Filter
Provides a resource to manage a GuardDuty filter.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myFilter = new aws.guardduty.Filter("MyFilter", {
name: "MyFilter",
action: "ARCHIVE",
detectorId: example.id,
rank: 1,
findingCriteria: {
criterions: [
{
field: "region",
equals: ["eu-west-1"],
},
{
field: "service.additionalInfo.threatListName",
notEquals: [
"some-threat",
"another-threat",
],
},
{
field: "updatedAt",
greaterThan: "2020-01-01T00:00:00Z",
lessThan: "2020-02-01T00:00:00Z",
},
{
field: "severity",
greaterThanOrEqual: "4",
},
],
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
my_filter = aws.guardduty.Filter("MyFilter",
name="MyFilter",
action="ARCHIVE",
detector_id=example["id"],
rank=1,
finding_criteria={
"criterions": [
{
"field": "region",
"equals": ["eu-west-1"],
},
{
"field": "service.additionalInfo.threatListName",
"not_equals": [
"some-threat",
"another-threat",
],
},
{
"field": "updatedAt",
"greater_than": "2020-01-01T00:00:00Z",
"less_than": "2020-02-01T00:00:00Z",
},
{
"field": "severity",
"greater_than_or_equal": "4",
},
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var myFilter = new Aws.GuardDuty.Filter("MyFilter", new()
{
Name = "MyFilter",
Action = "ARCHIVE",
DetectorId = example.Id,
Rank = 1,
FindingCriteria = new Aws.GuardDuty.Inputs.FilterFindingCriteriaArgs
{
Criterions = new[]
{
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "region",
Equals = new[]
{
"eu-west-1",
},
},
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "service.additionalInfo.threatListName",
NotEquals = new[]
{
"some-threat",
"another-threat",
},
},
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "updatedAt",
GreaterThan = "2020-01-01T00:00:00Z",
LessThan = "2020-02-01T00:00:00Z",
},
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "severity",
GreaterThanOrEqual = "4",
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := guardduty.NewFilter(ctx, "MyFilter", &guardduty.FilterArgs{
Name: pulumi.String("MyFilter"),
Action: pulumi.String("ARCHIVE"),
DetectorId: pulumi.Any(example.Id),
Rank: pulumi.Int(1),
FindingCriteria: &guardduty.FilterFindingCriteriaArgs{
Criterions: guardduty.FilterFindingCriteriaCriterionArray{
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("region"),
Equals: pulumi.StringArray{
pulumi.String("eu-west-1"),
},
},
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("service.additionalInfo.threatListName"),
NotEquals: pulumi.StringArray{
pulumi.String("some-threat"),
pulumi.String("another-threat"),
},
},
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("updatedAt"),
GreaterThan: pulumi.String("2020-01-01T00:00:00Z"),
LessThan: pulumi.String("2020-02-01T00:00:00Z"),
},
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("severity"),
GreaterThanOrEqual: pulumi.String("4"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.guardduty.Filter;
import com.pulumi.aws.guardduty.FilterArgs;
import com.pulumi.aws.guardduty.inputs.FilterFindingCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myFilter = new Filter("myFilter", FilterArgs.builder()
.name("MyFilter")
.action("ARCHIVE")
.detectorId(example.id())
.rank(1)
.findingCriteria(FilterFindingCriteriaArgs.builder()
.criterions(
FilterFindingCriteriaCriterionArgs.builder()
.field("region")
.equals("eu-west-1")
.build(),
FilterFindingCriteriaCriterionArgs.builder()
.field("service.additionalInfo.threatListName")
.notEquals(
"some-threat",
"another-threat")
.build(),
FilterFindingCriteriaCriterionArgs.builder()
.field("updatedAt")
.greaterThan("2020-01-01T00:00:00Z")
.lessThan("2020-02-01T00:00:00Z")
.build(),
FilterFindingCriteriaCriterionArgs.builder()
.field("severity")
.greaterThanOrEqual("4")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
myFilter:
type: aws:guardduty:Filter
name: MyFilter
properties:
name: MyFilter
action: ARCHIVE
detectorId: ${example.id}
rank: 1
findingCriteria:
criterions:
- field: region
equals:
- eu-west-1
- field: service.additionalInfo.threatListName
notEquals:
- some-threat
- another-threat
- field: updatedAt
greaterThan: 2020-01-01T00:00:00Z
lessThan: 2020-02-01T00:00:00Z
- field: severity
greaterThanOrEqual: '4'Content copied to clipboard
Import
Using pulumi import, import GuardDuty filters using the detector ID and filter's name separated by a colon. For example:
$ pulumi import aws:guardduty/filter:Filter MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilterContent copied to clipboard
Properties
Link copied to clipboard
Description of the filter.
Link copied to clipboard
ID of a GuardDuty detector, attached to your account.
Link copied to clipboard
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard