aws-sdk-securityhub 1.21.0 → 1.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98d21ee5c0112ce618c87220b808944527e13cc4bc6d624d930c98cb104ed50a
-  data.tar.gz: 4bafb1029f1146dd3253fb81f5ddf2b49943696b7757fde1819dad80efab9edd
+  metadata.gz: 97b63fc1ed648cfa077f327165a46e318c368404501bf1470645e4e912f34786
+  data.tar.gz: a848d3aecca8d39319d4750692beba03e2561d2fb6de32d4f4821cf9581de60d
 SHA512:
-  metadata.gz: 3f391b929675091bda7240694cc33404f1f318234822307a1f88b6415f5bcc684d6a98e8a38f9917b85c9c644d2486e8417681b65b0e286254994b4e7a356f29
-  data.tar.gz: 734d17159522d2bbffd21fe9e2b5a4f391af6f493ac86af225da9e2bb65b69563b5ad2a5e19171fb3cb5bfe14afc73db9ea88dc87609161b9aef8884715ad208
+  metadata.gz: 68cc7e808f18b1ef6cd12a4471d8044f1710d2861bbf0065fa82f29860210f5b06af31a59924ac3f2479d19815ee703cd9f2895affc6ba38e81f97a797b4ac3a
+  data.tar.gz: 45d37c7e7131cf258369151ad089862f9e3141f7bcfa58b7892356c1cd59df1a9dee50aeac501f5592e7fdd928a56f416866df4803e67acf973eaa368d51cb69

data/lib/aws-sdk-securityhub.rb

@@ -45,6 +45,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @service
 module Aws::SecurityHub
 
-  GEM_VERSION = '1.21.0'
+  GEM_VERSION = '1.26.0'
 
 end

data/lib/aws-sdk-securityhub/client.rb

@@ -105,7 +105,7 @@ module Aws::SecurityHub
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
     #     used to determine the service `:endpoint`. When not passed,
-    #     a default `:region` is search for in the following locations:
+    #     a default `:region` is searched for in the following locations:
     #
     #     * `Aws.config[:region]`
     #     * `ENV['AWS_REGION']`
@@ -161,7 +161,7 @@ module Aws::SecurityHub
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be avalid HTTP(S) URI.
+    #     to test endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -176,7 +176,7 @@ module Aws::SecurityHub
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -269,8 +269,7 @@ module Aws::SecurityHub
     #
     #   @option options [Integer] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
-    #     safely be set
-    #     per-request on the session yielded by {#session_for}.
+    #     safely be set per-request on the session.
     #
     #   @option options [Float] :http_idle_timeout (5) The number of
     #     seconds a connection is allowed to sit idle before it is
@@ -282,7 +281,7 @@ module Aws::SecurityHub
     #     request body.  This option has no effect unless the request has
     #     "Expect" header set to "100-continue".  Defaults to `nil` which
     #     disables this behaviour.  This value can safely be set per
-    #     request on the session yielded by {#session_for}.
+    #     request on the session.
     #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
@@ -438,6 +437,28 @@ module Aws::SecurityHub
     # The maximum allowed size for a finding is 240 Kb. An error is returned
     # for any finding larger than 240 Kb.
     #
+    # After a finding is created, `BatchImportFindings` cannot be used to
+    # update the following finding fields and objects, which Security Hub
+    # customers use to manage their investigation workflow.
+    #
+    # * `Confidence`
+    #
+    # * `Criticality`
+    #
+    # * `Note`
+    #
+    # * `RelatedFindings`
+    #
+    # * `Severity`
+    #
+    # * `Types`
+    #
+    # * `UserDefinedFields`
+    #
+    # * `VerificationState`
+    #
+    # * `Workflow`
+    #
     # @option params [required, Array<Types::AwsSecurityFinding>] :findings
     #   A list of findings to import. To successfully import a finding, it
     #   must follow the [AWS Security Finding Format][1]. Maximum of 100
@@ -472,6 +493,7 @@ module Aws::SecurityHub
     #           product: 1.0,
     #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #           normalized: 1,
+    #           original: "NonEmptyString",
     #         },
     #         confidence: 1,
     #         criticality: 1,
@@ -922,6 +944,12 @@ module Aws::SecurityHub
     #         compliance: {
     #           status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #           related_requirements: ["NonEmptyString"],
+    #           status_reasons: [
+    #             {
+    #               reason_code: "NonEmptyString", # required
+    #               description: "NonEmptyString",
+    #             },
+    #           ],
     #         },
     #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #         workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
@@ -962,6 +990,172 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Used by Security Hub customers to update information about their
+    # investigation into a finding. Requested by master accounts or member
+    # accounts. Master accounts can update findings for their account and
+    # their member accounts. Member accounts can update findings for their
+    # account.
