[ aws . guardduty ]

update-filter

Description

Updates the filter specified by the filter name.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  update-filter
--detector-id <value>
--filter-name <value>
[--description <value>]
[--action <value>]
[--rank <value>]
[--finding-criteria <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--detector-id (string)

The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.

--filter-name (string)

The name of the filter.

--description (string)

The description of the filter.

--action (string)

Specifies the action that is to be applied to the findings that match the filter.

Possible values:

  • NOOP

  • ARCHIVE

--rank (integer)

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

--finding-criteria (structure)

Represents the criteria to be used in the filter for querying findings.

Criterion -> (map)

Represents a map of finding properties that match specified conditions and values when querying findings.

key -> (string)

value -> (structure)

Contains information about the condition.

Eq -> (list)

Represents the equal condition to be applied to a single field when querying for findings.

(string)

Neq -> (list)

Represents the not equal condition to be applied to a single field when querying for findings.

(string)

Gt -> (integer)

Represents a greater than condition to be applied to a single field when querying for findings.

Gte -> (integer)

Represents a greater than or equal condition to be applied to a single field when querying for findings.

Lt -> (integer)

Represents a less than condition to be applied to a single field when querying for findings.

Lte -> (integer)

Represents a less than or equal condition to be applied to a single field when querying for findings.

Equals -> (list)

Represents an equal condition to be applied to a single field when querying for findings.

(string)

NotEquals -> (list)

Represents a not equal condition to be applied to a single field when querying for findings.

(string)

GreaterThan -> (long)

Represents a greater than condition to be applied to a single field when querying for findings.

GreaterThanOrEqual -> (long)

Represents a greater than or equal condition to be applied to a single field when querying for findings.

LessThan -> (long)

Represents a less than condition to be applied to a single field when querying for findings.

LessThanOrEqual -> (long)

Represents a less than or equal condition to be applied to a single field when querying for findings.

Shorthand Syntax:

Criterion={KeyName1={Eq=[string,string],Neq=[string,string],Gt=integer,Gte=integer,Lt=integer,Lte=integer,Equals=[string,string],NotEquals=[string,string],GreaterThan=long,GreaterThanOrEqual=long,LessThan=long,LessThanOrEqual=long},KeyName2={Eq=[string,string],Neq=[string,string],Gt=integer,Gte=integer,Lt=integer,Lte=integer,Equals=[string,string],NotEquals=[string,string],GreaterThan=long,GreaterThanOrEqual=long,LessThan=long,LessThanOrEqual=long}}

JSON Syntax:

{
  "Criterion": {"string": {
        "Eq": ["string", ...],
        "Neq": ["string", ...],
        "Gt": integer,
        "Gte": integer,
        "Lt": integer,
        "Lte": integer,
        "Equals": ["string", ...],
        "NotEquals": ["string", ...],
        "GreaterThan": long,
        "GreaterThanOrEqual": long,
        "LessThan": long,
        "LessThanOrEqual": long
      }
    ...}
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output

Name -> (string)

The name of the filter.