aws-sdk-securityhub 1.21.0 → 1.26.0

data/lib/aws-sdk-securityhub/client_api.rb

@@ -85,6 +85,8 @@ module Aws::SecurityHub
     AwsS3ObjectDetails = Shapes::StructureShape.new(name: 'AwsS3ObjectDetails')
     AwsSecurityFinding = Shapes::StructureShape.new(name: 'AwsSecurityFinding')
     AwsSecurityFindingFilters = Shapes::StructureShape.new(name: 'AwsSecurityFindingFilters')
+    AwsSecurityFindingIdentifier = Shapes::StructureShape.new(name: 'AwsSecurityFindingIdentifier')
+    AwsSecurityFindingIdentifierList = Shapes::ListShape.new(name: 'AwsSecurityFindingIdentifierList')
     AwsSecurityFindingList = Shapes::ListShape.new(name: 'AwsSecurityFindingList')
     AwsSnsTopicDetails = Shapes::StructureShape.new(name: 'AwsSnsTopicDetails')
     AwsSnsTopicSubscription = Shapes::StructureShape.new(name: 'AwsSnsTopicSubscription')
@@ -99,6 +101,10 @@ module Aws::SecurityHub
     BatchEnableStandardsResponse = Shapes::StructureShape.new(name: 'BatchEnableStandardsResponse')
     BatchImportFindingsRequest = Shapes::StructureShape.new(name: 'BatchImportFindingsRequest')
     BatchImportFindingsResponse = Shapes::StructureShape.new(name: 'BatchImportFindingsResponse')
+    BatchUpdateFindingsRequest = Shapes::StructureShape.new(name: 'BatchUpdateFindingsRequest')
+    BatchUpdateFindingsResponse = Shapes::StructureShape.new(name: 'BatchUpdateFindingsResponse')
+    BatchUpdateFindingsUnprocessedFinding = Shapes::StructureShape.new(name: 'BatchUpdateFindingsUnprocessedFinding')
+    BatchUpdateFindingsUnprocessedFindingsList = Shapes::ListShape.new(name: 'BatchUpdateFindingsUnprocessedFindingsList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CategoryList = Shapes::ListShape.new(name: 'CategoryList')
     Compliance = Shapes::StructureShape.new(name: 'Compliance')
@@ -218,6 +224,7 @@ module Aws::SecurityHub
     Product = Shapes::StructureShape.new(name: 'Product')
     ProductSubscriptionArnList = Shapes::ListShape.new(name: 'ProductSubscriptionArnList')
     ProductsList = Shapes::ListShape.new(name: 'ProductsList')
+    RatioScale = Shapes::IntegerShape.new(name: 'RatioScale')
     Recommendation = Shapes::StructureShape.new(name: 'Recommendation')
     RecordState = Shapes::StringShape.new(name: 'RecordState')
     RelatedFinding = Shapes::StructureShape.new(name: 'RelatedFinding')
@@ -236,6 +243,7 @@ module Aws::SecurityHub
     Severity = Shapes::StructureShape.new(name: 'Severity')
     SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
     SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
+    SeverityUpdate = Shapes::StructureShape.new(name: 'SeverityUpdate')
     SortCriteria = Shapes::ListShape.new(name: 'SortCriteria')
     SortCriterion = Shapes::StructureShape.new(name: 'SortCriterion')
     SortOrder = Shapes::StringShape.new(name: 'SortOrder')
@@ -250,6 +258,8 @@ module Aws::SecurityHub
     StandardsSubscriptionRequest = Shapes::StructureShape.new(name: 'StandardsSubscriptionRequest')
     StandardsSubscriptionRequests = Shapes::ListShape.new(name: 'StandardsSubscriptionRequests')
     StandardsSubscriptions = Shapes::ListShape.new(name: 'StandardsSubscriptions')
+    StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
+    StatusReasonsList = Shapes::ListShape.new(name: 'StatusReasonsList')
     StringFilter = Shapes::StructureShape.new(name: 'StringFilter')
     StringFilterComparison = Shapes::StringShape.new(name: 'StringFilterComparison')
     StringFilterList = Shapes::ListShape.new(name: 'StringFilterList')
@@ -284,6 +294,7 @@ module Aws::SecurityHub
     Workflow = Shapes::StructureShape.new(name: 'Workflow')
     WorkflowState = Shapes::StringShape.new(name: 'WorkflowState')
     WorkflowStatus = Shapes::StringShape.new(name: 'WorkflowStatus')
+    WorkflowUpdate = Shapes::StructureShape.new(name: 'WorkflowUpdate')
 
     AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "MasterId"))
     AcceptInvitationRequest.add_member(:invitation_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InvitationId"))
@@ -753,6 +764,12 @@ module Aws::SecurityHub
     AwsSecurityFindingFilters.add_member(:keyword, Shapes::ShapeRef.new(shape: KeywordFilterList, location_name: "Keyword"))
     AwsSecurityFindingFilters.struct_class = Types::AwsSecurityFindingFilters
 
