automation_rule_v2s

Creates, updates, deletes or gets an automation_rule_v2 resource or lists automation_rule_v2s in a region

Overview

Name	`automation_rule_v2s`
Type	Resource
Description	Resource schema for AWS::SecurityHub::AutomationRuleV2
Id	`awscc.securityhub.automation_rule_v2s`

Fields

Name	Datatype	Description
`rule_name`	`string`	The name of the automation rule
`rule_status`	`string`	The status of the automation rule
`description`	`string`	A description of the automation rule
`rule_order`	`number`	The value for the rule priority
▶`criteria`	`object`	Defines the parameters and conditions used to evaluate and filter security findings
▶`actions`	`array`	A list of actions to be performed when the rule criteria is met
`tags`	`object`	A key-value pair to associate with the Security Hub V2 resource. You can specify a key that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
`rule_arn`	`string`	The ARN of the automation rule
`rule_id`	`string`	The ID of the automation rule
`created_at`	`string`	The date and time, in UTC and ISO 8601 format.
`region`	`string`	AWS region.

For more information, see AWS::SecurityHub::AutomationRuleV2.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`RuleName, Description, RuleOrder, Criteria, Actions, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all properties from an individual automation_rule_v2.

SELECT
region,
rule_name,
rule_status,
description,
rule_order,
criteria,
actions,
tags,
rule_arn,
rule_id,
created_at,
updated_at
FROM awscc.securityhub.automation_rule_v2s
WHERE region = 'us-east-1' AND data__Identifier = '<RuleArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new automation_rule_v2 resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.securityhub.automation_rule_v2s (
 RuleName,
 Description,
 RuleOrder,
 Criteria,
 Actions,
 region
)
SELECT 
'{{ RuleName }}',
 '{{ Description }}',
 '{{ RuleOrder }}',
 '{{ Criteria }}',
 '{{ Actions }}',
'{{ region }}';

/*+ create */
INSERT INTO awscc.securityhub.automation_rule_v2s (
 RuleName,
 RuleStatus,
 Description,
 RuleOrder,
 Criteria,
 Actions,
 Tags,
 region
)
SELECT 
 '{{ RuleName }}',
 '{{ RuleStatus }}',
 '{{ Description }}',
 '{{ RuleOrder }}',
 '{{ Criteria }}',
 '{{ Actions }}',
 '{{ Tags }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: automation_rule_v2
    props:
      - name: RuleName
        value: '{{ RuleName }}'
      - name: RuleStatus
        value: '{{ RuleStatus }}'
      - name: Description
        value: '{{ Description }}'
      - name: RuleOrder
        value: null
      - name: Criteria
        value:
          OcsfFindingCriteria:
            CompositeFilters:
              - StringFilters:
                  - FieldName: '{{ FieldName }}'
                    Filter:
                      Comparison: '{{ Comparison }}'
                      Value: '{{ Value }}'
                DateFilters:
                  - FieldName: '{{ FieldName }}'
                    Filter:
                      DateRange:
                        Unit: '{{ Unit }}'
                        Value: null
                      End: '{{ End }}'
                      Start: null
                BooleanFilters:
                  - FieldName: '{{ FieldName }}'
                    Filter:
                      Value: '{{ Value }}'
                NumberFilters:
                  - FieldName: '{{ FieldName }}'
                    Filter:
                      Eq: null
                      Gte: null
                      Lte: null
                MapFilters:
                  - FieldName: '{{ FieldName }}'
                    Filter:
                      Comparison: '{{ Comparison }}'
                      Key: null
                      Value: null
                Operator: '{{ Operator }}'
            CompositeOperator: null
      - name: Actions
        value:
          - Type: '{{ Type }}'
            FindingFieldsUpdate:
              SeverityId: '{{ SeverityId }}'
              Comment: '{{ Comment }}'
              StatusId: '{{ StatusId }}'
            ExternalIntegrationConfiguration:
              ConnectorArn: '{{ ConnectorArn }}'
      - name: Tags
        value: {}

`DELETE` example

/*+ delete */
DELETE FROM awscc.securityhub.automation_rule_v2s
WHERE data__Identifier = '<RuleArn>'
AND region = 'us-east-1';

Permissions

To operate on the automation_rule_v2s resource, the following permissions are required:

Create

securityhub:CreateAutomationRuleV2,
securityhub:GetAutomationRuleV2,
securityhub:TagResource,
securityhub:ListTagsForResource

Read

securityhub:GetAutomationRuleV2,
securityhub:ListTagsForResource

Update

securityhub:UpdateAutomationRuleV2,
securityhub:GetAutomationRuleV2,
securityhub:TagResource,
securityhub:UntagResource,
securityhub:ListTagsForResource

Delete

securityhub:GetAutomationRuleV2,
securityhub:DeleteAutomationRuleV2

List

securityhub:ListAutomationRulesV2,
securityhub:ListTagsForResource

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​