map>: A list of name/value string pairs associated with the finding.
verificationState List<Property Map>: The veracity of a finding.
vulnerabilitiesExploitAvailable List<Property Map>: Indicates whether a software vulnerability in your environment has a known exploit.
vulnerabilitiesFixAvailable List<Property Map>: Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
workflowState List<Property Map>: The workflow state of a finding.
workflowStatus List<Property Map>: The status of the investigation into a finding.

InsightBooleanFilter

Value bool: The value of the boolean.

Value bool: The value of the boolean.

value Boolean: The value of the boolean.

value boolean: The value of the boolean.

value bool: The value of the boolean.

value Boolean: The value of the boolean.

InsightDateFilter

DateRange Pulumi.AwsNative.SecurityHub.Inputs.InsightDateRange

A date range for the date filter.

End string

A timestamp that provides the end date for the date filter.