pulumi-aws-kotlin/com.pulumi.aws.guardduty.kotlin/FilterArgs

FilterArgs

data class FilterArgs(val action: Output<String>? = null, val description: Output<String>? = null, val detectorId: Output<String>? = null, val findingCriteria: Output<FilterFindingCriteriaArgs>? = null, val name: Output<String>? = null, val rank: Output<Int>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<FilterArgs>

Provides a resource to manage a GuardDuty filter.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.guardduty.Filter;
import com.pulumi.aws.guardduty.FilterArgs;
import com.pulumi.aws.guardduty.inputs.FilterFindingCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var myFilter = new Filter("myFilter", FilterArgs.builder()
            .action("ARCHIVE")
            .detectorId(aws_guardduty_detector.example().id())
            .rank(1)
            .findingCriteria(FilterFindingCriteriaArgs.builder()
                .criterions(
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("region")
                        .equals("eu-west-1")
                        .build(),
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("service.additionalInfo.threatListName")
                        .notEquals(
                            "some-threat",
                            "another-threat")
                        .build(),
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("updatedAt")
                        .greaterThan("2020-01-01T00:00:00Z")
                        .lessThan("2020-02-01T00:00:00Z")
                        .build(),
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("severity")
                        .greaterThanOrEqual("4")
                        .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

GuardDuty filters can be imported using the detector ID and filter's name separated by a colon, e.g.,

$ pulumi import aws:guardduty/filter:Filter MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilter
Content copied to clipboard

Constructors

Link copied to clipboard
fun FilterArgs(action: Output<String>? = null, description: Output<String>? = null, detectorId: Output<String>? = null, findingCriteria: Output<FilterFindingCriteriaArgs>? = null, name: Output<String>? = null, rank: Output<Int>? = null, tags: Output<Map<String, String>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): FilterArgs

Properties

Link copied to clipboard
val action: Output<String>? = null

Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.

Link copied to clipboard
val description: Output<String>? = null

Description of the filter.

Link copied to clipboard
val detectorId: Output<String>? = null

ID of a GuardDuty detector, attached to your account.

Link copied to clipboard
val findingCriteria: Output<FilterFindingCriteriaArgs>? = null

Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.

Link copied to clipboard
val name: Output<String>? = null

The name of your filter.

Link copied to clipboard
val rank: Output<Int>? = null

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.