aws-sdk-securityhub 1.123.0 → 1.125.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc69b6f660c6b11e879cddb1ddbda42fc806e521ca62e8e4879c8da3ef0b8d20
-  data.tar.gz: 7a01a727fc3a3ad512114deb129ba24a5c32c7751bf558193cd43bf76a545d0e
+  metadata.gz: de7a97710fa19d2831976c34686fcf42ac2aa8862a952250fe6ddb5a1da71d56
+  data.tar.gz: 97a286fab1efd51236deca4bdf12fc8fa05aea4fd3bd2c6597e50702776bf96a
 SHA512:
-  metadata.gz: c2d03b986f7507de43c348ee620002d4ee68108b510010dca2ebc1d50cc69503a34b1a0c0bc817595274d3cb5f4fc368f179b398af075b245e42ca7ff6662407
-  data.tar.gz: 6012e831f6175b8acf50a098633bb50b77c6ef353054866453a1a923ef27314cd239da73df8d49b5d2871b6d06f3611aaa447acf488f316aadabb528da884cc4
+  metadata.gz: 6121d183495b188124195a040ed3519f52e28eaa9921b051f718ff161dbeb28926cf16502b9e7f6503fd99d2ebe5958d9dca9a4eee54c686a7d2946beb2e2edd
+  data.tar.gz: 71edb3847906c9440daa86a3edc7a2b4edd4f7ac8859df09f4c34b410fc7c298824b8059f01a9e2c5f29e33a35513049372c958264d5661df9cd8fdeb7ed4739

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.125.0 (2024-12-02)
+------------------
+
+* Feature - Add new Multi Domain Correlation findings.
+
+1.124.0 (2024-11-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.123.0 (2024-11-06)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.123.0
+1.125.0

data/lib/aws-sdk-securityhub/client.rb

@@ -10548,7 +10548,7 @@ module Aws::SecurityHub
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.123.0'
+      context[:gem_version] = '1.125.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -31,6 +31,11 @@ module Aws::SecurityHub
     ActionRemotePortDetails = Shapes::StructureShape.new(name: 'ActionRemotePortDetails')
     ActionTarget = Shapes::StructureShape.new(name: 'ActionTarget')
     ActionTargetList = Shapes::ListShape.new(name: 'ActionTargetList')
+    Actor = Shapes::StructureShape.new(name: 'Actor')
+    ActorSession = Shapes::StructureShape.new(name: 'ActorSession')
+    ActorSessionMfaStatus = Shapes::StringShape.new(name: 'ActorSessionMfaStatus')
+    ActorUser = Shapes::StructureShape.new(name: 'ActorUser')
+    ActorsList = Shapes::ListShape.new(name: 'ActorsList')
     Adjustment = Shapes::StructureShape.new(name: 'Adjustment')
     AdjustmentList = Shapes::ListShape.new(name: 'AdjustmentList')
     AdminAccount = Shapes::StructureShape.new(name: 'AdminAccount')
@@ -758,6 +763,7 @@ module Aws::SecurityHub
     ConfigurationPolicyAssociationsList = Shapes::ListShape.new(name: 'ConfigurationPolicyAssociationsList')
     ConfigurationPolicySummary = Shapes::StructureShape.new(name: 'ConfigurationPolicySummary')
     ConfigurationPolicySummaryList = Shapes::ListShape.new(name: 'ConfigurationPolicySummaryList')
+    ConnectionDirection = Shapes::StringShape.new(name: 'ConnectionDirection')
     ContainerDetails = Shapes::StructureShape.new(name: 'ContainerDetails')
     ControlFindingGenerator = Shapes::StringShape.new(name: 'ControlFindingGenerator')
     ControlStatus = Shapes::StringShape.new(name: 'ControlStatus')
@@ -812,6 +818,7 @@ module Aws::SecurityHub
     DescribeStandardsControlsResponse = Shapes::StructureShape.new(name: 'DescribeStandardsControlsResponse')
     DescribeStandardsRequest = Shapes::StructureShape.new(name: 'DescribeStandardsRequest')
     DescribeStandardsResponse = Shapes::StructureShape.new(name: 'DescribeStandardsResponse')
+    Detection = Shapes::StructureShape.new(name: 'Detection')
     DisableImportFindingsForProductRequest = Shapes::StructureShape.new(name: 'DisableImportFindingsForProductRequest')
     DisableImportFindingsForProductResponse = Shapes::StructureShape.new(name: 'DisableImportFindingsForProductResponse')
     DisableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'DisableOrganizationAdminAccountRequest')
@@ -889,6 +896,8 @@ module Aws::SecurityHub
     IcmpTypeCode = Shapes::StructureShape.new(name: 'IcmpTypeCode')
     ImportFindingsError = Shapes::StructureShape.new(name: 'ImportFindingsError')
     ImportFindingsErrorList = Shapes::ListShape.new(name: 'ImportFindingsErrorList')
+    Indicator = Shapes::StructureShape.new(name: 'Indicator')
+    IndicatorsList = Shapes::ListShape.new(name: 'IndicatorsList')
     Insight = Shapes::StructureShape.new(name: 'Insight')
     InsightList = Shapes::ListShape.new(name: 'InsightList')
     InsightResultValue = Shapes::StructureShape.new(name: 'InsightResultValue')
@@ -950,8 +959,13 @@ module Aws::SecurityHub
     Member = Shapes::StructureShape.new(name: 'Member')
     MemberList = Shapes::ListShape.new(name: 'MemberList')
     Network = Shapes::StructureShape.new(name: 'Network')
+    NetworkAutonomousSystem = Shapes::StructureShape.new(name: 'NetworkAutonomousSystem')
+    NetworkConnection = Shapes::StructureShape.new(name: 'NetworkConnection')
     NetworkConnectionAction = Shapes::StructureShape.new(name: 'NetworkConnectionAction')
     NetworkDirection = Shapes::StringShape.new(name: 'NetworkDirection')
+    NetworkEndpoint = Shapes::StructureShape.new(name: 'NetworkEndpoint')
+    NetworkEndpointsList = Shapes::ListShape.new(name: 'NetworkEndpointsList')
+    NetworkGeoLocation = Shapes::StructureShape.new(name: 'NetworkGeoLocation')
     NetworkHeader = Shapes::StructureShape.new(name: 'NetworkHeader')
     NetworkPathComponent = Shapes::StructureShape.new(name: 'NetworkPathComponent')
     NetworkPathComponentDetails = Shapes::StructureShape.new(name: 'NetworkPathComponentDetails')
@@ -1061,10 +1075,13 @@ module Aws::SecurityHub
     SensitiveDataDetectionsList = Shapes::ListShape.new(name: 'SensitiveDataDetectionsList')
     SensitiveDataResult = Shapes::StructureShape.new(name: 'SensitiveDataResult')
     SensitiveDataResultList = Shapes::ListShape.new(name: 'SensitiveDataResultList')
+    Sequence = Shapes::StructureShape.new(name: 'Sequence')
     Severity = Shapes::StructureShape.new(name: 'Severity')
     SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
     SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
     SeverityUpdate = Shapes::StructureShape.new(name: 'SeverityUpdate')
+    Signal = Shapes::StructureShape.new(name: 'Signal')
+    SignalsList = Shapes::ListShape.new(name: 'SignalsList')
     SizeBytes = Shapes::IntegerShape.new(name: 'SizeBytes')
     SoftwarePackage = Shapes::StructureShape.new(name: 'SoftwarePackage')
     SoftwarePackageList = Shapes::ListShape.new(name: 'SoftwarePackageList')
@@ -1160,6 +1177,7 @@ module Aws::SecurityHub
     UpdateStandardsControlRequest = Shapes::StructureShape.new(name: 'UpdateStandardsControlRequest')
     UpdateStandardsControlResponse = Shapes::StructureShape.new(name: 'UpdateStandardsControlResponse')
     UpdateStatus = Shapes::StringShape.new(name: 'UpdateStatus')
+    UserAccount = Shapes::StructureShape.new(name: 'UserAccount')
     VerificationState = Shapes::StringShape.new(name: 'VerificationState')
     VolumeMount = Shapes::StructureShape.new(name: 'VolumeMount')
     VolumeMountList = Shapes::ListShape.new(name: 'VolumeMountList')
@@ -1242,6 +1260,26 @@ module Aws::SecurityHub
 
     ActionTargetList.member = Shapes::ShapeRef.new(shape: ActionTarget)
 
+    Actor.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Id"))
+    Actor.add_member(:user, Shapes::ShapeRef.new(shape: ActorUser, location_name: "User"))
+    Actor.add_member(:session, Shapes::ShapeRef.new(shape: ActorSession, location_name: "Session"))
+    Actor.struct_class = Types::Actor
+
+    ActorSession.add_member(:uid, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Uid"))
+    ActorSession.add_member(:mfa_status, Shapes::ShapeRef.new(shape: ActorSessionMfaStatus, location_name: "MfaStatus"))
+    ActorSession.add_member(:created_time, Shapes::ShapeRef.new(shape: Long, location_name: "CreatedTime"))
+    ActorSession.add_member(:issuer, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Issuer"))
+    ActorSession.struct_class = Types::ActorSession
+
+    ActorUser.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
+    ActorUser.add_member(:uid, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Uid"))
+    ActorUser.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
+    ActorUser.add_member(:credential_uid, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "CredentialUid"))
+    ActorUser.add_member(:account, Shapes::ShapeRef.new(shape: UserAccount, location_name: "Account"))
+    ActorUser.struct_class = Types::ActorUser
+
+    ActorsList.member = Shapes::ShapeRef.new(shape: Actor)
+
     Adjustment.add_member(:metric, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Metric"))
     Adjustment.add_member(:reason, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Reason"))
     Adjustment.struct_class = Types::Adjustment
@@ -4679,6 +4717,7 @@ module Aws::SecurityHub
     AwsSecurityFinding.add_member(:generator_details, Shapes::ShapeRef.new(shape: GeneratorDetails, location_name: "GeneratorDetails"))
     AwsSecurityFinding.add_member(:processed_at, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ProcessedAt"))
     AwsSecurityFinding.add_member(:aws_account_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "AwsAccountName"))
+    AwsSecurityFinding.add_member(:detection, Shapes::ShapeRef.new(shape: Detection, location_name: "Detection"))
     AwsSecurityFinding.struct_class = Types::AwsSecurityFinding
 
     AwsSecurityFindingFilters.add_member(:product_arn, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ProductArn"))
@@ -5486,6 +5525,9 @@ module Aws::SecurityHub
     DescribeStandardsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     DescribeStandardsResponse.struct_class = Types::DescribeStandardsResponse
 
+    Detection.add_member(:sequence, Shapes::ShapeRef.new(shape: Sequence, location_name: "Sequence"))
+    Detection.struct_class = Types::Detection
+
     DisableImportFindingsForProductRequest.add_member(:product_subscription_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location: "uri", location_name: "ProductSubscriptionArn"))
     DisableImportFindingsForProductRequest.struct_class = Types::DisableImportFindingsForProductRequest
 
@@ -5754,6 +5796,14 @@ module Aws::SecurityHub
 
     ImportFindingsErrorList.member = Shapes::ShapeRef.new(shape: ImportFindingsError)
 
