aws-sdk-securityhub 1.35.0 → 1.40.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-securityhub.rb +1 -1
  3. data/lib/aws-sdk-securityhub/client.rb +480 -41
  4. data/lib/aws-sdk-securityhub/client_api.rb +269 -7
  5. data/lib/aws-sdk-securityhub/types.rb +1786 -26
  6. metadata +4 -4
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -64,7 +64,7 @@ module Aws::SecurityHub
64
64
  # data as a hash:
65
65
  #
66
66
  # {
67
- # account_id: "AccountId",
67
+ # account_id: "AccountId", # required
68
68
  # email: "NonEmptyString",
69
69
  # }
70
70
  #
@@ -85,6 +85,313 @@ module Aws::SecurityHub
85
85
  include Aws::Structure
86
86
  end
87
87
 
88
+ # Provides details about one of the following actions that affects or
89
+ # that was taken on a resource:
90
+ #
91
+ # * A remote IP address issued an AWS API call
92
+ #
93
+ # * A DNS request was received
94
+ #
95
+ # * A remote IP address attempted to connect to an EC2 instance
96
+ #
97
+ # * A remote IP address attempted a port probe on an EC2 instance
98
+ #
99
+ # @note When making an API call, you may pass Action
100
+ # data as a hash:
101
+ #
102
+ # {
103
+ # action_type: "NonEmptyString",
104
+ # network_connection_action: {
105
+ # connection_direction: "NonEmptyString",
106
+ # remote_ip_details: {
107
+ # ip_address_v4: "NonEmptyString",
108
+ # organization: {
109
+ # asn: 1,
110
+ # asn_org: "NonEmptyString",
111
+ # isp: "NonEmptyString",
112
+ # org: "NonEmptyString",
113
+ # },
114
+ # country: {
115
+ # country_code: "NonEmptyString",
116
+ # country_name: "NonEmptyString",
117
+ # },
118
+ # city: {
119
+ # city_name: "NonEmptyString",
120
+ # },
121
+ # geo_location: {
122
+ # lon: 1.0,
123
+ # lat: 1.0,
124
+ # },
125
+ # },
126
+ # remote_port_details: {
127
+ # port: 1,
128
+ # port_name: "NonEmptyString",
129
+ # },
130
+ # local_port_details: {
131
+ # port: 1,
132
+ # port_name: "NonEmptyString",
133
+ # },
134
+ # protocol: "NonEmptyString",
135
+ # blocked: false,
136
+ # },
137
+ # aws_api_call_action: {
138
+ # api: "NonEmptyString",
139
+ # service_name: "NonEmptyString",
140
+ # caller_type: "NonEmptyString",
141
+ # remote_ip_details: {
142
+ # ip_address_v4: "NonEmptyString",
143
+ # organization: {
144
+ # asn: 1,
145
+ # asn_org: "NonEmptyString",
146
+ # isp: "NonEmptyString",
147
+ # org: "NonEmptyString",
148
+ # },
149
+ # country: {
150
+ # country_code: "NonEmptyString",
151
+ # country_name: "NonEmptyString",
152
+ # },
153
+ # city: {
154
+ # city_name: "NonEmptyString",
155
+ # },
156
+ # geo_location: {
157
+ # lon: 1.0,
158
+ # lat: 1.0,
159
+ # },
160
+ # },
161
+ # domain_details: {
162
+ # domain: "NonEmptyString",
163
+ # },
164
+ # affected_resources: {
165
+ # "NonEmptyString" => "NonEmptyString",
166
+ # },
167
+ # first_seen: "NonEmptyString",
168
+ # last_seen: "NonEmptyString",
169
+ # },
170
+ # dns_request_action: {
171
+ # domain: "NonEmptyString",
172
+ # protocol: "NonEmptyString",
173
+ # blocked: false,
174
+ # },
175
+ # port_probe_action: {
176
+ # port_probe_details: [
177
+ # {
178
+ # local_port_details: {
179
+ # port: 1,
180
+ # port_name: "NonEmptyString",
181
+ # },
182
+ # local_ip_details: {
183
+ # ip_address_v4: "NonEmptyString",
