software.amazon.awssdk.services.guardduty.model

Interface CreateFilterRequest.Builder

All Superinterfaces:

AwsRequest.Builder, Buildable, CopyableBuilder<CreateFilterRequest.Builder,CreateFilterRequest>, GuardDutyRequest.Builder, SdkBuilder<CreateFilterRequest.Builder,CreateFilterRequest>, SdkPojo, SdkRequest.Builder

Enclosing class:

CreateFilterRequest

public static interface CreateFilterRequest.Builder
extends GuardDutyRequest.Builder, SdkPojo, CopyableBuilder<CreateFilterRequest.Builder,CreateFilterRequest>

Method Summary

Modifier and Type	Method and Description
CreateFilterRequest.Builder	action(FilterAction action) Specifies the action that is to be applied to the findings that match the filter.
CreateFilterRequest.Builder	action(String action) Specifies the action that is to be applied to the findings that match the filter.
CreateFilterRequest.Builder	clientToken(String clientToken) The idempotency token for the create request.
CreateFilterRequest.Builder	description(String description) The description of the filter.
CreateFilterRequest.Builder	detectorId(String detectorId) The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
default CreateFilterRequest.Builder	findingCriteria(Consumer<FindingCriteria.Builder> findingCriteria) Represents the criteria to be used in the filter for querying findings.
CreateFilterRequest.Builder	findingCriteria(FindingCriteria findingCriteria) Represents the criteria to be used in the filter for querying findings.
CreateFilterRequest.Builder	name(String name) The name of the filter.
CreateFilterRequest.Builder	overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration)
CreateFilterRequest.Builder	overrideConfiguration(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer)
CreateFilterRequest.Builder	rank(Integer rank) Specifies the position of the filter in the list of current filters.
CreateFilterRequest.Builder	tags(Map<String,String> tags) The tags to be added to a new filter resource.

Methods inherited from interface software.amazon.awssdk.services.guardduty.model.GuardDutyRequest.Builder

build

Methods inherited from interface software.amazon.awssdk.awscore.AwsRequest.Builder

overrideConfiguration

Methods inherited from interface software.amazon.awssdk.core.SdkPojo

equalsBySdkFields, sdkFields

Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder

copy

Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder

applyMutation, build

Method Detail

detectorId

CreateFilterRequest.Builder detectorId(String detectorId)

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

Parameters:

detectorId - The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

Returns:

Returns a reference to this object so that method calls can be chained together.

name

CreateFilterRequest.Builder name(String name)

The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

Parameters:

name - The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

Returns:

Returns a reference to this object so that method calls can be chained together.

description

CreateFilterRequest.Builder description(String description)

The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.

Parameters:

description - The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.

Returns:

Returns a reference to this object so that method calls can be chained together.

action

CreateFilterRequest.Builder action(String action)

Specifies the action that is to be applied to the findings that match the filter.

Parameters:

action - Specifies the action that is to be applied to the findings that match the filter.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

FilterAction, FilterAction

action

CreateFilterRequest.Builder action(FilterAction action)

Specifies the action that is to be applied to the findings that match the filter.

Parameters:

action - Specifies the action that is to be applied to the findings that match the filter.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

FilterAction, FilterAction

rank

CreateFilterRequest.Builder rank(Integer rank)

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Parameters:

rank - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Returns:

Returns a reference to this object so that method calls can be chained together.

findingCriteria

CreateFilterRequest.Builder findingCriteria(FindingCriteria findingCriteria)

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

• accountId

• id

• region

• severity

  To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

  • Low: ["1", "2", "3"]

  • Medium: ["4", "5", "6"]

  • High: ["7", "8", "9"]

  For more information, see Severity levels for GuardDuty findings.

• type

• updatedAt

  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

• resource.accessKeyDetails.accessKeyId

• resource.accessKeyDetails.principalId

• resource.accessKeyDetails.userName

• resource.accessKeyDetails.userType

• resource.instanceDetails.iamInstanceProfile.id

• resource.instanceDetails.imageId

• resource.instanceDetails.instanceId

• resource.instanceDetails.tags.key

• resource.instanceDetails.tags.value

• resource.instanceDetails.networkInterfaces.ipv6Addresses

• resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

• resource.instanceDetails.networkInterfaces.publicDnsName

• resource.instanceDetails.networkInterfaces.publicIp

• resource.instanceDetails.networkInterfaces.securityGroups.groupId

• resource.instanceDetails.networkInterfaces.securityGroups.groupName

• resource.instanceDetails.networkInterfaces.subnetId

• resource.instanceDetails.networkInterfaces.vpcId

• resource.instanceDetails.outpostArn

• resource.resourceType

• resource.s3BucketDetails.publicAccess.effectivePermissions

• resource.s3BucketDetails.name

• resource.s3BucketDetails.tags.key

• resource.s3BucketDetails.tags.value

• resource.s3BucketDetails.type

• service.action.actionType

• service.action.awsApiCallAction.api

• service.action.awsApiCallAction.callerType

• service.action.awsApiCallAction.errorCode

• service.action.awsApiCallAction.remoteIpDetails.city.cityName

• service.action.awsApiCallAction.remoteIpDetails.country.countryName

• service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

• service.action.awsApiCallAction.remoteIpDetails.organization.asn

• service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

• service.action.awsApiCallAction.serviceName

• service.action.dnsRequestAction.domain

• service.action.networkConnectionAction.blocked

• service.action.networkConnectionAction.connectionDirection

• service.action.networkConnectionAction.localPortDetails.port

• service.action.networkConnectionAction.protocol

• service.action.networkConnectionAction.remoteIpDetails.city.cityName

• service.action.networkConnectionAction.remoteIpDetails.country.countryName

• service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

• service.action.networkConnectionAction.remoteIpDetails.organization.asn

• service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

• service.action.networkConnectionAction.remotePortDetails.port

• service.action.awsApiCallAction.remoteAccountDetails.affiliated

• service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

• service.action.kubernetesApiCallAction.requestUri

• service.action.networkConnectionAction.localIpDetails.ipAddressV4

• service.action.networkConnectionAction.protocol

• service.action.awsApiCallAction.serviceName

• service.action.awsApiCallAction.remoteAccountDetails.accountId

• service.additionalInfo.threatListName

• service.resourceRole

• resource.eksClusterDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

• resource.kubernetesDetails.kubernetesUserDetails.username

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

• service.ebsVolumeScanDetails.scanId

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

• resource.ecsClusterDetails.name

• resource.ecsClusterDetails.taskDetails.containers.image

• resource.ecsClusterDetails.taskDetails.definitionArn

• resource.containerDetails.image

• resource.rdsDbInstanceDetails.dbInstanceIdentifier

• resource.rdsDbInstanceDetails.dbClusterIdentifier

• resource.rdsDbInstanceDetails.engine

• resource.rdsDbUserDetails.user

• resource.rdsDbInstanceDetails.tags.key

• resource.rdsDbInstanceDetails.tags.value

• service.runtimeDetails.process.executableSha256

• service.runtimeDetails.process.name

• service.runtimeDetails.process.name

• resource.lambdaDetails.functionName

• resource.lambdaDetails.functionArn

• resource.lambdaDetails.tags.key

• resource.lambdaDetails.tags.value

Parameters:

findingCriteria - Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

• accountId

• id

• region

• severity

  To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

  • Low: ["1", "2", "3"]

  • Medium: ["4", "5", "6"]

  • High: ["7", "8", "9"]

  For more information, see Severity levels for GuardDuty findings.

• type

• updatedAt

  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

• resource.accessKeyDetails.accessKeyId

• resource.accessKeyDetails.principalId

• resource.accessKeyDetails.userName

• resource.accessKeyDetails.userType

• resource.instanceDetails.iamInstanceProfile.id

• resource.instanceDetails.imageId

• resource.instanceDetails.instanceId

• resource.instanceDetails.tags.key

• resource.instanceDetails.tags.value

• resource.instanceDetails.networkInterfaces.ipv6Addresses

• resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

• resource.instanceDetails.networkInterfaces.publicDnsName

• resource.instanceDetails.networkInterfaces.publicIp

• resource.instanceDetails.networkInterfaces.securityGroups.groupId

• resource.instanceDetails.networkInterfaces.securityGroups.groupName

• resource.instanceDetails.networkInterfaces.subnetId

• resource.instanceDetails.networkInterfaces.vpcId

• resource.instanceDetails.outpostArn

• resource.resourceType

• resource.s3BucketDetails.publicAccess.effectivePermissions

• resource.s3BucketDetails.name

• resource.s3BucketDetails.tags.key

• resource.s3BucketDetails.tags.value

• resource.s3BucketDetails.type

• service.action.actionType

• service.action.awsApiCallAction.api

• service.action.awsApiCallAction.callerType

• service.action.awsApiCallAction.errorCode

• service.action.awsApiCallAction.remoteIpDetails.city.cityName

• service.action.awsApiCallAction.remoteIpDetails.country.countryName

• service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

• service.action.awsApiCallAction.remoteIpDetails.organization.asn

• service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

• service.action.awsApiCallAction.serviceName

• service.action.dnsRequestAction.domain

• service.action.networkConnectionAction.blocked

• service.action.networkConnectionAction.connectionDirection

• service.action.networkConnectionAction.localPortDetails.port

• service.action.networkConnectionAction.protocol

• service.action.networkConnectionAction.remoteIpDetails.city.cityName

• service.action.networkConnectionAction.remoteIpDetails.country.countryName

• service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

• service.action.networkConnectionAction.remoteIpDetails.organization.asn

• service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

• service.action.networkConnectionAction.remotePortDetails.port

• service.action.awsApiCallAction.remoteAccountDetails.affiliated

• service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

• service.action.kubernetesApiCallAction.requestUri

• service.action.networkConnectionAction.localIpDetails.ipAddressV4

• service.action.networkConnectionAction.protocol

• service.action.awsApiCallAction.serviceName

• service.action.awsApiCallAction.remoteAccountDetails.accountId

• service.additionalInfo.threatListName

• service.resourceRole

• resource.eksClusterDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

• resource.kubernetesDetails.kubernetesUserDetails.username

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

• service.ebsVolumeScanDetails.scanId

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

• resource.ecsClusterDetails.name

• resource.ecsClusterDetails.taskDetails.containers.image

• resource.ecsClusterDetails.taskDetails.definitionArn

• resource.containerDetails.image

• resource.rdsDbInstanceDetails.dbInstanceIdentifier

• resource.rdsDbInstanceDetails.dbClusterIdentifier

• resource.rdsDbInstanceDetails.engine

• resource.rdsDbUserDetails.user

• resource.rdsDbInstanceDetails.tags.key

• resource.rdsDbInstanceDetails.tags.value

• service.runtimeDetails.process.executableSha256

• service.runtimeDetails.process.name

• service.runtimeDetails.process.name

• resource.lambdaDetails.functionName

• resource.lambdaDetails.functionArn

• resource.lambdaDetails.tags.key

• resource.lambdaDetails.tags.value

Returns:

Returns a reference to this object so that method calls can be chained together.

findingCriteria

default CreateFilterRequest.Builder findingCriteria(Consumer<FindingCriteria.Builder> findingCriteria)

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

• accountId

• id

• region

• severity

  To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

  • Low: ["1", "2", "3"]

  • Medium: ["4", "5", "6"]

  • High: ["7", "8", "9"]

  For more information, see Severity levels for GuardDuty findings.

• type

• updatedAt

  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

• resource.accessKeyDetails.accessKeyId

• resource.accessKeyDetails.principalId

• resource.accessKeyDetails.userName

• resource.accessKeyDetails.userType

• resource.instanceDetails.iamInstanceProfile.id

• resource.instanceDetails.imageId

• resource.instanceDetails.instanceId

• resource.instanceDetails.tags.key

• resource.instanceDetails.tags.value

• resource.instanceDetails.networkInterfaces.ipv6Addresses

• resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

• resource.instanceDetails.networkInterfaces.publicDnsName

• resource.instanceDetails.networkInterfaces.publicIp

• resource.instanceDetails.networkInterfaces.securityGroups.groupId

• resource.instanceDetails.networkInterfaces.securityGroups.groupName

• resource.instanceDetails.networkInterfaces.subnetId

• resource.instanceDetails.networkInterfaces.vpcId

• resource.instanceDetails.outpostArn

• resource.resourceType

• resource.s3BucketDetails.publicAccess.effectivePermissions

• resource.s3BucketDetails.name

• resource.s3BucketDetails.tags.key

• resource.s3BucketDetails.tags.value

• resource.s3BucketDetails.type

• service.action.actionType

• service.action.awsApiCallAction.api

• service.action.awsApiCallAction.callerType

• service.action.awsApiCallAction.errorCode

• service.action.awsApiCallAction.remoteIpDetails.city.cityName

• service.action.awsApiCallAction.remoteIpDetails.country.countryName

• service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

• service.action.awsApiCallAction.remoteIpDetails.organization.asn

• service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

• service.action.awsApiCallAction.serviceName

• service.action.dnsRequestAction.domain

• service.action.networkConnectionAction.blocked

• service.action.networkConnectionAction.connectionDirection

• service.action.networkConnectionAction.localPortDetails.port

• service.action.networkConnectionAction.protocol

• service.action.networkConnectionAction.remoteIpDetails.city.cityName

• service.action.networkConnectionAction.remoteIpDetails.country.countryName

• service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

• service.action.networkConnectionAction.remoteIpDetails.organization.asn

• service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

• service.action.networkConnectionAction.remotePortDetails.port

• service.action.awsApiCallAction.remoteAccountDetails.affiliated

• service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

• service.action.kubernetesApiCallAction.requestUri

• service.action.networkConnectionAction.localIpDetails.ipAddressV4

• service.action.networkConnectionAction.protocol

• service.action.awsApiCallAction.serviceName

• service.action.awsApiCallAction.remoteAccountDetails.accountId

• service.additionalInfo.threatListName

• service.resourceRole

• resource.eksClusterDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.name

• resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

• resource.kubernetesDetails.kubernetesUserDetails.username

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

• resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

• service.ebsVolumeScanDetails.scanId

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

• service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

• resource.ecsClusterDetails.name

• resource.ecsClusterDetails.taskDetails.containers.image

• resource.ecsClusterDetails.taskDetails.definitionArn

• resource.containerDetails.image

• resource.rdsDbInstanceDetails.dbInstanceIdentifier

• resource.rdsDbInstanceDetails.dbClusterIdentifier

• resource.rdsDbInstanceDetails.engine

• resource.rdsDbUserDetails.user

• resource.rdsDbInstanceDetails.tags.key

• resource.rdsDbInstanceDetails.tags.value

• service.runtimeDetails.process.executableSha256

• service.runtimeDetails.process.name

• service.runtimeDetails.process.name

• resource.lambdaDetails.functionName

• resource.lambdaDetails.functionArn

• resource.lambdaDetails.tags.key

• resource.lambdaDetails.tags.value

This is a convenience method that creates an instance of the FindingCriteria.Builder avoiding the need to create one manually via FindingCriteria.builder().

When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to findingCriteria(FindingCriteria).

Parameters:

findingCriteria - a consumer that will call methods on FindingCriteria.Builder

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

findingCriteria(FindingCriteria)

clientToken

CreateFilterRequest.Builder clientToken(String clientToken)

The idempotency token for the create request.

Parameters:

clientToken - The idempotency token for the create request.

Returns:

Returns a reference to this object so that method calls can be chained together.

tags

CreateFilterRequest.Builder tags(Map<String,String> tags)

The tags to be added to a new filter resource.

Parameters:

tags - The tags to be added to a new filter resource.

Returns:

Returns a reference to this object so that method calls can be chained together.

overrideConfiguration

CreateFilterRequest.Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration)

Specified by:

overrideConfiguration in interface AwsRequest.Builder

overrideConfiguration

CreateFilterRequest.Builder overrideConfiguration(Consumer<AwsRequestOverrideConfiguration.Builder> builderConsumer)

Specified by:

overrideConfiguration in interface AwsRequest.Builder