+    Indicator.add_member(:key, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Key"))
+    Indicator.add_member(:values, Shapes::ShapeRef.new(shape: NonEmptyStringList, location_name: "Values"))
+    Indicator.add_member(:title, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Title"))
+    Indicator.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
+    Indicator.struct_class = Types::Indicator
+
+    IndicatorsList.member = Shapes::ShapeRef.new(shape: Indicator)
+
     Insight.add_member(:insight_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InsightArn"))
     Insight.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Name"))
     Insight.add_member(:filters, Shapes::ShapeRef.new(shape: AwsSecurityFindingFilters, required: true, location_name: "Filters"))
@@ -5975,6 +6025,13 @@ module Aws::SecurityHub
     Network.add_member(:destination_domain, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "DestinationDomain"))
     Network.struct_class = Types::Network
 
+    NetworkAutonomousSystem.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
+    NetworkAutonomousSystem.add_member(:number, Shapes::ShapeRef.new(shape: Integer, location_name: "Number"))
+    NetworkAutonomousSystem.struct_class = Types::NetworkAutonomousSystem
+
+    NetworkConnection.add_member(:direction, Shapes::ShapeRef.new(shape: ConnectionDirection, location_name: "Direction"))
+    NetworkConnection.struct_class = Types::NetworkConnection
+
     NetworkConnectionAction.add_member(:connection_direction, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ConnectionDirection"))
     NetworkConnectionAction.add_member(:remote_ip_details, Shapes::ShapeRef.new(shape: ActionRemoteIpDetails, location_name: "RemoteIpDetails"))
     NetworkConnectionAction.add_member(:remote_port_details, Shapes::ShapeRef.new(shape: ActionRemotePortDetails, location_name: "RemotePortDetails"))
@@ -5983,6 +6040,23 @@ module Aws::SecurityHub
     NetworkConnectionAction.add_member(:blocked, Shapes::ShapeRef.new(shape: Boolean, location_name: "Blocked"))
     NetworkConnectionAction.struct_class = Types::NetworkConnectionAction
 
+    NetworkEndpoint.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Id"))
+    NetworkEndpoint.add_member(:ip, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Ip"))
+    NetworkEndpoint.add_member(:domain, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Domain"))
+    NetworkEndpoint.add_member(:port, Shapes::ShapeRef.new(shape: Integer, location_name: "Port"))
+    NetworkEndpoint.add_member(:location, Shapes::ShapeRef.new(shape: NetworkGeoLocation, location_name: "Location"))
+    NetworkEndpoint.add_member(:autonomous_system, Shapes::ShapeRef.new(shape: NetworkAutonomousSystem, location_name: "AutonomousSystem"))
+    NetworkEndpoint.add_member(:connection, Shapes::ShapeRef.new(shape: NetworkConnection, location_name: "Connection"))
+    NetworkEndpoint.struct_class = Types::NetworkEndpoint
+
+    NetworkEndpointsList.member = Shapes::ShapeRef.new(shape: NetworkEndpoint)
+
+    NetworkGeoLocation.add_member(:city, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "City"))
+    NetworkGeoLocation.add_member(:country, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Country"))
+    NetworkGeoLocation.add_member(:lat, Shapes::ShapeRef.new(shape: Double, location_name: "Lat"))
+    NetworkGeoLocation.add_member(:lon, Shapes::ShapeRef.new(shape: Double, location_name: "Lon"))
+    NetworkGeoLocation.struct_class = Types::NetworkGeoLocation
+
     NetworkHeader.add_member(:protocol, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Protocol"))
     NetworkHeader.add_member(:destination, Shapes::ShapeRef.new(shape: NetworkPathComponentDetails, location_name: "Destination"))
     NetworkHeader.add_member(:source, Shapes::ShapeRef.new(shape: NetworkPathComponentDetails, location_name: "Source"))
@@ -6492,6 +6566,13 @@ module Aws::SecurityHub
 
     SensitiveDataResultList.member = Shapes::ShapeRef.new(shape: SensitiveDataResult)
 
+    Sequence.add_member(:uid, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Uid"))
+    Sequence.add_member(:actors, Shapes::ShapeRef.new(shape: ActorsList, location_name: "Actors"))
+    Sequence.add_member(:endpoints, Shapes::ShapeRef.new(shape: NetworkEndpointsList, location_name: "Endpoints"))
+    Sequence.add_member(:signals, Shapes::ShapeRef.new(shape: SignalsList, location_name: "Signals"))
+    Sequence.add_member(:sequence_indicators, Shapes::ShapeRef.new(shape: IndicatorsList, location_name: "SequenceIndicators"))
+    Sequence.struct_class = Types::Sequence
+
     Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
     Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
     Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
@@ -6503,6 +6584,25 @@ module Aws::SecurityHub
     SeverityUpdate.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
     SeverityUpdate.struct_class = Types::SeverityUpdate
 
+    Signal.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
+    Signal.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Id"))
+    Signal.add_member(:title, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Title"))
+    Signal.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ProductArn"))
+    Signal.add_member(:resource_ids, Shapes::ShapeRef.new(shape: NonEmptyStringList, location_name: "ResourceIds"))
+    Signal.add_member(:signal_indicators, Shapes::ShapeRef.new(shape: IndicatorsList, location_name: "SignalIndicators"))
+    Signal.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
+    Signal.add_member(:created_at, Shapes::ShapeRef.new(shape: Long, location_name: "CreatedAt"))
+    Signal.add_member(:updated_at, Shapes::ShapeRef.new(shape: Long, location_name: "UpdatedAt"))
+    Signal.add_member(:first_seen_at, Shapes::ShapeRef.new(shape: Long, location_name: "FirstSeenAt"))
+    Signal.add_member(:last_seen_at, Shapes::ShapeRef.new(shape: Long, location_name: "LastSeenAt"))
+    Signal.add_member(:severity, Shapes::ShapeRef.new(shape: Double, location_name: "Severity"))
+    Signal.add_member(:count, Shapes::ShapeRef.new(shape: Integer, location_name: "Count"))
+    Signal.add_member(:actor_ids, Shapes::ShapeRef.new(shape: NonEmptyStringList, location_name: "ActorIds"))
+    Signal.add_member(:endpoint_ids, Shapes::ShapeRef.new(shape: NonEmptyStringList, location_name: "EndpointIds"))
+    Signal.struct_class = Types::Signal
+
+    SignalsList.member = Shapes::ShapeRef.new(shape: Signal)
+
     SoftwarePackage.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
     SoftwarePackage.add_member(:version, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Version"))
     SoftwarePackage.add_member(:epoch, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Epoch"))
@@ -6842,6 +6942,10 @@ module Aws::SecurityHub
 
