amazonka-guardduty-2.0: Amazon GuardDuty SDK.
Copyright(c) 2013-2023 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellSafe-Inferred
LanguageHaskell2010

Amazonka.GuardDuty.CreateFilter

Description

Creates a filter using the specified finding criteria.

Synopsis

Creating a Request

data CreateFilter Source #

See: newCreateFilter smart constructor.

Constructors

CreateFilter' 

Fields

  • action :: Maybe FilterAction

    Specifies the action that is to be applied to the findings that match the filter.

  • clientToken :: Maybe Text

    The idempotency token for the create request.

  • description :: Maybe Text

    The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.

  • rank :: Maybe Natural

    Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

  • tags :: Maybe (HashMap Text Text)

    The tags to be added to a new filter resource.

  • detectorId :: Text

    The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

  • name :: Text

    The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

  • findingCriteria :: FindingCriteria

    Represents the criteria to be used in the filter for querying findings.

    You can only use the following attributes to query findings:

    • accountId
    • region
    • confidence
    • id
    • resource.accessKeyDetails.accessKeyId
    • resource.accessKeyDetails.principalId
    • resource.accessKeyDetails.userName
    • resource.accessKeyDetails.userType
    • resource.instanceDetails.iamInstanceProfile.id
    • resource.instanceDetails.imageId
    • resource.instanceDetails.instanceId
    • resource.instanceDetails.outpostArn
    • resource.instanceDetails.networkInterfaces.ipv6Addresses
    • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
    • resource.instanceDetails.networkInterfaces.publicDnsName
    • resource.instanceDetails.networkInterfaces.publicIp
    • resource.instanceDetails.networkInterfaces.securityGroups.groupId
    • resource.instanceDetails.networkInterfaces.securityGroups.groupName
    • resource.instanceDetails.networkInterfaces.subnetId
    • resource.instanceDetails.networkInterfaces.vpcId
    • resource.instanceDetails.tags.key
    • resource.instanceDetails.tags.value
    • resource.resourceType
    • service.action.actionType
    • service.action.awsApiCallAction.api
    • service.action.awsApiCallAction.callerType
    • service.action.awsApiCallAction.errorCode
    • service.action.awsApiCallAction.userAgent
    • service.action.awsApiCallAction.remoteIpDetails.city.cityName
    • service.action.awsApiCallAction.remoteIpDetails.country.countryName
    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
    • service.action.awsApiCallAction.remoteIpDetails.organization.asn
    • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
    • service.action.awsApiCallAction.serviceName
    • service.action.dnsRequestAction.domain
    • service.action.networkConnectionAction.blocked
    • service.action.networkConnectionAction.connectionDirection
    • service.action.networkConnectionAction.localPortDetails.port
    • service.action.networkConnectionAction.protocol
    • service.action.networkConnectionAction.localIpDetails.ipAddressV4
    • service.action.networkConnectionAction.remoteIpDetails.city.cityName
    • service.action.networkConnectionAction.remoteIpDetails.country.countryName
    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
    • service.action.networkConnectionAction.remoteIpDetails.organization.asn
    • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
    • service.action.networkConnectionAction.remotePortDetails.port
    • service.additionalInfo.threatListName
    • resource.s3BucketDetails.publicAccess.effectivePermissions
    • resource.s3BucketDetails.name
    • resource.s3BucketDetails.tags.key
    • resource.s3BucketDetails.tags.value
    • resource.s3BucketDetails.type

    • service.archived

      When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

    • service.resourceRole
    • severity
    • type

    • updatedAt

      Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Instances

Instances details
ToJSON CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

toJSON :: CreateFilter -> Value #

toEncoding :: CreateFilter -> Encoding #

toJSONList :: [CreateFilter] -> Value #

toEncodingList :: [CreateFilter] -> Encoding #

ToHeaders CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

toHeaders :: CreateFilter -> [Header] #

ToPath CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

toPath :: CreateFilter -> ByteString #

ToQuery CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

toQuery :: CreateFilter -> QueryString #

AWSRequest CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Associated Types

type AWSResponse CreateFilter #

Methods

request :: (Service -> Service) -> CreateFilter -> Request CreateFilter #

response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy CreateFilter -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse CreateFilter))) #

