Hello all, I want to extract specific information from the Resources
array in AWS Security Hub findings and use this information to create more detailed alerts in Opsgenie. I want to include details like the resource type, region, ID, or Details. I know that I can use get(int index) something like Findings.get(0), but what if I want to get resources in the findings and ID or details of resources?
I found there is a feature request that I think matches your description over in OPSGENIE-734 The workaround on that issue suggests that regular expressions can be used for customizing and filtering alerts. However in the current state I don't believe there is a clear way to include that data.
Hello @Andy Heinzer , thank you for your help, I tried {{_parsedData.findings.substringBetween("Resources=[{","}]") }}
and I got "Partition=aws, Type=AwsRdsDbCluster, Details={AwsRdsDbCluster={StorageEncrypted=true, ClusterCreateTime=2023-08-22T12:53:42.289Z, ActivityStreamStatus=stopped, HttpEndpointEnabled=false, EngineMode=provisioned, Port=5432, DbClusterResourceId=cluster-fjfjfgfjgfjgf, VpcSecurityGroups=[{Status=active, VpcSecurityGroupId=sg-087086795565858"
so very close, do you know is it any other way to get this as a regular text not json? I actually need only Id within findings-->Resources or actually info I provided but not in json
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.