+    AwsSecurityFindingIdentifier.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
+    AwsSecurityFindingIdentifier.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ProductArn"))
+    AwsSecurityFindingIdentifier.struct_class = Types::AwsSecurityFindingIdentifier
+
+    AwsSecurityFindingIdentifierList.member = Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifier)
+
     AwsSecurityFindingList.member = Shapes::ShapeRef.new(shape: AwsSecurityFinding)
 
     AwsSnsTopicDetails.add_member(:kms_master_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KmsMasterKeyId"))
@@ -809,10 +826,34 @@ module Aws::SecurityHub
     BatchImportFindingsResponse.add_member(:failed_findings, Shapes::ShapeRef.new(shape: ImportFindingsErrorList, location_name: "FailedFindings"))
     BatchImportFindingsResponse.struct_class = Types::BatchImportFindingsResponse
 
+    BatchUpdateFindingsRequest.add_member(:finding_identifiers, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifierList, required: true, location_name: "FindingIdentifiers"))
+    BatchUpdateFindingsRequest.add_member(:note, Shapes::ShapeRef.new(shape: NoteUpdate, location_name: "Note"))
+    BatchUpdateFindingsRequest.add_member(:severity, Shapes::ShapeRef.new(shape: SeverityUpdate, location_name: "Severity"))
+    BatchUpdateFindingsRequest.add_member(:verification_state, Shapes::ShapeRef.new(shape: VerificationState, location_name: "VerificationState"))
+    BatchUpdateFindingsRequest.add_member(:confidence, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Confidence"))
+    BatchUpdateFindingsRequest.add_member(:criticality, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Criticality"))
+    BatchUpdateFindingsRequest.add_member(:types, Shapes::ShapeRef.new(shape: TypeList, location_name: "Types"))
+    BatchUpdateFindingsRequest.add_member(:user_defined_fields, Shapes::ShapeRef.new(shape: FieldMap, location_name: "UserDefinedFields"))
+    BatchUpdateFindingsRequest.add_member(:workflow, Shapes::ShapeRef.new(shape: WorkflowUpdate, location_name: "Workflow"))
+    BatchUpdateFindingsRequest.add_member(:related_findings, Shapes::ShapeRef.new(shape: RelatedFindingList, location_name: "RelatedFindings"))
+    BatchUpdateFindingsRequest.struct_class = Types::BatchUpdateFindingsRequest
+
+    BatchUpdateFindingsResponse.add_member(:processed_findings, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifierList, required: true, location_name: "ProcessedFindings"))
+    BatchUpdateFindingsResponse.add_member(:unprocessed_findings, Shapes::ShapeRef.new(shape: BatchUpdateFindingsUnprocessedFindingsList, required: true, location_name: "UnprocessedFindings"))
+    BatchUpdateFindingsResponse.struct_class = Types::BatchUpdateFindingsResponse
+
+    BatchUpdateFindingsUnprocessedFinding.add_member(:finding_identifier, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifier, required: true, location_name: "FindingIdentifier"))
+    BatchUpdateFindingsUnprocessedFinding.add_member(:error_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ErrorCode"))
+    BatchUpdateFindingsUnprocessedFinding.add_member(:error_message, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ErrorMessage"))
+    BatchUpdateFindingsUnprocessedFinding.struct_class = Types::BatchUpdateFindingsUnprocessedFinding
+
+    BatchUpdateFindingsUnprocessedFindingsList.member = Shapes::ShapeRef.new(shape: BatchUpdateFindingsUnprocessedFinding)
+
     CategoryList.member = Shapes::ShapeRef.new(shape: NonEmptyString)
 
     Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
     Compliance.add_member(:related_requirements, Shapes::ShapeRef.new(shape: RelatedRequirementsList, location_name: "RelatedRequirements"))
+    Compliance.add_member(:status_reasons, Shapes::ShapeRef.new(shape: StatusReasonsList, location_name: "StatusReasons"))
     Compliance.struct_class = Types::Compliance
 
     ContainerDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
@@ -950,6 +991,7 @@ module Aws::SecurityHub
     EnableImportFindingsForProductResponse.struct_class = Types::EnableImportFindingsForProductResponse
 
     EnableSecurityHubRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "Tags"))
+    EnableSecurityHubRequest.add_member(:enable_default_standards, Shapes::ShapeRef.new(shape: Boolean, location_name: "EnableDefaultStandards"))
     EnableSecurityHubRequest.struct_class = Types::EnableSecurityHubRequest
 
     EnableSecurityHubResponse.struct_class = Types::EnableSecurityHubResponse
@@ -1256,8 +1298,14 @@ module Aws::SecurityHub
     Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
     Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
     Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
+    Severity.add_member(:original, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Original"))
     Severity.struct_class = Types::Severity
 
+    SeverityUpdate.add_member(:normalized, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Normalized"))
+    SeverityUpdate.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
+    SeverityUpdate.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
+    SeverityUpdate.struct_class = Types::SeverityUpdate
+
     SortCriteria.member = Shapes::ShapeRef.new(shape: SortCriterion)
 
     SortCriterion.add_member(:field, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Field"))
@@ -1267,6 +1315,7 @@ module Aws::SecurityHub
     Standard.add_member(:standards_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "StandardsArn"))
     Standard.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
     Standard.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
+    Standard.add_member(:enabled_by_default, Shapes::ShapeRef.new(shape: Boolean, location_name: "EnabledByDefault"))
     Standard.struct_class = Types::Standard
 