184
+ # },
185
+ # remote_ip_details: {
186
+ # ip_address_v4: "NonEmptyString",
187
+ # organization: {
188
+ # asn: 1,
189
+ # asn_org: "NonEmptyString",
190
+ # isp: "NonEmptyString",
191
+ # org: "NonEmptyString",
192
+ # },
193
+ # country: {
194
+ # country_code: "NonEmptyString",
195
+ # country_name: "NonEmptyString",
196
+ # },
197
+ # city: {
198
+ # city_name: "NonEmptyString",
199
+ # },
200
+ # geo_location: {
201
+ # lon: 1.0,
202
+ # lat: 1.0,
203
+ # },
204
+ # },
205
+ # },
206
+ # ],
207
+ # blocked: false,
208
+ # },
209
+ # }
210
+ #
211
+ # @!attribute [rw] action_type
212
+ # The type of action that was detected. The possible action types are:
213
+ #
214
+ # * `NETWORK_CONNECTION`
215
+ #
216
+ # * `AWS_API_CALL`
217
+ #
218
+ # * `DNS_REQUEST`
219
+ #
220
+ # * `PORT_PROBE`
221
+ # @return [String]
222
+ #
223
+ # @!attribute [rw] network_connection_action
224
+ # Included if `ActionType` is `NETWORK_CONNECTION`. Provides details
225
+ # about the network connection that was detected.
226
+ # @return [Types::NetworkConnectionAction]
227
+ #
228
+ # @!attribute [rw] aws_api_call_action
229
+ # Included if `ActionType` is `AWS_API_CALL`. Provides details about
230
+ # the API call that was detected.
231
+ # @return [Types::AwsApiCallAction]
232
+ #
233
+ # @!attribute [rw] dns_request_action
234
+ # Included if `ActionType` is `DNS_REQUEST`. Provides details about
235
+ # the DNS request that was detected.
236
+ # @return [Types::DnsRequestAction]
237
+ #
238
+ # @!attribute [rw] port_probe_action
239
+ # Included if `ActionType` is `PORT_PROBE`. Provides details about the
240
+ # port probe that was detected.
241
+ # @return [Types::PortProbeAction]
242
+ #
243
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Action AWS API Documentation
244
+ #
245
+ class Action < Struct.new(
246
+ :action_type,
247
+ :network_connection_action,
248
+ :aws_api_call_action,
249
+ :dns_request_action,
250
+ :port_probe_action)
251
+ SENSITIVE = []
252
+ include Aws::Structure
253
+ end
254
+
255
+ # Provides information about the IP address where the scanned port is
256
+ # located.
257
+ #
258
+ # @note When making an API call, you may pass ActionLocalIpDetails
259
+ # data as a hash:
260
+ #
261
+ # {
262
+ # ip_address_v4: "NonEmptyString",
263
+ # }
264
+ #
265
+ # @!attribute [rw] ip_address_v4
266
+ # The IP address.
267
+ # @return [String]
268
+ #
269
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalIpDetails AWS API Documentation
270
+ #
271
+ class ActionLocalIpDetails < Struct.new(
272
+ :ip_address_v4)
273
+ SENSITIVE = []
274
+ include Aws::Structure
275
+ end
276
+
277
+ # For `NetworkConnectionAction` and `PortProbeDetails`,
278
+ # `LocalPortDetails` provides information about the local port that was
279
+ # involved in the action.
280
+ #
281
+ # @note When making an API call, you may pass ActionLocalPortDetails
282
+ # data as a hash:
283
+ #
284
+ # {
285
+ # port: 1,
286
+ # port_name: "NonEmptyString",
287
+ # }
288
+ #
289
+ # @!attribute [rw] port
290
+ # The number of the port.
291
+ # @return [Integer]
292
+ #
293
+ # @!attribute [rw] port_name
294
+ # The port name of the local connection.