+    #
+    # Updates from `BatchUpdateFindings` do not affect the value of
+    # `UpdatedAt` for a finding.
+    #
+    # Master accounts can use `BatchUpdateFindings` to update the following
+    # finding fields and objects.
+    #
+    # * `Confidence`
+    #
+    # * `Criticality`
+    #
+    # * `Note`
+    #
+    # * `RelatedFindings`
+    #
+    # * `Severity`
+    #
+    # * `Types`
+    #
+    # * `UserDefinedFields`
+    #
+    # * `VerificationState`
+    #
+    # * `Workflow`
+    #
+    # Member accounts can only use `BatchUpdateFindings` to update the Note
+    # object.
+    #
+    # @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
+    #   The list of findings to update. `BatchUpdateFindings` can be used to
+    #   update up to 100 findings at a time.
+    #
+    #   For each finding, the list provides the finding identifier and the ARN
+    #   of the finding provider.
+    #
+    # @option params [Types::NoteUpdate] :note
+    #   The updated note.
+    #
+    # @option params [Types::SeverityUpdate] :severity
+    #   Used to update the finding severity.
+    #
+    # @option params [String] :verification_state
+    #   Indicates the veracity of a finding.
+    #
+    #   The available values for `VerificationState` are as follows.
+    #
+    #   * `UNKNOWN` – The default disposition of a security finding
+    #
+    #   * `TRUE_POSITIVE` – The security finding is confirmed
+    #
+    #   * `FALSE_POSITIVE` – The security finding was determined to be a false
+    #     alarm
+    #
+    #   * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
+    #     finding doesn't pose any threat, is expected, or both
+    #
+    # @option params [Integer] :confidence
+    #   The updated value for the finding confidence. Confidence is defined as
+    #   the likelihood that a finding accurately identifies the behavior or
+    #   issue that it was intended to identify.
+    #
+    #   Confidence is scored on a 0-100 basis using a ratio scale, where 0
+    #   means zero percent confidence and 100 means 100 percent confidence.
+    #
+    # @option params [Integer] :criticality
+    #   The updated value for the level of importance assigned to the
+    #   resources associated with the findings.
+    #
+    #   A score of 0 means that the underlying resources have no criticality,
+    #   and a score of 100 is reserved for the most critical resources.
+    #
+    # @option params [Array<String>] :types
+    #   One or more finding types in the format of
+    #   namespace/category/classifier that classify a finding.
+    #
+    #   Valid namespace values are as follows.
+    #
+    #   * Software and Configuration Checks
+    #
+    #   * TTPs
+    #
+    #   * Effects
+    #
+    #   * Unusual Behaviors
+    #
+    #   * Sensitive Data Identifications
+    #
+    # @option params [Hash<String,String>] :user_defined_fields
+    #   A list of name/value string pairs associated with the finding. These
+    #   are custom, user-defined fields added to a finding.
+    #
+    # @option params [Types::WorkflowUpdate] :workflow
+    #   Used to update the workflow status of a finding.
+    #
+    #   The workflow status indicates the progress of the investigation into
+    #   the finding.
+    #
+    # @option params [Array<Types::RelatedFinding>] :related_findings
+    #   A list of findings that are related to the updated findings.
+    #
+    # @return [Types::BatchUpdateFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchUpdateFindingsResponse#processed_findings #processed_findings} => Array&lt;Types::AwsSecurityFindingIdentifier&gt;
+    #   * {Types::BatchUpdateFindingsResponse#unprocessed_findings #unprocessed_findings} => Array&lt;Types::BatchUpdateFindingsUnprocessedFinding&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_update_findings({
+    #     finding_identifiers: [ # required
+    #       {
+    #         id: "NonEmptyString", # required
+    #         product_arn: "NonEmptyString", # required
+    #       },
+    #     ],
+    #     note: {
+    #       text: "NonEmptyString", # required
+    #       updated_by: "NonEmptyString", # required
+    #     },
+    #     severity: {
+    #       normalized: 1,
+    #       product: 1.0,
+    #       label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #     },
+    #     verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
+    #     confidence: 1,
+    #     criticality: 1,
+    #     types: ["NonEmptyString"],
+    #     user_defined_fields: {
+    #       "NonEmptyString" => "NonEmptyString",
+    #     },
+    #     workflow: {
+    #       status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #     },
+    #     related_findings: [
+    #       {
+    #         product_arn: "NonEmptyString", # required
+    #         id: "NonEmptyString", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.processed_findings #=> Array
+    #   resp.processed_findings[0].id #=> String
+    #   resp.processed_findings[0].product_arn #=> String
+    #   resp.unprocessed_findings #=> Array
+    #   resp.unprocessed_findings[0].finding_identifier.id #=> String
+    #   resp.unprocessed_findings[0].finding_identifier.product_arn #=> String
+    #   resp.unprocessed_findings[0].error_code #=> String
+    #   resp.unprocessed_findings[0].error_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindings AWS API Documentation
+    #
+    # @overload batch_update_findings(params = {})
+    # @param [Hash] params ({})
+    def batch_update_findings(params = {}, options = {})
+      req = build_request(:batch_update_findings, params)
+      req.send_request(options)
