software.amazon.awssdk.services.securityhub.model

Class AwsSecurityFinding

java.lang.Object

software.amazon.awssdk.services.securityhub.model.AwsSecurityFinding

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

@Generated(value="software.amazon.awssdk:codegen")
public final class AwsSecurityFinding
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and compliance checks.

A finding is a potential security issue generated either by AWS services (GuardDuty, Inspector, Macie) or by the integrated third-party solutions and compliance checks.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	AwsSecurityFinding.Builder

Method Summary

Modifier and Type	Method and Description
String	awsAccountId() The AWS account ID in which a finding is generated.
static AwsSecurityFinding.Builder	builder()
Compliance	compliance() This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations).
Integer	confidence() A finding's confidence.
String	createdAt() An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
Integer	criticality() The level of importance assigned to the resources associated with the finding.
String	description() A finding's description.
boolean	equals(Object obj)
String	firstObservedAt() An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
String	generatorId() This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
int	hashCode()
String	id() The security findings provider-specific identifier for a finding.
String	lastObservedAt() An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
List<Malware>	malware() A list of malware related to a finding.
Network	network() The details of network-related information about a finding.
Note	note() A user-defined note added to a finding.
ProcessDetails	process() The details of process-related information about a finding.
String	productArn() The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
Map<String,String>	productFields() A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
RecordState	recordState() The record state of a finding.
String	recordStateAsString() The record state of a finding.
List<RelatedFinding>	relatedFindings() A list of related findings.
Remediation	remediation() An data type that describes the remediation options for a finding.
List<Resource>	resources() A set of resource data types that describe the resources to which the finding refers.
String	schemaVersion() The schema version for which a finding is formatted.
List<SdkField<?>>	sdkFields()
static Class<? extends AwsSecurityFinding.Builder>	serializableBuilderClass()
Severity	severity() A finding's severity.
String	sourceUrl() A URL that links to a page about the current finding in the security findings provider's solution.
List<ThreatIntelIndicator>	threatIntelIndicators() Threat intel details related to a finding.
String	title() A finding's title.
AwsSecurityFinding.Builder	toBuilder() Take this object and create a builder that contains all of the current property values of this object.
String	toString()
List<String>	types() One or more finding types in the format of 'namespace/category/classifier' that classify a finding.
String	updatedAt() An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Map<String,String>	userDefinedFields() A list of name/value string pairs associated with the finding.
VerificationState	verificationState() Indicates the veracity of a finding.
String	verificationStateAsString() Indicates the veracity of a finding.
WorkflowState	workflowState() The workflow state of a finding.
String	workflowStateAsString() The workflow state of a finding.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

schemaVersion

public String schemaVersion()

The schema version for which a finding is formatted.

Returns:

The schema version for which a finding is formatted.

id

public String id()

The security findings provider-specific identifier for a finding.

Returns:

The security findings provider-specific identifier for a finding.

productArn

public String productArn()

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.

Returns:

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.

generatorId

public String generatorId()

This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.

Returns:

This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.

awsAccountId

public String awsAccountId()

The AWS account ID in which a finding is generated.

Returns:

The AWS account ID in which a finding is generated.

types

public List<String> types()

One or more finding types in the format of 'namespace/category/classifier' that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

One or more finding types in the format of 'namespace/category/classifier' that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

firstObservedAt

public String firstObservedAt()

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.

Returns:

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.

lastObservedAt

public String lastObservedAt()

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.

Returns:

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.

createdAt

public String createdAt()

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.

Returns:

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.

updatedAt

public String updatedAt()

An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.

Returns:

An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.

severity

public Severity severity()

A finding's severity.

Returns:

A finding's severity.

confidence

public Integer confidence()

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.

Returns:

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.

criticality

public Integer criticality()

The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

title

public String title()

A finding's title.

Returns:

A finding's title.

description

public String description()

A finding's description.

Returns:

A finding's description.

remediation

public Remediation remediation()

An data type that describes the remediation options for a finding.

Returns:

An data type that describes the remediation options for a finding.

sourceUrl

public String sourceUrl()

A URL that links to a page about the current finding in the security findings provider's solution.

Returns:

A URL that links to a page about the current finding in the security findings provider's solution.

productFields

public Map<String,String> productFields()

A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.

userDefinedFields

public Map<String,String> userDefinedFields()

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

malware

public List<Malware> malware()

A list of malware related to a finding.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

A list of malware related to a finding.

network

public Network network()

The details of network-related information about a finding.

Returns:

The details of network-related information about a finding.

process

public ProcessDetails process()

The details of process-related information about a finding.

Returns:

The details of process-related information about a finding.

threatIntelIndicators

public List<ThreatIntelIndicator> threatIntelIndicators()

Threat intel details related to a finding.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

Threat intel details related to a finding.

resources

public List<Resource> resources()

A set of resource data types that describe the resources to which the finding refers.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

A set of resource data types that describe the resources to which the finding refers.

compliance

public Compliance compliance()

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.

Returns:

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.

verificationState

public VerificationState verificationState()

Indicates the veracity of a finding.

If the service returns an enum value that is not available in the current SDK version, verificationState will return VerificationState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from verificationStateAsString().

Returns:

Indicates the veracity of a finding.

See Also:

VerificationState

verificationStateAsString

public String verificationStateAsString()

Indicates the veracity of a finding.

If the service returns an enum value that is not available in the current SDK version, verificationState will return VerificationState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from verificationStateAsString().

Returns:

Indicates the veracity of a finding.

See Also:

VerificationState

workflowState

public WorkflowState workflowState()

The workflow state of a finding.

If the service returns an enum value that is not available in the current SDK version, workflowState will return WorkflowState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from workflowStateAsString().

Returns:

The workflow state of a finding.

See Also:

WorkflowState

workflowStateAsString

public String workflowStateAsString()

The workflow state of a finding.

If the service returns an enum value that is not available in the current SDK version, workflowState will return WorkflowState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from workflowStateAsString().

Returns:

The workflow state of a finding.

See Also:

WorkflowState

recordState

public RecordState recordState()

The record state of a finding.

If the service returns an enum value that is not available in the current SDK version, recordState will return RecordState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from recordStateAsString().

Returns:

The record state of a finding.

See Also:

RecordState

recordStateAsString

public String recordStateAsString()

The record state of a finding.

If the service returns an enum value that is not available in the current SDK version, recordState will return RecordState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from recordStateAsString().

Returns:

The record state of a finding.

See Also:

RecordState

relatedFindings

public List<RelatedFinding> relatedFindings()

A list of related findings.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

Returns:

A list of related findings.

note

public Note note()

A user-defined note added to a finding.

Returns:

A user-defined note added to a finding.

toBuilder

public AwsSecurityFinding.Builder toBuilder()

Description copied from interface: ToCopyableBuilder

Take this object and create a builder that contains all of the current property values of this object.

Specified by:

toBuilder in interface ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

Returns:

a builder for type T

builder

public static AwsSecurityFinding.Builder builder()

serializableBuilderClass

public static Class<? extends AwsSecurityFinding.Builder> serializableBuilderClass()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

toString

public String toString()

Overrides:

toString in class Object

getValueForField

public <T> Optional<T> getValueForField(String fieldName,
                                        Class<T> clazz)

sdkFields

public List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo

Returns:

List of SdkField in this POJO. May be empty list but should never be null.