Generic CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Associated Types

type Rep CreateFilter :: Type -> Type #

Methods

from :: CreateFilter -> Rep CreateFilter x #

to :: Rep CreateFilter x -> CreateFilter #

Read CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

readsPrec :: Int -> ReadS CreateFilter #

readList :: ReadS [CreateFilter] #

readPrec :: ReadPrec CreateFilter #

readListPrec :: ReadPrec [CreateFilter] #

Show CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

showsPrec :: Int -> CreateFilter -> ShowS #

show :: CreateFilter -> String #

showList :: [CreateFilter] -> ShowS #

NFData CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

rnf :: CreateFilter -> () #

Eq CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

(==) :: CreateFilter -> CreateFilter -> Bool #

(/=) :: CreateFilter -> CreateFilter -> Bool #

Hashable CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

hashWithSalt :: Int -> CreateFilter -> Int #

hash :: CreateFilter -> Int #

type AWSResponse CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

type AWSResponse CreateFilter = CreateFilterResponse
type Rep CreateFilter Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

type Rep CreateFilter = D1 ('MetaData "CreateFilter" "Amazonka.GuardDuty.CreateFilter" "amazonka-guardduty-2.0-2NN502sGcQRH5risQZb24c" 'False) (C1 ('MetaCons "CreateFilter'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "action") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe FilterAction)) :*: S1 ('MetaSel ('Just "clientToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 ('MetaSel ('Just "description") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "rank") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)))) :*: ((S1 ('MetaSel ('Just "tags") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (HashMap Text Text))) :*: S1 ('MetaSel ('Just "detectorId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)) :*: (S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "findingCriteria") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 FindingCriteria)))))

newCreateFilter Source #

Arguments

:: Text

CreateFilter

-> Text

CreateFilter

-> FindingCriteria

$sel:findingCriteria:CreateFilter'

-> CreateFilter 

Create a value of CreateFilter with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

CreateFilter, createFilter_action - Specifies the action that is to be applied to the findings that match the filter.

$sel:clientToken:CreateFilter', createFilter_clientToken - The idempotency token for the create request.

CreateFilter, createFilter_description - The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.

$sel:rank:CreateFilter', createFilter_rank - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

CreateFilter, createFilter_tags - The tags to be added to a new filter resource.

CreateFilter, createFilter_detectorId - The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

CreateFilter, createFilter_name - The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

$sel:findingCriteria:CreateFilter', createFilter_findingCriteria - Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId
  • region
  • confidence
  • id
  • resource.accessKeyDetails.accessKeyId
  • resource.accessKeyDetails.principalId
  • resource.accessKeyDetails.userName
  • resource.accessKeyDetails.userType
  • resource.instanceDetails.iamInstanceProfile.id
  • resource.instanceDetails.imageId
  • resource.instanceDetails.instanceId
  • resource.instanceDetails.outpostArn
  • resource.instanceDetails.networkInterfaces.ipv6Addresses
  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
  • resource.instanceDetails.networkInterfaces.publicDnsName
  • resource.instanceDetails.networkInterfaces.publicIp
  • resource.instanceDetails.networkInterfaces.securityGroups.groupId
  • resource.instanceDetails.networkInterfaces.securityGroups.groupName
  • resource.instanceDetails.networkInterfaces.subnetId
  • resource.instanceDetails.networkInterfaces.vpcId
  • resource.instanceDetails.tags.key
  • resource.instanceDetails.tags.value
  • resource.resourceType
  • service.action.actionType
  • service.action.awsApiCallAction.api
  • service.action.awsApiCallAction.callerType
  • service.action.awsApiCallAction.errorCode
  • service.action.awsApiCallAction.userAgent
  • service.action.awsApiCallAction.remoteIpDetails.city.cityName
  • service.action.awsApiCallAction.remoteIpDetails.country.countryName
  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
  • service.action.awsApiCallAction.remoteIpDetails.organization.asn
  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
  • service.action.awsApiCallAction.serviceName
  • service.action.dnsRequestAction.domain
  • service.action.networkConnectionAction.blocked
  • service.action.networkConnectionAction.connectionDirection
  • service.action.networkConnectionAction.localPortDetails.port
  • service.action.networkConnectionAction.protocol
  • service.action.networkConnectionAction.localIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.city.cityName
  • service.action.networkConnectionAction.remoteIpDetails.country.countryName
  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.organization.asn
  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
  • service.action.networkConnectionAction.remotePortDetails.port
  • service.additionalInfo.threatListName
  • resource.s3BucketDetails.publicAccess.effectivePermissions
  • resource.s3BucketDetails.name
  • resource.s3BucketDetails.tags.key
  • resource.s3BucketDetails.tags.value
  • resource.s3BucketDetails.type

  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole
  • severity
  • type

  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Request Lenses

createFilter_action :: Lens' CreateFilter (Maybe FilterAction) Source #

Specifies the action that is to be applied to the findings that match the filter.

createFilter_clientToken :: Lens' CreateFilter (Maybe Text) Source #

The idempotency token for the create request.

createFilter_description :: Lens' CreateFilter (Maybe Text) Source #

The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.

createFilter_rank :: Lens' CreateFilter (Maybe Natural) Source #

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

createFilter_tags :: Lens' CreateFilter (Maybe (HashMap Text Text)) Source #

The tags to be added to a new filter resource.