+    end
+
     # Creates a custom action target in Security Hub.
     #
     # You can use custom actions on findings and insights in Security Hub to
@@ -1017,8 +1211,10 @@ module Aws::SecurityHub
     #   defined in the filters.
     #
     # @option params [required, String] :group_by_attribute
-    #   The attribute used as the aggregator to group related findings for the
-    #   insight.
+    #   The attribute used to group the findings for the insight. The grouping
+    #   attribute identifies the type of item that the insight applies to. For
+    #   example, if an insight is grouped by resource identifier, then the
+    #   insight produces a list of resource identifiers.
     #
     # @return [Types::CreateInsightResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1611,7 +1807,7 @@ module Aws::SecurityHub
     # Security Hub.
     #
     # If the account owner accepts the invitation, the account becomes a
-    # member account in Security Hub, and a permission policy is added that
+    # member account in Security Hub. A permissions policy is added that
     # permits the master account to view the findings generated in the
     # member account. When Security Hub is enabled in the invited account,
     # findings start to be sent to both the member and master accounts.
@@ -1831,6 +2027,8 @@ module Aws::SecurityHub
     #   * {Types::DescribeActionTargetsResponse#action_targets #action_targets} => Array&lt;Types::ActionTarget&gt;
     #   * {Types::DescribeActionTargetsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_action_targets({
@@ -1908,6 +2106,8 @@ module Aws::SecurityHub
     #   * {Types::DescribeProductsResponse#products #products} => Array&lt;Types::Product&gt;
     #   * {Types::DescribeProductsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_products({
@@ -1962,6 +2162,8 @@ module Aws::SecurityHub
     #   * {Types::DescribeStandardsResponse#standards #standards} => Array&lt;Types::Standard&gt;
     #   * {Types::DescribeStandardsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_standards({
@@ -1975,6 +2177,7 @@ module Aws::SecurityHub
     #   resp.standards[0].standards_arn #=> String
     #   resp.standards[0].name #=> String
     #   resp.standards[0].description #=> String
+    #   resp.standards[0].enabled_by_default #=> Boolean
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandards AWS API Documentation
@@ -2013,6 +2216,8 @@ module Aws::SecurityHub
     #   * {Types::DescribeStandardsControlsResponse#controls #controls} => Array&lt;Types::StandardsControl&gt;
     #   * {Types::DescribeStandardsControlsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_standards_controls({
@@ -2137,8 +2342,8 @@ module Aws::SecurityHub
     # Enables the integration of a partner product with Security Hub.
     # Integrated products send findings to Security Hub.
     #
-    # When you enable a product integration, a permission policy that grants
-    # permission for the product to send findings to Security Hub is
+    # When you enable a product integration, a permissions policy that
+    # grants permission for the product to send findings to Security Hub is
     # applied.
     #
     # @option params [required, String] :product_arn
@@ -2171,15 +2376,25 @@ module Aws::SecurityHub
     # Region you specify in the request.
     #
     # When you enable Security Hub, you grant to Security Hub the
-    # permissions necessary to gather findings from AWS Config, Amazon
-    # GuardDuty, Amazon Inspector, and Amazon Macie.
+    # permissions necessary to gather findings from other services that are
+    # integrated with Security Hub.
     #
     # When you use the `EnableSecurityHub` operation to enable Security Hub,
-    # you also automatically enable the CIS AWS Foundations standard. You do
-    # not enable the Payment Card Industry Data Security Standard (PCI DSS)
-    # standard. To enable a standard, use the ` BatchEnableStandards `
-    # operation. To disable a standard, use the ` BatchDisableStandards `
-    # operation.
