GuardDutyTransforms.SuppressAlerts (secops-beam 0.19.2 API)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Alert>,org.apache.beam.sdk.values.PCollection<Alert>>
- - com.mozilla.secops.gatekeeper.GuardDutyTransforms.SuppressAlerts

All Implemented Interfaces:

Serializable, org.apache.beam.sdk.transforms.display.HasDisplayData

Enclosing class:

GuardDutyTransforms
```
public static class GuardDutyTransforms.SuppressAlerts
extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Alert>,org.apache.beam.sdk.values.PCollection<Alert>>
```
Suppress Alerts for repeated GuardDuty Findings.
A "repeated finding" in GuardDuty means the same (potential) bad actor is performing the same action against the same resource in your AWS environment. Findings are uniquely identified by their "id".
GuardDuty has a built-in setting to avoid emitting a new CloudWatch event for repeated findings within a certain window of time. Valid values for that window are 15 minutes, 1 hour, or 6 hours (default). https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency
This transform adds a second layer of protection against generation of alerts for repeated findings

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description

SuppressAlerts(GuardDutyTransforms.Options opts)
static initializer for alert suppression

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`org.apache.beam.sdk.values.PCollection<Alert>`	`expand(org.apache.beam.sdk.values.PCollection<Alert> input)`

Methods inherited from class org.apache.beam.sdk.transforms.PTransform
compose, compose, getAdditionalInputs, getDefaultOutputCoder, getName, getResourceHints, populateDisplayData, setResourceHints, toString, validate

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - SuppressAlerts
```
public SuppressAlerts(GuardDutyTransforms.Options opts)
```
    static initializer for alert suppression
    
    Parameters:
    
    opts - GuardDutyTransforms.Options pipeline options
- Method Detail
  - expand
```
public org.apache.beam.sdk.values.PCollection<Alert> expand(org.apache.beam.sdk.values.PCollection<Alert> input)
```
    Specified by:
    
    expand in class org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Alert>,org.apache.beam.sdk.values.PCollection<Alert>>

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2022. All rights reserved.