     UpdateStandardsControlResponse.struct_class = Types::UpdateStandardsControlResponse
 
+    UserAccount.add_member(:uid, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Uid"))
+    UserAccount.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
+    UserAccount.struct_class = Types::UserAccount
+
     VolumeMount.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
     VolumeMount.add_member(:mount_path, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "MountPath"))
     VolumeMount.struct_class = Types::VolumeMount

data/lib/aws-sdk-securityhub/types.rb

@@ -269,6 +269,137 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Information about the threat actor identified in an Amazon GuardDuty
+    # Extended Threat Detection attack sequence. GuardDuty generates an
+    # attack sequence finding when multiple events align to a potentially
+    # suspicious activity. To receive GuardDuty attack sequence findings in
+    # Security Hub, you must have GuardDuty and GuardDuty S3 Protection
+    # enabled. For more information, see [GuardDuty Extended Threat
+    # Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] id
+    #   The ID of the threat actor.
+    #   @return [String]
+    #
+    # @!attribute [rw] user
+    #   Contains information about the user credentials used by the threat
+    #   actor.
+    #   @return [Types::ActorUser]
+    #
+    # @!attribute [rw] session
+    #   Contains information about the user session where the activity
+    #   initiated.
+    #   @return [Types::ActorSession]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Actor AWS API Documentation
+    #
+    class Actor < Struct.new(
+      :id,
+      :user,
+      :session)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the authenticated session used by the
+    # threat actor identified in an Amazon GuardDuty Extended Threat
+    # Detection attack sequence. GuardDuty generates an attack sequence
+    # finding when multiple events align to a potentially suspicious
+    # activity. To receive GuardDuty attack sequence findings in Security
+    # Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For
+    # more information, see [GuardDuty Extended Threat Detection ][1] in the
+    # *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] uid
+    #   Unique identifier of the session.
+    #   @return [String]
+    #
+    # @!attribute [rw] mfa_status
+    #   Indicates whether multi-factor authentication (MFA) was used for
+    #   authentication during the session.
+    #
+    #   In CloudTrail, you can find this value as
+    #   `userIdentity.sessionContext.attributes.mfaAuthenticated`.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_time
+    #   The timestamp for when the session was created.
+    #
+    #   In CloudTrail, you can find this value as
+    #   `userIdentity.sessionContext.attributes.creationDate`.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] issuer
+    #   The issuer of the session.
+    #
+    #   In CloudTrail, you can find this value as
+    #   `userIdentity.sessionContext.sessionIssuer.arn`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActorSession AWS API Documentation
+    #
+    class ActorSession < Struct.new(
+      :uid,
+      :mfa_status,
+      :created_time,
+      :issuer)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the credentials used by the threat actor
+    # identified in an Amazon GuardDuty Extended Threat Detection attack
+    # sequence. GuardDuty generates an attack sequence finding when multiple
+    # events align to a potentially suspicious activity. To receive
+    # GuardDuty attack sequence findings in Security Hub, you must have
+    # GuardDuty and GuardDuty S3 Protection enabled. For more information,
+    # see [GuardDuty Extended Threat Detection ][1] in the *Amazon GuardDuty
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] name
+    #   The name of the threat actor.
+    #   @return [String]
+    #
+    # @!attribute [rw] uid
+    #   The unique identifier of the threat actor.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of user.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_uid
+    #   Unique identifier of the threat actor’s user credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] account
+    #   The account of the threat actor.
+    #   @return [Types::UserAccount]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActorUser AWS API Documentation
+    #
+    class ActorUser < Struct.new(
+      :name,
+      :uid,
+      :type,
+      :credential_uid,
+      :account)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An adjustment to the CVSS metric.
     #
     # @!attribute [rw] metric
@@ -5363,7 +5494,6 @@ module Aws::SecurityHub
     #
     #     * The path to the folder that contains the source code (for
     #       example, `bucket-name/path/to/source-code/folder/`).
-    #
     #   * For source code in a GitHub repository, the HTTPS clone URL to the
     #     repository that contains the source and the build spec file.
     #
@@ -19948,6 +20078,20 @@ module Aws::SecurityHub
     #   Length Constraints: Minimum length of 1. Maximum length of 50.
     #   @return [String]
     #
+    # @!attribute [rw] detection
+    #   Provides details about an Amazon GuardDuty Extended Threat Detection
+    #   attack sequence. GuardDuty generates an attack sequence finding when
+    #   multiple events align to a potentially suspicious activity. To
+    #   receive GuardDuty attack sequence findings in Security Hub, you must
+    #   have GuardDuty and GuardDuty S3 Protection enabled. For more
+    #   information, see [GuardDuty Extended Threat Detection ][1] in the
+    #   *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #   @return [Types::Detection]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
     #
     class AwsSecurityFinding < Struct.new(
@@ -19994,7 +20138,8 @@ module Aws::SecurityHub
       :sample,
       :generator_details,
       :processed_at,
-      :aws_account_name)
+      :aws_account_name,
+      :detection)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -20522,7 +20667,6 @@ module Aws::SecurityHub
     #
     #     * `Compliance.Status` changes from `PASSED` to either `WARNING`,
     #       `FAILED`, or `NOT_AVAILABLE`.
-    #
     #   * `NOTIFIED` - Indicates that the resource owner has been notified
     #     about the security issue. Used when the initial reviewer is not
     #     the resource owner, and needs intervention from the resource
@@ -20535,7 +20679,6 @@ module Aws::SecurityHub
     #
     #     * `Compliance.Status` changes from `PASSED` to `FAILED`,
     #       `WARNING`, or `NOT_AVAILABLE`.
-    #
     #   * `SUPPRESSED` - Indicates that you reviewed the finding and don't
     #     believe that any action is needed.
     #
@@ -20551,7 +20694,6 @@ module Aws::SecurityHub
     #
     #     * `Compliance.Status` changes from `PASSED` to `FAILED`,
     #       `WARNING`, or `NOT_AVAILABLE`.
-    #
     #     In those cases, the workflow status is automatically reset to
     #     `NEW`.
     #
@@ -24468,6 +24610,30 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # A top-level object field that provides details about an Amazon
+    # GuardDuty Extended Threat Detection attack sequence. GuardDuty
+    # generates an attack sequence finding when multiple events align to a
+    # potentially suspicious activity. To receive GuardDuty attack sequence
+    # findings in Security Hub, you must have GuardDuty and GuardDuty S3
+    # Protection enabled. For more information, see [GuardDuty Extended
+    # Threat Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] sequence
+    #   Provides details about an attack sequence.
+    #   @return [Types::Sequence]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Detection AWS API Documentation
+    #
+    class Detection < Struct.new(
+      :sequence)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] product_subscription_arn
     #   The ARN of the integrated product to disable the integration for.
     #   @return [String]
@@ -25870,6 +26036,51 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Contains information about the indicators observed in an Amazon
+    # GuardDuty Extended Threat Detection attack sequence. Indicators
+    # include a set of signals, which can be API activities or findings that
+    # GuardDuty uses to detect an attack sequence finding. GuardDuty
+    # generates an attack sequence finding when multiple signals align to a
+    # potentially suspicious activity. To receive GuardDuty attack sequence
+    # findings in Security Hub, you must have GuardDuty and GuardDuty S3
+    # Protection enabled. For more information, see [GuardDuty Extended
+    # Threat Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] key
+    #   The name of the indicator that’s present in the attack sequence
+    #   finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] values
+    #   Values associated with each indicator key. For example, if the
+    #   indicator key is `SUSPICIOUS_NETWORK`, then the value will be the
+    #   name of the network. If the indicator key is `ATTACK_TACTIC`, then
+    #   the value will be one of the MITRE tactics.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] title
+    #   The title describing the indicator.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of indicator.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Indicator AWS API Documentation
+    #
+    class Indicator < Struct.new(
+      :key,
+      :values,
+      :title,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about a Security Hub insight.
     #
     # @!attribute [rw] insight_arn
@@ -27028,6 +27239,60 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Contains information about the Autonomous System (AS) of the network
+    # endpoints involved in an Amazon GuardDuty Extended Threat Detection
+    # attack sequence. GuardDuty generates an attack sequence finding when
+    # multiple events align to a potentially suspicious activity. To receive
+    # GuardDuty attack sequence findings in Security Hub, you must have
+    # GuardDuty and GuardDuty S3 Protection enabled. For more information,
+    # see [GuardDuty Extended Threat Detection ][1] in the *Amazon GuardDuty
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] name
+    #   The name associated with the AS.
+    #   @return [String]
+    #
+    # @!attribute [rw] number
+    #   The unique number that identifies the AS.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkAutonomousSystem AWS API Documentation
+    #
+    class NetworkAutonomousSystem < Struct.new(
+      :name,
+      :number)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the network connection involved in an
+    # Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty
+    # generates an attack sequence finding when multiple events align to a
+    # potentially suspicious activity. To receive GuardDuty attack sequence
+    # findings in Security Hub, you must have GuardDuty and GuardDuty S3
