Resource: awsGuarddutyFilter
Provides a resource to manage a GuardDuty filter.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.guarddutyFilter.GuarddutyFilter(this, "MyFilter", {
action: "ARCHIVE",
detectorId: "${aws_guardduty_detector.example.id}",
findingCriteria: {
criterion: [
{
equalTo: ["eu-west-1"],
field: "region",
},
{
field: "service.additionalInfo.threatListName",
notEquals: ["some-threat", "another-threat"],
},
{
field: "updatedAt",
greaterThan: "2020-01-01T00:00:00Z",
lessThan: "2020-02-01T00:00:00Z",
},
{
field: "severity",
greaterThanOrEqual: "4",
},
],
},
name: "MyFilter",
rank: 1,
});
Argument Reference
The following arguments are supported:
detectorId
- (Required) ID of a GuardDuty detector, attached to your account.name
- (Required) The name of your filter.description
- (Optional) Description of the filter.rank
- (Required) Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.action
- (Required) Specifies the action that is to be applied to the findings that match the filter. Can be one ofarchive
ornoop
.tags
(Optional) - The tags that you want to add to the Filter resource. A tag consists of a key and a value. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.findingCriteria
(Required) - Represents the criteria to be used in the filter for querying findings. Contains one or morecriterion
blocks, documented below.
criterion
The criterion
block suports the following:
field
- (Required) The name of the field to be evaluated. The full list of field names can be found in AWS documentation.equals
- (Optional) List of string values to be evaluated.notEquals
- (Optional) List of string values to be evaluated.greaterThan
- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.greaterThanOrEqual
- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.lessThan
- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.lessThanOrEqual
- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The ARN of the GuardDuty filter.id
- A compound field, consisting of the ID of the GuardDuty detector and the name of the filter.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
GuardDuty filters can be imported using the detector ID and filter's name separated by a colon, e.g.,