     Standards.member = Shapes::ShapeRef.new(shape: Standard)
@@ -1304,6 +1353,12 @@ module Aws::SecurityHub
 
     StandardsSubscriptions.member = Shapes::ShapeRef.new(shape: StandardsSubscription)
 
+    StatusReason.add_member(:reason_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ReasonCode"))
+    StatusReason.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
+    StatusReason.struct_class = Types::StatusReason
+
+    StatusReasonsList.member = Shapes::ShapeRef.new(shape: StatusReason)
+
     StringFilter.add_member(:value, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Value"))
     StringFilter.add_member(:comparison, Shapes::ShapeRef.new(shape: StringFilterComparison, location_name: "Comparison"))
     StringFilter.struct_class = Types::StringFilter
@@ -1384,6 +1439,9 @@ module Aws::SecurityHub
     Workflow.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
     Workflow.struct_class = Types::Workflow
 
+    WorkflowUpdate.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
+    WorkflowUpdate.struct_class = Types::WorkflowUpdate
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -1451,6 +1509,18 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
       end)
 
+      api.add_operation(:batch_update_findings, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "BatchUpdateFindings"
+        o.http_method = "PATCH"
+        o.http_request_uri = "/findings/batchupdate"
+        o.input = Shapes::ShapeRef.new(shape: BatchUpdateFindingsRequest)
+        o.output = Shapes::ShapeRef.new(shape: BatchUpdateFindingsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+      end)
+
       api.add_operation(:create_action_target, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateActionTarget"
         o.http_method = "POST"

data/lib/aws-sdk-securityhub/resource.rb

@@ -6,13 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::SecurityHub
-  # This class provides a resource oriented interface for SecurityHub.
-  # To create a resource object:
-  #     resource = Aws::SecurityHub::Resource.new(region: 'us-west-2')
-  # You can supply a client object with custom configuration that will be used for all resource operations.
-  # If you do not pass +:client+, a default client will be constructed.
-  #     client = Aws::SecurityHub::Client.new(region: 'us-west-2')
-  #     resource = Aws::SecurityHub::Resource.new(client: client)
+
   class Resource
 