295
+ # @return [String]
296
+ #
297
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalPortDetails AWS API Documentation
298
+ #
299
+ class ActionLocalPortDetails < Struct.new(
300
+ :port,
301
+ :port_name)
302
+ SENSITIVE = []
303
+ include Aws::Structure
304
+ end
305
+
306
+ # For `AwsApiAction`, `NetworkConnectionAction`, and `PortProbeAction`,
307
+ # `RemoteIpDetails` provides information about the remote IP address
308
+ # that was involved in the action.
309
+ #
310
+ # @note When making an API call, you may pass ActionRemoteIpDetails
311
+ # data as a hash:
312
+ #
313
+ # {
314
+ # ip_address_v4: "NonEmptyString",
315
+ # organization: {
316
+ # asn: 1,
317
+ # asn_org: "NonEmptyString",
318
+ # isp: "NonEmptyString",
319
+ # org: "NonEmptyString",
320
+ # },
321
+ # country: {
322
+ # country_code: "NonEmptyString",
323
+ # country_name: "NonEmptyString",
324
+ # },
325
+ # city: {
326
+ # city_name: "NonEmptyString",
327
+ # },
328
+ # geo_location: {
329
+ # lon: 1.0,
330
+ # lat: 1.0,
331
+ # },
332
+ # }
333
+ #
334
+ # @!attribute [rw] ip_address_v4
335
+ # The IP address.
336
+ # @return [String]
337
+ #
338
+ # @!attribute [rw] organization
339
+ # The internet service provider (ISP) organization associated with the
340
+ # remote IP address.
341
+ # @return [Types::IpOrganizationDetails]
342
+ #
343
+ # @!attribute [rw] country
344
+ # The country where the remote IP address is located.
345
+ # @return [Types::Country]
346
+ #
347
+ # @!attribute [rw] city
348
+ # The city where the remote IP address is located.
349
+ # @return [Types::City]
350
+ #
351
+ # @!attribute [rw] geo_location
352
+ # The coordinates of the location of the remote IP address.
353
+ # @return [Types::GeoLocation]
354
+ #
355
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemoteIpDetails AWS API Documentation
356
+ #
357
+ class ActionRemoteIpDetails < Struct.new(
358
+ :ip_address_v4,
359
+ :organization,
360
+ :country,
361
+ :city,
362
+ :geo_location)
363
+ SENSITIVE = []
364
+ include Aws::Structure
365
+ end
366
+
367
+ # Provides information about the remote port that was involved in an
368
+ # attempted network connection.
369
+ #
370
+ # @note When making an API call, you may pass ActionRemotePortDetails
371
+ # data as a hash:
372
+ #
373
+ # {
374
+ # port: 1,
375
+ # port_name: "NonEmptyString",
376
+ # }
377
+ #
378
+ # @!attribute [rw] port
379
+ # The number of the port.
380
+ # @return [Integer]
381
+ #
382
+ # @!attribute [rw] port_name
383
+ # The port name of the remote connection.
384
+ # @return [String]
385
+ #
386
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemotePortDetails AWS API Documentation
387
+ #
388
+ class ActionRemotePortDetails < Struct.new(
389
+ :port,
390
+ :port_name)
391
+ SENSITIVE = []
392
+ include Aws::Structure
393
+ end
394
+
88
395
  # An `ActionTarget` object.
89
396
  #
90
397
  # @!attribute [rw] action_target_arn
@@ -109,6 +416,29 @@ module Aws::SecurityHub
109
416
  include Aws::Structure
110
417
  end
111
418
 
419
+ # Represents a Security Hub administrator account designated by an
420
+ # organization management account.
421
+ #
422
+ # @!attribute [rw] account_id
423
+ # The AWS account identifier of the Security Hub administrator
424
+ # account.
425
+ # @return [String]
426
+ #
427
+ # @!attribute [rw] status
428
+ # The current status of the Security Hub administrator account.
429
+ # Indicates whether the account is currently enabled as a Security Hub
430
+ # administrator.