+    # Protection enabled. For more information, see [GuardDuty Extended
+    # Threat Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] direction
+    #   The direction in which the network traffic is flowing.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkConnection AWS API Documentation
+    #
+    class NetworkConnection < Struct.new(
+      :direction)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provided if `ActionType` is `NETWORK_CONNECTION`. It provides details
     # about the attempted network connection that was detected.
     #
@@ -27071,6 +27336,104 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Contains information about network endpoints involved in an Amazon
+    # GuardDuty Extended Threat Detection attack sequence. GuardDuty
+    # generates an attack sequence finding when multiple events align to a
+    # potentially suspicious activity. To receive GuardDuty attack sequence
+    # findings in Security Hub, you must have GuardDuty and GuardDuty S3
+    # Protection enabled. For more information, see [GuardDuty Extended
+    # Threat Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    # This field can provide information about the network endpoints
+    # associated with the resource in the attack sequence finding, or about
+    # a specific network endpoint used for the attack.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] id
+    #   The identifier of the network endpoint involved in the attack
+    #   sequence.
+    #   @return [String]
+    #
+    # @!attribute [rw] ip
+    #   The IP address used in the network endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] domain
+    #   The domain information for the network endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] port
+    #   The port number associated with the network endpoint.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] location
+    #   Information about the location of the network endpoint.
+    #   @return [Types::NetworkGeoLocation]
+    #
+    # @!attribute [rw] autonomous_system
+    #   The Autonomous System Number (ASN) of the network endpoint.
+    #   @return [Types::NetworkAutonomousSystem]
+    #
+    # @!attribute [rw] connection
+    #   Information about the network connection.
+    #   @return [Types::NetworkConnection]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkEndpoint AWS API Documentation
+    #
+    class NetworkEndpoint < Struct.new(
+      :id,
+      :ip,
+      :domain,
+      :port,
+      :location,
+      :autonomous_system,
+      :connection)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the location of a network endpoint involved
+    # in an Amazon GuardDuty Extended Threat Detection attack sequence.
+    # GuardDuty generates an attack sequence finding when multiple events
+    # align to a potentially suspicious activity. To receive GuardDuty
+    # attack sequence findings in Security Hub, you must have GuardDuty and
+    # GuardDuty S3 Protection enabled. For more information, see [GuardDuty
+    # Extended Threat Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] city
+    #   The name of the city.
+    #   @return [String]
+    #
+    # @!attribute [rw] country
+    #   The name of the country.
+    #   @return [String]
+    #
+    # @!attribute [rw] lat
+    #   The latitude information of the endpoint location.
+    #   @return [Float]
+    #
+    # @!attribute [rw] lon
+    #   The longitude information of the endpoint location.
+    #   @return [Float]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkGeoLocation AWS API Documentation
+    #
+    class NetworkGeoLocation < Struct.new(
+      :city,
+      :country,
+      :lat,
+      :lon)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about a network path component that occurs before or after the
     # current component.
     #
@@ -29603,6 +29966,60 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Contains information about an Amazon GuardDuty Extended Threat
+    # Detection attack sequence finding. GuardDuty generates an attack
+    # sequence finding when multiple events align to a potentially
+    # suspicious activity. To receive GuardDuty attack sequence findings in
+    # Security Hub, you must have GuardDuty and GuardDuty S3 Protection
+    # enabled. For more information, see [GuardDuty Extended Threat
+    # Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] uid
+    #   Unique identifier of the attack sequence.
+    #   @return [String]
+    #
+    # @!attribute [rw] actors
+    #   Provides information about the actors involved in the attack
+    #   sequence.
+    #   @return [Array<Types::Actor>]
+    #
+    # @!attribute [rw] endpoints
+    #   Contains information about the network endpoints that were used in
+    #   the attack sequence.
+    #   @return [Array<Types::NetworkEndpoint>]
+    #
+    # @!attribute [rw] signals
+    #   Contains information about the signals involved in the attack
+    #   sequence.
+    #   @return [Array<Types::Signal>]
+    #
+    # @!attribute [rw] sequence_indicators
+    #   Contains information about the indicators observed in the attack
+    #   sequence. The values for [SignalIndicators][1] are a subset of the
+    #   values for `SequenceIndicators`, but the values for these fields
+    #   don't always match 1:1.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Signal.html
+    #   @return [Array<Types::Indicator>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Sequence AWS API Documentation
+    #
+    class Sequence < Struct.new(
+      :uid,
+      :actors,
+      :endpoints,
+      :signals,
+      :sequence_indicators)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The severity of the finding.
     #
     # The finding provider can provide the initial severity. The finding
@@ -29741,6 +30158,142 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Contains information about the signals involved in an Amazon GuardDuty
+    # Extended Threat Detection attack sequence. An attack sequence is a
+    # type of threat detected by GuardDuty. GuardDuty generates an attack
+    # sequence finding when multiple events, or signals, align to a
+    # potentially suspicious activity. When GuardDuty and Security Hub are
+    # integrated, GuardDuty sends attack sequence findings to Security Hub.
+    #
+    # A signal can be an API activity or a finding that GuardDuty uses to
+    # detect an attack sequence finding.
+    #
+    # @!attribute [rw] type
+    #   The type of the signal used to identify an attack sequence.
+    #
+    #   Signals can be GuardDuty findings or activities observed in data
+    #   sources that GuardDuty monitors. For more information, see
+    #   [GuardDuty foundational data sources][1] in the *Amazon GuardDuty
+    #   User Guide*.
+    #
+    #   A signal type can be one of the following values. Here are the
+    #   related descriptions:
+    #
+    #   * `FINDING` - Individually generated GuardDuty finding.
+    #
+    #   * `CLOUD_TRAIL` - Activity observed from CloudTrail logs
+    #
+    #   * `S3_DATA_EVENTS` - Activity observed from CloudTrail data events
+    #     for Amazon Simple Storage Service (S3). Activities associated with
+    #     this type will show up only when you have enabled GuardDuty S3
+    #     Protection feature in your account. For more information about S3
+    #     Protection and the steps to enable it, see [S3 Protection][2] in
+    #     the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html
+    #   [2]: https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The identifier of the signal.
+    #   @return [String]
+    #
+    # @!attribute [rw] title
+    #   The description of the GuardDuty finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] product_arn
+    #   The Amazon Resource Name (ARN) of the product that generated the
+    #   signal.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_ids
+    #   The ARN or ID of the Amazon Web Services resource associated with
+    #   the signal.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] signal_indicators
+    #   Contains information about the indicators associated with the
+    #   signals in this attack sequence finding. The values for
+    #   `SignalIndicators` are a subset of the values for
+    #   [SequenceIndicators][1], but the values for these fields don't
+    #   always match 1:1.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Sequence.html
+    #   @return [Array<Types::Indicator>]
+    #
+    # @!attribute [rw] name
+    #   The name of the GuardDuty signal. For example, when signal type is
+    #   `FINDING`, the signal name is the name of the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the first finding or activity related to this
+    #   signal was observed.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when this signal was last observed.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] first_seen_at
+    #   The timestamp when the first finding or activity related to this
+    #   signal was observed.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] last_seen_at
+    #   The timestamp when the last finding or activity related to this
+    #   signal was observed.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] severity
+    #   The severity associated with the signal. For more information about
+    #   severity, see [Findings severity levels][1] in the *Amazon GuardDuty
+    #   User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings-severity.html
+    #   @return [Float]
+    #
+    # @!attribute [rw] count
+    #   The number of times this signal was observed.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] actor_ids
+    #   The IDs of the threat actors involved in the signal.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] endpoint_ids
+    #   Information about the endpoint IDs associated with this signal.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Signal AWS API Documentation
+    #
+    class Signal < Struct.new(
+      :type,
+      :id,
+      :title,
+      :product_arn,
+      :resource_ids,
+      :signal_indicators,
+      :name,
+      :created_at,
+      :updated_at,
+      :first_seen_at,
+      :last_seen_at,
+      :severity,
+      :count,
+      :actor_ids,
+      :endpoint_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about a software package.
     #
     # @!attribute [rw] name
@@ -30386,12 +30939,12 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] reason_code
     #   A code that represents a reason for the control status. For the list
-    #   of status reason codes and their meanings, see [Standards-related
-    #   information in the ASFF][1] in the *Security Hub User Guide*.
+    #   of status reason codes and their meanings, see [Compliance details
+    #   for control findings][1] in the *Security Hub User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-asff-compliance
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -31414,6 +31967,36 @@ module Aws::SecurityHub
     #
     class UpdateStandardsControlResponse < Aws::EmptyStructure; end
 
