Class AwsSecurityFinding

java.lang.Object
software.amazon.awssdk.services.securityhub.model.AwsSecurityFinding
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

@Generated("software.amazon.awssdk:codegen") public final class AwsSecurityFinding extends Object implements SdkPojo, Serializable, ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

Provides a consistent format for Security Hub findings. AwsSecurityFinding format allows you to share findings between Amazon Web Services security services and third-party solutions.

A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.

See Also:
  • Method Details

    • schemaVersion

      public final String schemaVersion()

      The schema version that a finding is formatted for.

      Returns:
      The schema version that a finding is formatted for.
    • id

      public final String id()

      The security findings provider-specific identifier for a finding.

      Returns:
      The security findings provider-specific identifier for a finding.
    • productArn

      public final String productArn()

      The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

      Returns:
      The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
    • productName

      public final String productName()

      The name of the product that generated the finding.

      Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

      When you use the Security Hub console or API to filter findings by product name, you use this attribute.

      Returns:
      The name of the product that generated the finding.

      Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

      When you use the Security Hub console or API to filter findings by product name, you use this attribute.

    • companyName

      public final String companyName()

      The name of the company for the product that generated the finding.

      Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

      When you use the Security Hub console or API to filter findings by company name, you use this attribute.

      Returns:
      The name of the company for the product that generated the finding.

      Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

      When you use the Security Hub console or API to filter findings by company name, you use this attribute.

    • region

      public final String region()

      The Region from which the finding was generated.

      Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

      Returns:
      The Region from which the finding was generated.

      Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

    • generatorId

      public final String generatorId()

      The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

      Returns:
      The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
    • awsAccountId

      public final String awsAccountId()

      The Amazon Web Services account ID that a finding is generated in.

      Returns:
      The Amazon Web Services account ID that a finding is generated in.
    • hasTypes

      public final boolean hasTypes()
      For responses, this returns true if the service returned a value for the Types property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • types

      public final List<String> types()

      One or more finding types in the format of namespace/category/classifier that classify a finding.

      Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasTypes() method.

      Returns:
      One or more finding types in the format of namespace/category/classifier that classify a finding.

      Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

    • firstObservedAt

      public final String firstObservedAt()

      Indicates when the security findings provider first observed the potential security issue that a finding captured.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

      Returns:
      Indicates when the security findings provider first observed the potential security issue that a finding captured.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

    • lastObservedAt

      public final String lastObservedAt()

      Indicates when the security findings provider most recently observed the potential security issue that a finding captured.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

      Returns:
      Indicates when the security findings provider most recently observed the potential security issue that a finding captured.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

    • createdAt

      public final String createdAt()

      Indicates when the security findings provider created the potential security issue that a finding captured.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

      Returns:
      Indicates when the security findings provider created the potential security issue that a finding captured.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

    • updatedAt

      public final String updatedAt()

      Indicates when the security findings provider last updated the finding record.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

      Returns:
      Indicates when the security findings provider last updated the finding record.

      Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

    • severity

      public final Severity severity()

      A finding's severity.

      Returns:
      A finding's severity.
    • confidence

      public final Integer confidence()

      A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

      Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

      Returns:
      A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

      Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

    • criticality

      public final Integer criticality()

      The level of importance assigned to the resources associated with the finding.

      A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

      Returns:
      The level of importance assigned to the resources associated with the finding.

      A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

    • title

      public final String title()

      A finding's title.

      In this release, Title is a required property.

      Returns:
      A finding's title.

      In this release, Title is a required property.

    • description

      public final String description()

      A finding's description.

      In this release, Description is a required property.

      Returns:
      A finding's description.

      In this release, Description is a required property.

    • remediation

      public final Remediation remediation()

      A data type that describes the remediation options for a finding.

      Returns:
      A data type that describes the remediation options for a finding.
    • sourceUrl

      public final String sourceUrl()

      A URL that links to a page about the current finding in the security findings provider's solution.

      Returns:
      A URL that links to a page about the current finding in the security findings provider's solution.
    • hasProductFields

      public final boolean hasProductFields()
      For responses, this returns true if the service returned a value for the ProductFields property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • productFields

      public final Map<String,String> productFields()

      A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

      Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasProductFields() method.

      Returns:
      A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

      Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

    • hasUserDefinedFields

      public final boolean hasUserDefinedFields()
      For responses, this returns true if the service returned a value for the UserDefinedFields property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • userDefinedFields

      public final Map<String,String> userDefinedFields()

      A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasUserDefinedFields() method.

      Returns:
      A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
    • hasMalware

      public final boolean hasMalware()
      For responses, this returns true if the service returned a value for the Malware property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • malware

      public final List<Malware> malware()

      A list of malware related to a finding.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasMalware() method.

      Returns:
      A list of malware related to a finding.
    • network

      public final Network network()

      The details of network-related information about a finding.

      Returns:
      The details of network-related information about a finding.
    • hasNetworkPath

      public final boolean hasNetworkPath()
      For responses, this returns true if the service returned a value for the NetworkPath property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • networkPath

      public final List<NetworkPathComponent> networkPath()

      Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasNetworkPath() method.