431
+ # @return [String]
432
+ #
433
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AdminAccount AWS API Documentation
434
+ #
435
+ class AdminAccount < Struct.new(
436
+ :account_id,
437
+ :status)
438
+ SENSITIVE = []
439
+ include Aws::Structure
440
+ end
441
+
112
442
  # Information about an Availability Zone.
113
443
  #
114
444
  # @note When making an API call, you may pass AvailabilityZone
@@ -137,6 +467,120 @@ module Aws::SecurityHub
137
467
  include Aws::Structure
138
468
  end
139
469
 
470
+ # Provided if `ActionType` is `AWS_API_CALL`. It provides details about
471
+ # the API call that was detected.
472
+ #
473
+ # @note When making an API call, you may pass AwsApiCallAction
474
+ # data as a hash:
475
+ #
476
+ # {
477
+ # api: "NonEmptyString",
478
+ # service_name: "NonEmptyString",
479
+ # caller_type: "NonEmptyString",
480
+ # remote_ip_details: {
481
+ # ip_address_v4: "NonEmptyString",
482
+ # organization: {
483
+ # asn: 1,
484
+ # asn_org: "NonEmptyString",
485
+ # isp: "NonEmptyString",
486
+ # org: "NonEmptyString",
487
+ # },
488
+ # country: {
489
+ # country_code: "NonEmptyString",
490
+ # country_name: "NonEmptyString",
491
+ # },
492
+ # city: {
493
+ # city_name: "NonEmptyString",
494
+ # },
495
+ # geo_location: {
496
+ # lon: 1.0,
497
+ # lat: 1.0,
498
+ # },
499
+ # },
500
+ # domain_details: {
501
+ # domain: "NonEmptyString",
502
+ # },
503
+ # affected_resources: {
504
+ # "NonEmptyString" => "NonEmptyString",
505
+ # },
506
+ # first_seen: "NonEmptyString",
507
+ # last_seen: "NonEmptyString",
508
+ # }
509
+ #
510
+ # @!attribute [rw] api
511
+ # The name of the API method that was issued.
512
+ # @return [String]
513
+ #
514
+ # @!attribute [rw] service_name
515
+ # The name of the AWS service that the API method belongs to.
516
+ # @return [String]
517
+ #
518
+ # @!attribute [rw] caller_type
519
+ # Indicates whether the API call originated from a remote IP address
520
+ # (`remoteip`) or from a DNS domain (`domain`).
521
+ # @return [String]
522
+ #
523
+ # @!attribute [rw] remote_ip_details
524
+ # Provided if `CallerType` is `remoteIp`. Provides information about
525
+ # the remote IP address that the API call originated from.
526
+ # @return [Types::ActionRemoteIpDetails]
527
+ #
528
+ # @!attribute [rw] domain_details
529
+ # Provided if `CallerType` is `domain`. Provides information about the
530
+ # DNS domain that the API call originated from.
531
+ # @return [Types::AwsApiCallActionDomainDetails]
532
+ #
533
+ # @!attribute [rw] affected_resources
534
+ # Identifies the resources that were affected by the API call.
535
+ # @return [Hash<String,String>]
536
+ #
537
+ # @!attribute [rw] first_seen
538
+ # An ISO8601-formatted timestamp that indicates when the API call was
539
+ # first observed.
540
+ # @return [String]
541
+ #
542
+ # @!attribute [rw] last_seen
543
+ # An ISO8601-formatted timestamp that indicates when the API call was
544
+ # most recently observed.
545
+ # @return [String]
546
+ #
547
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallAction AWS API Documentation
548
+ #
549
+ class AwsApiCallAction < Struct.new(
550
+ :api,
551
+ :service_name,
552
+ :caller_type,
553
+ :remote_ip_details,
554
+ :domain_details,
555
+ :affected_resources,
556
+ :first_seen,
557
+ :last_seen)
558
+ SENSITIVE = []
559
+ include Aws::Structure
560
+ end
561
+
562
+ # Provided if `CallerType` is `domain`. It provides information about
563
+ # the DNS domain that issued the API call.
