pulumi-aws-kotlin/com.pulumi.aws.guardduty.kotlin/Filter

Filter

class Filter : KotlinCustomResource

Provides a resource to manage a GuardDuty filter.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myFilter = new aws.guardduty.Filter("MyFilter", {
    name: "MyFilter",
    action: "ARCHIVE",
    detectorId: example.id,
    rank: 1,
    findingCriteria: {
        criterions: [
            {
                field: "region",
                equals: ["eu-west-1"],
            },
            {
                field: "service.additionalInfo.threatListName",
                notEquals: [
                    "some-threat",
                    "another-threat",
                ],
            },
            {
                field: "updatedAt",
                greaterThan: "2020-01-01T00:00:00Z",
                lessThan: "2020-02-01T00:00:00Z",
            },
            {
                field: "severity",
                greaterThanOrEqual: "4",
            },
        ],
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
my_filter = aws.guardduty.Filter("MyFilter",
    name="MyFilter",
    action="ARCHIVE",
    detector_id=example["id"],
    rank=1,
    finding_criteria=aws.guardduty.FilterFindingCriteriaArgs(
        criterions=[
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="region",
                equals=["eu-west-1"],
            ),
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="service.additionalInfo.threatListName",
                not_equals=[
                    "some-threat",
                    "another-threat",
                ],
            ),
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="updatedAt",
                greater_than="2020-01-01T00:00:00Z",
                less_than="2020-02-01T00:00:00Z",
            ),
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="severity",
                greater_than_or_equal="4",
            ),
        ],
    ))
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var myFilter = new Aws.GuardDuty.Filter("MyFilter", new()
    {
        Name = "MyFilter",
        Action = "ARCHIVE",
        DetectorId = example.Id,
        Rank = 1,
        FindingCriteria = new Aws.GuardDuty.Inputs.FilterFindingCriteriaArgs
        {
            Criterions = new[]
            {
                new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                {
                    Field = "region",
                    Equals = new[]
                    {
                        "eu-west-1",
                    },
                },
                new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                {
                    Field = "service.additionalInfo.threatListName",
                    NotEquals = new[]
                    {
                        "some-threat",
                        "another-threat",
                    },
                },
                new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                {
                    Field = "updatedAt",
                    GreaterThan = "2020-01-01T00:00:00Z",
                    LessThan = "2020-02-01T00:00:00Z",
                },
                new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                {
                    Field = "severity",
                    GreaterThanOrEqual = "4",
                },
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/guardduty"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.NewFilter(ctx, "MyFilter", &guardduty.FilterArgs{
			Name:       pulumi.String("MyFilter"),
			Action:     pulumi.String("ARCHIVE"),
			DetectorId: pulumi.Any(example.Id),
			Rank:       pulumi.Int(1),
			FindingCriteria: &guardduty.FilterFindingCriteriaArgs{
				Criterions: guardduty.FilterFindingCriteriaCriterionArray{
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field: pulumi.String("region"),
						Equals: pulumi.StringArray{
							pulumi.String("eu-west-1"),
						},
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field: pulumi.String("service.additionalInfo.threatListName"),
						NotEquals: pulumi.StringArray{
							pulumi.String("some-threat"),
							pulumi.String("another-threat"),
						},
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field:       pulumi.String("updatedAt"),
						GreaterThan: pulumi.String("2020-01-01T00:00:00Z"),
						LessThan:    pulumi.String("2020-02-01T00:00:00Z"),
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field:              pulumi.String("severity"),
						GreaterThanOrEqual: pulumi.String("4"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.guardduty.Filter;
import com.pulumi.aws.guardduty.FilterArgs;
import com.pulumi.aws.guardduty.inputs.FilterFindingCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var myFilter = new Filter("myFilter", FilterArgs.builder()
            .name("MyFilter")
            .action("ARCHIVE")
            .detectorId(example.id())
            .rank(1)
            .findingCriteria(FilterFindingCriteriaArgs.builder()
                .criterions(
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("region")
                        .equals("eu-west-1")
                        .build(),
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("service.additionalInfo.threatListName")
                        .notEquals(
                            "some-threat",
                            "another-threat")
                        .build(),
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("updatedAt")
                        .greaterThan("2020-01-01T00:00:00Z")
                        .lessThan("2020-02-01T00:00:00Z")
                        .build(),
                    FilterFindingCriteriaCriterionArgs.builder()
                        .field("severity")
                        .greaterThanOrEqual("4")
                        .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  myFilter:
    type: aws:guardduty:Filter
    name: MyFilter
    properties:
      name: MyFilter
      action: ARCHIVE
      detectorId: ${example.id}
      rank: 1
      findingCriteria:
        criterions:
          - field: region
            equals:
              - eu-west-1
          - field: service.additionalInfo.threatListName
            notEquals:
              - some-threat
              - another-threat
          - field: updatedAt
            greaterThan: 2020-01-01T00:00:00Z
            lessThan: 2020-02-01T00:00:00Z
          - field: severity
            greaterThanOrEqual: '4'
Content copied to clipboard

Import

Using pulumi import, import GuardDuty filters using the detector ID and filter's name separated by a colon. For example:

$ pulumi import aws:guardduty/filter:Filter MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilter
Content copied to clipboard

Properties

Link copied to clipboard
val action: Output<String>

Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.

Link copied to clipboard
val arn: Output<String>

The ARN of the GuardDuty filter.

Link copied to clipboard
val description: Output<String>?

Description of the filter.

Link copied to clipboard
val detectorId: Output<String>

ID of a GuardDuty detector, attached to your account.

Link copied to clipboard
val findingCriteria: Output<FilterFindingCriteria>

Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val name: Output<String>

The name of your filter.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val rank: Output<Int>

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Link copied to clipboard
val tags: Output<Map<String, String>>?

The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Link copied to clipboard
val urn: Output<String>