insights
Creates, updates, deletes or gets an insight resource or lists insights in a region
Overview
| Name | insights |
| Type | Resource |
| Description | The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings. |
| Id | awscc.securityhub.insights |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
insight_arn | string | The ARN of a Security Hub insight |
name | string | The name of a Security Hub insight |
filters | object | One or more attributes used to filter the findings included in the insight |
group_by_attribute | string | The grouping attribute for the insight's findings |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
insight_arn | string | The ARN of a Security Hub insight |
region | string | AWS region. |
For more information, see AWS::SecurityHub::Insight.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | insights | INSERT | Filters, Name, GroupByAttribute, region |
delete_resource | insights | DELETE | Identifier, region |
update_resource | insights | UPDATE | Identifier, PatchDocument, region |
list_resources | insights_list_only | SELECT | region |
get_resource | insights | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual insight.
SELECT
region,
insight_arn,
name,
filters,
group_by_attribute
FROM awscc.securityhub.insights
WHERE
region = '{{ region }}' AND
Identifier = '{{ insight_arn }}';
Lists all insights in a region.
SELECT
region,
insight_arn
FROM awscc.securityhub.insights_list_only
WHERE
region = '{{ region }}';
INSERT example
Use the following StackQL query and manifest file to create a new insight resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.securityhub.insights (
Name,
Filters,
GroupByAttribute,
region
)
SELECT
'{{ name }}',
'{{ filters }}',
'{{ group_by_attribute }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
/*+ create */
INSERT INTO awscc.securityhub.insights (
Name,
Filters,
GroupByAttribute,
region
)
SELECT
'{{ name }}',
'{{ filters }}',
'{{ group_by_attribute }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: insight
props:
- name: name
value: '{{ name }}'
- name: filters
value:
product_arn:
- comparison: '{{ comparison }}'
value: '{{ value }}'
aws_account_id:
- null
aws_account_name:
- null
id:
- null
generator_id:
- null
type:
- null
region:
- null
first_observed_at:
- date_range:
unit: '{{ unit }}'
value: null
end: '{{ end }}'
start: null
last_observed_at:
- null
created_at:
- null
updated_at:
- null
severity_label:
- null
confidence:
- eq: null
gte: null
lte: null
criticality:
- null
title:
- null
description:
- null
recommendation_text:
- null
source_url:
- null
product_fields:
- comparison: '{{ comparison }}'
key: null
value: null
product_name:
- null
company_name:
- null
user_defined_fields:
- null
malware_name:
- null
malware_type:
- null
malware_path:
- null
malware_state:
- null
network_direction:
- null
network_protocol:
- null
network_source_ip_v4:
- cidr: null
network_source_ip_v6:
- null
network_source_port:
- null
network_source_domain:
- null
network_source_mac:
- null
network_destination_ip_v4:
- null
network_destination_ip_v6:
- null
network_destination_port:
- null
network_destination_domain:
- null
process_name:
- null
process_path:
- null
process_pid:
- null
process_parent_pid:
- null
process_launched_at:
- null
process_terminated_at:
- null
threat_intel_indicator_type:
- null
threat_intel_indicator_value:
- null
threat_intel_indicator_category:
- null
threat_intel_indicator_last_observed_at:
- null
threat_intel_indicator_source:
- null
threat_intel_indicator_source_url:
- null
resource_type:
- null
resource_id:
- null
resource_partition:
- null
resource_region:
- null
resource_tags:
- null
resource_aws_ec2_instance_type:
- null
resource_aws_ec2_instance_image_id:
- null
resource_aws_ec2_instance_ip_v4_addresses:
- null
resource_aws_ec2_instance_ip_v6_addresses:
- null
resource_aws_ec2_instance_key_name:
- null
resource_aws_ec2_instance_iam_instance_profile_arn:
- null
resource_aws_ec2_instance_vpc_id:
- null
resource_aws_ec2_instance_subnet_id:
- null
resource_aws_ec2_instance_launched_at:
- null
resource_aws_s3_bucket_owner_id:
- null
resource_aws_s3_bucket_owner_name:
- null
resource_aws_iam_access_key_status:
- null
resource_aws_iam_access_key_created_at:
- null
resource_container_name:
- null
resource_container_image_id:
- null
resource_container_image_name:
- null
resource_container_launched_at:
- null
resource_details_other:
- null
compliance_status:
- null
verification_state:
- null
workflow_state:
- null
workflow_status:
- null
record_state:
- null
related_findings_product_arn:
- null
related_findings_id:
- null
resource_application_arn:
- null
resource_application_name:
- null
note_text:
- null
note_updated_at:
- null
note_updated_by:
- null
sample:
- value: '{{ value }}'
compliance_associated_standards_id:
- null
compliance_security_control_id:
- null
compliance_security_control_parameters_name:
- null
compliance_security_control_parameters_value:
- null
finding_provider_fields_confidence:
- null
finding_provider_fields_criticality:
- null
finding_provider_fields_related_findings_id:
- null
finding_provider_fields_related_findings_product_arn:
- null
finding_provider_fields_severity_label:
- null
finding_provider_fields_severity_original:
- null
finding_provider_fields_types:
- null
resource_aws_iam_access_key_principal_name:
- null
resource_aws_iam_user_user_name:
- null
vulnerabilities_exploit_available:
- null
vulnerabilities_fix_available:
- null
keyword:
- value: null
resource_aws_iam_access_key_user_name:
- null
severity_normalized:
- null
severity_product:
- null
- name: group_by_attribute
value: null
UPDATE example
Use the following StackQL query and manifest file to update a insight resource, using stack-deploy.
/*+ update */
UPDATE awscc.securityhub.insights
SET PatchDocument = string('{{ {
"Name": name,
"Filters": filters,
"GroupByAttribute": group_by_attribute
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ insight_arn }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
DELETE example
/*+ delete */
DELETE FROM awscc.securityhub.insights
WHERE
Identifier = '{{ insight_arn }}' AND
region = '{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
Additional Parameters
Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:
| Parameter | Description |
|---|---|
ClientToken | A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request. |
RoleArn | The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.If you do not specify a role, a temporary session is created using your AWS user credentials. |
TypeVersionId | For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used. |
Permissions
To operate on the insights resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
securityhub:CreateInsight
securityhub:GetInsights
securityhub:UpdateInsight
securityhub:GetInsights,
securityhub:DeleteInsight
securityhub:GetInsights