comparison property
The condition to apply to a string value when querying for findings. To search for values that contain the filter criteria value, use one of the following comparison operators:
-
To search for values that exactly match the filter value, use
EQUALS
.For example, the filter
ResourceType EQUALS AwsEc2SecurityGroup
only matches findings that have a resource type ofAwsEc2SecurityGroup
. -
To search for values that start with the filter value, use
PREFIX
.For example, the filter
ResourceType PREFIX AwsIam
matches findings that have a resource type that starts withAwsIam
. Findings with a resource type ofAwsIamPolicy
,AwsIamRole
, orAwsIamUser
would all match.
EQUALS
and PREFIX
filters on the same field are
joined by OR
. A finding matches if it matches any one of those
filters.
To search for values that do not contain the filter criteria value, use one of the following comparison operators:
-
To search for values that do not exactly match the filter value, use
NOT_EQUALS
.For example, the filter
ResourceType NOT_EQUALS AwsIamPolicy
matches findings that have a resource type other thanAwsIamPolicy
. -
To search for values that do not start with the filter value, use
PREFIX_NOT_EQUALS
.For example, the filter
ResourceType PREFIX_NOT_EQUALS AwsIam
matches findings that have a resource type that does not start withAwsIam
. Findings with a resource type ofAwsIamPolicy
,AwsIamRole
, orAwsIamUser
would all be excluded from the results.
NOT_EQUALS
and PREFIX_NOT_EQUALS
filters on the
same field are joined by AND
. A finding matches only if it
matches all of those filters.
For filters on the same field, you cannot provide both an
EQUALS
filter and a NOT_EQUALS
or
PREFIX_NOT_EQUALS
filter. Combining filters in this way always
returns an error, even if the provided filter values would return valid
results.
You can combine PREFIX
filters with NOT_EQUALS
or
PREFIX_NOT_EQUALS
filters for the same field. Security Hub
first processes the PREFIX
filters, then the
NOT_EQUALS
or PREFIX_NOT_EQUALS
filters.
For example, for the following filter, Security Hub first identifies
findings that have resource types that start with either AwsIAM
or AwsEc2
. It then excludes findings that have a resource type
of AwsIamPolicy
and findings that have a resource type of
AwsEc2NetworkInterface
.
-
ResourceType PREFIX AwsIam
-
ResourceType PREFIX AwsEc2
-
ResourceType NOT_EQUALS AwsIamPolicy
-
ResourceType NOT_EQUALS AwsEc2NetworkInterface
Implementation
final StringFilterComparison? comparison;