+    # Provides Amazon Web Services account information of the user involved
+    # in an Amazon GuardDuty Extended Threat Detection attack sequence.
+    # GuardDuty generates an attack sequence finding when multiple events
+    # align to a potentially suspicious activity. To receive GuardDuty
+    # attack sequence findings in Security Hub, you must have GuardDuty and
+    # GuardDuty S3 Protection enabled. For more information, see [GuardDuty
+    # Extended Threat Detection ][1] in the *Amazon GuardDuty User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html
+    #
+    # @!attribute [rw] uid
+    #   The unique identifier of the user account involved in the attack
+    #   sequence.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the user account involved in the attack sequence.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UserAccount AWS API Documentation
+    #
+    class UserAccount < Struct.new(
+      :uid,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the mounting of a volume in a container.
     #
     # @!attribute [rw] name
@@ -31751,7 +32334,6 @@ module Aws::SecurityHub
     #
     #     * `ComplianceStatus` changes from `PASSED` to either `WARNING`,
     #       `FAILED`, or `NOT_AVAILABLE`.
-    #
     #   * `NOTIFIED` - Indicates that you notified the resource owner about
     #     the security issue. Used when the initial reviewer is not the
     #     resource owner, and needs intervention from the resource owner.
@@ -31792,7 +32374,6 @@ module Aws::SecurityHub
     #
     #     * The compliance status changes from `PASSED` to either `WARNING`,
     #       `FAILED`, or `NOT_AVAILABLE`.
-    #
     #   * `NOTIFIED` - Indicates that you notified the resource owner about
     #     the security issue. Used when the initial reviewer is not the
     #     resource owner, and needs intervention from the resource owner.

