Class: Aws::SecurityHub::Types::FindingProviderFields

Inherits:
Struct
  • Object
show all
Includes:
Aws::Structure
Defined in:
lib/aws-sdk-securityhub/types.rb

Overview

In a [ ‘BatchImportFindings` ][1] request, finding providers use `FindingProviderFields` to provide and update values for the following fields:

  • ‘Confidence`

  • ‘Criticality`

  • ‘RelatedFindings`

  • ‘Severity`

  • ‘Types`

The preceding fields are nested under the ‘FindingProviderFields` object, but also have analogues of the same name as top-level ASFF fields. When a new finding is sent to Security Hub by a finding provider, Security Hub populates the `FindingProviderFields` object automatically, if it is empty, based on the corresponding top-level fields.

Finding providers can update ‘FindingProviderFields` only by using the `BatchImportFindings` operation. Finding providers can’t update this object with the [ ‘BatchUpdateFindings` ][2] operation. Customers can update the top-level fields by using the `BatchUpdateFindings` operation. Customers can’t update ‘FindingProviderFields`.

For information about how Security Hub handles updates from ‘BatchImportFindings` to `FindingProviderFields` and to the corresponding top-level attributes, see [Using `FindingProviderFields` ][3] in the *Security Hub User Guide*.

[1]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html [2]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html [3]: docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchimportfindings.html#batchimportfindings-findingproviderfields

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#confidenceInteger

A finding’s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

  • (Integer) 


25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#criticalityInteger

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Integer) 


25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#related_findingsArray<Types::RelatedFinding>

A list of findings that are related to the current finding.

Returns:



25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#severityTypes::FindingProviderSeverity

The severity of a finding.

Returns:



25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end

#typesArray<String>

One or more finding types in the format of ‘namespace/category/classifier` that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Returns:

  • (Array<String>) 


25015
25016
25017
25018
25019
25020
25021
25022
25023
 
# File 'lib/aws-sdk-securityhub/types.rb', line 25015

class FindingProviderFields < Struct.new(
  :confidence,
  :criticality,
  :related_findings,
  :severity,
  :types)
  SENSITIVE = []
  include Aws::Structure
end