     # @param options ({})

data/lib/aws-sdk-securityhub/types.rb

@@ -245,8 +245,8 @@ module Aws::SecurityHub
     end
 
     # A complex type that describes the Amazon S3 bucket, HTTP server (for
-    # example, a web server), Amazon MediaStore, or other server from which
-    # CloudFront gets your files.
+    # example, a web server), Amazon Elemental MediaStore, or other server
+    # from which CloudFront gets your files.
     #
     # @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
     #   data as a hash:
@@ -425,13 +425,13 @@ module Aws::SecurityHub
     # @!attribute [rw] type
     #   The type of build environment to use for related builds.
     #
-    #   The environment type `ARM_CONTAINER` is available only in regions US
+    #   The environment type `ARM_CONTAINER` is available only in Regions US
     #   East (N. Virginia), US East (Ohio), US West (Oregon), Europe
     #   (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific
     #   (Sydney), and Europe (Frankfurt).
     #
     #   The environment type `LINUX_CONTAINER` with compute type
-    #   build.general1.2xlarge is available only in regions US East (N.
+    #   build.general1.2xlarge is available only in Regions US East (N.
     #   Virginia), US East (N. Virginia), US West (Oregon), Canada
     #   (Central), Europe (Ireland), Europe (London), Europe (Frankfurt),
     #   Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
@@ -439,10 +439,10 @@ module Aws::SecurityHub
     #   (Ningxia).
     #
     #   The environment type `LINUX_GPU_CONTAINER` is available only in
-    #   regions US East (N. Virginia), US East (N. Virginia), US West
+    #   Regions US East (N. Virginia), US East (N. Virginia), US West
     #   (Oregon), Canada (Central), Europe (Ireland), Europe (London),
     #   Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
-    #   Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and
+    #   Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and
     #   China (Ningxia).
     #
     #   Valid values: `WINDOWS_CONTAINER` \| `LINUX_CONTAINER` \|
@@ -539,8 +539,8 @@ module Aws::SecurityHub
     #     source action instead of this value.
     #
     #   * For source code in an AWS CodeCommit repository, the HTTPS clone
-    #     URL to the repository that contains the source code and the
-    #     buildspec file (for example,
+    #     URL to the repository that contains the source code and the build
+    #     spec file (for example,
     #     `https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name`
     #     ).
     #
@@ -553,10 +553,10 @@ module Aws::SecurityHub
     #       example, `bucket-name/path/to/source-code/folder/`).
     #
     #   * For source code in a GitHub repository, the HTTPS clone URL to the
-    #     repository that contains the source and the buildspec file.
+    #     repository that contains the source and the build spec file.
     #
     #   * For source code in a Bitbucket repository, the HTTPS clone URL to
-    #     the repository that contains the source and the buildspec file.
+    #     the repository that contains the source and the build spec file.
     #   @return [String]
     #
     # @!attribute [rw] git_clone_depth
@@ -1035,9 +1035,9 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] cidr_ip
-    #   The IPv4 CIDR range. You can either specify either a CIDR range or a
-    #   source security group, but not both. To specify a single IPv4
-    #   address, use the /32 prefix length.
+    #   The IPv4 CIDR range. You can specify either a CIDR range or a source
+    #   security group, but not both. To specify a single IPv4 address, use
+    #   the /32 prefix length.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpRange AWS API Documentation
@@ -1057,9 +1057,9 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] cidr_ipv_6
-    #   The IPv6 CIDR range. You can either specify either a CIDR range or a
-    #   source security group, but not both. To specify a single IPv6
-    #   address, use the /128 prefix length.
+    #   The IPv6 CIDR range. You can specify either a CIDR range or a source
+    #   security group, but not both. To specify a single IPv6 address, use
+    #   the /128 prefix length.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpv6Range AWS API Documentation
@@ -1990,7 +1990,7 @@ module Aws::SecurityHub
     #   @return [Integer]
     #
     # @!attribute [rw] compatible_runtimes
-    #   The layer's compatible runtimes. Maximum number of 5 items.
+    #   The layer's compatible runtimes. Maximum number of five items.
     #
     #   Valid values: `nodejs10.x` \| `nodejs12.x` \| `java8` \| `java11` \|
     #   `python2.7` \| `python3.6` \| `python3.7` \| `python3.8` \|
@@ -2038,14 +2038,14 @@ module Aws::SecurityHub
     #   DB instance. The `Status` property returns one of the following
     #   values:
     #
-    #   * `ACTIVE` - the IAM role ARN is associated with the DB instance and
+    #   * `ACTIVE` - The IAM role ARN is associated with the DB instance and
     #     can be used to access other AWS services on your behalf.
     #
-    #   * `PENDING` - the IAM role ARN is being associated with the DB
+    #   * `PENDING` - The IAM role ARN is being associated with the DB
     #     instance.
     #
-    #   * `INVALID` - the IAM role ARN is associated with the DB instance,
-    #     but the DB instance is unable to assume the IAM role in order to
+    #   * `INVALID` - The IAM role ARN is associated with the DB instance.
+    #     But the DB instance is unable to assume the IAM role in order to
     #     access other AWS services on your behalf.
     #   @return [String]
     #
@@ -2419,7 +2419,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] apply_server_side_encryption_by_default
     #   Specifies the default server-side encryption to apply to new objects
-    #   in the bucket. If a `PUT` Object request doesn't specify any
+    #   in the bucket. If a `PUT` object request doesn't specify any
     #   server-side encryption, this default encryption is applied.
     #   @return [Types::AwsS3BucketServerSideEncryptionByDefault]
     #
@@ -2430,7 +2430,7 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # Details about an AWS S3 object.
+    # Details about an Amazon S3 object.
     #
     # @note When making an API call, you may pass AwsS3ObjectDetails
     #   data as a hash:
@@ -2514,6 +2514,7 @@ module Aws::SecurityHub
     #           product: 1.0,
     #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #           normalized: 1,
+    #           original: "NonEmptyString",
     #         },
     #         confidence: 1,
     #         criticality: 1,
@@ -2964,6 +2965,12 @@ module Aws::SecurityHub
     #         compliance: {
     #           status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #           related_requirements: ["NonEmptyString"],
+    #           status_reasons: [
+    #             {
+    #               reason_code: "NonEmptyString", # required
+    #               description: "NonEmptyString",
+    #             },
+    #           ],
     #         },
     #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #         workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
@@ -3003,7 +3010,7 @@ module Aws::SecurityHub
     #   The identifier for the solution-specific component (a discrete unit
     #   of logic) that generated a finding. In various security-findings
     #   providers' solutions, this generator can be called a rule, a check,
-    #   a detector, a plug-in, etc.
+    #   a detector, a plugin, etc.
     #   @return [String]
     #
     # @!attribute [rw] aws_account_id
@@ -3772,7 +3779,7 @@ module Aws::SecurityHub
     #   The identifier for the solution-specific component (a discrete unit
     #   of logic) that generated a finding. In various security-findings
     #   providers' solutions, this generator can be called a rule, a check,
-    #   a detector, a plug-in, etc.
+    #   a detector, a plugin, etc.
     #   @return [Array<Types::StringFilter>]
     #
     # @!attribute [rw] type
@@ -4237,6 +4244,36 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Identifies a finding to update using `BatchUpdateFindings`.
+    #
+    # @note When making an API call, you may pass AwsSecurityFindingIdentifier
+    #   data as a hash:
+    #
+    #       {
+    #         id: "NonEmptyString", # required
+    #         product_arn: "NonEmptyString", # required
+    #       }
+    #
+    # @!attribute [rw] id
+    #   The identifier of the finding that was specified by the finding
+    #   provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] product_arn
+    #   The ARN generated by Security Hub that uniquely identifies a product
+    #   that generates findings. This can be the ARN for a third-party
+    #   product that is integrated with Security Hub, or the ARN for a
+    #   custom integration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingIdentifier AWS API Documentation
+    #
+    class AwsSecurityFindingIdentifier < Struct.new(
+      :id,
+      :product_arn)
+      include Aws::Structure
+    end
+
     # A wrapper type for the topic's Amazon Resource Name (ARN).
     #
     # @note When making an API call, you may pass AwsSnsTopicDetails
@@ -4255,7 +4292,7 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] kms_master_key_id
-    #   The ID of an AWS-managed customer master key (CMK) for Amazon SNS or
+    #   The ID of an AWS managed customer master key (CMK) for Amazon SNS or
     #   a custom CMK.
     #   @return [String]
     #
@@ -4327,7 +4364,7 @@ module Aws::SecurityHub
     #   @return [Integer]
     #
     # @!attribute [rw] kms_master_key_id
-    #   The ID of an AWS-managed customer master key (CMK) for Amazon SQS or
+    #   The ID of an AWS managed customer master key (CMK) for Amazon SQS or
     #   a custom CMK.
     #   @return [String]
     #
@@ -4386,7 +4423,7 @@ module Aws::SecurityHub
     #   @return [String]
     #
     # @!attribute [rw] default_action
-    #   The action to perform if none of the Rules contained in the WebACL
+    #   The action to perform if none of the rules contained in the WebACL
     #   match.
     #   @return [String]
     #
@@ -4433,7 +4470,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] action
     #   Specifies the action that CloudFront or AWS WAF takes when a web
-    #   request matches the conditions in the Rule.
+    #   request matches the conditions in the rule.
     #   @return [Types::WafAction]
     #
     # @!attribute [rw] excluded_rules
@@ -4461,15 +4498,15 @@ module Aws::SecurityHub
     #   @return [Types::WafOverrideAction]
     #
     # @!attribute [rw] priority
-    #   Specifies the order in which the Rules in a WebACL are evaluated.
-    #   Rules with a lower value for Priority are evaluated before Rules
