aws-sdk-securityhub 1.22.0 → 1.27.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/aws-sdk-securityhub.rb +1 -1
- data/lib/aws-sdk-securityhub/client.rb +222 -11
- data/lib/aws-sdk-securityhub/client_api.rb +68 -0
- data/lib/aws-sdk-securityhub/types.rb +429 -58
- metadata +5 -5
|
@@ -245,8 +245,8 @@ module Aws::SecurityHub
|
|
|
245
245
|
end
|
|
246
246
|
|
|
247
247
|
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
|
248
|
-
# example, a web server), Amazon MediaStore, or other server
|
|
249
|
-
# CloudFront gets your files.
|
|
248
|
+
# example, a web server), Amazon Elemental MediaStore, or other server
|
|
249
|
+
# from which CloudFront gets your files.
|
|
250
250
|
#
|
|
251
251
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
|
|
252
252
|
# data as a hash:
|
|
@@ -425,13 +425,13 @@ module Aws::SecurityHub
|
|
|
425
425
|
# @!attribute [rw] type
|
|
426
426
|
# The type of build environment to use for related builds.
|
|
427
427
|
#
|
|
428
|
-
# The environment type `ARM_CONTAINER` is available only in
|
|
428
|
+
# The environment type `ARM_CONTAINER` is available only in Regions US
|
|
429
429
|
# East (N. Virginia), US East (Ohio), US West (Oregon), Europe
|
|
430
430
|
# (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific
|
|
431
431
|
# (Sydney), and Europe (Frankfurt).
|
|
432
432
|
#
|
|
433
433
|
# The environment type `LINUX_CONTAINER` with compute type
|
|
434
|
-
# build.general1.2xlarge is available only in
|
|
434
|
+
# build.general1.2xlarge is available only in Regions US East (N.
|
|
435
435
|
# Virginia), US East (N. Virginia), US West (Oregon), Canada
|
|
436
436
|
# (Central), Europe (Ireland), Europe (London), Europe (Frankfurt),
|
|
437
437
|
# Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
|
|
@@ -439,10 +439,10 @@ module Aws::SecurityHub
|
|
|
439
439
|
# (Ningxia).
|
|
440
440
|
#
|
|
441
441
|
# The environment type `LINUX_GPU_CONTAINER` is available only in
|
|
442
|
-
#
|
|
442
|
+
# Regions US East (N. Virginia), US East (N. Virginia), US West
|
|
443
443
|
# (Oregon), Canada (Central), Europe (Ireland), Europe (London),
|
|
444
444
|
# Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
|
|
445
|
-
# Pacific (Singapore), Asia Pacific (Sydney)
|
|
445
|
+
# Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and
|
|
446
446
|
# China (Ningxia).
|
|
447
447
|
#
|
|
448
448
|
# Valid values: `WINDOWS_CONTAINER` \| `LINUX_CONTAINER` \|
|
|
@@ -539,8 +539,8 @@ module Aws::SecurityHub
|
|
|
539
539
|
# source action instead of this value.
|
|
540
540
|
#
|
|
541
541
|
# * For source code in an AWS CodeCommit repository, the HTTPS clone
|
|
542
|
-
# URL to the repository that contains the source code and the
|
|
543
|
-
#
|
|
542
|
+
# URL to the repository that contains the source code and the build
|
|
543
|
+
# spec file (for example,
|
|
544
544
|
# `https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name`
|
|
545
545
|
# ).
|
|
546
546
|
#
|
|
@@ -553,10 +553,10 @@ module Aws::SecurityHub
|
|
|
553
553
|
# example, `bucket-name/path/to/source-code/folder/`).
|
|
554
554
|
#
|
|
555
555
|
# * For source code in a GitHub repository, the HTTPS clone URL to the
|
|
556
|
-
# repository that contains the source and the
|
|
556
|
+
# repository that contains the source and the build spec file.
|
|
557
557
|
#
|
|
558
558
|
# * For source code in a Bitbucket repository, the HTTPS clone URL to
|
|
559
|
-
# the repository that contains the source and the
|
|
559
|
+
# the repository that contains the source and the build spec file.
|
|
560
560
|
# @return [String]
|
|
561
561
|
#
|
|
562
562
|
# @!attribute [rw] git_clone_depth
|
|
@@ -1035,9 +1035,9 @@ module Aws::SecurityHub
|
|
|
1035
1035
|
# }
|
|
1036
1036
|
#
|
|
1037
1037
|
# @!attribute [rw] cidr_ip
|
|
1038
|
-
# The IPv4 CIDR range. You can
|
|
1039
|
-
#
|
|
1040
|
-
#
|
|
1038
|
+
# The IPv4 CIDR range. You can specify either a CIDR range or a source
|
|
1039
|
+
# security group, but not both. To specify a single IPv4 address, use
|
|
1040
|
+
# the /32 prefix length.
|
|
1041
1041
|
# @return [String]
|
|
1042
1042
|
#
|
|
1043
1043
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpRange AWS API Documentation
