aws-sdk-securityhub 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-securityhub.rb +1 -1
- data/lib/aws-sdk-securityhub/client.rb +26 -8
- data/lib/aws-sdk-securityhub/client_api.rb +10 -0
- data/lib/aws-sdk-securityhub/types.rb +137 -64
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2cd946e32b69755d6befa63698342d383079fa365b0505bf5b0ce741d7940715
|
4
|
+
data.tar.gz: 195a3f28cad30da62ed67f9a3a4edfd8a13e31463131a0dfcc5b64fb12d34730
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 79f862ba77c2c887fdcb1e6487c6965084019c51d09b4a0d87f0f9dd2e8d1bc747e89f52a19336ee5d6db511b4a94ce47bd993fef25b0a1b1496d9a2f73a6216
|
7
|
+
data.tar.gz: 2e6379cdb8f9a058b1714dfc99ff8f64653623c57ffa1e821a3658d96a704ddc8f37a0874285ed462e4d1a307ebac1f097ebcc83b94e60f3c9079b32cacb54b5
|
data/lib/aws-sdk-securityhub.rb
CHANGED
@@ -493,6 +493,7 @@ module Aws::SecurityHub
|
|
493
493
|
# product: 1.0,
|
494
494
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
495
495
|
# normalized: 1,
|
496
|
+
# original: "NonEmptyString",
|
496
497
|
# },
|
497
498
|
# confidence: 1,
|
498
499
|
# criticality: 1,
|
@@ -943,6 +944,12 @@ module Aws::SecurityHub
|
|
943
944
|
# compliance: {
|
944
945
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
945
946
|
# related_requirements: ["NonEmptyString"],
|
947
|
+
# status_reasons: [
|
948
|
+
# {
|
949
|
+
# reason_code: "NonEmptyString", # required
|
950
|
+
# description: "NonEmptyString",
|
951
|
+
# },
|
952
|
+
# ],
|
946
953
|
# },
|
947
954
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
948
955
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
@@ -1800,7 +1807,7 @@ module Aws::SecurityHub
|
|
1800
1807
|
# Security Hub.
|
1801
1808
|
#
|
1802
1809
|
# If the account owner accepts the invitation, the account becomes a
|
1803
|
-
# member account in Security Hub
|
1810
|
+
# member account in Security Hub. A permissions policy is added that
|
1804
1811
|
# permits the master account to view the findings generated in the
|
1805
1812
|
# member account. When Security Hub is enabled in the invited account,
|
1806
1813
|
# findings start to be sent to both the member and master accounts.
|
@@ -2335,8 +2342,8 @@ module Aws::SecurityHub
|
|
2335
2342
|
# Enables the integration of a partner product with Security Hub.
|
2336
2343
|
# Integrated products send findings to Security Hub.
|
2337
2344
|
#
|
2338
|
-
# When you enable a product integration, a
|
2339
|
-
# permission for the product to send findings to Security Hub is
|
2345
|
+
# When you enable a product integration, a permissions policy that
|
2346
|
+
# grants permission for the product to send findings to Security Hub is
|
2340
2347
|
# applied.
|
2341
2348
|
#
|
2342
2349
|
# @option params [required, String] :product_arn
|
@@ -2373,9 +2380,16 @@ module Aws::SecurityHub
|
|
2373
2380
|
# integrated with Security Hub.
|
2374
2381
|
#
|
2375
2382
|
# When you use the `EnableSecurityHub` operation to enable Security Hub,
|
2376
|
-
# you also automatically enable the
|
2377
|
-
#
|
2378
|
-
#
|
2383
|
+
# you also automatically enable the following standards.
|
2384
|
+
#
|
2385
|
+
# * CIS AWS Foundations
|
2386
|
+
#
|
2387
|
+
# * AWS Foundational Security Best Practices
|
2388
|
+
#
|
2389
|
+
# You do not enable the Payment Card Industry Data Security Standard
|
2390
|
+
# (PCI DSS) standard.
|
2391
|
+
#
|
2392
|
+
# To not enable the automatically enabled standards, set
|
2379
2393
|
# `EnableDefaultStandards` to `false`.
|
2380
2394
|
#
|
2381
2395
|
# After you enable Security Hub, to enable a standard, use the `
|
@@ -2390,7 +2404,7 @@ module Aws::SecurityHub
|
|
2390
2404
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html
|
2391
2405
|
#
|
2392
2406
|
# @option params [Hash<String,String>] :tags
|
2393
|
-
# The tags to add to the
|
2407
|
+
# The tags to add to the hub resource when you enable Security Hub.
|
2394
2408
|
#
|
2395
2409
|
# @option params [Boolean] :enable_default_standards
|
2396
2410
|
# Whether to enable the security standards that Security Hub has
|
@@ -3083,6 +3097,7 @@ module Aws::SecurityHub
|
|
3083
3097
|
