Filter
The Filter resource lets you manage AWS GuardDuty Filters that help in defining which findings should be included in the detection of threats. Filters allow you to take specific actions on the findings based on the defined criteria.
Minimal Example
Section titled “Minimal Example”Create a basic GuardDuty Filter with the required properties and one optional property.
import AWS from "alchemy/aws/control";
const simpleFilter = await AWS.GuardDuty.Filter("simpleFilter", { DetectorId: "12abcdef34gh567ijkl890mnopqrstu", FindingCriteria: { Criterion: { severity: { Eq: ["HIGH"] } } }, Name: "HighSeverityFilter"});Advanced Configuration
Section titled “Advanced Configuration”Configure a filter with an action and a rank to prioritize it:
const advancedFilter = await AWS.GuardDuty.Filter("advancedFilter", { DetectorId: "12abcdef34gh567ijkl890mnopqrstu", FindingCriteria: { Criterion: { severity: { Eq: ["MEDIUM", "HIGH"] }, type: { Eq: ["UnauthorizedAccess:Root", "UnauthorizedAccess:AWSAccount"] } } }, Name: "MediumAndHighSeverityFilter", Action: "NOOP", Rank: 1});Tagging for Organization
Section titled “Tagging for Organization”Create a filter with tags for better organization and management:
const taggedFilter = await AWS.GuardDuty.Filter("taggedFilter", { DetectorId: "12abcdef34gh567ijkl890mnopqrstu", FindingCriteria: { Criterion: { severity: { Eq: ["LOW", "MEDIUM"] } } }, Name: "LowAndMediumSeverityFilter", Tags: [ { Key: "Environment", Value: "Production" }, { Key: "Team", Value: "Security" } ]});Adoption of Existing Filter
Section titled “Adoption of Existing Filter”Create a filter that adopts an existing one instead of failing if it exists:
const adoptFilter = await AWS.GuardDuty.Filter("adoptFilter", { DetectorId: "12abcdef34gh567ijkl890mnopqrstu", FindingCriteria: { Criterion: { severity: { Eq: ["HIGH"] } } }, Name: "AdoptHighSeverityFilter", adopt: true});