|
|
@@ -1057,9 +1057,9 @@ module Aws::SecurityHub
|
|
|
1057
1057
|
# }
|
|
1058
1058
|
#
|
|
1059
1059
|
# @!attribute [rw] cidr_ipv_6
|
|
1060
|
-
# The IPv6 CIDR range. You can
|
|
1061
|
-
#
|
|
1062
|
-
#
|
|
1060
|
+
# The IPv6 CIDR range. You can specify either a CIDR range or a source
|
|
1061
|
+
# security group, but not both. To specify a single IPv6 address, use
|
|
1062
|
+
# the /128 prefix length.
|
|
1063
1063
|
# @return [String]
|
|
1064
1064
|
#
|
|
1065
1065
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpv6Range AWS API Documentation
|
|
@@ -1990,7 +1990,7 @@ module Aws::SecurityHub
|
|
|
1990
1990
|
# @return [Integer]
|
|
1991
1991
|
#
|
|
1992
1992
|
# @!attribute [rw] compatible_runtimes
|
|
1993
|
-
# The layer's compatible runtimes. Maximum number of
|
|
1993
|
+
# The layer's compatible runtimes. Maximum number of five items.
|
|
1994
1994
|
#
|
|
1995
1995
|
# Valid values: `nodejs10.x` \| `nodejs12.x` \| `java8` \| `java11` \|
|
|
1996
1996
|
# `python2.7` \| `python3.6` \| `python3.7` \| `python3.8` \|
|
|
@@ -2038,14 +2038,14 @@ module Aws::SecurityHub
|
|
|
2038
2038
|
# DB instance. The `Status` property returns one of the following
|
|
2039
2039
|
# values:
|
|
2040
2040
|
#
|
|
2041
|
-
# * `ACTIVE` -
|
|
2041
|
+
# * `ACTIVE` - The IAM role ARN is associated with the DB instance and
|
|
2042
2042
|
# can be used to access other AWS services on your behalf.
|
|
2043
2043
|
#
|
|
2044
|
-
# * `PENDING` -
|
|
2044
|
+
# * `PENDING` - The IAM role ARN is being associated with the DB
|
|
2045
2045
|
# instance.
|
|
2046
2046
|
#
|
|
2047
|
-
# * `INVALID` -
|
|
2048
|
-
#
|
|
2047
|
+
# * `INVALID` - The IAM role ARN is associated with the DB instance.
|
|
2048
|
+
# But the DB instance is unable to assume the IAM role in order to
|
|
2049
2049
|
# access other AWS services on your behalf.
|
|
2050
2050
|
# @return [String]
|
|
2051
2051
|
#
|
|
@@ -2419,7 +2419,7 @@ module Aws::SecurityHub
|
|
|
2419
2419
|
#
|
|
2420
2420
|
# @!attribute [rw] apply_server_side_encryption_by_default
|
|
2421
2421
|
# Specifies the default server-side encryption to apply to new objects
|
|
2422
|
-
# in the bucket. If a `PUT`
|
|
2422
|
+
# in the bucket. If a `PUT` object request doesn't specify any
|
|
2423
2423
|
# server-side encryption, this default encryption is applied.
|
|
2424
2424
|
# @return [Types::AwsS3BucketServerSideEncryptionByDefault]
|
|
2425
2425
|
#
|
|
@@ -2430,7 +2430,7 @@ module Aws::SecurityHub
|
|
|
2430
2430
|
include Aws::Structure
|
|
2431
2431
|
end
|
|
2432
2432
|
|
|
2433
|
-
# Details about an
|
|
2433
|
+
# Details about an Amazon S3 object.
|
|
2434
2434
|
#
|
|
2435
2435
|
# @note When making an API call, you may pass AwsS3ObjectDetails
|
|
2436
2436
|
# data as a hash:
|
|
@@ -2514,6 +2514,7 @@ module Aws::SecurityHub
|
|
|
2514
2514
|
# product: 1.0,
|
|
2515
2515
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
2516
2516
|
# normalized: 1,
|
|
2517
|
+
# original: "NonEmptyString",
|
|
2517
2518
|
# },
|
|
2518
2519
|
# confidence: 1,
|
|
2519
2520
|
# criticality: 1,
|
|
@@ -2964,6 +2965,12 @@ module Aws::SecurityHub
|
|
|
2964
2965
|
# compliance: {
|
|
2965
2966
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
2966
2967
|
# related_requirements: ["NonEmptyString"],
|
|
2968
|
+
# status_reasons: [
|
|
2969
|
+
# {
|
|
2970
|
+
# reason_code: "NonEmptyString", # required
|
|
2971
|
+
# description: "NonEmptyString",
|
|
2972
|
+
# },
|
|
2973
|
+
# ],
|
|
2967
2974
|
# },
|
|
2968
2975
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
|
2969
2976
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
|
@@ -3003,7 +3010,7 @@ module Aws::SecurityHub
|
|
|
3003
3010
|
# The identifier for the solution-specific component (a discrete unit
|
|
3004
3011
|
# of logic) that generated a finding. In various security-findings
|
|
3005
3012
|
# providers' solutions, this generator can be called a rule, a check,
|
|
3006
|
-
# a detector, a
|
|
3013
|
+
# a detector, a plugin, etc.
|
|
3007
3014
|
# @return [String]
|
|
3008
3015
|
#
|
|
3009
3016
|
# @!attribute [rw] aws_account_id
|
|
@@ -3772,7 +3779,7 @@ module Aws::SecurityHub
|
|
|
3772
3779
|
# The identifier for the solution-specific component (a discrete unit
|
|
3773
3780
|
# of logic) that generated a finding. In various security-findings
|
|
3774
3781
|
# providers' solutions, this generator can be called a rule, a check,
|
|
3775
|
-
# a detector, a
|
|
3782
|
+
# a detector, a plugin, etc.
|
|
3776
3783
|
# @return [Array<Types::StringFilter>]
|
|
3777
3784
|
#
|
|
3778
3785
|
# @!attribute [rw] type
|
|
@@ -4237,6 +4244,36 @@ module Aws::SecurityHub
|
|
|
4237
4244
|
include Aws::Structure
|
|
4238
4245
|
end
|
|
4239
4246
|
|
|
4247
|
+
# Identifies a finding to update using `BatchUpdateFindings`.
|
|
4248
|
+
#
|
|
4249
|
+
# @note When making an API call, you may pass AwsSecurityFindingIdentifier
|
|
4250
|
+
# data as a hash:
|
|
4251
|
+
#
|
|
4252
|
+
# {
|
|
4253
|
+
# id: "NonEmptyString", # required
|
|
4254
|
+
# product_arn: "NonEmptyString", # required
|
|
4255
|
+
# }
|
|
4256
|
+
#
|
|
4257
|
+
# @!attribute [rw] id
|
|
4258
|
+
# The identifier of the finding that was specified by the finding
|
|
4259
|
+
# provider.
|
|
4260
|
+
# @return [String]
|
|
4261
|
+
#
|
|
4262
|
+
# @!attribute [rw] product_arn
|
|
4263
|
+
# The ARN generated by Security Hub that uniquely identifies a product
|
|
4264
|
+
# that generates findings. This can be the ARN for a third-party
|
|
4265
|
+
# product that is integrated with Security Hub, or the ARN for a
|
|
4266
|
+
# custom integration.
|
|
4267
|
+
# @return [String]
|
|
4268
|
+
#
|
|
4269
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingIdentifier AWS API Documentation
|
|
4270
|
+
#
|
|
4271
|
+
class AwsSecurityFindingIdentifier < Struct.new(
|
|
4272
|
+
:id,
|
|
4273
|
+
:product_arn)