# resp.findings[0].severity.product #=> Float
|
3084
3098
|
# resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
3085
3099
|
# resp.findings[0].severity.normalized #=> Integer
|
3100
|
+
# resp.findings[0].severity.original #=> String
|
3086
3101
|
# resp.findings[0].confidence #=> Integer
|
3087
3102
|
# resp.findings[0].criticality #=> Integer
|
3088
3103
|
# resp.findings[0].title #=> String
|
@@ -3374,6 +3389,9 @@ module Aws::SecurityHub
|
|
3374
3389
|
# resp.findings[0].compliance.status #=> String, one of "PASSED", "WARNING", "FAILED", "NOT_AVAILABLE"
|
3375
3390
|
# resp.findings[0].compliance.related_requirements #=> Array
|
3376
3391
|
# resp.findings[0].compliance.related_requirements[0] #=> String
|
3392
|
+
# resp.findings[0].compliance.status_reasons #=> Array
|
3393
|
+
# resp.findings[0].compliance.status_reasons[0].reason_code #=> String
|
3394
|
+
# resp.findings[0].compliance.status_reasons[0].description #=> String
|
3377
3395
|
# resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
|
3378
3396
|
# resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
|
3379
3397
|
# resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
|
@@ -5374,7 +5392,7 @@ module Aws::SecurityHub
|
|
5374
5392
|
params: params,
|
5375
5393
|
config: config)
|
5376
5394
|
context[:gem_name] = 'aws-sdk-securityhub'
|
5377
|
-
context[:gem_version] = '1.
|
5395
|
+
context[:gem_version] = '1.25.0'
|
5378
5396
|
Seahorse::Client::Request.new(handlers, context)
|
5379
5397
|
end
|
5380
5398
|
|
@@ -258,6 +258,8 @@ module Aws::SecurityHub
|
|
258
258
|
StandardsSubscriptionRequest = Shapes::StructureShape.new(name: 'StandardsSubscriptionRequest')
|
259
259
|
StandardsSubscriptionRequests = Shapes::ListShape.new(name: 'StandardsSubscriptionRequests')
|
260
260
|
StandardsSubscriptions = Shapes::ListShape.new(name: 'StandardsSubscriptions')
|
261
|
+
StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
|
262
|
+
StatusReasonsList = Shapes::ListShape.new(name: 'StatusReasonsList')
|
261
263
|
StringFilter = Shapes::StructureShape.new(name: 'StringFilter')
|
262
264
|
StringFilterComparison = Shapes::StringShape.new(name: 'StringFilterComparison')
|
263
265
|
StringFilterList = Shapes::ListShape.new(name: 'StringFilterList')
|
@@ -851,6 +853,7 @@ module Aws::SecurityHub
|
|
851
853
|
|
852
854
|
Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
|
853
855
|
Compliance.add_member(:related_requirements, Shapes::ShapeRef.new(shape: RelatedRequirementsList, location_name: "RelatedRequirements"))
|
856
|
+
Compliance.add_member(:status_reasons, Shapes::ShapeRef.new(shape: StatusReasonsList, location_name: "StatusReasons"))
|
854
857
|
Compliance.struct_class = Types::Compliance
|
855
858
|
|
856
859
|
ContainerDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
|
@@ -1295,6 +1298,7 @@ module Aws::SecurityHub
|
|
1295
1298
|
Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
|
1296
1299
|
Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
|
1297
1300
|
Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
|
1301
|
+
Severity.add_member(:original, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Original"))
|
1298
1302
|
Severity.struct_class = Types::Severity
|
1299
1303
|
|
1300
1304
|
SeverityUpdate.add_member(:normalized, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Normalized"))
|
@@ -1349,6 +1353,12 @@ module Aws::SecurityHub
|
|
1349
1353
|
|
1350
1354
|
StandardsSubscriptions.member = Shapes::ShapeRef.new(shape: StandardsSubscription)
|
1351
1355
|
|
1356
|
+
StatusReason.add_member(:reason_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ReasonCode"))
|
1357
|
+
StatusReason.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
|
1358
|
+
StatusReason.struct_class = Types::StatusReason
|
1359
|
+
|
1360
|
+
StatusReasonsList.member = Shapes::ShapeRef.new(shape: StatusReason)
|
1361
|
+
|
1352
1362
|
StringFilter.add_member(:value, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Value"))
|
1353
1363
|
StringFilter.add_member(:comparison, Shapes::ShapeRef.new(shape: StringFilterComparison, location_name: "Comparison"))