+    #   Specifies the order in which the rules in a WebACL are evaluated.
+    #   Rules with a lower value for `Priority` are evaluated before rules
     #   with a higher value. The value must be a unique integer. If you add
-    #   multiple Rules to a WebACL, the values do not need to be
+    #   multiple rules to a WebACL, the values do not need to be
     #   consecutive.
     #   @return [Integer]
     #
     # @!attribute [rw] rule_id
-    #   The identifier for a Rule.
+    #   The identifier for a rule.
     #   @return [String]
     #
     # @!attribute [rw] type
@@ -4577,6 +4614,7 @@ module Aws::SecurityHub
     #               product: 1.0,
     #               label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #               normalized: 1,
+    #               original: "NonEmptyString",
     #             },
     #             confidence: 1,
     #             criticality: 1,
@@ -5027,6 +5065,12 @@ module Aws::SecurityHub
     #             compliance: {
     #               status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #               related_requirements: ["NonEmptyString"],
+    #               status_reasons: [
+    #                 {
+    #                   reason_code: "NonEmptyString", # required
+    #                   description: "NonEmptyString",
+    #                 },
+    #               ],
     #             },
     #             verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #             workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
@@ -5087,27 +5131,184 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # Exclusive to findings that are generated as the result of a check run
-    # against a specific rule in a supported security standard, such as CIS
-    # AWS Foundations. Contains security standard-related finding details.
+    # @note When making an API call, you may pass BatchUpdateFindingsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         finding_identifiers: [ # required
+    #           {
+    #             id: "NonEmptyString", # required
+    #             product_arn: "NonEmptyString", # required
+    #           },
+    #         ],
+    #         note: {
+    #           text: "NonEmptyString", # required
+    #           updated_by: "NonEmptyString", # required
+    #         },
+    #         severity: {
+    #           normalized: 1,
+    #           product: 1.0,
+    #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #         },
+    #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
+    #         confidence: 1,
+    #         criticality: 1,
+    #         types: ["NonEmptyString"],
+    #         user_defined_fields: {
+    #           "NonEmptyString" => "NonEmptyString",
+    #         },
+    #         workflow: {
+    #           status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #         },
+    #         related_findings: [
+    #           {
+    #             product_arn: "NonEmptyString", # required
+    #             id: "NonEmptyString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] finding_identifiers
+    #   The list of findings to update. `BatchUpdateFindings` can be used to
+    #   update up to 100 findings at a time.
+    #
+    #   For each finding, the list provides the finding identifier and the
+    #   ARN of the finding provider.
+    #   @return [Array<Types::AwsSecurityFindingIdentifier>]
+    #
+    # @!attribute [rw] note
+    #   The updated note.
+    #   @return [Types::NoteUpdate]
+    #
+    # @!attribute [rw] severity
+    #   Used to update the finding severity.
+    #   @return [Types::SeverityUpdate]
+    #
+    # @!attribute [rw] verification_state
+    #   Indicates the veracity of a finding.
+    #
+    #   The available values for `VerificationState` are as follows.
+    #
+    #   * `UNKNOWN` – The default disposition of a security finding
+    #
+    #   * `TRUE_POSITIVE` – The security finding is confirmed
+    #
+    #   * `FALSE_POSITIVE` – The security finding was determined to be a
+    #     false alarm
+    #
+    #   * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
+    #     finding doesn't pose any threat, is expected, or both
+    #   @return [String]
+    #
+    # @!attribute [rw] confidence
+    #   The updated value for the finding confidence. Confidence is defined
+    #   as the likelihood that a finding accurately identifies the behavior
+    #   or issue that it was intended to identify.
+    #
+    #   Confidence is scored on a 0-100 basis using a ratio scale, where 0
+    #   means zero percent confidence and 100 means 100 percent confidence.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] criticality
+    #   The updated value for the level of importance assigned to the
+    #   resources associated with the findings.
+    #
+    #   A score of 0 means that the underlying resources have no
+    #   criticality, and a score of 100 is reserved for the most critical
+    #   resources.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] types
+    #   One or more finding types in the format of
+    #   namespace/category/classifier that classify a finding.
+    #
+    #   Valid namespace values are as follows.
+    #
+    #   * Software and Configuration Checks
+    #
+    #   * TTPs
+    #
+    #   * Effects
+    #
+    #   * Unusual Behaviors
+    #
+    #   * Sensitive Data Identifications
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] user_defined_fields
+    #   A list of name/value string pairs associated with the finding. These
+    #   are custom, user-defined fields added to a finding.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] workflow
+    #   Used to update the workflow status of a finding.
+    #
+    #   The workflow status indicates the progress of the investigation into
+    #   the finding.
+    #   @return [Types::WorkflowUpdate]
+    #
+    # @!attribute [rw] related_findings
+    #   A list of findings that are related to the updated findings.
+    #   @return [Array<Types::RelatedFinding>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsRequest AWS API Documentation
+    #
+    class BatchUpdateFindingsRequest < Struct.new(
+      :finding_identifiers,
+      :note,
+      :severity,
+      :verification_state,
+      :confidence,
+      :criticality,
+      :types,
+      :user_defined_fields,
+      :workflow,
+      :related_findings)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] processed_findings
+    #   The list of findings that were updated successfully.
+    #   @return [Array<Types::AwsSecurityFindingIdentifier>]
     #
-    # Values include the following:
+    # @!attribute [rw] unprocessed_findings
+    #   The list of findings that were not updated.
+    #   @return [Array<Types::BatchUpdateFindingsUnprocessedFinding>]
     #
-    # * Allowed values are the following:
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsResponse AWS API Documentation
     #
-    #   * `PASSED` - Standards check passed for all evaluated resources.
+    class BatchUpdateFindingsResponse < Struct.new(
+      :processed_findings,
+      :unprocessed_findings)
+      include Aws::Structure
+    end
+
+    # A finding from a `BatchUpdateFindings` request that Security Hub was
+    # unable to update.
+    #
+    # @!attribute [rw] finding_identifier
+    #   The identifier of the finding that was not updated.
+    #   @return [Types::AwsSecurityFindingIdentifier]
     #
-    #   * `WARNING` - Some information is missing or this check is not
-    #     supported given your configuration.
+    # @!attribute [rw] error_code
+    #   The code associated with the error.
+    #   @return [String]
     #
-    #   * `FAILED` - Standards check failed for at least one evaluated
-    #     resource.
+    # @!attribute [rw] error_message
+    #   The message associated with the error.
+    #   @return [String]
     #
-    #   * `NOT_AVAILABLE` - Check could not be performed due to a service
-    #     outage, API error, or because the result of the AWS Config
-    #     evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
-    #     result was ` NOT_APPLICABLE`, then after 3 days, Security Hub
-    #     automatically archives the finding.
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsUnprocessedFinding AWS API Documentation
+    #
+    class BatchUpdateFindingsUnprocessedFinding < Struct.new(
+      :finding_identifier,
+      :error_code,
+      :error_message)
+      include Aws::Structure
+    end
+
+    # Contains finding details that are specific to control-based findings.
+    # Only returned for findings generated from controls.
     #
     # @note When making an API call, you may pass Compliance
     #   data as a hash:
@@ -5115,21 +5316,57 @@ module Aws::SecurityHub
     #       {
     #         status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #         related_requirements: ["NonEmptyString"],
+    #         status_reasons: [
+    #           {
+    #             reason_code: "NonEmptyString", # required
+    #             description: "NonEmptyString",
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] status
     #   The result of a standards check.
+    #
+    #   The valid values for `Status` are as follows.
+    #
+    #   * * `PASSED` - Standards check passed for all evaluated resources.
+    #
+    #     * `WARNING` - Some information is missing or this check is not
+    #       supported for your configuration.
+    #
+    #     * `FAILED` - Standards check failed for at least one evaluated
+    #       resource.
+    #
+    #     * `NOT_AVAILABLE` - Check could not be performed due to a service
+    #       outage, API error, or because the result of the AWS Config
+    #       evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
+    #       result was `NOT_APPLICABLE`, then after 3 days, Security Hub
+    #       automatically archives the finding.
     #   @return [String]
     #
     # @!attribute [rw] related_requirements
-    #   List of requirements that are related to a standards control.
+    #   For a control, the industry or regulatory framework requirements
+    #   that are related to the control. The check for that control is
+    #   aligned with these requirements.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] status_reasons
+    #   For findings generated from controls, a list of reasons behind the
+    #   value of `Status`. For the list of status reason codes and their
+    #   meanings, see [Standards-related information in the ASFF][1] in the
+    #   *AWS Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
+    #   @return [Array<Types::StatusReason>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
     #
     class Compliance < Struct.new(
       :status,
-      :related_requirements)
+      :related_requirements,
+      :status_reasons)
       include Aws::Structure
     end
 
