SecurityHub / Paginator / GetResourcesTrendsV2

GetResourcesTrendsV2

class SecurityHub.Paginator.GetResourcesTrendsV2
paginator = client.get_paginator('get_resources_trends_v2')
paginate(**kwargs)

Creates an iterator that will paginate through responses from SecurityHub.Client.get_resources_trends_v2().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    Filters={
        'CompositeFilters': [
            {
                'StringFilters': [
                    {
                        'FieldName': 'account_id'|'region'|'resource_type'|'resource_category',
                        'Filter': {
                            'Value': 'string',
                            'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'|'CONTAINS'|'NOT_CONTAINS'|'CONTAINS_WORD'
                        }
                    },
                ],
                'NestedCompositeFilters': {'... recursive ...'},
                'Operator': 'AND'|'OR'
            },
        ],
        'CompositeOperator': 'AND'|'OR'
    },
    StartTime=datetime(2015, 1, 1),
    EndTime=datetime(2015, 1, 1),
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters:

  • Filters (dict) –

    The filters to apply to the resources trend data.

    • CompositeFilters (list) –

      A list of composite filters to apply to the resources trend data.

      • (dict) –

        A filter structure that contains a logical combination of string filters and nested composite filters for resources trend data.

        • StringFilters (list) –

          A list of string filters that apply to resources trend data fields.

          • (dict) –

            A filter for string-based fields in resources trend data, such as resource type or account ID.

            • FieldName (string) –

              The name of the resources field to filter on, such as resourceType, accountId, or region.

            • Filter (dict) –

              A string filter for filtering Security Hub findings.

              • Value (string) –

                The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub. If you provide security hub as the filter value, there’s no match.

              • Comparison (string) –

                The condition to apply to a string value when filtering Security Hub findings.

                To search for values that have the filter value, use one of the following comparison operators:

                • To search for values that include the filter value, use CONTAINS. For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.

                • To search for values that exactly match the filter value, use EQUALS. For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012.

                • To search for values that start with the filter value, use PREFIX. For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us. A ResourceRegion that starts with a different value, such as af, ap, or ca, doesn’t match.

                CONTAINS, EQUALS, and PREFIX filters on the same field are joined by OR. A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront, CloudWatch, or both strings in the title.

                To search for values that don’t have the filter value, use one of the following comparison operators:

                • To search for values that exclude the filter value, use NOT_CONTAINS. For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.

                • To search for values other than the filter value, use NOT_EQUALS. For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012.

                • To search for values that don’t start with the filter value, use PREFIX_NOT_EQUALS. For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us.

                NOT_CONTAINS, NOT_EQUALS, and PREFIX_NOT_EQUALS filters on the same field are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

                You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

                You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

                For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2. It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface.

                • ResourceType PREFIX AwsIam

                • ResourceType PREFIX AwsEc2

                • ResourceType NOT_EQUALS AwsIamPolicy

                • ResourceType NOT_EQUALS AwsEc2NetworkInterface

                CONTAINS and NOT_CONTAINS operators can be used only with automation rules V1. CONTAINS_WORD operator is only supported in GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2, and GetResourceStatisticsV2 APIs. For more information, see Automation rules in the Security Hub User Guide.

        • NestedCompositeFilters (list) –

          A list of nested composite filters that you can use to create complex filter conditions for resources trend data.

        • Operator (string) –

          The logical operator (AND, OR) to apply between the string filters and nested composite filters.

    • CompositeOperator (string) –

      The logical operator (AND, OR) to apply between multiple composite filters.

  • StartTime (datetime) –

    [REQUIRED]

    The starting timestamp for the time period to analyze resources trends, in ISO 8601 format.

  • EndTime (datetime) –

    [REQUIRED]

    The ending timestamp for the time period to analyze resources trends, in ISO 8601 format.

  • PaginationConfig (dict) –

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) –

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) –

      The size of each page.

    • StartingToken (string) –

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type:

dict

Returns:

Response Syntax

{
    'Granularity': 'Daily'|'Weekly'|'Monthly',
    'TrendsMetrics': [
        {
            'Timestamp': datetime(2015, 1, 1),
            'TrendsValues': {
                'ResourcesCount': {
                    'AllResources': 123
                }
            }
        },
    ],

}

Response Structure

  • (dict) –

    • Granularity (string) –

      The time interval granularity for the returned trend data (such as DAILY or WEEKLY).

    • TrendsMetrics (list) –

      The collection of time-series trend metrics, including counts of resources across the specified time period.

      • (dict) –

        Contains the resource trend metrics data for a specific time point in the requested time period.

        • Timestamp (datetime) –

          The timestamp for this data point in the resources trend metrics.

        • TrendsValues (dict) –

          The resource trend metric values associated with this timestamp, including resource counts.

          • ResourcesCount (dict) –

            The resource count statistics for this data point in the trend timeline.

            • AllResources (integer) –

              The total count of all resources for the given time interval.