|
|
4274
|
+
include Aws::Structure
|
|
4275
|
+
end
|
|
4276
|
+
|
|
4240
4277
|
# A wrapper type for the topic's Amazon Resource Name (ARN).
|
|
4241
4278
|
#
|
|
4242
4279
|
# @note When making an API call, you may pass AwsSnsTopicDetails
|
|
@@ -4255,7 +4292,7 @@ module Aws::SecurityHub
|
|
|
4255
4292
|
# }
|
|
4256
4293
|
#
|
|
4257
4294
|
# @!attribute [rw] kms_master_key_id
|
|
4258
|
-
# The ID of an AWS
|
|
4295
|
+
# The ID of an AWS managed customer master key (CMK) for Amazon SNS or
|
|
4259
4296
|
# a custom CMK.
|
|
4260
4297
|
# @return [String]
|
|
4261
4298
|
#
|
|
@@ -4327,7 +4364,7 @@ module Aws::SecurityHub
|
|
|
4327
4364
|
# @return [Integer]
|
|
4328
4365
|
#
|
|
4329
4366
|
# @!attribute [rw] kms_master_key_id
|
|
4330
|
-
# The ID of an AWS
|
|
4367
|
+
# The ID of an AWS managed customer master key (CMK) for Amazon SQS or
|
|
4331
4368
|
# a custom CMK.
|
|
4332
4369
|
# @return [String]
|
|
4333
4370
|
#
|
|
@@ -4386,7 +4423,7 @@ module Aws::SecurityHub
|
|
|
4386
4423
|
# @return [String]
|
|
4387
4424
|
#
|
|
4388
4425
|
# @!attribute [rw] default_action
|
|
4389
|
-
# The action to perform if none of the
|
|
4426
|
+
# The action to perform if none of the rules contained in the WebACL
|
|
4390
4427
|
# match.
|
|
4391
4428
|
# @return [String]
|
|
4392
4429
|
#
|
|
@@ -4433,7 +4470,7 @@ module Aws::SecurityHub
|
|
|
4433
4470
|
#
|
|
4434
4471
|
# @!attribute [rw] action
|
|
4435
4472
|
# Specifies the action that CloudFront or AWS WAF takes when a web
|
|
4436
|
-
# request matches the conditions in the
|
|
4473
|
+
# request matches the conditions in the rule.
|
|
4437
4474
|
# @return [Types::WafAction]
|
|
4438
4475
|
#
|
|
4439
4476
|
# @!attribute [rw] excluded_rules
|
|
@@ -4461,15 +4498,15 @@ module Aws::SecurityHub
|
|
|
4461
4498
|
# @return [Types::WafOverrideAction]
|
|
4462
4499
|
#
|
|
4463
4500
|
# @!attribute [rw] priority
|
|
4464
|
-
# Specifies the order in which the
|
|
4465
|
-
# Rules with a lower value for Priority are evaluated before
|
|
4501
|
+
# Specifies the order in which the rules in a WebACL are evaluated.
|
|
4502
|
+
# Rules with a lower value for `Priority` are evaluated before rules
|
|
4466
4503
|
# with a higher value. The value must be a unique integer. If you add
|
|
4467
|
-
# multiple
|
|
4504
|
+
# multiple rules to a WebACL, the values do not need to be
|
|
4468
4505
|
# consecutive.
|
|
4469
4506
|
# @return [Integer]
|
|
4470
4507
|
#
|
|
4471
4508
|
# @!attribute [rw] rule_id
|
|
4472
|
-
# The identifier for a
|
|
4509
|
+
# The identifier for a rule.
|
|
4473
4510
|
# @return [String]
|
|
4474
4511
|
#
|
|
4475
4512
|
# @!attribute [rw] type
|
|
@@ -4577,6 +4614,7 @@ module Aws::SecurityHub
|
|
|
4577
4614
|
# product: 1.0,
|
|
4578
4615
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
4579
4616
|
# normalized: 1,
|
|
4617
|
+
# original: "NonEmptyString",
|
|
4580
4618
|
# },
|
|
4581
4619
|
# confidence: 1,
|
|
4582
4620
|
# criticality: 1,
|
|
@@ -5027,6 +5065,12 @@ module Aws::SecurityHub
|
|
|
5027
5065
|
# compliance: {
|
|
5028
5066
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
5029
5067
|
# related_requirements: ["NonEmptyString"],
|
|
5068
|
+
# status_reasons: [
|
|
5069
|
+
# {
|
|
5070
|
+
# reason_code: "NonEmptyString", # required
|
|
5071
|
+
# description: "NonEmptyString",
|
|
5072
|
+
# },
|
|
5073
|
+
# ],
|
|
5030
5074
|
# },
|
|
5031
5075
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
|
5032
5076
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
|
@@ -5087,27 +5131,184 @@ module Aws::SecurityHub
|
|
|
5087
5131
|
include Aws::Structure
|
|
5088
5132
|
end
|
|
5089
