StringFilter
import type { StringFilter } from "https://aws-api.deno.dev/v0.4/services/securityhub.ts?docs=full";
A string filter for querying findings.
§Properties
The condition to apply to a string value when querying for findings. To search for values that contain the filter criteria value, use one of the following comparison operators:
- To search for values that exactly match the filter value, use
EQUALS
. For example, the filterResourceType EQUALS AwsEc2SecurityGroup
only matches findings that have a resource type ofAwsEc2SecurityGroup
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceType PREFIX AwsIam
matches findings that have a resource type that starts withAwsIam
. Findings with a resource type ofAwsIamPolicy
,AwsIamRole
, orAwsIamUser
would all match.
EQUALS
and PREFIX
filters on the same field are joined by OR
.
A finding matches if it matches any one of those filters.
To search for values that do not contain the filter criteria value, use one of the following comparison operators:
- To search for values that do not exactly match the filter value, use
NOT_EQUALS
. For example, the filterResourceType NOT_EQUALS AwsIamPolicy
matches findings that have a resource type other thanAwsIamPolicy
. - To search for values that do not start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceType PREFIX_NOT_EQUALS AwsIam
matches findings that have a resource type that does not start withAwsIam
. Findings with a resource type ofAwsIamPolicy
,AwsIamRole
, orAwsIamUser
would all be excluded from the results.
NOT_EQUALS
and PREFIX_NOT_EQUALS
filters on the same field are joined by AND
.
A finding matches only if it matches all of those filters.
For filters on the same field, you cannot provide both an EQUALS
filter and a NOT_EQUALS
or PREFIX_NOT_EQUALS
filter.
Combining filters in this way always returns an error, even if the provided filter values would return valid results.
You can combine PREFIX
filters with NOT_EQUALS
or PREFIX_NOT_EQUALS
filters for the same field.
Security Hub first processes the PREFIX
filters, then the NOT_EQUALS
or PREFIX_NOT_EQUALS
filters.
For example, for the following filter, Security Hub first identifies findings that have resource types that start with either AwsIAM
or AwsEc2
.
It then excludes findings that have a resource type of AwsIamPolicy
and findings that have a resource type of AwsEc2NetworkInterface
.
-
ResourceType PREFIX AwsIam
-
ResourceType PREFIX AwsEc2
-
ResourceType NOT_EQUALS AwsIamPolicy
-
ResourceType NOT_EQUALS AwsEc2NetworkInterface