564
+ #
565
+ # @note When making an API call, you may pass AwsApiCallActionDomainDetails
566
+ # data as a hash:
567
+ #
568
+ # {
569
+ # domain: "NonEmptyString",
570
+ # }
571
+ #
572
+ # @!attribute [rw] domain
573
+ # The name of the DNS domain that issued the API call.
574
+ # @return [String]
575
+ #
576
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallActionDomainDetails AWS API Documentation
577
+ #
578
+ class AwsApiCallActionDomainDetails < Struct.new(
579
+ :domain)
580
+ SENSITIVE = []
581
+ include Aws::Structure
582
+ end
583
+
140
584
  # Contains information about settings for logging access for the stage.
141
585
  #
142
586
  # @note When making an API call, you may pass AwsApiGatewayAccessLogSettings
@@ -3465,6 +3909,19 @@ module Aws::SecurityHub
3465
3909
  # },
3466
3910
  # ],
3467
3911
  # source_dest_check: false,
3912
+ # ip_v6_addresses: [
3913
+ # {
3914
+ # ip_v6_address: "NonEmptyString",
3915
+ # },
3916
+ # ],
3917
+ # private_ip_addresses: [
3918
+ # {
3919
+ # private_ip_address: "NonEmptyString",
3920
+ # private_dns_name: "NonEmptyString",
3921
+ # },
3922
+ # ],
3923
+ # public_dns_name: "NonEmptyString",
3924
+ # public_ip: "NonEmptyString",
3468
3925
  # }
3469
3926
  #
3470
3927
  # @!attribute [rw] attachment
@@ -3483,13 +3940,84 @@ module Aws::SecurityHub
3483
3940
  # Indicates whether traffic to or from the instance is validated.
3484
3941
  # @return [Boolean]
3485
3942
  #
3943
+ # @!attribute [rw] ip_v6_addresses
3944
+ # The IPv6 addresses associated with the network interface.
3945
+ # @return [Array<Types::AwsEc2NetworkInterfaceIpV6AddressDetail>]
3946
+ #
3947
+ # @!attribute [rw] private_ip_addresses
3948
+ # The private IPv4 addresses associated with the network interface.
3949
+ # @return [Array<Types::AwsEc2NetworkInterfacePrivateIpAddressDetail>]
3950
+ #
3951
+ # @!attribute [rw] public_dns_name
3952
+ # The public DNS name of the network interface.
3953
+ # @return [String]
3954
+ #
3955
+ # @!attribute [rw] public_ip
3956
+ # The address of the Elastic IP address bound to the network
3957
+ # interface.
3958
+ # @return [String]
3959
+ #
3486
3960
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceDetails AWS API Documentation
3487
3961
  #
3488
3962
  class AwsEc2NetworkInterfaceDetails < Struct.new(
3489
3963
  :attachment,
3490
3964
  :network_interface_id,
3491
3965
  :security_groups,
3492
- :source_dest_check)
3966
+ :source_dest_check,
3967
+ :ip_v6_addresses,
3968
+ :private_ip_addresses,
3969
+ :public_dns_name,
3970
+ :public_ip)
3971
+ SENSITIVE = []
3972
+ include Aws::Structure
3973
+ end
3974
+
3975
+ # Provides information about an IPV6 address that is associated with the
3976
+ # network interface.
3977
+ #
3978
+ # @note When making an API call, you may pass AwsEc2NetworkInterfaceIpV6AddressDetail
3979
+ # data as a hash:
3980
+ #
3981
+ # {
3982
+ # ip_v6_address: "NonEmptyString",
3983
+ # }
3984
+ #
3985
+ # @!attribute [rw] ip_v6_address
3986
+ # The IPV6 address.
3987
+ # @return [String]
3988
+ #
3989
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceIpV6AddressDetail AWS API Documentation
3990
+ #
3991
+ class AwsEc2NetworkInterfaceIpV6AddressDetail < Struct.new(
3992
+ :ip_v6_address)
3993
+ SENSITIVE = []
3994
+ include Aws::Structure
3995
+ end
3996
+
3997
+ # Provides information about a private IPv4 address that is with the
3998
+ # network interface.