5133
|
|
|
5090
|
-
#
|
|
5091
|
-
#
|
|
5092
|
-
# AWS Foundations. Contains security standard-related finding details.
|
|
5134
|
+
# @note When making an API call, you may pass BatchUpdateFindingsRequest
|
|
5135
|
+
# data as a hash:
|
|
5093
5136
|
#
|
|
5094
|
-
#
|
|
5137
|
+
# {
|
|
5138
|
+
# finding_identifiers: [ # required
|
|
5139
|
+
# {
|
|
5140
|
+
# id: "NonEmptyString", # required
|
|
5141
|
+
# product_arn: "NonEmptyString", # required
|
|
5142
|
+
# },
|
|
5143
|
+
# ],
|
|
5144
|
+
# note: {
|
|
5145
|
+
# text: "NonEmptyString", # required
|
|
5146
|
+
# updated_by: "NonEmptyString", # required
|
|
5147
|
+
# },
|
|
5148
|
+
# severity: {
|
|
5149
|
+
# normalized: 1,
|
|
5150
|
+
# product: 1.0,
|
|
5151
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
5152
|
+
# },
|
|
5153
|
+
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
|
5154
|
+
# confidence: 1,
|
|
5155
|
+
# criticality: 1,
|
|
5156
|
+
# types: ["NonEmptyString"],
|
|
5157
|
+
# user_defined_fields: {
|
|
5158
|
+
# "NonEmptyString" => "NonEmptyString",
|
|
5159
|
+
# },
|
|
5160
|
+
# workflow: {
|
|
5161
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
|
5162
|
+
# },
|
|
5163
|
+
# related_findings: [
|
|
5164
|
+
# {
|
|
5165
|
+
# product_arn: "NonEmptyString", # required
|
|
5166
|
+
# id: "NonEmptyString", # required
|
|
5167
|
+
# },
|
|
5168
|
+
# ],
|
|
5169
|
+
# }
|
|
5170
|
+
#
|
|
5171
|
+
# @!attribute [rw] finding_identifiers
|
|
5172
|
+
# The list of findings to update. `BatchUpdateFindings` can be used to
|
|
5173
|
+
# update up to 100 findings at a time.
|
|
5174
|
+
#
|
|
5175
|
+
# For each finding, the list provides the finding identifier and the
|
|
5176
|
+
# ARN of the finding provider.
|
|
5177
|
+
# @return [Array<Types::AwsSecurityFindingIdentifier>]
|
|
5178
|
+
#
|
|
5179
|
+
# @!attribute [rw] note
|
|
5180
|
+
# The updated note.
|
|
5181
|
+
# @return [Types::NoteUpdate]
|
|
5182
|
+
#
|
|
5183
|
+
# @!attribute [rw] severity
|
|
5184
|
+
# Used to update the finding severity.
|
|
5185
|
+
# @return [Types::SeverityUpdate]
|
|
5186
|
+
#
|
|
5187
|
+
# @!attribute [rw] verification_state
|
|
5188
|
+
# Indicates the veracity of a finding.
|
|
5189
|
+
#
|
|
5190
|
+
# The available values for `VerificationState` are as follows.
|
|
5191
|
+
#
|
|
5192
|
+
# * `UNKNOWN` – The default disposition of a security finding
|
|
5193
|
+
#
|
|
5194
|
+
# * `TRUE_POSITIVE` – The security finding is confirmed
|
|
5195
|
+
#
|
|
5196
|
+
# * `FALSE_POSITIVE` – The security finding was determined to be a
|
|
5197
|
+
# false alarm
|
|
5198
|
+
#
|
|
5199
|
+
# * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
|
|
5200
|
+
# finding doesn't pose any threat, is expected, or both
|
|
5201
|
+
# @return [String]
|
|
5202
|
+
#
|
|
5203
|
+
# @!attribute [rw] confidence
|
|
5204
|
+
# The updated value for the finding confidence. Confidence is defined
|
|
5205
|
+
# as the likelihood that a finding accurately identifies the behavior
|
|
5206
|
+
# or issue that it was intended to identify.
|
|
5207
|
+
#
|
|
5208
|
+
# Confidence is scored on a 0-100 basis using a ratio scale, where 0
|
|
5209
|
+
# means zero percent confidence and 100 means 100 percent confidence.
|
|
5210
|
+
# @return [Integer]
|
|
5211
|
+
#
|
|
5212
|
+
# @!attribute [rw] criticality
|
|
5213
|
+
# The updated value for the level of importance assigned to the
|
|
5214
|
+
# resources associated with the findings.
|
|
5215
|
+
#
|
|
5216
|
+
# A score of 0 means that the underlying resources have no
|
|
5217
|
+
# criticality, and a score of 100 is reserved for the most critical
|
|
5218
|
+
