Hello all, I want to extract specific information from the Resources
array in AWS Security Hub findings and use this information to create more detailed alerts in Opsgenie. I want to include details like the resource type, region, ID, or Details. I know that I can use get(int index) something like Findings.get(0), but what if I want to get resources in the findings and ID or details of resources?
I found there is a feature request that I think matches your description over in OPSGENIE-734 The workaround on that issue suggests that regular expressions can be used for customizing and filtering alerts. However in the current state I don't believe there is a clear way to include that data.
Hello @Andy Heinzer , thank you for your help, I tried {{_parsedData.findings.substringBetween("Resources=[{","}]") }}
and I got "Partition=aws, Type=AwsRdsDbCluster, Details={AwsRdsDbCluster={StorageEncrypted=true, ClusterCreateTime=2023-08-22T12:53:42.289Z, ActivityStreamStatus=stopped, HttpEndpointEnabled=false, EngineMode=provisioned, Port=5432, DbClusterResourceId=cluster-fjfjfgfjgfjgf, VpcSecurityGroups=[{Status=active, VpcSecurityGroupId=sg-087086795565858"
so very close, do you know is it any other way to get this as a regular text not json? I actually need only Id within findings-->Resources or actually info I provided but not in json
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.