@@ -5786,8 +6023,11 @@ module Aws::SecurityHub
     #   @return [Types::AwsSecurityFindingFilters]
     #
     # @!attribute [rw] group_by_attribute
-    #   The attribute used as the aggregator to group related findings for
-    #   the insight.
+    #   The attribute used to group the findings for the insight. The
+    #   grouping attribute identifies the type of item that the insight
+    #   applies to. For example, if an insight is grouped by resource
+    #   identifier, then the insight produces a list of resource
+    #   identifiers.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation
@@ -6394,16 +6634,26 @@ module Aws::SecurityHub
     #         tags: {
     #           "TagKey" => "TagValue",
     #         },
+    #         enable_default_standards: false,
     #       }
     #
     # @!attribute [rw] tags
-    #   The tags to add to the Hub resource when you enable Security Hub.
+    #   The tags to add to the hub resource when you enable Security Hub.
     #   @return [Hash<String,String>]
     #
+    # @!attribute [rw] enable_default_standards
+    #   Whether to enable the security standards that Security Hub has
+    #   designated as automatically enabled. If you do not provide a value
+    #   for `EnableDefaultStandards`, it is set to `true`. To not enable the
+    #   automatically enabled standards, set `EnableDefaultStandards` to
+    #   `false`.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
     #
     class EnableSecurityHubRequest < Struct.new(
-      :tags)
+      :tags,
+      :enable_default_standards)
       include Aws::Structure
     end
 