# resources.
|
|
5219
|
+
# @return [Integer]
|
|
5220
|
+
#
|
|
5221
|
+
# @!attribute [rw] types
|
|
5222
|
+
# One or more finding types in the format of
|
|
5223
|
+
# namespace/category/classifier that classify a finding.
|
|
5224
|
+
#
|
|
5225
|
+
# Valid namespace values are as follows.
|
|
5226
|
+
#
|
|
5227
|
+
# * Software and Configuration Checks
|
|
5228
|
+
#
|
|
5229
|
+
# * TTPs
|
|
5230
|
+
#
|
|
5231
|
+
# * Effects
|
|
5232
|
+
#
|
|
5233
|
+
# * Unusual Behaviors
|
|
5234
|
+
#
|
|
5235
|
+
# * Sensitive Data Identifications
|
|
5236
|
+
# @return [Array<String>]
|
|
5237
|
+
#
|
|
5238
|
+
# @!attribute [rw] user_defined_fields
|
|
5239
|
+
# A list of name/value string pairs associated with the finding. These
|
|
5240
|
+
# are custom, user-defined fields added to a finding.
|
|
5241
|
+
# @return [Hash<String,String>]
|
|
5242
|
+
#
|
|
5243
|
+
# @!attribute [rw] workflow
|
|
5244
|
+
# Used to update the workflow status of a finding.
|
|
5245
|
+
#
|
|
5246
|
+
# The workflow status indicates the progress of the investigation into
|
|
5247
|
+
# the finding.
|
|
5248
|
+
# @return [Types::WorkflowUpdate]
|
|
5249
|
+
#
|
|
5250
|
+
# @!attribute [rw] related_findings
|
|
5251
|
+
# A list of findings that are related to the updated findings.
|
|
5252
|
+
# @return [Array<Types::RelatedFinding>]
|
|
5253
|
+
#
|
|
5254
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsRequest AWS API Documentation
|
|
5255
|
+
#
|
|
5256
|
+
class BatchUpdateFindingsRequest < Struct.new(
|
|
5257
|
+
:finding_identifiers,
|
|
5258
|
+
:note,
|
|
5259
|
+
:severity,
|
|
5260
|
+
:verification_state,
|
|
5261
|
+
:confidence,
|
|
5262
|
+
:criticality,
|
|
5263
|
+
:types,
|
|
5264
|
+
:user_defined_fields,
|
|
5265
|
+
:workflow,
|
|
5266
|
+
:related_findings)
|
|
5267
|
+
include Aws::Structure
|
|
5268
|
+
end
|
|
5269
|
+
|
|
5270
|
+
# @!attribute [rw] processed_findings
|
|
5271
|
+
# The list of findings that were updated successfully.
|
|
5272
|
+
# @return [Array<Types::AwsSecurityFindingIdentifier>]
|
|
5273
|
+
#
|
|
5274
|
+
# @!attribute [rw] unprocessed_findings
|
|
5275
|
+
# The list of findings that were not updated.
|
|
5276
|
+
# @return [Array<Types::BatchUpdateFindingsUnprocessedFinding>]
|
|
5277
|
+
#
|
|
5278
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsResponse AWS API Documentation
|
|
5279
|
+
#
|
|
5280
|
+
class BatchUpdateFindingsResponse < Struct.new(
|
|
5281
|
+
:processed_findings,
|
|
5282
|
+
:unprocessed_findings)
|
|
5283
|
+
include Aws::Structure
|
|
5284
|
+
end
|
|
5285
|
+
|
|
5286
|
+
# A finding from a `BatchUpdateFindings` request that Security Hub was
|
|
5287
|
+
# unable to update.
|
|
5095
5288
|
#
|
|
5096
|
-
#
|
|
5289
|
+
# @!attribute [rw] finding_identifier
|
|
5290
|
+
# The identifier of the finding that was not updated.
|
|
5291
|
+
# @return [Types::AwsSecurityFindingIdentifier]
|
|
5097
5292
|
#
|
|
5098
|
-
#
|
|
5293
|
+
# @!attribute [rw] error_code
|
|
5294
|
+
# The code associated with the error.
|
|
5295
|
+
# @return [String]
|
|
5099
5296
|
#
|
|
5100
|
-
#
|
|
5101
|
-
#
|
|
5297
|
+
# @!attribute [rw] error_message
|
|
5298
|
+
# The message associated with the error.
|
|
5299
|
+
# @return [String]
|
|
5102
5300
|
#
|
|
5103
|
-
#
|
|
5104
|
-
# resource.
|
|
5301
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsUnprocessedFinding AWS API Documentation
|
|
5105
5302
|
#
|
|
5106
|
-
|
|
5107
|
-
|
|
5108
|
-
|
|
5109
|
-
|
|
5110
|
-
|
|
5303
|
+
class BatchUpdateFindingsUnprocessedFinding < Struct.new(
|
|
5304
|
+
:finding_identifier,
|
|
5305
|
+
:error_code,
|
|
5306
|
+
:error_message)
