createFilter method

Future<CreateFilterResponse> createFilter({
  1. required String detectorId,
  2. required FindingCriteria findingCriteria,
  3. required String name,
  4. FilterAction? action,
  5. String? clientToken,
  6. String? description,
  7. int? rank,
  8. Map<String, String>? tags,
})

Creates a filter using the specified finding criteria.

May throw BadRequestException. May throw InternalServerErrorException.

Parameter detectorId : The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

Parameter findingCriteria : Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId
  • region
  • confidence
  • id
  • resource.accessKeyDetails.accessKeyId
  • resource.accessKeyDetails.principalId
  • resource.accessKeyDetails.userName
  • resource.accessKeyDetails.userType
  • resource.instanceDetails.iamInstanceProfile.id
  • resource.instanceDetails.imageId
  • resource.instanceDetails.instanceId
  • resource.instanceDetails.outpostArn
  • resource.instanceDetails.networkInterfaces.ipv6Addresses
  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
  • resource.instanceDetails.networkInterfaces.publicDnsName
  • resource.instanceDetails.networkInterfaces.publicIp
  • resource.instanceDetails.networkInterfaces.securityGroups.groupId
  • resource.instanceDetails.networkInterfaces.securityGroups.groupName
  • resource.instanceDetails.networkInterfaces.subnetId
  • resource.instanceDetails.networkInterfaces.vpcId
  • resource.instanceDetails.tags.key
  • resource.instanceDetails.tags.value
  • resource.resourceType
  • service.action.actionType
  • service.action.awsApiCallAction.api
  • service.action.awsApiCallAction.callerType
  • service.action.awsApiCallAction.errorCode
  • service.action.awsApiCallAction.remoteIpDetails.city.cityName
  • service.action.awsApiCallAction.remoteIpDetails.country.countryName
  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
  • service.action.awsApiCallAction.remoteIpDetails.organization.asn
  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
  • service.action.awsApiCallAction.serviceName
  • service.action.dnsRequestAction.domain
  • service.action.networkConnectionAction.blocked
  • service.action.networkConnectionAction.connectionDirection
  • service.action.networkConnectionAction.localPortDetails.port
  • service.action.networkConnectionAction.protocol
  • service.action.networkConnectionAction.localIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.city.cityName
  • service.action.networkConnectionAction.remoteIpDetails.country.countryName
  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.organization.asn
  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
  • service.action.networkConnectionAction.remotePortDetails.port
  • service.additionalInfo.threatListName
  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole
  • severity
  • type
  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Parameter name : The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

Parameter action : Specifies the action that is to be applied to the findings that match the filter.

Parameter clientToken : The idempotency token for the create request.

Parameter description : The description of the filter.

Parameter rank : Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Parameter tags : The tags to be added to a new filter resource.

Implementation

Future<CreateFilterResponse> createFilter({
  required String detectorId,
  required FindingCriteria findingCriteria,
  required String name,
  FilterAction? action,
  String? clientToken,
  String? description,
  int? rank,
  Map<String, String>? tags,
}) async {
  ArgumentError.checkNotNull(detectorId, 'detectorId');
  _s.validateStringLength(
    'detectorId',
    detectorId,
    1,
    300,
    isRequired: true,
  );
  ArgumentError.checkNotNull(findingCriteria, 'findingCriteria');
  ArgumentError.checkNotNull(name, 'name');
  _s.validateStringLength(
    'name',
    name,
    3,
    64,
    isRequired: true,
  );
  _s.validateStringLength(
    'clientToken',
    clientToken,
    0,
    64,
  );
  _s.validateStringLength(
    'description',
    description,
    0,
    512,
  );
  _s.validateNumRange(
    'rank',
    rank,
    1,
    100,
  );
  final $payload = <String, dynamic>{
    'findingCriteria': findingCriteria,
    'name': name,
    if (action != null) 'action': action.toValue(),
    'clientToken': clientToken ?? _s.generateIdempotencyToken(),
    if (description != null) 'description': description,
    if (rank != null) 'rank': rank,
    if (tags != null) 'tags': tags,
  };
  final response = await _protocol.send(
    payload: $payload,
    method: 'POST',
    requestUri: '/detector/${Uri.encodeComponent(detectorId)}/filter',
    exceptionFnMap: _exceptionFns,
  );
  return CreateFilterResponse.fromJson(response);
}