createFilter_detectorId :: Lens' CreateFilter Text Source #

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

createFilter_name :: Lens' CreateFilter Text Source #

The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

createFilter_findingCriteria :: Lens' CreateFilter FindingCriteria Source #

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId
  • region
  • confidence
  • id
  • resource.accessKeyDetails.accessKeyId
  • resource.accessKeyDetails.principalId
  • resource.accessKeyDetails.userName
  • resource.accessKeyDetails.userType
  • resource.instanceDetails.iamInstanceProfile.id
  • resource.instanceDetails.imageId
  • resource.instanceDetails.instanceId
  • resource.instanceDetails.outpostArn
  • resource.instanceDetails.networkInterfaces.ipv6Addresses
  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
  • resource.instanceDetails.networkInterfaces.publicDnsName
  • resource.instanceDetails.networkInterfaces.publicIp
  • resource.instanceDetails.networkInterfaces.securityGroups.groupId
  • resource.instanceDetails.networkInterfaces.securityGroups.groupName
  • resource.instanceDetails.networkInterfaces.subnetId
  • resource.instanceDetails.networkInterfaces.vpcId
  • resource.instanceDetails.tags.key
  • resource.instanceDetails.tags.value
  • resource.resourceType
  • service.action.actionType
  • service.action.awsApiCallAction.api
  • service.action.awsApiCallAction.callerType
  • service.action.awsApiCallAction.errorCode
  • service.action.awsApiCallAction.userAgent
  • service.action.awsApiCallAction.remoteIpDetails.city.cityName
  • service.action.awsApiCallAction.remoteIpDetails.country.countryName
  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
  • service.action.awsApiCallAction.remoteIpDetails.organization.asn
  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
  • service.action.awsApiCallAction.serviceName
  • service.action.dnsRequestAction.domain
  • service.action.networkConnectionAction.blocked
  • service.action.networkConnectionAction.connectionDirection
  • service.action.networkConnectionAction.localPortDetails.port
  • service.action.networkConnectionAction.protocol
  • service.action.networkConnectionAction.localIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.city.cityName
  • service.action.networkConnectionAction.remoteIpDetails.country.countryName
  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.organization.asn
  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
  • service.action.networkConnectionAction.remotePortDetails.port
  • service.additionalInfo.threatListName
  • resource.s3BucketDetails.publicAccess.effectivePermissions
  • resource.s3BucketDetails.name
  • resource.s3BucketDetails.tags.key
  • resource.s3BucketDetails.tags.value
  • resource.s3BucketDetails.type

  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole
  • severity
  • type

  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Destructuring the Response

data CreateFilterResponse Source #

See: newCreateFilterResponse smart constructor.

Constructors

CreateFilterResponse' 

Fields

  • httpStatus :: Int

    The response's http status code.

  • name :: Text

    The name of the successfully created filter.

Instances

Instances details
Generic CreateFilterResponse Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Associated Types

type Rep CreateFilterResponse :: Type -> Type #

Methods

from :: CreateFilterResponse -> Rep CreateFilterResponse x #

to :: Rep CreateFilterResponse x -> CreateFilterResponse #

Read CreateFilterResponse Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

readsPrec :: Int -> ReadS CreateFilterResponse #

readList :: ReadS [CreateFilterResponse] #

readPrec :: ReadPrec CreateFilterResponse #

readListPrec :: ReadPrec [CreateFilterResponse] #

Show CreateFilterResponse Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

showsPrec :: Int -> CreateFilterResponse -> ShowS #

show :: CreateFilterResponse -> String #

showList :: [CreateFilterResponse] -> ShowS #

NFData CreateFilterResponse Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

rnf :: CreateFilterResponse -> () #

Eq CreateFilterResponse Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

Methods

(==) :: CreateFilterResponse -> CreateFilterResponse -> Bool #

(/=) :: CreateFilterResponse -> CreateFilterResponse -> Bool #

type Rep CreateFilterResponse Source # 
Instance details

Defined in Amazonka.GuardDuty.CreateFilter

type Rep CreateFilterResponse = D1 ('MetaData "CreateFilterResponse" "Amazonka.GuardDuty.CreateFilter" "amazonka-guardduty-2.0-2NN502sGcQRH5risQZb24c" 'False) (C1 ('MetaCons "CreateFilterResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int) :*: S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))

newCreateFilterResponse Source #

Arguments

:: Int

$sel:httpStatus:CreateFilterResponse'

-> Text

CreateFilter

-> CreateFilterResponse 

Create a value of CreateFilterResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:httpStatus:CreateFilterResponse', createFilterResponse_httpStatus - The response's http status code.

CreateFilter, createFilterResponse_name - The name of the successfully created filter.

Response Lenses

createFilterResponse_httpStatus :: Lens' CreateFilterResponse Int Source #

The response's http status code.

createFilterResponse_name :: Lens' CreateFilterResponse Text Source #

The name of the successfully created filter.