The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

complianceSecurityControlId

val complianceSecurityControlId: List<StringFilter>?

The security control ID for which a finding was generated. Security control IDs are the same across standards.

complianceStatus

val complianceStatus: List<StringFilter>?

The result of a security check. This field is only used for findings generated from controls.

confidence

val confidence: List<NumberFilter>?

The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the Security Hub User Guide.

createdAt

val createdAt: List<DateFilter>?

A timestamp that indicates when this finding record was created.

criticality

val criticality: List<NumberFilter>?

The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the Security Hub User Guide.

description

val description: List<StringFilter>?

A finding's description.

firstObservedAt

val firstObservedAt: List<DateFilter>?

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

generatorId

val generatorId: List<StringFilter>?

The identifier for the solution-specific component that generated a finding.

val id: List<StringFilter>?

The product-specific identifier for a finding.

lastObservedAt

val lastObservedAt: List<DateFilter>?

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

noteText

val noteText: List<StringFilter>?

The text of a user-defined note that's added to a finding.

noteUpdatedAt

val noteUpdatedAt: List<DateFilter>?

The timestamp of when the note was updated. Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

noteUpdatedBy

val noteUpdatedBy: List<StringFilter>?

The principal that created a note.

productArn

val productArn: List<StringFilter>?

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

productName

val productName: List<StringFilter>?

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

recordState

val recordState: List<StringFilter>?

Provides the current state of a finding.

relatedFindingsId

The product-generated identifier for a related finding.

relatedFindingsProductArn

The ARN for the product that generated a related finding.

resourceApplicationArn

val resourceApplicationArn: List<StringFilter>?

The Amazon Resource Name (ARN) of the application that is related to a finding.

resourceApplicationName

val resourceApplicationName: List<StringFilter>?

The name of the application that is related to a finding.

resourceDetailsOther

val resourceDetailsOther: List<MapFilter>?

Custom fields and values about the resource that a finding pertains to.

resourceId

val resourceId: List<StringFilter>?

The identifier for the given resource type. For Amazon Web Services resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, this is the identifier as defined by the Amazon Web Service that created the resource. For non-Amazon Web Services resources, this is a unique identifier that is associated with the resource.

resourcePartition

val resourcePartition: List<StringFilter>?

The partition in which the resource that the finding pertains to is located. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition.

resourceRegion

val resourceRegion: List<StringFilter>?

The Amazon Web Services Region where the resource that a finding pertains to is located.

resourceTags

val resourceTags: List<MapFilter>?

A list of Amazon Web Services tags associated with a resource at the time the finding was processed.

resourceType

val resourceType: List<StringFilter>?

The type of resource that the finding pertains to.

severityLabel

val severityLabel: List<StringFilter>?

The severity value of the finding.

sourceUrl

val sourceUrl: List<StringFilter>?

Provides a URL that links to a page about the current finding in the finding product.

title

val title: List<StringFilter>?

A finding's title.

type

val type: List<StringFilter>?

One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the Security Hub User Guide.

updatedAt

val updatedAt: List<DateFilter>?

A timestamp that indicates when the finding record was most recently updated.

userDefinedFields

val userDefinedFields: List<MapFilter>?

A list of user-defined name and value string pairs added to a finding.

verificationState

val verificationState: List<StringFilter>?

Provides the veracity of a finding.

workflowStatus

val workflowStatus: List<StringFilter>?

Provides information about the status of the investigation into a finding.