Class AwsSecurityFinding
- All Implemented Interfaces:
Serializable
,SdkPojo
,ToCopyableBuilder<AwsSecurityFinding.Builder,
AwsSecurityFinding>
Provides a consistent format for Security Hub findings. AwsSecurityFinding
format allows you to share
findings between Amazon Web Services security services and third-party solutions.
A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal Action
action()
Provides details about an action that affects or that was taken on a resource.final String
The Amazon Web Services account ID that a finding is generated in.final String
The name of the Amazon Web Services account from which a finding was generated.static AwsSecurityFinding.Builder
builder()
final String
The name of the company for the product that generated the finding.final Compliance
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations.final Integer
A finding's confidence.final String
Indicates when the security findings provider created the potential security issue that a finding captured.final Integer
The level of importance assigned to the resources associated with the finding.final String
A finding's description.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final FindingProviderFields
In aBatchImportFindings
request, finding providers useFindingProviderFields
to provide and update their own values for confidence, criticality, related findings, severity, and types.final String
Indicates when the security findings provider first observed the potential security issue that a finding captured.final GeneratorDetails
Provides metadata for the Amazon CodeGuru detector associated with a finding.final String
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) final int
hashCode()
final boolean
For responses, this returns true if the service returned a value for the Malware property.final boolean
For responses, this returns true if the service returned a value for the NetworkPath property.final boolean
For responses, this returns true if the service returned a value for the ProductFields property.final boolean
For responses, this returns true if the service returned a value for the RelatedFindings property.final boolean
For responses, this returns true if the service returned a value for the Resources property.final boolean
For responses, this returns true if the service returned a value for the ThreatIntelIndicators property.final boolean
For responses, this returns true if the service returned a value for the Threats property.final boolean
hasTypes()
For responses, this returns true if the service returned a value for the Types property.final boolean
For responses, this returns true if the service returned a value for the UserDefinedFields property.final boolean
For responses, this returns true if the service returned a value for the Vulnerabilities property.final String
id()
The security findings provider-specific identifier for a finding.final String
Indicates when the security findings provider most recently observed the potential security issue that a finding captured.malware()
A list of malware related to a finding.final Network
network()
The details of network-related information about a finding.final List
<NetworkPathComponent> Provides information about a network path that is relevant to a finding.final Note
note()
A user-defined note added to a finding.final PatchSummary
Provides an overview of the patch compliance status for an instance against a selected compliance standard.final ProcessDetails
process()
The details of process-related information about a finding.final String
An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process it.final String
The ARN generated by Security Hub that uniquely identifies a product that generates findings.A data type where security findings providers can include additional solution-specific details that aren't part of the definedAwsSecurityFinding
format.final String
The name of the product that generated the finding.final RecordState
The record state of a finding.final String
The record state of a finding.final String
region()
The Region from which the finding was generated.final List
<RelatedFinding> A list of related findings.final Remediation
A data type that describes the remediation options for a finding.A set of resource data types that describe the resources that the finding refers to.final Boolean
sample()
Indicates whether the finding is a sample finding.final String
The schema version that a finding is formatted for.static Class
<? extends AwsSecurityFinding.Builder> final Severity
severity()
A finding's severity.final String
A URL that links to a page about the current finding in the security findings provider's solution.final List
<ThreatIntelIndicator> Threat intelligence details related to a finding.threats()
Details about the threat detected in a security finding and the file paths that were affected by the threat.final String
title()
A finding's title.Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.types()
One or more finding types in the format ofnamespace/category/classifier
that classify a finding.final String
Indicates when the security findings provider last updated the finding record.A list of name/value string pairs associated with the finding.final VerificationState
Indicates the veracity of a finding.final String
Indicates the veracity of a finding.final List
<Vulnerability> Provides a list of vulnerabilities associated with the findings.final Workflow
workflow()
Provides information about the status of the investigation into a finding.final WorkflowState
The workflow state of a finding.final String
The workflow state of a finding.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
schemaVersion
The schema version that a finding is formatted for.
- Returns:
- The schema version that a finding is formatted for.
-
id
The security findings provider-specific identifier for a finding.
- Returns:
- The security findings provider-specific identifier for a finding.
-
productArn
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
- Returns:
- The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
-
productName
The name of the product that generated the finding.
Security Hub populates this attribute automatically for each finding. You cannot update this attribute with
BatchImportFindings
orBatchUpdateFindings
. The exception to this is a custom integration.When you use the Security Hub console or API to filter findings by product name, you use this attribute.