3999
+ #
4000
+ # @note When making an API call, you may pass AwsEc2NetworkInterfacePrivateIpAddressDetail
4001
+ # data as a hash:
4002
+ #
4003
+ # {
4004
+ # private_ip_address: "NonEmptyString",
4005
+ # private_dns_name: "NonEmptyString",
4006
+ # }
4007
+ #
4008
+ # @!attribute [rw] private_ip_address
4009
+ # The IP address.
4010
+ # @return [String]
4011
+ #
4012
+ # @!attribute [rw] private_dns_name
4013
+ # The private DNS name for the IP address.
4014
+ # @return [String]
4015
+ #
4016
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfacePrivateIpAddressDetail AWS API Documentation
4017
+ #
4018
+ class AwsEc2NetworkInterfacePrivateIpAddressDetail < Struct.new(
4019
+ :private_ip_address,
4020
+ :private_dns_name)
3493
4021
  SENSITIVE = []
3494
4022
  include Aws::Structure
3495
4023
  end
@@ -6861,6 +7389,8 @@ module Aws::SecurityHub
6861
7389
  # @return [String]
6862
7390
  #
6863
7391
  # @!attribute [rw] engine
7392
+ # The name of the database engine that you want to use for this DB
7393
+ # instance.
6864
7394
  # @return [String]
6865
7395
  #
6866
7396
  # @!attribute [rw] allocated_storage
@@ -7644,6 +8174,8 @@ module Aws::SecurityHub
7644
8174
  include Aws::Structure
7645
8175
  end
7646
8176
 
8177
+ # An option group membership.
8178
+ #
7647
8179
  # @note When making an API call, you may pass AwsRdsDbOptionGroupMembership
7648
8180
  # data as a hash:
7649
8181
  #
@@ -7653,9 +8185,11 @@ module Aws::SecurityHub
7653
8185
  # }
7654
8186
  #
7655
8187
  # @!attribute [rw] option_group_name
8188
+ # The name of the option group.
7656
8189
  # @return [String]
7657
8190
  #
7658
8191
  # @!attribute [rw] status
8192
+ # The status of the option group membership.
7659
8193
  # @return [String]
7660
8194
  #
7661
8195
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbOptionGroupMembership AWS API Documentation
@@ -7667,6 +8201,8 @@ module Aws::SecurityHub
7667
8201
  include Aws::Structure
7668
8202
  end
7669
8203
 
8204
+ # Provides information about a parameter group for a DB instance.
8205
+ #
7670
8206
  # @note When making an API call, you may pass AwsRdsDbParameterGroup
7671
8207
  # data as a hash:
7672
8208
  #
@@ -7676,9 +8212,11 @@ module Aws::SecurityHub
7676
8212
  # }
7677
8213
  #
7678
8214
  # @!attribute [rw] db_parameter_group_name
8215
+ # The name of the parameter group.
7679
8216
  # @return [String]
7680
8217
  #
7681
8218
  # @!attribute [rw] parameter_apply_status
8219
+ # The status of parameter updates.
7682
8220
  # @return [String]
7683
8221
  #
7684
8222
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbParameterGroup AWS API Documentation
@@ -7690,6 +8228,8 @@ module Aws::SecurityHub
7690
8228
  include Aws::Structure
7691
8229
  end
7692
8230
 
8231
+ # Changes to a DB instance that are currently pending.
8232
+ #
7693
8233
  # @note When making an API call, you may pass AwsRdsDbPendingModifiedValues
7694
8234
  # data as a hash:
7695
8235
  #
@@ -7720,48 +8260,64 @@ module Aws::SecurityHub
7720
8260
  # }
7721
8261
  #
7722
8262
  # @!attribute [rw] db_instance_class
8263
+ # The new DB instance class for the DB instance.
7723
8264
  # @return [String]
7724
8265
  #
7725
8266
  # @!attribute [rw] allocated_storage
8267
+ # The new value of the allocated storage for the DB instance.