|
|
5307
|
+
include Aws::Structure
|
|
5308
|
+
end
|
|
5309
|
+
|
|
5310
|
+
# Contains finding details that are specific to control-based findings.
|
|
5311
|
+
# Only returned for findings generated from controls.
|
|
5111
5312
|
#
|
|
5112
5313
|
# @note When making an API call, you may pass Compliance
|
|
5113
5314
|
# data as a hash:
|
|
@@ -5115,21 +5316,57 @@ module Aws::SecurityHub
|
|
|
5115
5316
|
# {
|
|
5116
5317
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
5117
5318
|
# related_requirements: ["NonEmptyString"],
|
|
5319
|
+
# status_reasons: [
|
|
5320
|
+
# {
|
|
5321
|
+
# reason_code: "NonEmptyString", # required
|
|
5322
|
+
# description: "NonEmptyString",
|
|
5323
|
+
# },
|
|
5324
|
+
# ],
|
|
5118
5325
|
# }
|
|
5119
5326
|
#
|
|
5120
5327
|
# @!attribute [rw] status
|
|
5121
5328
|
# The result of a standards check.
|
|
5329
|
+
#
|
|
5330
|
+
# The valid values for `Status` are as follows.
|
|
5331
|
+
#
|
|
5332
|
+
# * * `PASSED` - Standards check passed for all evaluated resources.
|
|
5333
|
+
#
|
|
5334
|
+
# * `WARNING` - Some information is missing or this check is not
|
|
5335
|
+
# supported for your configuration.
|
|
5336
|
+
#
|
|
5337
|
+
# * `FAILED` - Standards check failed for at least one evaluated
|
|
5338
|
+
# resource.
|
|
5339
|
+
#
|
|
5340
|
+
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
|
5341
|
+
# outage, API error, or because the result of the AWS Config
|
|
5342
|
+
# evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
|
|
5343
|
+
# result was `NOT_APPLICABLE`, then after 3 days, Security Hub
|
|
5344
|
+
# automatically archives the finding.
|
|
5122
5345
|
# @return [String]
|
|
5123
5346
|
#
|
|
5124
5347
|
# @!attribute [rw] related_requirements
|
|
5125
|
-
#
|
|
5348
|
+
# For a control, the industry or regulatory framework requirements
|
|
5349
|
+
# that are related to the control. The check for that control is
|
|
5350
|
+
# aligned with these requirements.
|
|
5126
5351
|
# @return [Array<String>]
|
|
5127
5352
|
#
|
|
5353
|
+
# @!attribute [rw] status_reasons
|
|
5354
|
+
# For findings generated from controls, a list of reasons behind the
|
|
5355
|
+
# value of `Status`. For the list of status reason codes and their
|
|
5356
|
+
# meanings, see [Standards-related information in the ASFF][1] in the
|
|
5357
|
+
# *AWS Security Hub User Guide*.
|
|
5358
|
+
#
|
|
5359
|
+
#
|
|
5360
|
+
#
|
|
5361
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
|
|
5362
|
+
# @return [Array<Types::StatusReason>]
|
|
5363
|
+
#
|
|
5128
5364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
|
|
5129
5365
|
#
|
|
5130
5366
|
class Compliance < Struct.new(
|
|
5131
5367
|
:status,
|
|
5132
|
-
:related_requirements
|
|
5368
|
+
:related_requirements,
|
|
5369
|
+
:status_reasons)