@@ -7236,19 +7486,20 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # Includes details of the list of the findings that cannot be imported.
+    # The list of the findings that cannot be imported. For each finding,
+    # the list provides the error.
     #
     # @!attribute [rw] id
-    #   The ID of the error made during the `BatchImportFindings` operation.
+    #   The identifier of the finding that could not be updated.
     #   @return [String]
     #
     # @!attribute [rw] error_code
-    #   The code of the error made during the `BatchImportFindings`
+    #   The code of the error returned by the `BatchImportFindings`
     #   operation.
     #   @return [String]
     #
     # @!attribute [rw] error_message
-    #   The message of the error made during the `BatchImportFindings`
+    #   The message of the error returned by the `BatchImportFindings`
     #   operation.
     #   @return [String]
     #
@@ -7278,10 +7529,11 @@ module Aws::SecurityHub
     #   @return [Types::AwsSecurityFindingFilters]
     #
     # @!attribute [rw] group_by_attribute
-    #   The attribute that the insight's findings are grouped by. This
-    #   attribute is used as a findings aggregator for the purposes of
-    #   viewing and managing multiple related findings under a single
-    #   operand.
+    #   The grouping attribute for the insight's findings. Indicates how to
+    #   group the matching findings, and identifies the type of item that
+    #   the insight applies to. For example, if an insight is grouped by
+    #   resource identifier, then the insight produces a list of resource
+    #   identifiers.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Insight AWS API Documentation
@@ -9070,7 +9322,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsEc2InstanceDetails]
     #
     # @!attribute [rw] aws_ec2_network_interface
-    #   Details for an AWS EC2 network interface.
+    #   Details for an Amazon EC2 network interface.
     #   @return [Types::AwsEc2NetworkInterfaceDetails]
     #
     # @!attribute [rw] aws_ec2_security_group
@@ -9086,7 +9338,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsElasticsearchDomainDetails]
     #
     # @!attribute [rw] aws_s3_bucket
-    #   Details about an Amazon S3 Bucket related to a finding.
+    #   Details about an Amazon S3 bucket related to a finding.
     #   @return [Types::AwsS3BucketDetails]
     #
     # @!attribute [rw] aws_s3_object
@@ -9114,7 +9366,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsLambdaLayerVersionDetails]
     #
     # @!attribute [rw] aws_rds_db_instance
-    #   Details for an RDS database instance.
+    #   Details for an Amazon RDS database instance.
     #   @return [Types::AwsRdsDbInstanceDetails]
     #
     # @!attribute [rw] aws_sns_topic
@@ -9217,9 +9469,13 @@ module Aws::SecurityHub
     #         product: 1.0,
     #         label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #         normalized: 1,
+    #         original: "NonEmptyString",
     #       }
     #
     # @!attribute [rw] product
+    #   Deprecated. This attribute is being deprecated. Instead of providing
+    #   `Product`, provide `Original`.
+    #
     #   The native severity as defined by the AWS service or integrated
     #   partner product that generated the finding.
     #   @return [Float]
@@ -9258,12 +9514,77 @@ module Aws::SecurityHub
     #   * 90–100 - `CRITICAL`
     #   @return [Integer]
     #
+    # @!attribute [rw] original
+    #   The native severity from the finding product that generated the
+    #   finding.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
     #
     class Severity < Struct.new(
       :product,
       :label,
-      :normalized)
+      :normalized,
+      :original)
+      include Aws::Structure
+    end
+
+    # Updates to the severity information for a finding.
+    #
+    # @note When making an API call, you may pass SeverityUpdate
+    #   data as a hash:
+    #
+    #       {
+    #         normalized: 1,
+    #         product: 1.0,
+    #         label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #       }
+    #
+    # @!attribute [rw] normalized
+    #   The normalized severity for the finding. This attribute is to be
+    #   deprecated in favor of `Label`.
+    #
+    #   If you provide `Normalized` and do not provide `Label`, `Label` is
+    #   set automatically as follows.
+    #
+    #   * 0 - `INFORMATIONAL`
+    #
+    #   * 1–39 - `LOW`
+    #
+    #   * 40–69 - `MEDIUM`
+    #
+    #   * 70–89 - `HIGH`
+    #
+    #   * 90–100 - `CRITICAL`
+    #   @return [Integer]
+    #
+    # @!attribute [rw] product
+    #   The native severity as defined by the AWS service or integrated
+    #   partner product that generated the finding.
+    #   @return [Float]
+    #
+    # @!attribute [rw] label
+    #   The severity value of the finding. The allowed values are the
+    #   following.
+    #
+    #   * `INFORMATIONAL` - No issue was found.
+    #
+    #   * `LOW` - The issue does not require action on its own.
+    #
+    #   * `MEDIUM` - The issue must be addressed but not urgently.
+    #
+    #   * `HIGH` - The issue must be addressed as a priority.
+    #
+    #   * `CRITICAL` - The issue must be remediated immediately to avoid it
+    #     escalating.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SeverityUpdate AWS API Documentation
+    #
+    class SeverityUpdate < Struct.new(
+      :normalized,
+      :product,
+      :label)
       include Aws::Structure
     end
 