      Returns:
      Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.
    • process

      public final ProcessDetails process()

      The details of process-related information about a finding.

      Returns:
      The details of process-related information about a finding.
    • hasThreats

      public final boolean hasThreats()
      For responses, this returns true if the service returned a value for the Threats property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • threats

      public final List<Threat> threats()

      Details about the threat detected in a security finding and the file paths that were affected by the threat.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasThreats() method.

      Returns:
      Details about the threat detected in a security finding and the file paths that were affected by the threat.
    • hasThreatIntelIndicators

      public final boolean hasThreatIntelIndicators()
      For responses, this returns true if the service returned a value for the ThreatIntelIndicators property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • threatIntelIndicators

      public final List<ThreatIntelIndicator> threatIntelIndicators()

      Threat intelligence details related to a finding.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasThreatIntelIndicators() method.

      Returns:
      Threat intelligence details related to a finding.
    • hasResources

      public final boolean hasResources()
      For responses, this returns true if the service returned a value for the Resources property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • resources

      public final List<Resource> resources()

      A set of resource data types that describe the resources that the finding refers to.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasResources() method.

      Returns:
      A set of resource data types that describe the resources that the finding refers to.
    • compliance

      public final Compliance compliance()

      This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

      Returns:
      This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.
    • verificationState

      public final VerificationState verificationState()

      Indicates the veracity of a finding.

      If the service returns an enum value that is not available in the current SDK version, verificationState will return VerificationState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from verificationStateAsString().

      Returns:
      Indicates the veracity of a finding.
      See Also:
    • verificationStateAsString

      public final String verificationStateAsString()

      Indicates the veracity of a finding.

      If the service returns an enum value that is not available in the current SDK version, verificationState will return VerificationState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from verificationStateAsString().

      Returns:
      Indicates the veracity of a finding.
      See Also:
    • workflowState

      public final WorkflowState workflowState()

      The workflow state of a finding.

      If the service returns an enum value that is not available in the current SDK version, workflowState will return WorkflowState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from workflowStateAsString().

      Returns:
      The workflow state of a finding.
      See Also:
    • workflowStateAsString

      public final String workflowStateAsString()

      The workflow state of a finding.

      If the service returns an enum value that is not available in the current SDK version, workflowState will return WorkflowState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from workflowStateAsString().

      Returns:
      The workflow state of a finding.
      See Also:
    • workflow

      public final Workflow workflow()

      Provides information about the status of the investigation into a finding.

      Returns:
      Provides information about the status of the investigation into a finding.
    • recordState

      public final RecordState recordState()

      The record state of a finding.

      If the service returns an enum value that is not available in the current SDK version, recordState will return RecordState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from recordStateAsString().

      Returns:
      The record state of a finding.
      See Also:
    • recordStateAsString

      public final String recordStateAsString()

      The record state of a finding.

      If the service returns an enum value that is not available in the current SDK version, recordState will return RecordState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from recordStateAsString().

      Returns:
      The record state of a finding.
      See Also:
    • hasRelatedFindings

      public final boolean hasRelatedFindings()
      For responses, this returns true if the service returned a value for the RelatedFindings property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • relatedFindings

      public final List<RelatedFinding> relatedFindings()

      A list of related findings.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasRelatedFindings() method.

      Returns:
      A list of related findings.
    • note

      public final Note note()

      A user-defined note added to a finding.

      Returns:
      A user-defined note added to a finding.
    • hasVulnerabilities

      public final boolean hasVulnerabilities()
      For responses, this returns true if the service returned a value for the Vulnerabilities property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.
    • vulnerabilities

      public final List<Vulnerability> vulnerabilities()

      Provides a list of vulnerabilities associated with the findings.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasVulnerabilities() method.

      Returns:
      Provides a list of vulnerabilities associated with the findings.
    • patchSummary

      public final PatchSummary patchSummary()

      Provides an overview of the patch compliance status for an instance against a selected compliance standard.

      Returns:
      Provides an overview of the patch compliance status for an instance against a selected compliance standard.
    • action

      public final Action action()

      Provides details about an action that affects or that was taken on a resource.

      Returns:
      Provides details about an action that affects or that was taken on a resource.
    • findingProviderFields

      public final FindingProviderFields findingProviderFields()

      In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

      Returns:
      In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.
    • sample

      public final Boolean sample()

      Indicates whether the finding is a sample finding.

      Returns:
      Indicates whether the finding is a sample finding.
    • generatorDetails

      public final GeneratorDetails generatorDetails()

      Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.

      Returns:
      Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.
    • processedAt

      public final String processedAt()

      An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process it.

      A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

      Returns:
      An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process it.

      A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

    • awsAccountName

      public final String awsAccountName()

      The name of the Amazon Web Services account from which a finding was generated.

      Returns:
      The name of the Amazon Web Services account from which a finding was generated.
    • toBuilder

      public AwsSecurityFinding.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>
      Returns:
      a builder for type T
    • builder

      public static AwsSecurityFinding.Builder builder()
    • serializableBuilderClass

      public static Class<? extends AwsSecurityFinding.Builder> serializableBuilderClass()
    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object
    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object
    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.
    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object
    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)
    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.