software.amazon.awssdk.services.securityhub.model

Class AwsSecurityFinding

java.lang.Object

software.amazon.awssdk.services.securityhub.model.AwsSecurityFinding

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

@Generated(value="software.amazon.awssdk:codegen")
public final class AwsSecurityFinding
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and security standards checks.

A finding is a potential security issue generated either by AWS services (Amazon GuardDuty, Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and standards checks.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	AwsSecurityFinding.Builder

Method Summary

Modifier and Type	Method and Description
Action	action() Provides details about an action that affects or that was taken on a resource.
String	awsAccountId() The AWS account ID that a finding is generated in.
static AwsSecurityFinding.Builder	builder()
Compliance	compliance() This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS AWS Foundations.
Integer	confidence() A finding's confidence.
String	createdAt() Indicates when the security-findings provider created the potential security issue that a finding captured.
Integer	criticality() The level of importance assigned to the resources associated with the finding.
String	description() A finding's description.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
FindingProviderFields	findingProviderFields() In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.
String	firstObservedAt() Indicates when the security-findings provider first observed the potential security issue that a finding captured.
String	generatorId() The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
int	hashCode()
boolean	hasMalware() Returns true if the Malware property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasNetworkPath() Returns true if the NetworkPath property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasProductFields() Returns true if the ProductFields property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasRelatedFindings() Returns true if the RelatedFindings property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasResources() Returns true if the Resources property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasThreatIntelIndicators() Returns true if the ThreatIntelIndicators property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasTypes() Returns true if the Types property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasUserDefinedFields() Returns true if the UserDefinedFields property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasVulnerabilities() Returns true if the Vulnerabilities property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
String	id() The security findings provider-specific identifier for a finding.
String	lastObservedAt() Indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
List<Malware>	malware() A list of malware related to a finding.
Network	network() The details of network-related information about a finding.
List<NetworkPathComponent>	networkPath() Provides information about a network path that is relevant to a finding.
Note	note() A user-defined note added to a finding.
PatchSummary	patchSummary() Provides an overview of the patch compliance status for an instance against a selected compliance standard.
ProcessDetails	process() The details of process-related information about a finding.
String	productArn() The ARN generated by Security Hub that uniquely identifies a product that generates findings.
Map<String,String>	productFields() A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
RecordState	recordState() The record state of a finding.
String	recordStateAsString() The record state of a finding.
List<RelatedFinding>	relatedFindings() A list of related findings.
Remediation	remediation() A data type that describes the remediation options for a finding.
List<Resource>	resources() A set of resource data types that describe the resources that the finding refers to.
String	schemaVersion() The schema version that a finding is formatted for.
List<SdkField<?>>	sdkFields()
static Class<? extends AwsSecurityFinding.Builder>	serializableBuilderClass()
Severity	severity() A finding's severity.
String	sourceUrl() A URL that links to a page about the current finding in the security-findings provider's solution.
List<ThreatIntelIndicator>	threatIntelIndicators() Threat intelligence details related to a finding.
String	title() A finding's title.
AwsSecurityFinding.Builder	toBuilder()
String	toString() Returns a string representation of this object.
List<String>	types() One or more finding types in the format of namespace/category/classifier that classify a finding.
String	updatedAt() Indicates when the security-findings provider last updated the finding record.
Map<String,String>	userDefinedFields() A list of name/value string pairs associated with the finding.
VerificationState	verificationState() Indicates the veracity of a finding.
String	verificationStateAsString() Indicates the veracity of a finding.
List<Vulnerability>	vulnerabilities() Provides a list of vulnerabilities associated with the findings.
Workflow	workflow() Provides information about the status of the investigation into a finding.
WorkflowState	workflowState() The workflow state of a finding.
String	workflowStateAsString() The workflow state of a finding.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

schemaVersion

public final String schemaVersion()

The schema version that a finding is formatted for.

Returns:

The schema version that a finding is formatted for.

id

public final String id()

The security findings provider-specific identifier for a finding.

Returns:

The security findings provider-specific identifier for a finding.

productArn

public final String productArn()

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

Returns:

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

generatorId

public final String generatorId()

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

Returns:

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

awsAccountId

public final String awsAccountId()

The AWS account ID that a finding is generated in.

Returns:

The AWS account ID that a finding is generated in.

hasTypes

public final boolean hasTypes()

Returns true if the Types property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

types

public final List<String> types()

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasTypes() to see if a value was sent in this field.

Returns:

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

firstObservedAt

public final String firstObservedAt()

Indicates when the security-findings provider first observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

Indicates when the security-findings provider first observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

lastObservedAt

public final String lastObservedAt()

Indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

Indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

createdAt

public final String createdAt()

Indicates when the security-findings provider created the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

Indicates when the security-findings provider created the potential security issue that a finding captured.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

updatedAt

public final String updatedAt()

Indicates when the security-findings provider last updated the finding record.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

Indicates when the security-findings provider last updated the finding record.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

severity

public final Severity severity()

A finding's severity.

Returns:

A finding's severity.

confidence

public final Integer confidence()

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

criticality

public final Integer criticality()

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

title

public final String title()

A finding's title.

In this release, Title is a required property.

Returns:

A finding's title.

In this release, Title is a required property.

description

public final String description()

A finding's description.

In this release, Description is a required property.

