AWS AWSCloudFormation documentation change
Summary
Updated operator compatibility documentation for automation rules.
Security assessment
Clarifies usage of security operators in automation rules but doesn't fix any vulnerability. Documents existing security feature behavior.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-securityhub-automationrule-stringfilter.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-securityhub-automationrule-stringfilter.md index 68048ac83..98783ca69 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-securityhub-automationrule-stringfilter.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-securityhub-automationrule-stringfilter.md @@ -83 +83 @@ For example, for the following filters, Security Hub CSPM first identifies findi -`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2`, `GetFindingStatisticsV2`, `GetResourcesV2`, and `GetResourcesStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _AWS Security Hub CSPM User Guide_. +The `CONTAINS` operator works with automation rules V1 and V2. The `NOT_CONTAINS` operator works only with automation rules V1. The `CONTAINS_WORD` operator works only in the `GetFindingsV2`, `GetFindingStatisticsV2`, `GetResourcesV2`, and `GetResourcesStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _AWS Security Hub CSPM User Guide_.