|
|
5133
5370
|
include Aws::Structure
|
|
5134
5371
|
end
|
|
5135
5372
|
|
|
@@ -6401,7 +6638,7 @@ module Aws::SecurityHub
|
|
|
6401
6638
|
# }
|
|
6402
6639
|
#
|
|
6403
6640
|
# @!attribute [rw] tags
|
|
6404
|
-
# The tags to add to the
|
|
6641
|
+
# The tags to add to the hub resource when you enable Security Hub.
|
|
6405
6642
|
# @return [Hash<String,String>]
|
|
6406
6643
|
#
|
|
6407
6644
|
# @!attribute [rw] enable_default_standards
|
|
@@ -9085,7 +9322,7 @@ module Aws::SecurityHub
|
|
|
9085
9322
|
# @return [Types::AwsEc2InstanceDetails]
|
|
9086
9323
|
#
|
|
9087
9324
|
# @!attribute [rw] aws_ec2_network_interface
|
|
9088
|
-
# Details for an
|
|
9325
|
+
# Details for an Amazon EC2 network interface.
|
|
9089
9326
|
# @return [Types::AwsEc2NetworkInterfaceDetails]
|
|
9090
9327
|
#
|
|
9091
9328
|
# @!attribute [rw] aws_ec2_security_group
|
|
@@ -9101,7 +9338,7 @@ module Aws::SecurityHub
|
|
|
9101
9338
|
# @return [Types::AwsElasticsearchDomainDetails]
|
|
9102
9339
|
#
|
|
9103
9340
|
# @!attribute [rw] aws_s3_bucket
|
|
9104
|
-
# Details about an Amazon S3
|
|
9341
|
+
# Details about an Amazon S3 bucket related to a finding.
|
|
9105
9342
|
# @return [Types::AwsS3BucketDetails]
|
|
9106
9343
|
#
|
|
9107
9344
|
# @!attribute [rw] aws_s3_object
|
|
@@ -9129,7 +9366,7 @@ module Aws::SecurityHub
|
|
|
9129
9366
|
# @return [Types::AwsLambdaLayerVersionDetails]
|
|
9130
9367
|
#
|
|
9131
9368
|
# @!attribute [rw] aws_rds_db_instance
|
|
9132
|
-
# Details for an RDS database instance.
|
|
9369
|
+
# Details for an Amazon RDS database instance.
|
|
9133
9370
|
# @return [Types::AwsRdsDbInstanceDetails]
|
|
9134
9371
|
#
|
|
9135
9372
|
# @!attribute [rw] aws_sns_topic
|
|
@@ -9232,9 +9469,13 @@ module Aws::SecurityHub
|
|
|
9232
9469
|
# product: 1.0,
|
|
9233
9470
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
9234
9471
|
# normalized: 1,
|
|
9472
|
+
# original: "NonEmptyString",
|
|
9235
9473
|
# }
|
|
9236
9474
|
#
|
|
9237
9475
|
# @!attribute [rw] product
|
|
9476
|
+
# Deprecated. This attribute is being deprecated. Instead of providing
|
|
9477
|
+
# `Product`, provide `Original`.
|
|
9478
|
+
#
|
|
9238
9479
|
# The native severity as defined by the AWS service or integrated
|
|
9239
9480
|
# partner product that generated the finding.
|
|
9240
9481
|
# @return [Float]
|
|
@@ -9273,12 +9514,77 @@ module Aws::SecurityHub
|
|
|
9273
9514
|
# * 90–100 - `CRITICAL`
|
|
9274
9515
|
# @return [Integer]
|
|
9275
9516
|
#
|
|
9517
|
+
# @!attribute [rw] original
|
|
9518
|
+
# The native severity from the finding product that generated the
|
|
9519
|
+
# finding.
|
|
9520
|
+
# @return [String]
|
|
9521
|
+
#
|
|
9276
9522
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
|
|
9277
9523
|
#
|
|
9278
9524
|
class Severity < Struct.new(
|
|
9279
9525
|
:product,
|
|
9280
9526
|
:label,
|
|
9281
|
-
:normalized
|
|
9527
|
+
:normalized,
|
|
9528
|
+
:original)
|
|
9529
|
+
include Aws::Structure
|
|
9530
|
+
end
|
|
9531
|
+
|
|
9532
|
+
# Updates to the severity information for a finding.
|
|
9533
|
+
#
|
|
9534
|
+
# @note When making an API call, you may pass SeverityUpdate
|
|
9535
|
+
# data as a hash:
|
|
9536
|
+
#
|
|
9537
|
+
# {
|
|
9538
|
+
# normalized: 1,
|
|
9539
|
+
# product: 1.0,
|
|
9540
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
9541
|
+
# }
|
|
9542
|
+
#
|
|
9543
|
+
# @!attribute [rw] normalized
|
|
9544
|
+
# The normalized severity for the finding. This attribute is to be
|
|
9545
|
+
# deprecated in favor of `Label`.
|
|
9546
|
+
#
|
|
9547
|
+
# If you provide `Normalized` and do not provide `Label`, `Label` is
|
|
9548
|
+
# set automatically as follows.
|
|
9549
|
+
#
|
|
9550
|
+
# * 0 - `INFORMATIONAL`
|
|
9551
|
+
#
|
|
9552
|
+
# * 1–39 - `LOW`
|
|
9553
|
+
#
|
|
9554
|
+
# * 40–69 - `MEDIUM`
|
|
9555
|
+
#
|
|
9556
|
+
# * 70–89 - `HIGH`
|
|
9557
|
+
#
|
|
9558
|
+
# * 90–100 - `CRITICAL`
|
|
9559
|
+
# @return [Integer]
|
|
9560
|
+
#
|
|
9561
|
+
# @!attribute [rw] product
|
|
9562
|
+
# The native severity as defined by the AWS service or integrated
|
|
9563
|
+
# partner product that generated the finding.
|
|
9564
|
+
# @return [Float]
|
|
9565
|
+
#
|
|
9566
|
+
# @!attribute [rw] label
|
|
9567
|
+
# The severity value of the finding. The allowed values are the
|
|
9568
|
+
# following.
|
|
9569
|
+
#
|
|
9570
|
+
# * `INFORMATIONAL` - No issue was found.
|
|
9571
|
+
#
|
|
9572
|
+
# * `LOW` - The issue does not require action on its own.
|
|
9573
|
+
#
|
|
9574
|
+
# * `MEDIUM` - The issue must be addressed but not urgently.
|
|
9575
|
+
#
|
|
9576
|
+
# * `HIGH` - The issue must be addressed as a priority.
|
|
9577
|
+
#
|
|
9578
|
+
# * `CRITICAL` - The issue must be remediated immediately to avoid it
|
|
9579
|
+
# escalating.
|
|
9580
|
+
# @return [String]
|
|
9581
|
+
#
|
|
9582
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SeverityUpdate AWS API Documentation
|
|
9583
|
+
#
|
|
9584
|
+
class SeverityUpdate < Struct.new(
|
|
9585
|
+
:normalized,
|
|
9586
|
+
:product,
|
|
9587
|
+
:label)
