Automation
Resource for managing an AWS Security Hub Automation Rule.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securityhub.AutomationRule("example", {
description: "Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk",
ruleName: "Elevate severity of findings that relate to important resources",
ruleOrder: 1,
actions: [{
findingFieldsUpdate: {
severity: {
label: "CRITICAL",
product: 0,
},
note: {
text: "This is a critical resource. Please review ASAP.",
updatedBy: "sechub-automation",
},
types: ["Software and Configuration Checks/Industry and Regulatory Standards"],
userDefinedFields: {
key: "value",
},
},
type: "FINDING_FIELDS_UPDATE",
}],
criteria: {
resourceIds: [{
comparison: "EQUALS",
value: "arn:aws:s3:::examplebucket/*",
}],
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.securityhub.AutomationRule("example",
description="Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk",
rule_name="Elevate severity of findings that relate to important resources",
rule_order=1,
actions=[{
"finding_fields_update": {
"severity": {
"label": "CRITICAL",
"product": 0,
},
"note": {
"text": "This is a critical resource. Please review ASAP.",
"updated_by": "sechub-automation",
},
"types": ["Software and Configuration Checks/Industry and Regulatory Standards"],
"user_defined_fields": {
"key": "value",
},
},
"type": "FINDING_FIELDS_UPDATE",
}],
criteria={
"resource_ids": [{
"comparison": "EQUALS",
"value": "arn:aws:s3:::examplebucket/*",
}],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityHub.AutomationRule("example", new()
{
Description = "Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk",
RuleName = "Elevate severity of findings that relate to important resources",
RuleOrder = 1,
Actions = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleActionArgs
{
FindingFieldsUpdate = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateArgs
{
Severity = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateSeverityArgs
{
Label = "CRITICAL",
Product = 0,
},
Note = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateNoteArgs
{
Text = "This is a critical resource. Please review ASAP.",
UpdatedBy = "sechub-automation",
},
Types = new[]
{
"Software and Configuration Checks/Industry and Regulatory Standards",
},
UserDefinedFields =
{
{ "key", "value" },
},
},
Type = "FINDING_FIELDS_UPDATE",
},
},
Criteria = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaArgs
{
ResourceIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceIdArgs
{
Comparison = "EQUALS",
Value = "arn:aws:s3:::examplebucket/*",
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityhub.NewAutomationRule(ctx, "example", &securityhub.AutomationRuleArgs{
Description: pulumi.String("Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk"),
RuleName: pulumi.String("Elevate severity of findings that relate to important resources"),
RuleOrder: pulumi.Int(1),
Actions: securityhub.AutomationRuleActionArray{
&securityhub.AutomationRuleActionArgs{
FindingFieldsUpdate: &securityhub.AutomationRuleActionFindingFieldsUpdateArgs{
Severity: &securityhub.AutomationRuleActionFindingFieldsUpdateSeverityArgs{
Label: pulumi.String("CRITICAL"),
Product: pulumi.Float64(0),
},
Note: &securityhub.AutomationRuleActionFindingFieldsUpdateNoteArgs{
Text: pulumi.String("This is a critical resource. Please review ASAP."),
UpdatedBy: pulumi.String("sechub-automation"),
},
Types: pulumi.StringArray{
pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards"),
},
UserDefinedFields: pulumi.StringMap{
"key": pulumi.String("value"),
},
},
Type: pulumi.String("FINDING_FIELDS_UPDATE"),
},
},
Criteria: &securityhub.AutomationRuleCriteriaArgs{
ResourceIds: securityhub.AutomationRuleCriteriaResourceIdArray{
&securityhub.AutomationRuleCriteriaResourceIdArgs{
Comparison: pulumi.String("EQUALS"),
Value: pulumi.String("arn:aws:s3:::examplebucket/*"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.AutomationRule;
import com.pulumi.aws.securityhub.AutomationRuleArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionFindingFieldsUpdateArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionFindingFieldsUpdateSeverityArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionFindingFieldsUpdateNoteArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new AutomationRule("example", AutomationRuleArgs.builder()
.description("Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk")
.ruleName("Elevate severity of findings that relate to important resources")
.ruleOrder(1)
.actions(AutomationRuleActionArgs.builder()
.findingFieldsUpdate(AutomationRuleActionFindingFieldsUpdateArgs.builder()
.severity(AutomationRuleActionFindingFieldsUpdateSeverityArgs.builder()
.label("CRITICAL")
.product(0.0)
.build())
.note(AutomationRuleActionFindingFieldsUpdateNoteArgs.builder()
.text("This is a critical resource. Please review ASAP.")
.updatedBy("sechub-automation")
.build())
.types("Software and Configuration Checks/Industry and Regulatory Standards")
.userDefinedFields(Map.of("key", "value"))
.build())
.type("FINDING_FIELDS_UPDATE")
.build())
.criteria(AutomationRuleCriteriaArgs.builder()
.resourceIds(AutomationRuleCriteriaResourceIdArgs.builder()
.comparison("EQUALS")
.value("arn:aws:s3:::examplebucket/*")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:securityhub:AutomationRule
properties:
description: Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk
ruleName: Elevate severity of findings that relate to important resources
ruleOrder: 1
actions:
- findingFieldsUpdate:
severity:
label: CRITICAL
product: '0.0'
note:
text: This is a critical resource. Please review ASAP.
updatedBy: sechub-automation
types:
- Software and Configuration Checks/Industry and Regulatory Standards
userDefinedFields:
key: value
type: FINDING_FIELDS_UPDATE
criteria:
resourceIds:
- comparison: EQUALS
value: arn:aws:s3:::examplebucket/*Content copied to clipboard
Import
Using pulumi import, import Security Hub automation rule using their ARN. For example:
$ pulumi import aws:securityhub/automationRule:AutomationRule example arn:aws:securityhub:us-west-2:123456789012:automation-rule/473eddde-f5c4-4ae5-85c7-e922f271fffcContent copied to clipboard
//////
Properties
Link copied to clipboard
A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in Criteria. Documented below.
Link copied to clipboard
A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
Link copied to clipboard
The description of the rule.
Link copied to clipboard
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to false.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Whether the rule is active after it is created.