Module Values.FindingProviderFieldsSource

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update values for the following fields: Confidence Criticality RelatedFindings Severity Types The preceding fields are nested under the FindingProviderFields object, but also have analogues of the same name as top-level ASFF fields. When a new finding is sent to Security Hub CSPM by a finding provider, Security Hub CSPM populates the FindingProviderFields object automatically, if it is empty, based on the corresponding top-level fields. Finding providers can update FindingProviderFields only by using the BatchImportFindings operation. Finding providers can't update this object with the BatchUpdateFindings operation. Customers can update the top-level fields by using the BatchUpdateFindings operation. Customers can't update FindingProviderFields. For information about how Security Hub CSPM handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see Using FindingProviderFields in the Security Hub CSPM User Guide.

Sourcetype nonrec t = {
  1. confidence : RatioScale.t option;
    (*

    A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

    *)
  2. criticality : RatioScale.t option;
    (*

    The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

    *)
  3. relatedFindings : RelatedFindingList.t option;
    (*

    A list of findings that are related to the current finding.

    *)
  4. severity : FindingProviderSeverity.t option;
    (*

    The severity of a finding.

    *)
  5. types : TypeList.t option;
    (*

    One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

    *)
}
Sourceval make : ?confidence:??? -> ?criticality:??? -> ?relatedFindings:??? -> ?severity:??? -> ?types:??? -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `Integer of RatioScale.t | `List of [> `String of NonEmptyString.t | `Structure of (string * [> `String of NonEmptyString.t ]) list ] list | `Structure of (string * [> `Enum of string | `String of NonEmptyString.t ]) list ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t