createFilter method
- required String detectorId,
- required FindingCriteria findingCriteria,
- required String name,
- FilterAction? action,
- String? clientToken,
- String? description,
- int? rank,
- Map<
String, String> ? tags,
Creates a filter using the specified finding criteria.
May throw BadRequestException. May throw InternalServerErrorException.
Parameter detectorId
:
The ID of the detector belonging to the GuardDuty account that you want to
create a filter for.
Parameter findingCriteria
:
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
- accountId
- region
- confidence
- id
- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.outpostArn
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.resourceType
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.additionalInfo.threatListName
-
service.archived
When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
- service.resourceRole
- severity
- type
-
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
Parameter name
:
The name of the filter. Minimum length of 3. Maximum length of 64. Valid
characters include alphanumeric characters, dot (.), underscore (_), and
dash (-). Spaces are not allowed.
Parameter action
:
Specifies the action that is to be applied to the findings that match the
filter.
Parameter clientToken
:
The idempotency token for the create request.
Parameter description
:
The description of the filter.
Parameter rank
:
Specifies the position of the filter in the list of current filters. Also
specifies the order in which this filter is applied to the findings.
Parameter tags
:
The tags to be added to a new filter resource.
Implementation
Future<CreateFilterResponse> createFilter({
required String detectorId,
required FindingCriteria findingCriteria,
required String name,
FilterAction? action,
String? clientToken,
String? description,
int? rank,
Map<String, String>? tags,
}) async {
ArgumentError.checkNotNull(detectorId, 'detectorId');
_s.validateStringLength(
'detectorId',
detectorId,
1,
300,
isRequired: true,
);
ArgumentError.checkNotNull(findingCriteria, 'findingCriteria');
ArgumentError.checkNotNull(name, 'name');
_s.validateStringLength(
'name',
name,
3,
64,
isRequired: true,
);
_s.validateStringLength(
'clientToken',
clientToken,
0,
64,
);
_s.validateStringLength(
'description',
description,
0,
512,
);
_s.validateNumRange(
'rank',
rank,
1,
100,
);
final $payload = <String, dynamic>{
'findingCriteria': findingCriteria,
'name': name,
if (action != null) 'action': action.toValue(),
'clientToken': clientToken ?? _s.generateIdempotencyToken(),
if (description != null) 'description': description,
if (rank != null) 'rank': rank,
if (tags != null) 'tags': tags,
};
final response = await _protocol.send(
payload: $payload,
method: 'POST',
requestUri: '/detector/${Uri.encodeComponent(detectorId)}/filter',
exceptionFnMap: _exceptionFns,
);
return CreateFilterResponse.fromJson(response);
}