pulumi-aws-kotlin/com.pulumi.aws.securityhub.kotlin/InsightArgs

InsightArgs

data class InsightArgs(val filters: Output<InsightFiltersArgs>? = null, val groupByAttribute: Output<String>? = null, val name: Output<String>? = null) : ConvertibleToJava<InsightArgs>

Provides a Security Hub custom insight resource. See the Managing custom insights section of the AWS User Guide for more information.

Example Usage

Filter by AWS account ID

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.Insight;
import com.pulumi.aws.securityhub.InsightArgs;
import com.pulumi.aws.securityhub.inputs.InsightFiltersArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleAccount = new Account("exampleAccount");
        var exampleInsight = new Insight("exampleInsight", InsightArgs.builder()
            .filters(InsightFiltersArgs.builder()
                .awsAccountIds(
                    InsightFiltersAwsAccountIdArgs.builder()
                        .comparison("EQUALS")
                        .value("1234567890")
                        .build(),
                    InsightFiltersAwsAccountIdArgs.builder()
                        .comparison("EQUALS")
                        .value("09876543210")
                        .build())
                .build())
            .groupByAttribute("AwsAccountId")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleAccount)
                .build());
    }
}

Filter by date range

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.Insight;
import com.pulumi.aws.securityhub.InsightArgs;
import com.pulumi.aws.securityhub.inputs.InsightFiltersArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleAccount = new Account("exampleAccount");
        var exampleInsight = new Insight("exampleInsight", InsightArgs.builder()
            .filters(InsightFiltersArgs.builder()
                .createdAts(InsightFiltersCreatedAtArgs.builder()
                    .dateRange(InsightFiltersCreatedAtDateRangeArgs.builder()
                        .unit("DAYS")
                        .value(5)
                        .build())
                    .build())
                .build())
            .groupByAttribute("CreatedAt")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleAccount)
                .build());
    }
}

Filter by destination IPv4 address

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.Insight;
import com.pulumi.aws.securityhub.InsightArgs;
import com.pulumi.aws.securityhub.inputs.InsightFiltersArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleAccount = new Account("exampleAccount");
        var exampleInsight = new Insight("exampleInsight", InsightArgs.builder()
            .filters(InsightFiltersArgs.builder()
                .networkDestinationIpv4s(InsightFiltersNetworkDestinationIpv4Args.builder()
                    .cidr("10.0.0.0/16")
                    .build())
                .build())
            .groupByAttribute("NetworkDestinationIpV4")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleAccount)
                .build());
    }
}

Filter by finding's confidence

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.Insight;
import com.pulumi.aws.securityhub.InsightArgs;
import com.pulumi.aws.securityhub.inputs.InsightFiltersArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleAccount = new Account("exampleAccount");
        var exampleInsight = new Insight("exampleInsight", InsightArgs.builder()
            .filters(InsightFiltersArgs.builder()
                .confidences(InsightFiltersConfidenceArgs.builder()
                    .gte("80")
                    .build())
                .build())
            .groupByAttribute("Confidence")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleAccount)
                .build());
    }
}

Filter by resource tags

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.Insight;
import com.pulumi.aws.securityhub.InsightArgs;
import com.pulumi.aws.securityhub.inputs.InsightFiltersArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleAccount = new Account("exampleAccount");
        var exampleInsight = new Insight("exampleInsight", InsightArgs.builder()
            .filters(InsightFiltersArgs.builder()
                .resourceTags(InsightFiltersResourceTagArgs.builder()
                    .comparison("EQUALS")
                    .key("Environment")
                    .value("Production")
                    .build())
                .build())
            .groupByAttribute("ResourceTags")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleAccount)
                .build());
    }
}

Import

Security Hub insights can be imported using the ARN, e.g.,

$ pulumi import aws:securityhub/insight:Insight example arn:aws:securityhub:us-west-2:1234567890:insight/1234567890/custom/91299ed7-abd0-4e44-a858-d0b15e37141a

Constructors

InsightArgs

constructor(filters: Output<InsightFiltersArgs>? = null, groupByAttribute: Output<String>? = null, name: Output<String>? = null)

Properties

filters

val filters: Output<InsightFiltersArgs>? = null

A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.

groupByAttribute

val groupByAttribute: Output<String>? = null

The attribute used to group the findings for the insight e.g., if an insight is grouped by ResourceId, then the insight produces a list of resource identifiers.

name

val name: Output<String>? = null

The name of the custom insight.

Functions

toJava

open override fun toJava(): InsightArgs