automation_rule_tags
Expands all tag keys and values for automation_rules in a region
Overview
| Name | automation_rule_tags |
| Type | Resource |
| Description | The AWS::SecurityHub::AutomationRule resource specifies an automation rule based on input parameters. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*. |
| Id | aws.securityhub.automation_rule_tags |
Fields
| Name | Datatype | Description |
|---|---|---|
rule_arn | string | |
rule_status | string | Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created. |
rule_order | integer | An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first. |
description | string | A description of the rule. |
rule_name | string | The name of the rule. |
created_at | string | The date and time, in UTC and ISO 8601 format. |
updated_at | string | The date and time, in UTC and ISO 8601 format. |
created_by | string | |
is_terminal | boolean | Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. |
actions | array | One or more actions to update finding fields if a finding matches the conditions specified in Criteria. |
criteria | object | A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding. |
tag_key | string | Tag key. |
tag_value | string | Tag value. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
list_resources | SELECT | region |
SELECT examples
Expands tags for all automation_rules in a region.
SELECT
region,
rule_arn,
rule_status,
rule_order,
description,
rule_name,
created_at,
updated_at,
created_by,
is_terminal,
actions,
criteria,
tag_key,
tag_value
FROM aws.securityhub.automation_rule_tags
WHERE region = 'us-east-1';
Permissions
For permissions required to operate on the automation_rule_tags resource, see automation_rules