- Returns:
- The name of the product that generated the finding.
Security Hub populates this attribute automatically for each finding. You cannot update this attribute with
BatchImportFindings
orBatchUpdateFindings
. The exception to this is a custom integration.When you use the Security Hub console or API to filter findings by product name, you use this attribute.
-
companyName
The name of the company for the product that generated the finding.
Security Hub populates this attribute automatically for each finding. You cannot update this attribute with
BatchImportFindings
orBatchUpdateFindings
. The exception to this is a custom integration.When you use the Security Hub console or API to filter findings by company name, you use this attribute.
- Returns:
- The name of the company for the product that generated the finding.
Security Hub populates this attribute automatically for each finding. You cannot update this attribute with
BatchImportFindings
orBatchUpdateFindings
. The exception to this is a custom integration.When you use the Security Hub console or API to filter findings by company name, you use this attribute.
-
region
The Region from which the finding was generated.
Security Hub populates this attribute automatically for each finding. You cannot update it using
BatchImportFindings
orBatchUpdateFindings
.- Returns:
- The Region from which the finding was generated.
Security Hub populates this attribute automatically for each finding. You cannot update it using
BatchImportFindings
orBatchUpdateFindings
.
-
generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
- Returns:
- The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
-
awsAccountId
The Amazon Web Services account ID that a finding is generated in.
- Returns:
- The Amazon Web Services account ID that a finding is generated in.
-
hasTypes
public final boolean hasTypes()For responses, this returns true if the service returned a value for the Types property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
types
One or more finding types in the format of
namespace/category/classifier
that classify a finding.Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasTypes()
method.- Returns:
- One or more finding types in the format of
namespace/category/classifier
that classify a finding.Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
-
firstObservedAt
Indicates when the security findings provider first observed the potential security issue that a finding captured.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.- Returns:
- Indicates when the security findings provider first observed the potential security issue that a finding
captured.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.
-
lastObservedAt
Indicates when the security findings provider most recently observed the potential security issue that a finding captured.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.- Returns:
- Indicates when the security findings provider most recently observed the potential security issue that a
finding captured.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.
-
createdAt
Indicates when the security findings provider created the potential security issue that a finding captured.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.- Returns:
- Indicates when the security findings provider created the potential security issue that a finding
captured.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.
-
updatedAt
Indicates when the security findings provider last updated the finding record.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.- Returns:
- Indicates when the security findings provider last updated the finding record.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated byT
. For example,2020-03-22T13:22:13.933Z
.
-
severity
A finding's severity.
- Returns:
- A finding's severity.
-
confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
- Returns:
- A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the
behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
-
criticality
The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
- Returns:
- The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
-
title
A finding's title.
In this release,
Title
is a required property.- Returns:
- A finding's title.
In this release,
Title
is a required property.
-
description
A finding's description.
In this release,
Description
is a required property.- Returns:
- A finding's description.
In this release,
Description
is a required property.
-
remediation
A data type that describes the remediation options for a finding.
- Returns:
- A data type that describes the remediation options for a finding.
-
sourceUrl
A URL that links to a page about the current finding in the security findings provider's solution.
- Returns:
- A URL that links to a page about the current finding in the security findings provider's solution.
-
hasProductFields
public final boolean hasProductFields()For responses, this returns true if the service returned a value for the ProductFields property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
productFields
A data type where security findings providers can include additional solution-specific details that aren't part of the defined
AwsSecurityFinding
format.Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasProductFields()
method.- Returns:
- A data type where security findings providers can include additional solution-specific details that
aren't part of the defined
AwsSecurityFinding
format.Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.
-
hasUserDefinedFields
public final boolean hasUserDefinedFields()For responses, this returns true if the service returned a value for the UserDefinedFields property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasUserDefinedFields()
method.- Returns:
- A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
-
hasMalware
public final boolean hasMalware()For responses, this returns true if the service returned a value for the Malware property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
malware
A list of malware related to a finding.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasMalware()
method.- Returns:
- A list of malware related to a finding.
-
network
The details of network-related information about a finding.
- Returns:
- The details of network-related information about a finding.
-
hasNetworkPath
public final boolean hasNetworkPath()For responses, this returns true if the service returned a value for the NetworkPath property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
networkPath
Provides information about a network path that is relevant to a finding. Each entry under
NetworkPath
represents a component of that path.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasNetworkPath()
method.- Returns:
- Provides information about a network path that is relevant to a finding. Each entry under
NetworkPath
represents a component of that path.