|
1354
1364
|
StringFilter.struct_class = Types::StringFilter
|
@@ -245,8 +245,8 @@ module Aws::SecurityHub
|
|
245
245
|
end
|
246
246
|
|
247
247
|
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
248
|
-
# example, a web server), Amazon MediaStore, or other server
|
249
|
-
# CloudFront gets your files.
|
248
|
+
# example, a web server), Amazon Elemental MediaStore, or other server
|
249
|
+
# from which CloudFront gets your files.
|
250
250
|
#
|
251
251
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
|
252
252
|
# data as a hash:
|
@@ -425,13 +425,13 @@ module Aws::SecurityHub
|
|
425
425
|
# @!attribute [rw] type
|
426
426
|
# The type of build environment to use for related builds.
|
427
427
|
#
|
428
|
-
# The environment type `ARM_CONTAINER` is available only in
|
428
|
+
# The environment type `ARM_CONTAINER` is available only in Regions US
|
429
429
|
# East (N. Virginia), US East (Ohio), US West (Oregon), Europe
|
430
430
|
# (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific
|
431
431
|
# (Sydney), and Europe (Frankfurt).
|
432
432
|
#
|
433
433
|
# The environment type `LINUX_CONTAINER` with compute type
|
434
|
-
# build.general1.2xlarge is available only in
|
434
|
+
# build.general1.2xlarge is available only in Regions US East (N.
|
435
435
|
# Virginia), US East (N. Virginia), US West (Oregon), Canada
|
436
436
|
# (Central), Europe (Ireland), Europe (London), Europe (Frankfurt),
|
437
437
|
# Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
|
@@ -439,10 +439,10 @@ module Aws::SecurityHub
|
|
439
439
|
# (Ningxia).
|
440
440
|
#
|
441
441
|
# The environment type `LINUX_GPU_CONTAINER` is available only in
|
442
|
-
#
|
442
|
+
# Regions US East (N. Virginia), US East (N. Virginia), US West
|
443
443
|
# (Oregon), Canada (Central), Europe (Ireland), Europe (London),
|
444
444
|
# Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
|
445
|
-
# Pacific (Singapore), Asia Pacific (Sydney)
|
445
|
+
# Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and
|
446
446
|
# China (Ningxia).
|
447
447
|
#
|
448
448
|
# Valid values: `WINDOWS_CONTAINER` \| `LINUX_CONTAINER` \|
|
@@ -539,8 +539,8 @@ module Aws::SecurityHub
|
|
539
539
|
# source action instead of this value.
|
540
540
|
#
|
541
541
|
# * For source code in an AWS CodeCommit repository, the HTTPS clone
|
542
|
-
# URL to the repository that contains the source code and the
|
543
|
-
#
|
542
|
+
# URL to the repository that contains the source code and the build
|
543
|
+
# spec file (for example,
|
544
544
|
# `https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name`
|
545
545
|
# ).
|
546
546
|
#
|
@@ -553,10 +553,10 @@ module Aws::SecurityHub
|
|
553
553
|
# example, `bucket-name/path/to/source-code/folder/`).
|
554
554
|
#
|
555
555
|
# * For source code in a GitHub repository, the HTTPS clone URL to the
|
556
|
-
# repository that contains the source and the
|
556
|
+
# repository that contains the source and the build spec file.
|
557
557
|
#
|
558
558
|
# * For source code in a Bitbucket repository, the HTTPS clone URL to
|
559
|
-
# the repository that contains the source and the
|
559
|
+
# the repository that contains the source and the build spec file.
|
560
560
|
# @return [String]
|
561
561
|
#
|
562
562
|
# @!attribute [rw] git_clone_depth
|
@@ -1035,9 +1035,9 @@ module Aws::SecurityHub
|
|
1035
1035
|
# }
|
1036
1036
|
#
|
1037
1037
|
# @!attribute [rw] cidr_ip
|
1038
|
-
# The IPv4 CIDR range. You can
|
1039
|
-
#
|
1040
|
-
#
|
1038
|
+
# The IPv4 CIDR range. You can specify either a CIDR range or a source
|
1039
|
+
# security group, but not both. To specify a single IPv4 address, use
|
1040
|
+
# the /32 prefix length.
|
1041
1041
|
# @return [String]
|
1042
1042
|
#
|
1043
1043
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpRange AWS API Documentation
|
@@ -1057,9 +1057,9 @@ module Aws::SecurityHub
|
|
1057
1057
|
# }
|
1058
1058
|
#
|
1059
1059
|
# @!attribute [rw] cidr_ipv_6
|
1060
|
-
# The IPv6 CIDR range. You can
|
1061
|
-
#
|
1062
|
-
#
|
1060
|
+
# The IPv6 CIDR range. You can specify either a CIDR range or a source
|
1061
|
+
# security group, but not both. To specify a single IPv6 address, use
|
1062
|
+
# the /128 prefix length.
|
1063
1063
|
# @return [String]
|
1064
1064
|
#
|
1065
1065
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpv6Range AWS API Documentation