@@ -9307,12 +9628,23 @@ module Aws::SecurityHub
     #   A description of the standard.
     #   @return [String]
     #
+    # @!attribute [rw] enabled_by_default
+    #   Whether the standard is enabled by default. When Security Hub is
+    #   enabled from the console, if a standard is enabled by default, the
+    #   check box for that standard is selected by default.
+    #
+    #   When Security Hub is enabled using the `EnableSecurityHub` API
+    #   operation, the standard is enabled by default unless
+    #   `EnableDefaultStandards` is set to `false`.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Standard AWS API Documentation
     #
     class Standard < Struct.new(
       :standards_arn,
       :name,
-      :description)
+      :description,
+      :enabled_by_default)
       include Aws::Structure
     end
 
@@ -9443,6 +9775,38 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides additional context for the value of `Compliance.Status`.
+    #
+    # @note When making an API call, you may pass StatusReason
+    #   data as a hash:
+    #
+    #       {
+    #         reason_code: "NonEmptyString", # required
+    #         description: "NonEmptyString",
+    #       }
+    #
+    # @!attribute [rw] reason_code
+    #   A code that represents a reason for the control status. For the list
+    #   of status reason codes and their meanings, see [Standards-related
+    #   information in the ASFF][1] in the *AWS Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The corresponding description for the status reason code.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatusReason AWS API Documentation
+    #
+    class StatusReason < Struct.new(
+      :reason_code,
+      :description)
+      include Aws::Structure
+    end
+
     # A string filter for querying findings.
     #
     # @note When making an API call, you may pass StringFilter
@@ -10836,7 +11200,7 @@ module Aws::SecurityHub
     class UpdateStandardsControlResponse < Aws::EmptyStructure; end
 
     # Details about the action that CloudFront or AWS WAF takes when a web
-    # request matches the conditions in the Rule.
+    # request matches the conditions in the rule.
     #
     # @note When making an API call, you may pass WafAction
     #   data as a hash:
@@ -10847,7 +11211,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] type
     #   Specifies how you want AWS WAF to respond to requests that match the
-    #   settings in a Rule.
+    #   settings in a rule.
     #
     #   Valid settings include the following:
     #
@@ -10900,7 +11264,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] type
     #   `COUNT` overrides the action specified by the individual rule within
-    #   a RuleGroup .
+    #   a `RuleGroup` .
     #
     #   If set to `NONE`, the rule's action takes place.
     #   @return [String]
@@ -10946,5 +11310,38 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Used to update information about the investigation into the finding.
+    #
+    # @note When making an API call, you may pass WorkflowUpdate
+    #   data as a hash:
+    #
+    #       {
+    #         status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #       }
+    #
+    # @!attribute [rw] status
+    #   The status of the investigation into the finding. The allowed values
+    #   are the following.
+    #
+    #   * `NEW` - The initial state of a finding, before it is reviewed.
+    #
+    #   * `NOTIFIED` - Indicates that you notified the resource owner about
+    #     the security issue. Used when the initial reviewer is not the
+    #     resource owner, and needs intervention from the resource owner.
+    #
+    #   * `RESOLVED` - The finding was reviewed and remediated and is now
+    #     considered resolved.
+    #
+    #   * `SUPPRESSED` - The finding will not be reviewed again and will not
+    #     be acted upon.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WorkflowUpdate AWS API Documentation
+    #
+    class WorkflowUpdate < Struct.new(
+      :status)
+      include Aws::Structure
+    end
+
   end
 end