|
|
9282
9588
|
include Aws::Structure
|
|
9283
9589
|
end
|
|
9284
9590
|
|
|
@@ -9469,6 +9775,38 @@ module Aws::SecurityHub
|
|
|
9469
9775
|
include Aws::Structure
|
|
9470
9776
|
end
|
|
9471
9777
|
|
|
9778
|
+
# Provides additional context for the value of `Compliance.Status`.
|
|
9779
|
+
#
|
|
9780
|
+
# @note When making an API call, you may pass StatusReason
|
|
9781
|
+
# data as a hash:
|
|
9782
|
+
#
|
|
9783
|
+
# {
|
|
9784
|
+
# reason_code: "NonEmptyString", # required
|
|
9785
|
+
# description: "NonEmptyString",
|
|
9786
|
+
# }
|
|
9787
|
+
#
|
|
9788
|
+
# @!attribute [rw] reason_code
|
|
9789
|
+
# A code that represents a reason for the control status. For the list
|
|
9790
|
+
# of status reason codes and their meanings, see [Standards-related
|
|
9791
|
+
# information in the ASFF][1] in the *AWS Security Hub User Guide*.
|
|
9792
|
+
#
|
|
9793
|
+
#
|
|
9794
|
+
#
|
|
9795
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
|
|
9796
|
+
# @return [String]
|
|
9797
|
+
#
|
|
9798
|
+
# @!attribute [rw] description
|
|
9799
|
+
# The corresponding description for the status reason code.
|
|
9800
|
+
# @return [String]
|
|
9801
|
+
#
|
|
9802
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatusReason AWS API Documentation
|
|
9803
|
+
#
|
|
9804
|
+
class StatusReason < Struct.new(
|
|
9805
|
+
:reason_code,
|
|
9806
|
+
:description)
|
|
9807
|
+
include Aws::Structure
|
|
9808
|
+
end
|
|
9809
|
+
|
|
9472
9810
|
# A string filter for querying findings.
|
|
9473
9811
|
#
|
|
9474
9812
|
# @note When making an API call, you may pass StringFilter
|
|
@@ -10862,7 +11200,7 @@ module Aws::SecurityHub
|
|
|
10862
11200
|
class UpdateStandardsControlResponse < Aws::EmptyStructure; end
|
|
10863
11201
|
|
|
10864
11202
|
# Details about the action that CloudFront or AWS WAF takes when a web
|
|
10865
|
-
# request matches the conditions in the
|
|
11203
|
+
# request matches the conditions in the rule.
|
|
10866
11204
|
#
|
|
10867
11205
|
# @note When making an API call, you may pass WafAction
|
|
10868
11206
|
# data as a hash:
|
|
@@ -10873,7 +11211,7 @@ module Aws::SecurityHub
|
|
|
10873
11211
|
#
|
|
10874
11212
|
# @!attribute [rw] type
|
|
10875
11213
|
# Specifies how you want AWS WAF to respond to requests that match the
|
|
10876
|
-
# settings in a
|
|
11214
|
+
# settings in a rule.
|
|
10877
11215
|
#
|
|
10878
11216
|
# Valid settings include the following:
|
|
10879
11217
|
#
|
|
@@ -10926,7 +11264,7 @@ module Aws::SecurityHub
|
|
|
10926
11264
|
#
|
|
10927
11265
|
# @!attribute [rw] type
|
|
10928
11266
|
# `COUNT` overrides the action specified by the individual rule within
|
|
10929
|
-
# a RuleGroup .
|
|
11267
|
+
# a `RuleGroup` .
|
|
10930
11268
|
#
|
|
10931
11269
|
# If set to `NONE`, the rule's action takes place.
|
|
10932
11270
|
# @return [String]
|
|
@@ -10972,5 +11310,38 @@ module Aws::SecurityHub
|
|
|
10972
11310
|
include Aws::Structure
|
|
10973
11311
|
end
|
|
10974
11312
|
|
|
11313
|
+
# Used to update information about the investigation into the finding.
|
|
11314
|
+
#
|
|
11315
|
+
# @note When making an API call, you may pass WorkflowUpdate
|
|
11316
|
+
# data as a hash:
|
|
11317
|
+
#
|
|
11318
|
+
# {
|
|
11319
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
|
11320
|
+
# }
|
|
11321
|
+
#
|
|
11322
|
+
# @!attribute [rw] status
|
|
11323
|
+
# The status of the investigation into the finding. The allowed values
|
|
11324
|
+
# are the following.
|
|
11325
|
+
#
|
|
11326
|
+
# * `NEW` - The initial state of a finding, before it is reviewed.
|
|
11327
|
+
#
|
|
11328
|
+
# * `NOTIFIED` - Indicates that you notified the resource owner about
|
|
11329
|
+
# the security issue. Used when the initial reviewer is not the
|
|
11330
|
+
# resource owner, and needs intervention from the resource owner.
|
|
11331
|
+
#
|
|
11332
|
+
# * `RESOLVED` - The finding was reviewed and remediated and is now
|
|
11333
|
+
# considered resolved.
|
|
11334
|
+
#
|
|
11335
|
+
# * `SUPPRESSED` - The finding will not be reviewed again and will not
|
|
11336
|
+
# be acted upon.
|
|
11337
|
+
# @return [String]
|
|
11338
|
+
#
|
|
11339
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WorkflowUpdate AWS API Documentation
|
|
11340
|
+
#
|
|
11341
|
+
class WorkflowUpdate < Struct.new(
|
|
11342
|
+
:status)
|
|
11343
|
+
include Aws::Structure
|
|
11344
|
+
end
|
|
11345
|
+
|
|
10975
11346
|
end
|
|
10976
11347
|
end
|