data/lib/aws-sdk-securityhub.rb

@@ -54,7 +54,7 @@ module Aws::SecurityHub
   autoload :EndpointProvider, 'aws-sdk-securityhub/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-securityhub/endpoints'
 
-  GEM_VERSION = '1.123.0'
+  GEM_VERSION = '1.125.0'
 
 end
 

data/sig/client.rbs

@@ -4373,7 +4373,88 @@ module Aws
                                          labels: Array[::String]?
                                        }?,
                                        processed_at: ::String?,
-                                       aws_account_name: ::String?
+                                       aws_account_name: ::String?,
+                                       detection: {
+                                         sequence: {
+                                           uid: ::String?,
+                                           actors: Array[
+                                             {
+                                               id: ::String?,
+                                               user: {
+                                                 name: ::String?,
+                                                 uid: ::String?,
+                                                 type: ::String?,
+                                                 credential_uid: ::String?,
+                                                 account: {
+                                                   uid: ::String?,
+                                                   name: ::String?
+                                                 }?
+                                               }?,
+                                               session: {
+                                                 uid: ::String?,
+                                                 mfa_status: ("ENABLED" | "DISABLED")?,
+                                                 created_time: ::Integer?,
+                                                 issuer: ::String?
+                                               }?
+                                             },
+                                           ]?,
+                                           endpoints: Array[
+                                             {
+                                               id: ::String?,
+                                               ip: ::String?,
+                                               domain: ::String?,
+                                               port: ::Integer?,
+                                               location: {
+                                                 city: ::String?,
+                                                 country: ::String?,
+                                                 lat: ::Float?,
+                                                 lon: ::Float?
+                                               }?,
+                                               autonomous_system: {
+                                                 name: ::String?,
+                                                 number: ::Integer?
+                                               }?,
+                                               connection: {
+                                                 direction: ("INBOUND" | "OUTBOUND")?
+                                               }?
+                                             },
+                                           ]?,
+                                           signals: Array[
+                                             {
+                                               type: ::String?,
+                                               id: ::String?,
+                                               title: ::String?,
+                                               product_arn: ::String?,
+                                               resource_ids: Array[::String]?,
+                                               signal_indicators: Array[
+                                                 {
+                                                   key: ::String?,
+                                                   values: Array[::String]?,
+                                                   title: ::String?,
+                                                   type: ::String?
+                                                 },
+                                               ]?,
+                                               name: ::String?,
+                                               created_at: ::Integer?,
+                                               updated_at: ::Integer?,
+                                               first_seen_at: ::Integer?,
+                                               last_seen_at: ::Integer?,
+                                               severity: ::Float?,
+                                               count: ::Integer?,
+                                               actor_ids: Array[::String]?,
+                                               endpoint_ids: Array[::String]?
+                                             },
+                                           ]?,
+                                           sequence_indicators: Array[
+                                             {
+                                               key: ::String?,
+                                               values: Array[::String]?,
+                                               title: ::String?,
+                                               type: ::String?
+                                             },
+                                           ]?
+                                         }?
+                                       }?
                                      },
                                    ]
                                  ) -> _BatchImportFindingsResponseSuccess