-
process
The details of process-related information about a finding.
- Returns:
- The details of process-related information about a finding.
-
hasThreats
public final boolean hasThreats()For responses, this returns true if the service returned a value for the Threats property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
threats
Details about the threat detected in a security finding and the file paths that were affected by the threat.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasThreats()
method.- Returns:
- Details about the threat detected in a security finding and the file paths that were affected by the threat.
-
hasThreatIntelIndicators
public final boolean hasThreatIntelIndicators()For responses, this returns true if the service returned a value for the ThreatIntelIndicators property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
threatIntelIndicators
Threat intelligence details related to a finding.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasThreatIntelIndicators()
method.- Returns:
- Threat intelligence details related to a finding.
-
hasResources
public final boolean hasResources()For responses, this returns true if the service returned a value for the Resources property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
resources
A set of resource data types that describe the resources that the finding refers to.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasResources()
method.- Returns:
- A set of resource data types that describe the resources that the finding refers to.
-
compliance
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.
- Returns:
- This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.
-
verificationState
Indicates the veracity of a finding.
If the service returns an enum value that is not available in the current SDK version,
verificationState
will returnVerificationState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromverificationStateAsString()
.- Returns:
- Indicates the veracity of a finding.
- See Also:
-
verificationStateAsString
Indicates the veracity of a finding.
If the service returns an enum value that is not available in the current SDK version,
verificationState
will returnVerificationState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromverificationStateAsString()
.- Returns:
- Indicates the veracity of a finding.
- See Also:
-
workflowState
The workflow state of a finding.
If the service returns an enum value that is not available in the current SDK version,
workflowState
will returnWorkflowState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromworkflowStateAsString()
.- Returns:
- The workflow state of a finding.
- See Also:
-
workflowStateAsString
The workflow state of a finding.
If the service returns an enum value that is not available in the current SDK version,
workflowState
will returnWorkflowState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromworkflowStateAsString()
.- Returns:
- The workflow state of a finding.
- See Also:
-
workflow
Provides information about the status of the investigation into a finding.
- Returns:
- Provides information about the status of the investigation into a finding.
-
recordState
The record state of a finding.
If the service returns an enum value that is not available in the current SDK version,
recordState
will returnRecordState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromrecordStateAsString()
.- Returns:
- The record state of a finding.
- See Also:
-
recordStateAsString
The record state of a finding.
If the service returns an enum value that is not available in the current SDK version,
recordState
will returnRecordState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromrecordStateAsString()
.- Returns:
- The record state of a finding.
- See Also:
-
hasRelatedFindings
public final boolean hasRelatedFindings()For responses, this returns true if the service returned a value for the RelatedFindings property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
note
A user-defined note added to a finding.
- Returns:
- A user-defined note added to a finding.
-
hasVulnerabilities
public final boolean hasVulnerabilities()For responses, this returns true if the service returned a value for the Vulnerabilities property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
vulnerabilities
Provides a list of vulnerabilities associated with the findings.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasVulnerabilities()
method.- Returns:
- Provides a list of vulnerabilities associated with the findings.
-
patchSummary
Provides an overview of the patch compliance status for an instance against a selected compliance standard.
- Returns:
- Provides an overview of the patch compliance status for an instance against a selected compliance standard.
-
action
Provides details about an action that affects or that was taken on a resource.
- Returns:
- Provides details about an action that affects or that was taken on a resource.
-
findingProviderFields
In a
BatchImportFindings
request, finding providers useFindingProviderFields
to provide and update their own values for confidence, criticality, related findings, severity, and types.- Returns:
- In a
BatchImportFindings
request, finding providers useFindingProviderFields
to provide and update their own values for confidence, criticality, related findings, severity, and types.
-
sample
Indicates whether the finding is a sample finding.
- Returns:
- Indicates whether the finding is a sample finding.
-
generatorDetails
Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.
- Returns:
- Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.
-
processedAt
An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process it.
A correctly formatted example is
2020-05-21T20:16:34.724Z
. The value cannot contain spaces, and date and time should be separated byT
. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.- Returns:
- An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process
it.
A correctly formatted example is
2020-05-21T20:16:34.724Z
. The value cannot contain spaces, and date and time should be separated byT
. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.
-
awsAccountName
The name of the Amazon Web Services account from which a finding was generated.
- Returns:
- The name of the Amazon Web Services account from which a finding was generated.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<AwsSecurityFinding.Builder,
AwsSecurityFinding> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode() -
equals
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
-
sdkFields
-