|
@@ -1990,7 +1990,7 @@ module Aws::SecurityHub
|
|
1990
1990
|
# @return [Integer]
|
1991
1991
|
#
|
1992
1992
|
# @!attribute [rw] compatible_runtimes
|
1993
|
-
# The layer's compatible runtimes. Maximum number of
|
1993
|
+
# The layer's compatible runtimes. Maximum number of five items.
|
1994
1994
|
#
|
1995
1995
|
# Valid values: `nodejs10.x` \| `nodejs12.x` \| `java8` \| `java11` \|
|
1996
1996
|
# `python2.7` \| `python3.6` \| `python3.7` \| `python3.8` \|
|
@@ -2038,14 +2038,14 @@ module Aws::SecurityHub
|
|
2038
2038
|
# DB instance. The `Status` property returns one of the following
|
2039
2039
|
# values:
|
2040
2040
|
#
|
2041
|
-
# * `ACTIVE` -
|
2041
|
+
# * `ACTIVE` - The IAM role ARN is associated with the DB instance and
|
2042
2042
|
# can be used to access other AWS services on your behalf.
|
2043
2043
|
#
|
2044
|
-
# * `PENDING` -
|
2044
|
+
# * `PENDING` - The IAM role ARN is being associated with the DB
|
2045
2045
|
# instance.
|
2046
2046
|
#
|
2047
|
-
# * `INVALID` -
|
2048
|
-
#
|
2047
|
+
# * `INVALID` - The IAM role ARN is associated with the DB instance.
|
2048
|
+
# But the DB instance is unable to assume the IAM role in order to
|
2049
2049
|
# access other AWS services on your behalf.
|
2050
2050
|
# @return [String]
|
2051
2051
|
#
|
@@ -2419,7 +2419,7 @@ module Aws::SecurityHub
|
|
2419
2419
|
#
|
2420
2420
|
# @!attribute [rw] apply_server_side_encryption_by_default
|
2421
2421
|
# Specifies the default server-side encryption to apply to new objects
|
2422
|
-
# in the bucket. If a `PUT`
|
2422
|
+
# in the bucket. If a `PUT` object request doesn't specify any
|
2423
2423
|
# server-side encryption, this default encryption is applied.
|
2424
2424
|
# @return [Types::AwsS3BucketServerSideEncryptionByDefault]
|
2425
2425
|
#
|
@@ -2430,7 +2430,7 @@ module Aws::SecurityHub
|
|
2430
2430
|
include Aws::Structure
|
2431
2431
|
end
|
2432
2432
|
|
2433
|
-
# Details about an
|
2433
|
+
# Details about an Amazon S3 object.
|
2434
2434
|
#
|
2435
2435
|
# @note When making an API call, you may pass AwsS3ObjectDetails
|
2436
2436
|
# data as a hash:
|
@@ -2514,6 +2514,7 @@ module Aws::SecurityHub
|
|
2514
2514
|
# product: 1.0,
|
2515
2515
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
2516
2516
|
# normalized: 1,
|
2517
|
+
# original: "NonEmptyString",
|
2517
2518
|
# },
|
2518
2519
|
# confidence: 1,
|
2519
2520
|
# criticality: 1,
|
@@ -2964,6 +2965,12 @@ module Aws::SecurityHub
|
|
2964
2965
|
# compliance: {
|
2965
2966
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
2966
2967
|
# related_requirements: ["NonEmptyString"],
|
2968
|
+
# status_reasons: [
|
2969
|
+
# {
|
2970
|
+
# reason_code: "NonEmptyString", # required
|
2971
|
+
# description: "NonEmptyString",
|
2972
|
+
# },
|
2973
|
+
# ],
|
2967
2974
|
# },
|
2968
2975
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
2969
2976
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
@@ -3003,7 +3010,7 @@ module Aws::SecurityHub
|
|
3003
3010
|
# The identifier for the solution-specific component (a discrete unit
|
3004
3011
|
# of logic) that generated a finding. In various security-findings
|
3005
3012
|
# providers' solutions, this generator can be called a rule, a check,
|
3006
|
-
# a detector, a
|
3013
|
+
# a detector, a plugin, etc.
|
3007
3014
|
# @return [String]
|
3008
3015
|
#
|
3009
3016
|
# @!attribute [rw] aws_account_id
|
@@ -3772,7 +3779,7 @@ module Aws::SecurityHub
|
|
3772
3779
|
# The identifier for the solution-specific component (a discrete unit
|
3773
3780
|
# of logic) that generated a finding. In various security-findings
|
3774
3781
|
# providers' solutions, this generator can be called a rule, a check,
|
3775
|
-
# a detector, a
|
3782
|
+
# a detector, a plugin, etc.
|
3776
3783
|
# @return [Array<Types::StringFilter>]
|
3777
3784
|
#
|
3778
3785
|
# @!attribute [rw] type
|
@@ -4285,7 +4292,7 @@ module Aws::SecurityHub
|
|
4285
4292
|
# }
|
4286
4293
|
#
|
4287
4294
|
# @!attribute [rw] kms_master_key_id
|
4288
|
-
# The ID of an AWS
|
4295
|
+
# The ID of an AWS managed customer master key (CMK) for Amazon SNS or
|
4289
4296
|
# a custom CMK.
|
4290
4297
|
# @return [String]
|
4291
4298
|
#
|
@@ -4357,7 +4364,7 @@ module Aws::SecurityHub
|
|
4357
4364
|
# @return [Integer]
|
4358
4365
|
#
|
4359
4366
|
# @!attribute [rw] kms_master_key_id
|
4360
|
-
# The ID of an AWS
|
4367
|
+
# The ID of an AWS managed customer master key (CMK) for Amazon SQS or
|
4361
4368
|
# a custom CMK.
|
4362
4369
|
# @return [String]
|
4363
4370
|
#
|
@@ -4416,7 +4423,7 @@ module Aws::SecurityHub
|
|
4416
4423
|
# @return [String]
|
4417
4424
|
#
|
4418
4425
|
# @!attribute [rw] default_action
|
4419
|
-
# The action to perform if none of the
|
4426
|
+
# The action to perform if none of the rules contained in the WebACL
|
4420
4427
|
# match.
|
4421
4428
|
# @return [String]
|
4422
4429
|
#
|
@@ -4463,7 +4470,7 @@ module Aws::SecurityHub
|
|
4463
4470
|
#
|
4464
4471
|
# @!attribute [rw] action
|
4465
4472
|
# Specifies the action that CloudFront or AWS WAF takes when a web
|
4466
|
-
# request matches the conditions in the
|
4473
|
+
# request matches the conditions in the rule.
|
4467
4474
|
# @return [Types::WafAction]
|
4468
4475
|
#
|
4469
4476
|
# @!attribute [rw] excluded_rules
|
@@ -4491,15 +4498,15 @@ module Aws::SecurityHub
|
|
4491
4498
|
# @return [Types::WafOverrideAction]
|
4492
4499
|
#
|
4493
4500
|
# @!attribute [rw] priority
|
4494
|
-
# Specifies the order in which the
|
4495
|
-
# Rules with a lower value for Priority are evaluated before
|
4501
|
+
# Specifies the order in which the rules in a WebACL are evaluated.
|
4502
|
+
# Rules with a lower value for `Priority` are evaluated before rules
|
4496
4503
|
# with a higher value. The value must be a unique integer. If you add
|
4497
|
-
# multiple
|
4504
|
+
# multiple rules to a WebACL, the values do not need to be
|
4498
4505
|
# consecutive.
|
4499
4506
|
# @return [Integer]
|
4500
4507
|
#
|
4501
4508
|
# @!attribute [rw] rule_id
|
4502
|
-
# The identifier for a
|
4509
|
+
# The identifier for a rule.
|
4503
4510
|
# @return [String]
|
4504
4511
|
#
|
4505
4512
|
# @!attribute [rw] type
|
@@ -4607,6 +4614,7 @@ module Aws::SecurityHub
|
|
4607
4614
|
# product: 1.0,
|
4608
4615
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
4609
4616
|
# normalized: 1,
|
4617
|
+
# original: "NonEmptyString",
|
4610
4618
|
# },
|
4611
4619
|
# confidence: 1,
|
4612
4620
|
# criticality: 1,
|
@@ -5057,6 +5065,12 @@ module Aws::SecurityHub
|
|
5057
5065
|
# compliance: {
|
5058
5066
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
5059
5067
|
# related_requirements: ["NonEmptyString"],
|
5068
|
+
# status_reasons: [
|
5069
|
+
# {
|
5070
|
+
# reason_code: "NonEmptyString", # required
|
5071
|
+
# description: "NonEmptyString",
|
5072
|
+
# },
|
5073
|
+
# ],
|
5060
5074
|
# },
|
5061
5075
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
5062
5076
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
@@ -5293,27 +5307,8 @@ module Aws::SecurityHub
|
|
5293
5307
|
include Aws::Structure
|
5294
5308
|
end
|
5295
5309
|
|
5296
|
-
#
|
5297
|
-
#
|
5298
|
-
# AWS Foundations. Contains security standard-related finding details.
|
5299
|
-
#
|
5300
|
-
# Values include the following:
|
5301
|
-
#
|
5302
|
-
# * Allowed values are the following:
|
5303
|
-
#
|
5304
|
-
# * `PASSED` - Standards check passed for all evaluated resources.
|
5305
|
-
#
|
5306
|
-
# * `WARNING` - Some information is missing or this check is not
|
5307
|
-
# supported given your configuration.
|
5308
|
-
#
|
5309
|
-
# * `FAILED` - Standards check failed for at least one evaluated
|
5310
|
-
# resource.
|
5311
|
-
#
|
5312
|
-
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
5313
|
-
# outage, API error, or because the result of the AWS Config
|
5314
|
-
# evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
|
5315
|
-
# result was ` NOT_APPLICABLE`, then after 3 days, Security Hub
|
5316
|
-
# automatically archives the finding.
|
5310
|
+
# Contains finding details that are specific to control-based findings.
|
5311
|
+
# Only returned for findings generated from controls.
|
5317
5312
|
#
|
5318
5313
|
# @note When making an API call, you may pass Compliance
|
5319
5314
|
# data as a hash:
|
@@ -5321,21 +5316,57 @@ module Aws::SecurityHub
|
|
5321
5316
|
# {
|
5322
5317
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
5323
5318
|
# related_requirements: ["NonEmptyString"],
|
5319
|
+
# status_reasons: [
|
5320
|
+
# {
|
5321
|
+
# reason_code: "NonEmptyString", # required
|
5322
|
+
# description: "NonEmptyString",
|
5323
|
+
# },
|
5324
|
+
# ],
|
5324
5325
|
# }
|
5325
5326
|
#
|
5326
5327
|
# @!attribute [rw] status
|
5327
5328
|
# The result of a standards check.
|
5329
|
+
#
|
5330
|
+
# The valid values for `Status` are as follows.
|
5331
|
+
#
|
5332
|
+
# * * `PASSED` - Standards check passed for all evaluated resources.
|
5333
|
+
#
|
5334
|
+
# * `WARNING` - Some information is missing or this check is not
|
5335
|
+
# supported for your configuration.
|
5336
|
+
#
|
5337
|
+
# * `FAILED` - Standards check failed for at least one evaluated
|
5338
|
+
# resource.
|
5339
|
+
#
|
5340
|
+
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
5341
|
+
# outage, API error, or because the result of the AWS Config
|
5342
|
+
# evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
|
5343
|
+
# result was `NOT_APPLICABLE`, then after 3 days, Security Hub
|
5344
|
+
# automatically archives the finding.
|
5328
5345
|
# @return [String]
|
5329
5346
|
#
|
5330
5347
|
# @!attribute [rw] related_requirements
|
5331
|
-
#
|
5348
|
+
# For a control, the industry or regulatory framework requirements
|
5349
|
+
# that are related to the control. The check for that control is
|
5350
|
+
# aligned with these requirements.
|
5332
5351
|
# @return [Array<String>]
|
5333
5352
|
#
|
5353
|
+
# @!attribute [rw] status_reasons
|
5354
|
+
# For findings generated from controls, a list of reasons behind the
|
5355
|
+
# value of `Status`. For the list of status reason codes and their
|
5356
|
+
# meanings, see [Standards-related information in the ASFF][1] in the
|
5357
|
+
# *AWS Security Hub User Guide*.
|
5358
|
+
#
|
5359
|
+
#
|
5360
|
+
#
|
5361
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
|
5362
|
+
# @return [Array<Types::StatusReason>]
|
5363
|
+
#
|
5334
5364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
|
5335
5365
|
#
|
5336
5366
|
class Compliance < Struct.new(
|
5337
5367
|
:status,
|
5338
|
-
:related_requirements
|
5368
|
+
:related_requirements,
|
5369
|
+
:status_reasons)
|
5339
5370
|
include Aws::Structure
|
5340
5371
|
end
|
5341
5372
|
|
@@ -6607,7 +6638,7 @@ module Aws::SecurityHub
|
|
6607
6638
|
# }
|
6608
6639
|
#
|
6609
6640
|
# @!attribute [rw] tags
|
6610
|
-
# The tags to add to the
|
6641
|
+
# The tags to add to the hub resource when you enable Security Hub.
|
6611
6642
|
# @return [Hash<String,String>]
|
6612
6643
|
#
|
6613
6644
|
# @!attribute [rw] enable_default_standards
|
@@ -9291,7 +9322,7 @@ module Aws::SecurityHub
|
|
9291
9322
|
# @return [Types::AwsEc2InstanceDetails]
|
9292
9323
|
#
|
9293
9324
|
# @!attribute [rw] aws_ec2_network_interface
|
9294
|
-
# Details for an
|
9325
|
+
# Details for an Amazon EC2 network interface.
|
9295
9326
|
# @return [Types::AwsEc2NetworkInterfaceDetails]
|
9296
9327
|
#
|
9297
9328
|
# @!attribute [rw] aws_ec2_security_group
|
@@ -9307,7 +9338,7 @@ module Aws::SecurityHub
|
|
9307
9338
|
# @return [Types::AwsElasticsearchDomainDetails]
|
9308
9339
|
#
|
9309
9340
|
# @!attribute [rw] aws_s3_bucket
|
9310
|
-
# Details about an Amazon S3
|
9341
|
+
# Details about an Amazon S3 bucket related to a finding.
|
9311
9342
|
# @return [Types::AwsS3BucketDetails]
|
9312
9343
|
#
|
9313
9344
|
# @!attribute [rw] aws_s3_object
|
@@ -9335,7 +9366,7 @@ module Aws::SecurityHub
|
|
9335
9366
|
# @return [Types::AwsLambdaLayerVersionDetails]
|
9336
9367
|
#
|
9337
9368
|
# @!attribute [rw] aws_rds_db_instance
|
9338
|
-
# Details for an RDS database instance.
|
9369
|
+
# Details for an Amazon RDS database instance.
|
9339
9370
|
# @return [Types::AwsRdsDbInstanceDetails]
|
9340
9371
|
#
|
9341
9372
|
# @!attribute [rw] aws_sns_topic
|
@@ -9438,9 +9469,13 @@ module Aws::SecurityHub
|
|
9438
9469
|
# product: 1.0,
|
9439
9470
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
9440
9471
|
# normalized: 1,
|
9472
|
+
# original: "NonEmptyString",
|
9441
9473
|
# }
|
9442
9474
|
#
|
9443
9475
|
# @!attribute [rw] product
|
9476
|
+
# Deprecated. This attribute is being deprecated. Instead of providing
|
9477
|
+
# `Product`, provide `Original`.
|
9478
|
+
#
|
9444
9479
|
# The native severity as defined by the AWS service or integrated
|
9445
9480
|
# partner product that generated the finding.
|
9446
9481
|
# @return [Float]
|
@@ -9479,12 +9514,18 @@ module Aws::SecurityHub
|
|
9479
9514
|
# * 90–100 - `CRITICAL`
|
9480
9515
|
# @return [Integer]
|
9481
9516
|
#
|
9517
|
+
# @!attribute [rw] original
|
9518
|
+
# The native severity from the finding product that generated the
|
9519
|
+
# finding.
|
9520
|
+
# @return [String]
|
9521
|
+
#
|
9482
9522
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
|
9483
9523
|
#
|
9484
9524
|
class Severity < Struct.new(
|
9485
9525
|
:product,
|
9486
9526
|
:label,
|
9487
|
-
:normalized
|
9527
|
+
:normalized,
|
9528
|
+
:original)
|
9488
9529
|
include Aws::Structure
|
9489
9530
|
end
|
9490
9531
|
|
@@ -9734,6 +9775,38 @@ module Aws::SecurityHub
|
|
9734
9775
|
include Aws::Structure
|
9735
9776
|
end
|
9736
9777
|
|
9778
|
+
# Provides additional context for the value of `Compliance.Status`.
|
9779
|
+
#
|
9780
|
+
# @note When making an API call, you may pass StatusReason
|
9781
|
+
# data as a hash:
|
9782
|
+
#
|
9783
|
+
# {
|
9784
|
+
# reason_code: "NonEmptyString", # required
|
9785
|
+
# description: "NonEmptyString",
|
9786
|
+
# }
|
9787
|
+
#
|
9788
|
+
# @!attribute [rw] reason_code
|
9789
|
+
# A code that represents a reason for the control status. For the list
|
9790
|
+
# of status reason codes and their meanings, see [Standards-related
|
9791
|
+
# information in the ASFF][1] in the *AWS Security Hub User Guide*.
|
9792
|
+
#
|
9793
|
+
#
|
9794
|
+
#
|
9795
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
|
9796
|
+
# @return [String]
|
9797
|
+
#
|
9798
|
+
# @!attribute [rw] description
|
9799
|
+
# The corresponding description for the status reason code.
|
9800
|
+
# @return [String]
|
9801
|
+
#
|
9802
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatusReason AWS API Documentation
|
9803
|
+
#
|
9804
|
+
class StatusReason < Struct.new(
|
9805
|
+
:reason_code,
|
9806
|
+
:description)
|
9807
|
+
include Aws::Structure
|
9808
|
+
end
|
9809
|
+
|
9737
9810
|
# A string filter for querying findings.
|
9738
9811
|
#
|
9739
9812
|
# @note When making an API call, you may pass StringFilter
|
@@ -11127,7 +11200,7 @@ module Aws::SecurityHub
|
|
11127
11200
|
class UpdateStandardsControlResponse < Aws::EmptyStructure; end
|
11128
11201
|
|
11129
11202
|
# Details about the action that CloudFront or AWS WAF takes when a web
|
11130
|
-
# request matches the conditions in the
|
11203
|
+
# request matches the conditions in the rule.
|
11131
11204
|
#
|
11132
11205
|
# @note When making an API call, you may pass WafAction
|
11133
11206
|
# data as a hash:
|
@@ -11138,7 +11211,7 @@ module Aws::SecurityHub
|
|
11138
11211
|
#
|
11139
11212
|
# @!attribute [rw] type
|
11140
11213
|
# Specifies how you want AWS WAF to respond to requests that match the
|
11141
|
-
# settings in a
|
11214
|
+
# settings in a rule.
|
11142
11215
|
#
|
11143
11216
|
# Valid settings include the following:
|
11144
11217
|
#
|
@@ -11191,7 +11264,7 @@ module Aws::SecurityHub
|
|
11191
11264
|
#
|
11192
11265
|
# @!attribute [rw] type
|
11193
11266
|
# `COUNT` overrides the action specified by the individual rule within
|
11194
|
-
# a RuleGroup .
|
11267
|
+
# a `RuleGroup` .
|
11195
11268
|
#
|
11196
11269
|
# If set to `NONE`, the rule's action takes place.
|
11197
11270
|
# @return [String]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-securityhub
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.25.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-05-
|
11
|
+
date: 2020-05-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|