automation_rule_v2s
Creates, updates, deletes or gets an automation_rule_v2 resource or lists automation_rule_v2s in a region
Overview
| Name | automation_rule_v2s |
| Type | Resource |
| Description | Resource schema for AWS::SecurityHub::AutomationRuleV2 |
| Id | awscc.securityhub.automation_rule_v2s |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
rule_name | string | The name of the automation rule |
rule_status | string | The status of the automation rule |
description | string | A description of the automation rule |
rule_order | number | The value for the rule priority |
criteria | object | Defines the parameters and conditions used to evaluate and filter security findings |
actions | array | A list of actions to be performed when the rule criteria is met |
tags | object | A key-value pair to associate with the Security Hub V2 resource. You can specify a key that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. |
rule_arn | string | The ARN of the automation rule |
rule_id | string | The ID of the automation rule |
created_at | string | The date and time, in UTC and ISO 8601 format. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
rule_arn | string | The ARN of the automation rule |
region | string | AWS region. |
For more information, see AWS::SecurityHub::AutomationRuleV2.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | automation_rule_v2s | INSERT | RuleName, Description, RuleOrder, Criteria, Actions, region |
delete_resource | automation_rule_v2s | DELETE | Identifier, region |
update_resource | automation_rule_v2s | UPDATE | Identifier, PatchDocument, region |
list_resources | automation_rule_v2s_list_only | SELECT | region |
get_resource | automation_rule_v2s | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual automation_rule_v2.
SELECT
region,
rule_name,
rule_status,
description,
rule_order,
criteria,
actions,
tags,
rule_arn,
rule_id,
created_at,
updated_at
FROM awscc.securityhub.automation_rule_v2s
WHERE
region = 'us-east-1' AND
Identifier = '{{ rule_arn }}';
Lists all automation_rule_v2s in a region.
SELECT
region,
rule_arn
FROM awscc.securityhub.automation_rule_v2s_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new automation_rule_v2 resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.securityhub.automation_rule_v2s (
RuleName,
Description,
RuleOrder,
Criteria,
Actions,
region
)
SELECT
'{{ rule_name }}',
'{{ description }}',
'{{ rule_order }}',
'{{ criteria }}',
'{{ actions }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.securityhub.automation_rule_v2s (
RuleName,
RuleStatus,
Description,
RuleOrder,
Criteria,
Actions,
Tags,
region
)
SELECT
'{{ rule_name }}',
'{{ rule_status }}',
'{{ description }}',
'{{ rule_order }}',
'{{ criteria }}',
'{{ actions }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: automation_rule_v2
props:
- name: rule_name
value: '{{ rule_name }}'
- name: rule_status
value: '{{ rule_status }}'
- name: description
value: '{{ description }}'
- name: rule_order
value: null
- name: criteria
value:
ocsf_finding_criteria:
composite_filters:
- string_filters:
- field_name: '{{ field_name }}'
filter:
comparison: '{{ comparison }}'
value: '{{ value }}'
date_filters:
- field_name: '{{ field_name }}'
filter:
date_range:
unit: '{{ unit }}'
value: null
end: '{{ end }}'
start: null
boolean_filters:
- field_name: '{{ field_name }}'
filter:
value: '{{ value }}'
number_filters:
- field_name: '{{ field_name }}'
filter:
eq: null
gte: null
lte: null
map_filters:
- field_name: '{{ field_name }}'
filter:
comparison: '{{ comparison }}'
key: null
value: null
operator: '{{ operator }}'
composite_operator: null
- name: actions
value:
- type: '{{ type }}'
finding_fields_update:
severity_id: '{{ severity_id }}'
comment: '{{ comment }}'
status_id: '{{ status_id }}'
external_integration_configuration:
connector_arn: '{{ connector_arn }}'
- name: tags
value: {}
UPDATE example
Use the following StackQL query and manifest file to update a automation_rule_v2 resource, using stack-deploy.
/*+ update */
UPDATE awscc.securityhub.automation_rule_v2s
SET PatchDocument = string('{{ {
"RuleName": rule_name,
"RuleStatus": rule_status,
"Description": description,
"RuleOrder": rule_order,
"Criteria": criteria,
"Actions": actions,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ rule_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.securityhub.automation_rule_v2s
WHERE
Identifier = '{{ rule_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the automation_rule_v2s resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
securityhub:CreateAutomationRuleV2,
securityhub:GetAutomationRuleV2,
securityhub:TagResource,
securityhub:ListTagsForResource
securityhub:GetAutomationRuleV2,
securityhub:ListTagsForResource
securityhub:UpdateAutomationRuleV2,
securityhub:GetAutomationRuleV2,
securityhub:TagResource,
securityhub:UntagResource,
securityhub:ListTagsForResource
securityhub:GetAutomationRuleV2,
securityhub:DeleteAutomationRuleV2
securityhub:ListAutomationRulesV2,
securityhub:ListTagsForResource