AutomationRule

One or more actions to update finding fields if a finding matches the conditions specified in `Criteria`.

A timestamp that indicates when the rule was created. Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.

A description of the rule.

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

The name of the rule.

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

Whether the rule is active after it is created. If this parameter is equal to `ENABLED`, ASH applies the rule to findings and finding updates after the rule is created.

User-defined tags associated with an automation rule.

A timestamp that indicates when the rule was most recently updated. Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .