Package software.amazon.awssdk.services.guardduty.model

Interface CreateFilterRequest.Builder

    • Method Detail

      • detectorId

        CreateFilterRequest.Builder detectorId​(String detectorId)

        The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

        Parameters:
        detectorId - The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • name

        CreateFilterRequest.Builder name​(String name)

        The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

        Parameters:
        name - The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • description

        CreateFilterRequest.Builder description​(String description)

        The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.

        Parameters:
        description - The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • action

        CreateFilterRequest.Builder action​(String action)

        Specifies the action that is to be applied to the findings that match the filter.

        Parameters:
        action - Specifies the action that is to be applied to the findings that match the filter.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
        See Also:
        FilterAction, FilterAction

      • action

        CreateFilterRequest.Builder action​(FilterAction action)

        Specifies the action that is to be applied to the findings that match the filter.

        Parameters:
        action - Specifies the action that is to be applied to the findings that match the filter.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
        See Also:
        FilterAction, FilterAction

      • rank

        CreateFilterRequest.Builder rank​(Integer rank)

        Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

        Parameters:
        rank - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • findingCriteria

        CreateFilterRequest.Builder findingCriteria​(FindingCriteria findingCriteria)

        Represents the criteria to be used in the filter for querying findings.

        You can only use the following attributes to query findings:

        • accountId

        • id

        • region

        • severity

          To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

          • Low: ["1", "2", "3"]

          • Medium: ["4", "5", "6"]

          • High: ["7", "8", "9"]

          For more information, see Severity levels for GuardDuty findings.

        • type

        • updatedAt

          Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

        • resource.accessKeyDetails.accessKeyId

        • resource.accessKeyDetails.principalId

        • resource.accessKeyDetails.userName

        • resource.accessKeyDetails.userType

        • resource.instanceDetails.iamInstanceProfile.id

        • resource.instanceDetails.imageId

        • resource.instanceDetails.instanceId

        • resource.instanceDetails.tags.key

        • resource.instanceDetails.tags.value

        • resource.instanceDetails.networkInterfaces.ipv6Addresses

        • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

        • resource.instanceDetails.networkInterfaces.publicDnsName

        • resource.instanceDetails.networkInterfaces.publicIp

        • resource.instanceDetails.networkInterfaces.securityGroups.groupId

        • resource.instanceDetails.networkInterfaces.securityGroups.groupName

        • resource.instanceDetails.networkInterfaces.subnetId

        • resource.instanceDetails.networkInterfaces.vpcId

        • resource.instanceDetails.outpostArn

        • resource.resourceType

        • resource.s3BucketDetails.publicAccess.effectivePermissions

        • resource.s3BucketDetails.name

        • resource.s3BucketDetails.tags.key

        • resource.s3BucketDetails.tags.value

        • resource.s3BucketDetails.type

        • service.action.actionType

        • service.action.awsApiCallAction.api

        • service.action.awsApiCallAction.callerType

        • service.action.awsApiCallAction.errorCode

        • service.action.awsApiCallAction.remoteIpDetails.city.cityName

        • service.action.awsApiCallAction.remoteIpDetails.country.countryName

        • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

        • service.action.awsApiCallAction.remoteIpDetails.organization.asn

        • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

        • service.action.awsApiCallAction.serviceName

        • service.action.dnsRequestAction.domain

        • service.action.dnsRequestAction.domainWithSuffix

        • service.action.networkConnectionAction.blocked

        • service.action.networkConnectionAction.connectionDirection

        • service.action.networkConnectionAction.localPortDetails.port

        • service.action.networkConnectionAction.protocol

        • service.action.networkConnectionAction.remoteIpDetails.city.cityName

        • service.action.networkConnectionAction.remoteIpDetails.country.countryName

        • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

        • service.action.networkConnectionAction.remoteIpDetails.organization.asn

        • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

        • service.action.networkConnectionAction.remotePortDetails.port

        • service.action.awsApiCallAction.remoteAccountDetails.affiliated

        • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

        • service.action.kubernetesApiCallAction.namespace

        • service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn

        • service.action.kubernetesApiCallAction.requestUri

        • service.action.kubernetesApiCallAction.statusCode

        • service.action.networkConnectionAction.localIpDetails.ipAddressV4

        • service.action.networkConnectionAction.protocol

        • service.action.awsApiCallAction.serviceName

        • service.action.awsApiCallAction.remoteAccountDetails.accountId

        • service.additionalInfo.threatListName

        • service.resourceRole

        • resource.eksClusterDetails.name

        • resource.kubernetesDetails.kubernetesWorkloadDetails.name

        • resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

        • resource.kubernetesDetails.kubernetesUserDetails.username

        • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

        • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

        • service.ebsVolumeScanDetails.scanId

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

        • resource.ecsClusterDetails.name

        • resource.ecsClusterDetails.taskDetails.containers.image

        • resource.ecsClusterDetails.taskDetails.definitionArn

        • resource.containerDetails.image

        • resource.rdsDbInstanceDetails.dbInstanceIdentifier

        • resource.rdsDbInstanceDetails.dbClusterIdentifier

        • resource.rdsDbInstanceDetails.engine

        • resource.rdsDbUserDetails.user

        • resource.rdsDbInstanceDetails.tags.key

        • resource.rdsDbInstanceDetails.tags.value

        • service.runtimeDetails.process.executableSha256

        • service.runtimeDetails.process.name

        • service.runtimeDetails.process.name

        • resource.lambdaDetails.functionName

        • resource.lambdaDetails.functionArn

        • resource.lambdaDetails.tags.key

        • resource.lambdaDetails.tags.value

        Parameters:
        findingCriteria - Represents the criteria to be used in the filter for querying findings.

        You can only use the following attributes to query findings:

        • accountId

        • id

        • region

        • severity

          To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

          • Low: ["1", "2", "3"]

          • Medium: ["4", "5", "6"]

          • High: ["7", "8", "9"]

          For more information, see Severity levels for GuardDuty findings.

        • type

        • updatedAt

          Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

        • resource.accessKeyDetails.accessKeyId

        • resource.accessKeyDetails.principalId

        • resource.accessKeyDetails.userName

        • resource.accessKeyDetails.userType

        • resource.instanceDetails.iamInstanceProfile.id

        • resource.instanceDetails.imageId

        • resource.instanceDetails.instanceId

        • resource.instanceDetails.tags.key

        • resource.instanceDetails.tags.value

        • resource.instanceDetails.networkInterfaces.ipv6Addresses

        • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

        • resource.instanceDetails.networkInterfaces.publicDnsName

        • resource.instanceDetails.networkInterfaces.publicIp

        • resource.instanceDetails.networkInterfaces.securityGroups.groupId

        • resource.instanceDetails.networkInterfaces.securityGroups.groupName

        • resource.instanceDetails.networkInterfaces.subnetId

        • resource.instanceDetails.networkInterfaces.vpcId

        • resource.instanceDetails.outpostArn

        • resource.resourceType

        • resource.s3BucketDetails.publicAccess.effectivePermissions

        • resource.s3BucketDetails.name

        • resource.s3BucketDetails.tags.key

        • resource.s3BucketDetails.tags.value

        • resource.s3BucketDetails.type

        • service.action.actionType

        • service.action.awsApiCallAction.api

        • service.action.awsApiCallAction.callerType

        • service.action.awsApiCallAction.errorCode

        • service.action.awsApiCallAction.remoteIpDetails.city.cityName

        • service.action.awsApiCallAction.remoteIpDetails.country.countryName

        • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

        • service.action.awsApiCallAction.remoteIpDetails.organization.asn

        • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

        • service.action.awsApiCallAction.serviceName

        • service.action.dnsRequestAction.domain

        • service.action.dnsRequestAction.domainWithSuffix

        • service.action.networkConnectionAction.blocked

        • service.action.networkConnectionAction.connectionDirection

        • service.action.networkConnectionAction.localPortDetails.port

        • service.action.networkConnectionAction.protocol

        • service.action.networkConnectionAction.remoteIpDetails.city.cityName

        • service.action.networkConnectionAction.remoteIpDetails.country.countryName

        • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

        • service.action.networkConnectionAction.remoteIpDetails.organization.asn

        • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

        • service.action.networkConnectionAction.remotePortDetails.port

        • service.action.awsApiCallAction.remoteAccountDetails.affiliated

        • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

        • service.action.kubernetesApiCallAction.namespace

        • service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn

        • service.action.kubernetesApiCallAction.requestUri

        • service.action.kubernetesApiCallAction.statusCode

        • service.action.networkConnectionAction.localIpDetails.ipAddressV4

        • service.action.networkConnectionAction.protocol

        • service.action.awsApiCallAction.serviceName

        • service.action.awsApiCallAction.remoteAccountDetails.accountId

        • service.additionalInfo.threatListName

        • service.resourceRole

        • resource.eksClusterDetails.name

        • resource.kubernetesDetails.kubernetesWorkloadDetails.name

        • resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

        • resource.kubernetesDetails.kubernetesUserDetails.username

        • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

        • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

        • service.ebsVolumeScanDetails.scanId

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

        • resource.ecsClusterDetails.name

        • resource.ecsClusterDetails.taskDetails.containers.image

        • resource.ecsClusterDetails.taskDetails.definitionArn

        • resource.containerDetails.image

        • resource.rdsDbInstanceDetails.dbInstanceIdentifier

        • resource.rdsDbInstanceDetails.dbClusterIdentifier

        • resource.rdsDbInstanceDetails.engine

        • resource.rdsDbUserDetails.user

        • resource.rdsDbInstanceDetails.tags.key

        • resource.rdsDbInstanceDetails.tags.value

        • service.runtimeDetails.process.executableSha256

        • service.runtimeDetails.process.name

        • service.runtimeDetails.process.name

        • resource.lambdaDetails.functionName

        • resource.lambdaDetails.functionArn

        • resource.lambdaDetails.tags.key

        • resource.lambdaDetails.tags.value

        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • findingCriteria

        default CreateFilterRequest.Builder findingCriteria​(Consumer<FindingCriteria.Builder> findingCriteria)

        Represents the criteria to be used in the filter for querying findings.

        You can only use the following attributes to query findings:

        • accountId

        • id

        • region

        • severity

          To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

          • Low: ["1", "2", "3"]

          • Medium: ["4", "5", "6"]

          • High: ["7", "8", "9"]

          For more information, see Severity levels for GuardDuty findings.

        • type

        • updatedAt

          Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

        • resource.accessKeyDetails.accessKeyId

        • resource.accessKeyDetails.principalId

        • resource.accessKeyDetails.userName

        • resource.accessKeyDetails.userType

        • resource.instanceDetails.iamInstanceProfile.id

        • resource.instanceDetails.imageId

        • resource.instanceDetails.instanceId

        • resource.instanceDetails.tags.key

        • resource.instanceDetails.tags.value

        • resource.instanceDetails.networkInterfaces.ipv6Addresses

        • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

        • resource.instanceDetails.networkInterfaces.publicDnsName

        • resource.instanceDetails.networkInterfaces.publicIp

        • resource.instanceDetails.networkInterfaces.securityGroups.groupId

        • resource.instanceDetails.networkInterfaces.securityGroups.groupName

        • resource.instanceDetails.networkInterfaces.subnetId

        • resource.instanceDetails.networkInterfaces.vpcId

        • resource.instanceDetails.outpostArn

        • resource.resourceType

        • resource.s3BucketDetails.publicAccess.effectivePermissions

        • resource.s3BucketDetails.name

        • resource.s3BucketDetails.tags.key

        • resource.s3BucketDetails.tags.value

        • resource.s3BucketDetails.type

        • service.action.actionType

        • service.action.awsApiCallAction.api

        • service.action.awsApiCallAction.callerType

        • service.action.awsApiCallAction.errorCode

        • service.action.awsApiCallAction.remoteIpDetails.city.cityName

        • service.action.awsApiCallAction.remoteIpDetails.country.countryName

        • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

        • service.action.awsApiCallAction.remoteIpDetails.organization.asn

        • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

        • service.action.awsApiCallAction.serviceName

        • service.action.dnsRequestAction.domain

        • service.action.dnsRequestAction.domainWithSuffix

        • service.action.networkConnectionAction.blocked

        • service.action.networkConnectionAction.connectionDirection

        • service.action.networkConnectionAction.localPortDetails.port

        • service.action.networkConnectionAction.protocol

        • service.action.networkConnectionAction.remoteIpDetails.city.cityName

        • service.action.networkConnectionAction.remoteIpDetails.country.countryName

        • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

        • service.action.networkConnectionAction.remoteIpDetails.organization.asn

        • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

        • service.action.networkConnectionAction.remotePortDetails.port

        • service.action.awsApiCallAction.remoteAccountDetails.affiliated

        • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

        • service.action.kubernetesApiCallAction.namespace

        • service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn

        • service.action.kubernetesApiCallAction.requestUri

        • service.action.kubernetesApiCallAction.statusCode

        • service.action.networkConnectionAction.localIpDetails.ipAddressV4

        • service.action.networkConnectionAction.protocol

        • service.action.awsApiCallAction.serviceName

        • service.action.awsApiCallAction.remoteAccountDetails.accountId

        • service.additionalInfo.threatListName

        • service.resourceRole

        • resource.eksClusterDetails.name

        • resource.kubernetesDetails.kubernetesWorkloadDetails.name

        • resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

        • resource.kubernetesDetails.kubernetesUserDetails.username

        • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

        • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

        • service.ebsVolumeScanDetails.scanId

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

        • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

        • resource.ecsClusterDetails.name

        • resource.ecsClusterDetails.taskDetails.containers.image

        • resource.ecsClusterDetails.taskDetails.definitionArn

        • resource.containerDetails.image

        • resource.rdsDbInstanceDetails.dbInstanceIdentifier

        • resource.rdsDbInstanceDetails.dbClusterIdentifier

        • resource.rdsDbInstanceDetails.engine

        • resource.rdsDbUserDetails.user

        • resource.rdsDbInstanceDetails.tags.key

        • resource.rdsDbInstanceDetails.tags.value

        • service.runtimeDetails.process.executableSha256

        • service.runtimeDetails.process.name

        • service.runtimeDetails.process.name

        • resource.lambdaDetails.functionName

        • resource.lambdaDetails.functionArn

        • resource.lambdaDetails.tags.key

        • resource.lambdaDetails.tags.value

        This is a convenience method that creates an instance of the FindingCriteria.Builder avoiding the need to create one manually via FindingCriteria.builder().

        When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to findingCriteria(FindingCriteria).

        Parameters:
        findingCriteria - a consumer that will call methods on FindingCriteria.Builder
        Returns:
        Returns a reference to this object so that method calls can be chained together.
        See Also:
        findingCriteria(FindingCriteria)

      • clientToken

        CreateFilterRequest.Builder clientToken​(String clientToken)

        The idempotency token for the create request.

        Parameters:
        clientToken - The idempotency token for the create request.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • tags

        CreateFilterRequest.Builder tags​(Map<String,​String> tags)

        The tags to be added to a new filter resource.

        Parameters:
        tags - The tags to be added to a new filter resource.
        Returns:
        Returns a reference to this object so that method calls can be chained together.