+    # you also automatically enable the following standards.
+    #
+    # * CIS AWS Foundations
+    #
+    # * AWS Foundational Security Best Practices
+    #
+    # You do not enable the Payment Card Industry Data Security Standard
+    # (PCI DSS) standard.
+    #
+    # To not enable the automatically enabled standards, set
+    # `EnableDefaultStandards` to `false`.
+    #
+    # After you enable Security Hub, to enable a standard, use the `
+    # BatchEnableStandards ` operation. To disable a standard, use the `
+    # BatchDisableStandards ` operation.
     #
     # To learn more, see [Setting Up AWS Security Hub][1] in the *AWS
     # Security Hub User Guide*.
@@ -2189,7 +2404,14 @@ module Aws::SecurityHub
     # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html
     #
     # @option params [Hash<String,String>] :tags
-    #   The tags to add to the Hub resource when you enable Security Hub.
+    #   The tags to add to the hub resource when you enable Security Hub.
+    #
+    # @option params [Boolean] :enable_default_standards
+    #   Whether to enable the security standards that Security Hub has
+    #   designated as automatically enabled. If you do not provide a value for
+    #   `EnableDefaultStandards`, it is set to `true`. To not enable the
+    #   automatically enabled standards, set `EnableDefaultStandards` to
+    #   `false`.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2199,6 +2421,7 @@ module Aws::SecurityHub
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
+    #     enable_default_standards: false,
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHub AWS API Documentation
@@ -2233,6 +2456,8 @@ module Aws::SecurityHub
     #   * {Types::GetEnabledStandardsResponse#standards_subscriptions #standards_subscriptions} => Array&lt;Types::StandardsSubscription&gt;
     #   * {Types::GetEnabledStandardsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_enabled_standards({
@@ -2285,6 +2510,8 @@ module Aws::SecurityHub
     #   * {Types::GetFindingsResponse#findings #findings} => Array&lt;Types::AwsSecurityFinding&gt;
     #   * {Types::GetFindingsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_findings({
@@ -2870,6 +3097,7 @@ module Aws::SecurityHub
     #   resp.findings[0].severity.product #=> Float
     #   resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
     #   resp.findings[0].severity.normalized #=> Integer
+    #   resp.findings[0].severity.original #=> String
     #   resp.findings[0].confidence #=> Integer
     #   resp.findings[0].criticality #=> Integer
     #   resp.findings[0].title #=> String
@@ -3161,6 +3389,9 @@ module Aws::SecurityHub
     #   resp.findings[0].compliance.status #=> String, one of "PASSED", "WARNING", "FAILED", "NOT_AVAILABLE"
     #   resp.findings[0].compliance.related_requirements #=> Array
     #   resp.findings[0].compliance.related_requirements[0] #=> String
+    #   resp.findings[0].compliance.status_reasons #=> Array
+    #   resp.findings[0].compliance.status_reasons[0].reason_code #=> String
+    #   resp.findings[0].compliance.status_reasons[0].description #=> String
     #   resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
     #   resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
     #   resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
@@ -3238,6 +3469,8 @@ module Aws::SecurityHub
     #   * {Types::GetInsightsResponse#insights #insights} => Array&lt;Types::Insight&gt;
     #   * {Types::GetInsightsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_insights({
@@ -3686,6 +3919,8 @@ module Aws::SecurityHub
     #   * {Types::ListEnabledProductsForImportResponse#product_subscriptions #product_subscriptions} => Array&lt;String&gt;
     #   * {Types::ListEnabledProductsForImportResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_enabled_products_for_import({
@@ -3728,6 +3963,8 @@ module Aws::SecurityHub
     #   * {Types::ListInvitationsResponse#invitations #invitations} => Array&lt;Types::Invitation&gt;
     #   * {Types::ListInvitationsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_invitations({
@@ -3784,6 +4021,8 @@ module Aws::SecurityHub
     #   * {Types::ListMembersResponse#members #members} => Array&lt;Types::Member&gt;
     #   * {Types::ListMembersResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_members({
@@ -3926,6 +4165,9 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # `UpdateFindings` is deprecated. Instead of `UpdateFindings`, use
+    # `BatchUpdateFindings`.
+    #
     # Updates the `Note` and `RecordState` of the Security Hub-aggregated
     # findings that the filter attributes specify. Any member account that
     # can view the finding also sees the update to the finding.
@@ -5150,7 +5392,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.21.0'
+      context[:gem_version] = '1.26.0'
       Seahorse::Client::Request.new(handlers, context)
     end