data/sig/types.rbs

@@ -80,6 +80,30 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class Actor
+      attr_accessor id: ::String
+      attr_accessor user: Types::ActorUser
+      attr_accessor session: Types::ActorSession
+      SENSITIVE: []
+    end
+
+    class ActorSession
+      attr_accessor uid: ::String
+      attr_accessor mfa_status: ("ENABLED" | "DISABLED")
+      attr_accessor created_time: ::Integer
+      attr_accessor issuer: ::String
+      SENSITIVE: []
+    end
+
+    class ActorUser
+      attr_accessor name: ::String
+      attr_accessor uid: ::String
+      attr_accessor type: ::String
+      attr_accessor credential_uid: ::String
+      attr_accessor account: Types::UserAccount
+      SENSITIVE: []
+    end
+
     class Adjustment
       attr_accessor metric: ::String
       attr_accessor reason: ::String
@@ -4146,6 +4170,7 @@ module Aws::SecurityHub
       attr_accessor generator_details: Types::GeneratorDetails
       attr_accessor processed_at: ::String
       attr_accessor aws_account_name: ::String
+      attr_accessor detection: Types::Detection
       SENSITIVE: []
     end
 
@@ -5169,6 +5194,11 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class Detection
+      attr_accessor sequence: Types::Sequence
+      SENSITIVE: []
+    end
+
     class DisableImportFindingsForProductRequest
       attr_accessor product_subscription_arn: ::String
       SENSITIVE: []
@@ -5524,6 +5554,14 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class Indicator
+      attr_accessor key: ::String
+      attr_accessor values: ::Array[::String]
+      attr_accessor title: ::String
+      attr_accessor type: ::String
+      SENSITIVE: []
+    end
+
     class Insight
       attr_accessor insight_arn: ::String
       attr_accessor name: ::String
@@ -5809,6 +5847,17 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class NetworkAutonomousSystem
+      attr_accessor name: ::String
+      attr_accessor number: ::Integer
+      SENSITIVE: []
+    end
+
+    class NetworkConnection
+      attr_accessor direction: ("INBOUND" | "OUTBOUND")
+      SENSITIVE: []
+    end
+
     class NetworkConnectionAction
       attr_accessor connection_direction: ::String
       attr_accessor remote_ip_details: Types::ActionRemoteIpDetails
@@ -5819,6 +5868,25 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class NetworkEndpoint
+      attr_accessor id: ::String
+      attr_accessor ip: ::String
+      attr_accessor domain: ::String
+      attr_accessor port: ::Integer
+      attr_accessor location: Types::NetworkGeoLocation
+      attr_accessor autonomous_system: Types::NetworkAutonomousSystem
+      attr_accessor connection: Types::NetworkConnection
+      SENSITIVE: []
+    end
+
+    class NetworkGeoLocation
+      attr_accessor city: ::String
+      attr_accessor country: ::String
+      attr_accessor lat: ::Float
+      attr_accessor lon: ::Float
+      SENSITIVE: []
+    end
+
     class NetworkHeader
       attr_accessor protocol: ::String
       attr_accessor destination: Types::NetworkPathComponentDetails
@@ -6387,6 +6455,15 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class Sequence
+      attr_accessor uid: ::String
+      attr_accessor actors: ::Array[Types::Actor]
+      attr_accessor endpoints: ::Array[Types::NetworkEndpoint]
+      attr_accessor signals: ::Array[Types::Signal]
+      attr_accessor sequence_indicators: ::Array[Types::Indicator]
+      SENSITIVE: []
+    end
+
     class Severity
       attr_accessor product: ::Float
       attr_accessor label: ("INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL")
@@ -6402,6 +6479,25 @@ module Aws::SecurityHub
       SENSITIVE: []
     end
 
+    class Signal
+      attr_accessor type: ::String
+      attr_accessor id: ::String
+      attr_accessor title: ::String
+      attr_accessor product_arn: ::String
+      attr_accessor resource_ids: ::Array[::String]
+      attr_accessor signal_indicators: ::Array[Types::Indicator]
+      attr_accessor name: ::String
+      attr_accessor created_at: ::Integer
+      attr_accessor updated_at: ::Integer
+      attr_accessor first_seen_at: ::Integer
+      attr_accessor last_seen_at: ::Integer
+      attr_accessor severity: ::Float
+      attr_accessor count: ::Integer
+      attr_accessor actor_ids: ::Array[::String]
+      attr_accessor endpoint_ids: ::Array[::String]
+      SENSITIVE: []
+    end
+
     class SoftwarePackage
       attr_accessor name: ::String
       attr_accessor version: ::String
@@ -6786,6 +6882,12 @@ module Aws::SecurityHub
     class UpdateStandardsControlResponse < Aws::EmptyStructure
     end
 
+    class UserAccount
+      attr_accessor uid: ::String
+      attr_accessor name: ::String
+      SENSITIVE: []
+    end
+
     class VolumeMount
       attr_accessor name: ::String
       attr_accessor mount_path: ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityhub
 version: !ruby/object:Gem::Version
-  version: 1.123.0
+  version: 1.125.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-06 00:00:00.000000000 Z
+date: 2024-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core