create_filter
(**kwargs)¶Creates a filter using the specified finding criteria.
See also: AWS API Documentation
Request Syntax
response = client.create_filter(
DetectorId='string',
Name='string',
Description='string',
Action='NOOP'|'ARCHIVE',
Rank=123,
FindingCriteria={
'Criterion': {
'string': {
'Eq': [
'string',
],
'Neq': [
'string',
],
'Gt': 123,
'Gte': 123,
'Lt': 123,
'Lte': 123,
'Equals': [
'string',
],
'NotEquals': [
'string',
],
'GreaterThan': 123,
'GreaterThanOrEqual': 123,
'LessThan': 123,
'LessThanOrEqual': 123
}
}
},
ClientToken='string',
Tags={
'string': 'string'
}
)
[REQUIRED]
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
[REQUIRED]
The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
-
, .
, :
, { }
, [ ]
, ( )
, /
, \t
, \n
, \x0B
, \f
, \r
, _
, and whitespace.[REQUIRED]
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
Represents a map of finding properties that match specified conditions and values when querying findings.
Contains information about the condition.
Represents the equal condition to be applied to a single field when querying for findings.
Represents the not equal condition to be applied to a single field when querying for findings.
Represents a greater than condition to be applied to a single field when querying for findings.
Represents a greater than or equal condition to be applied to a single field when querying for findings.
Represents a less than condition to be applied to a single field when querying for findings.
Represents a less than or equal condition to be applied to a single field when querying for findings.
Represents an equal condition to be applied to a single field when querying for findings.
Represents a not equal condition to be applied to a single field when querying for findings.
Represents a greater than condition to be applied to a single field when querying for findings.
Represents a greater than or equal condition to be applied to a single field when querying for findings.
Represents a less than condition to be applied to a single field when querying for findings.
Represents a less than or equal condition to be applied to a single field when querying for findings.
The idempotency token for the create request.
This field is autopopulated if not provided.
The tags to be added to a new filter resource.
dict
Response Syntax
{
'Name': 'string'
}
Response Structure
(dict) --
Name (string) --
The name of the successfully created filter.
Exceptions
GuardDuty.Client.exceptions.BadRequestException
GuardDuty.Client.exceptions.InternalServerErrorException