createAutomationRule
abstract suspend fun createAutomationRule(input: CreateAutomationRuleRequest): CreateAutomationRuleResponse
Creates an automation rule based on input parameters.
Samples
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesAction
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesActionType
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesFindingFieldsUpdate
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesFindingFilters
import aws.sdk.kotlin.services.securityhub.model.NoteUpdate
import aws.sdk.kotlin.services.securityhub.model.RuleStatus
import aws.sdk.kotlin.services.securityhub.model.SeverityLabel
import aws.sdk.kotlin.services.securityhub.model.SeverityUpdate
import aws.sdk.kotlin.services.securityhub.model.StringFilter
import aws.sdk.kotlin.services.securityhub.model.StringFilterComparison
fun main() {
//sampleStart
// The following example creates an automation rule.
val resp = securityHubClient.createAutomationRule {
tags = mapOf<String, String>(
"important-resources-rule" to "s3-bucket"
)
ruleStatus = RuleStatus.fromValue("ENABLED")
ruleOrder = 1
ruleName = "Elevate severity for important resources"
description = "Elevate finding severity to Critical for important resources"
isTerminal = false
criteria = AutomationRulesFindingFilters {
productName = listOf<StringFilter>(
StringFilter {
value = "Security Hub"
comparison = StringFilterComparison.fromValue("EQUALS")
}
)
complianceStatus = listOf<StringFilter>(
StringFilter {
value = "FAILED"
comparison = StringFilterComparison.fromValue("EQUALS")
}
)
recordState = listOf<StringFilter>(
StringFilter {
value = "ACTIVE"
comparison = StringFilterComparison.fromValue("EQUALS")
}
)
workflowStatus = listOf<StringFilter>(
StringFilter {
value = "NEW"
comparison = StringFilterComparison.fromValue("EQUALS")
}
)
resourceId = listOf<StringFilter>(
StringFilter {
value = "arn:aws:s3:::examplebucket/developers/design_info.doc"
comparison = StringFilterComparison.fromValue("EQUALS")
}
)
}
actions = listOf<AutomationRulesAction>(
AutomationRulesAction {
type = AutomationRulesActionType.fromValue("FINDING_FIELDS_UPDATE")
findingFieldsUpdate = AutomationRulesFindingFieldsUpdate {
severity = SeverityUpdate {
label = SeverityLabel.fromValue("CRITICAL")
}
note = NoteUpdate {
text = "This is a critical S3 bucket, please look into this ASAP"
updatedBy = "test-user"
}
}
}
)
}
//sampleEnd
}