Returns:

A finding's description.

In this release, Description is a required property.

remediation

public final Remediation remediation()

A data type that describes the remediation options for a finding.

Returns:

A data type that describes the remediation options for a finding.

sourceUrl

public final String sourceUrl()

A URL that links to a page about the current finding in the security-findings provider's solution.

Returns:

A URL that links to a page about the current finding in the security-findings provider's solution.

hasProductFields

public final boolean hasProductFields()

Returns true if the ProductFields property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

productFields

public final Map<String,String> productFields()

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasProductFields() to see if a value was sent in this field.

Returns:

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

hasUserDefinedFields

public final boolean hasUserDefinedFields()

Returns true if the UserDefinedFields property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

userDefinedFields

public final Map<String,String> userDefinedFields()

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasUserDefinedFields() to see if a value was sent in this field.

Returns:

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

hasMalware

public final boolean hasMalware()

Returns true if the Malware property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

malware

public final List<Malware> malware()

A list of malware related to a finding.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasMalware() to see if a value was sent in this field.

Returns:

A list of malware related to a finding.

network

public final Network network()

The details of network-related information about a finding.

Returns:

The details of network-related information about a finding.

hasNetworkPath

public final boolean hasNetworkPath()

Returns true if the NetworkPath property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

networkPath

public final List<NetworkPathComponent> networkPath()

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasNetworkPath() to see if a value was sent in this field.

Returns:

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

process

public final ProcessDetails process()

The details of process-related information about a finding.

Returns:

The details of process-related information about a finding.

hasThreatIntelIndicators

public final boolean hasThreatIntelIndicators()

Returns true if the ThreatIntelIndicators property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

threatIntelIndicators

public final List<ThreatIntelIndicator> threatIntelIndicators()

Threat intelligence details related to a finding.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasThreatIntelIndicators() to see if a value was sent in this field.

Returns:

Threat intelligence details related to a finding.

hasResources

public final boolean hasResources()

Returns true if the Resources property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

resources

public final List<Resource> resources()

A set of resource data types that describe the resources that the finding refers to.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasResources() to see if a value was sent in this field.

Returns:

A set of resource data types that describe the resources that the finding refers to.

compliance

public final Compliance compliance()

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS AWS Foundations. Contains security standard-related finding details.

Returns:

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS AWS Foundations. Contains security standard-related finding details.

verificationState

public final VerificationState verificationState()

Indicates the veracity of a finding.

If the service returns an enum value that is not available in the current SDK version, verificationState will return VerificationState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from verificationStateAsString().

Returns:

Indicates the veracity of a finding.

See Also:

VerificationState

verificationStateAsString

public final String verificationStateAsString()

Indicates the veracity of a finding.

If the service returns an enum value that is not available in the current SDK version, verificationState will return VerificationState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from verificationStateAsString().

Returns:

Indicates the veracity of a finding.

See Also:

VerificationState

workflowState

public final WorkflowState workflowState()

The workflow state of a finding.

If the service returns an enum value that is not available in the current SDK version, workflowState will return WorkflowState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from workflowStateAsString().

Returns:

The workflow state of a finding.

See Also:

WorkflowState

workflowStateAsString

public final String workflowStateAsString()

The workflow state of a finding.

If the service returns an enum value that is not available in the current SDK version, workflowState will return WorkflowState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from workflowStateAsString().

Returns:

The workflow state of a finding.

See Also:

WorkflowState

workflow

public final Workflow workflow()

Provides information about the status of the investigation into a finding.

Returns:

Provides information about the status of the investigation into a finding.

recordState

public final RecordState recordState()

The record state of a finding.

If the service returns an enum value that is not available in the current SDK version, recordState will return RecordState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from recordStateAsString().

Returns:

The record state of a finding.

See Also:

RecordState

recordStateAsString

public final String recordStateAsString()

The record state of a finding.

If the service returns an enum value that is not available in the current SDK version, recordState will return RecordState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from recordStateAsString().

Returns:

The record state of a finding.

See Also:

RecordState

hasRelatedFindings

public final boolean hasRelatedFindings()

Returns true if the RelatedFindings property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

relatedFindings

public final List<RelatedFinding> relatedFindings()

A list of related findings.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasRelatedFindings() to see if a value was sent in this field.

Returns:

A list of related findings.

note

public final Note note()

A user-defined note added to a finding.

Returns:

A user-defined note added to a finding.

hasVulnerabilities

public final boolean hasVulnerabilities()

Returns true if the Vulnerabilities property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

vulnerabilities

public final List<Vulnerability> vulnerabilities()

Provides a list of vulnerabilities associated with the findings.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasVulnerabilities() to see if a value was sent in this field.

Returns:

Provides a list of vulnerabilities associated with the findings.

patchSummary

public final PatchSummary patchSummary()

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

Returns:

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

action

public final Action action()

Provides details about an action that affects or that was taken on a resource.

Returns:

Provides details about an action that affects or that was taken on a resource.

findingProviderFields

public final FindingProviderFields findingProviderFields()

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

Returns:

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

toBuilder

public AwsSecurityFinding.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<AwsSecurityFinding.Builder,AwsSecurityFinding>

builder

public static AwsSecurityFinding.Builder builder()

serializableBuilderClass

public static Class<? extends AwsSecurityFinding.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo