automation_rule_v2s
Creates, updates, deletes or gets an automation_rule_v2 resource or lists automation_rule_v2s in a region
Overview
| Name | automation_rule_v2s |
| Type | Resource |
| Description | Resource schema for AWS::SecurityHub::AutomationRuleV2 |
| Id | awscc.securityhub.automation_rule_v2s |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
rule_name | string | The name of the automation rule |
rule_status | string | The status of the automation rule |
description | string | A description of the automation rule |
rule_order | number | The value for the rule priority |
criteria | object | Defines the parameters and conditions used to evaluate and filter security findings |
actions | array | A list of actions to be performed when the rule criteria is met |
tags | object | A key-value pair to associate with the Security Hub V2 resource. You can specify a key that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. |
rule_arn | string | The ARN of the automation rule |
rule_id | string | The ID of the automation rule |
created_at | string | The date and time, in UTC and ISO 8601 format. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
rule_arn | string | The ARN of the automation rule |
region | string | AWS region. |
For more information, see AWS::SecurityHub::AutomationRuleV2.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | automation_rule_v2s | INSERT | RuleName, Description, RuleOrder, Criteria, Actions, region |
delete_resource | automation_rule_v2s | DELETE | Identifier, region |
update_resource | automation_rule_v2s | UPDATE | Identifier, PatchDocument, region |
list_resources | automation_rule_v2s_list_only | SELECT | region |
get_resource | automation_rule_v2s | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual automation_rule_v2.
SELECT
region,
rule_name,
rule_status,
description,
rule_order,
criteria,
actions,
tags,
rule_arn,
rule_id,
created_at,
updated_at
FROM awscc.securityhub.automation_rule_v2s
WHERE
region = '{{ region }}' AND
Identifier = '{{ rule_arn }}';
Lists all automation_rule_v2s in a region.
SELECT
region,
rule_arn
FROM awscc.securityhub.automation_rule_v2s_list_only
WHERE
region = '{{ region }}';
INSERT example
Use the following StackQL query and manifest file to create a new automation_rule_v2 resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.securityhub.automation_rule_v2s (
RuleName,
Description,
RuleOrder,
Criteria,
Actions,
region
)
SELECT
'{{ rule_name }}',
'{{ description }}',
'{{ rule_order }}',
'{{ criteria }}',
'{{ actions }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
/*+ create */
INSERT INTO awscc.securityhub.automation_rule_v2s (
RuleName,
RuleStatus,
Description,
RuleOrder,
Criteria,
Actions,
Tags,
region
)
SELECT
'{{ rule_name }}',
'{{ rule_status }}',
'{{ description }}',
'{{ rule_order }}',
'{{ criteria }}',
'{{ actions }}',
'{{ tags }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: automation_rule_v2
props:
- name: rule_name
value: '{{ rule_name }}'
- name: rule_status
value: '{{ rule_status }}'
- name: description
value: '{{ description }}'
- name: rule_order
value: null
- name: criteria
value:
ocsf_finding_criteria:
composite_filters:
- string_filters:
- field_name: '{{ field_name }}'
filter:
comparison: '{{ comparison }}'
value: '{{ value }}'
date_filters:
- field_name: '{{ field_name }}'
filter:
date_range:
unit: '{{ unit }}'
value: null
end: '{{ end }}'
start: null
boolean_filters:
- field_name: '{{ field_name }}'
filter:
value: '{{ value }}'
number_filters:
- field_name: '{{ field_name }}'
filter:
eq: null
gte: null
lte: null
map_filters:
- field_name: '{{ field_name }}'
filter:
comparison: '{{ comparison }}'
key: null
value: null
operator: '{{ operator }}'
composite_operator: null
- name: actions
value:
- type: '{{ type }}'
finding_fields_update:
severity_id: '{{ severity_id }}'
comment: '{{ comment }}'
status_id: '{{ status_id }}'
external_integration_configuration:
connector_arn: '{{ connector_arn }}'
- name: tags
value: {}
UPDATE example
Use the following StackQL query and manifest file to update a automation_rule_v2 resource, using stack-deploy.
/*+ update */
UPDATE awscc.securityhub.automation_rule_v2s
SET PatchDocument = string('{{ {
"RuleName": rule_name,
"RuleStatus": rule_status,
"Description": description,
"RuleOrder": rule_order,
"Criteria": criteria,
"Actions": actions,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ rule_arn }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
DELETE example
/*+ delete */
DELETE FROM awscc.securityhub.automation_rule_v2s
WHERE
Identifier = '{{ rule_arn }}' AND
region = '{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
Additional Parameters
Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:
| Parameter | Description |
|---|---|
ClientToken | A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request. |
RoleArn | The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.If you do not specify a role, a temporary session is created using your AWS user credentials. |
TypeVersionId | For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used. |
Permissions
To operate on the automation_rule_v2s resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
securityhub:CreateAutomationRuleV2,
securityhub:GetAutomationRuleV2,
securityhub:TagResource,
securityhub:ListTagsForResource
securityhub:GetAutomationRuleV2,
securityhub:ListTagsForResource
securityhub:UpdateAutomationRuleV2,
securityhub:GetAutomationRuleV2,
securityhub:TagResource,
securityhub:UntagResource,
securityhub:ListTagsForResource
securityhub:GetAutomationRuleV2,
securityhub:DeleteAutomationRuleV2
securityhub:ListAutomationRulesV2,
securityhub:ListTagsForResource