createAutomationRule

Creates an automation rule based on input parameters.

Samples

import aws.sdk.kotlin.services.securityhub.model.AutomationRulesAction
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesActionType
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesFindingFieldsUpdate
import aws.sdk.kotlin.services.securityhub.model.AutomationRulesFindingFilters
import aws.sdk.kotlin.services.securityhub.model.NoteUpdate
import aws.sdk.kotlin.services.securityhub.model.RuleStatus
import aws.sdk.kotlin.services.securityhub.model.SeverityLabel
import aws.sdk.kotlin.services.securityhub.model.SeverityUpdate
import aws.sdk.kotlin.services.securityhub.model.StringFilter
import aws.sdk.kotlin.services.securityhub.model.StringFilterComparison

fun main() { 
   //sampleStart 
   // The following example creates an automation rule.
val resp = securityHubClient.createAutomationRule {
    tags = mapOf<String, String>(
        "important-resources-rule" to "s3-bucket"
    )
    ruleStatus = RuleStatus.fromValue("ENABLED")
    ruleOrder = 1
    ruleName = "Elevate severity for important resources"
    description = "Elevate finding severity to Critical for important resources"
    isTerminal = false
    criteria = AutomationRulesFindingFilters {
        productName = listOf<StringFilter>(
            StringFilter {
                value = "Security Hub"
                comparison = StringFilterComparison.fromValue("EQUALS")
            }                
        )
        complianceStatus = listOf<StringFilter>(
            StringFilter {
                value = "FAILED"
                comparison = StringFilterComparison.fromValue("EQUALS")
            }                
        )
        recordState = listOf<StringFilter>(
            StringFilter {
                value = "ACTIVE"
                comparison = StringFilterComparison.fromValue("EQUALS")
            }                
        )
        workflowStatus = listOf<StringFilter>(
            StringFilter {
                value = "NEW"
                comparison = StringFilterComparison.fromValue("EQUALS")
            }                
        )
        resourceId = listOf<StringFilter>(
            StringFilter {
                value = "arn:aws:s3:::examplebucket/developers/design_info.doc"
                comparison = StringFilterComparison.fromValue("EQUALS")
            }                
        )
    }
    actions = listOf<AutomationRulesAction>(
        AutomationRulesAction {
            type = AutomationRulesActionType.fromValue("FINDING_FIELDS_UPDATE")
            findingFieldsUpdate = AutomationRulesFindingFieldsUpdate {
                severity = SeverityUpdate {
                    label = SeverityLabel.fromValue("CRITICAL")
                }
                note = NoteUpdate {
                    text = "This is a critical S3 bucket, please look into this ASAP"
                    updatedBy = "test-user"
                }
            }
        }            
    )
} 
   //sampleEnd
}