AWS::SecurityHub::AutomationRule AutomationRulesFindingFieldsUpdate - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::SecurityHub::AutomationRule AutomationRulesFindingFieldsUpdate

Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "Confidence" : Integer,
  "Criticality" : Integer,
  "Note" : NoteUpdate,
  "RelatedFindings" : [ RelatedFinding, ... ],
  "Severity" : SeverityUpdate,
  "Types" : [ String, ... ],
  "UserDefinedFields" : {Key: Value, ...},
  "VerificationState" : String,
  "Workflow" : WorkflowUpdate
}

Properties

Confidence

The rule action updates the Confidence field of a finding.

Required: No

Type: Integer

Minimum: 0

Maximum: 100

Update requires: No interruption

Criticality

The rule action updates the Criticality field of a finding.

Required: No

Type: Integer

Minimum: 0

Maximum: 100

Update requires: No interruption

Note

The rule action will update the Note field of a finding.

Required: No

Type: NoteUpdate

Update requires: No interruption

RelatedFindings

The rule action will update the RelatedFindings field of a finding.

Required: No

Type: Array of RelatedFinding

Minimum: 1

Maximum: 10

Update requires: No interruption

Severity

The rule action will update the Severity field of a finding.

Required: No

Type: SeverityUpdate

Update requires: No interruption

Types

The rule action updates the Types field of a finding.

Required: No

Type: Array of String

Maximum: 50

Update requires: No interruption

UserDefinedFields

The rule action updates the UserDefinedFields field of a finding.

Required: No

Type: Object of String

Pattern: ^[-_+=.:/@\w\s]{1,128}$

Minimum: 0

Maximum: 1024

Update requires: No interruption

VerificationState

The rule action updates the VerificationState field of a finding.

Required: No

Type: String

Allowed values: UNKNOWN | TRUE_POSITIVE | FALSE_POSITIVE | BENIGN_POSITIVE

Update requires: No interruption

Workflow

The rule action will update the Workflow field of a finding.

Required: No

Type: WorkflowUpdate

Update requires: No interruption