7726
8268
  # @return [Integer]
7727
8269
  #
7728
8270
  # @!attribute [rw] master_user_password
8271
+ # The new master user password for the DB instance.
7729
8272
  # @return [String]
7730
8273
  #
7731
8274
  # @!attribute [rw] port
8275
+ # The new port for the DB instance.
7732
8276
  # @return [Integer]
7733
8277
  #
7734
8278
  # @!attribute [rw] backup_retention_period
8279
+ # The new backup retention period for the DB instance.
7735
8280
  # @return [Integer]
7736
8281
  #
7737
8282
  # @!attribute [rw] multi_az
8283
+ # Indicates that a single Availability Zone DB instance is changing to
8284
+ # a multiple Availability Zone deployment.
7738
8285
  # @return [Boolean]
7739
8286
  #
7740
8287
  # @!attribute [rw] engine_version
8288
+ # The new engine version for the DB instance.
7741
8289
  # @return [String]
7742
8290
  #
7743
8291
  # @!attribute [rw] license_model
8292
+ # The new license model value for the DB instance.
7744
8293
  # @return [String]
7745
8294
  #
7746
8295
  # @!attribute [rw] iops
8296
+ # The new provisioned IOPS value for the DB instance.
7747
8297
  # @return [Integer]
7748
8298
  #
7749
8299
  # @!attribute [rw] db_instance_identifier
8300
+ # The new DB instance identifier for the DB instance.
7750
8301
  # @return [String]
7751
8302
  #
7752
8303
  # @!attribute [rw] storage_type
8304
+ # The new storage type for the DB instance.
7753
8305
  # @return [String]
7754
8306
  #
7755
8307
  # @!attribute [rw] ca_certificate_identifier
8308
+ # The new CA certificate identifier for the DB instance.
7756
8309
  # @return [String]
7757
8310
  #
7758
8311
  # @!attribute [rw] db_subnet_group_name
8312
+ # The name of the new subnet group for the DB instance.
7759
8313
  # @return [String]
7760
8314
  #
7761
8315
  # @!attribute [rw] pending_cloud_watch_logs_exports
8316
+ # A list of log types that are being enabled or disabled.
7762
8317
  # @return [Types::AwsRdsPendingCloudWatchLogsExports]
7763
8318
  #
7764
8319
  # @!attribute [rw] processor_features
8320
+ # Processor features that are being updated.
7765
8321
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7766
8322
  #
7767
8323
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbPendingModifiedValues AWS API Documentation
@@ -7786,6 +8342,8 @@ module Aws::SecurityHub
7786
8342
  include Aws::Structure
7787
8343
  end
7788
8344
 
8345
+ # A processor feature.
8346
+ #
7789
8347
  # @note When making an API call, you may pass AwsRdsDbProcessorFeature
7790
8348
  # data as a hash:
7791
8349
  #
@@ -7795,9 +8353,11 @@ module Aws::SecurityHub
7795
8353
  # }
7796
8354
  #
7797
8355
  # @!attribute [rw] name
8356
+ # The name of the processor feature.
7798
8357
  # @return [String]
7799
8358
  #
7800
8359
  # @!attribute [rw] value
8360
+ # The value of the processor feature.
7801
8361
  # @return [String]
7802
8362
  #
7803
8363
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbProcessorFeature AWS API Documentation
@@ -7809,6 +8369,8 @@ module Aws::SecurityHub
7809
8369
  include Aws::Structure
7810
8370
  end
7811
8371
 
8372
+ # Provides details about an Amazon RDS DB cluster snapshot.
8373
+ #
7812
8374
  # @note When making an API call, you may pass AwsRdsDbSnapshotDetails
7813
8375
  # data as a hash:
7814
8376
  #
@@ -7848,84 +8410,120 @@ module Aws::SecurityHub
7848
8410
  # }
7849
8411
  #
7850
8412
  # @!attribute [rw] db_snapshot_identifier
8413
+ # The name or ARN of the DB snapshot that is used to restore the DB
8414
+ # instance.
7851
8415
  # @return [String]
7852
8416
  #
7853
8417
  # @!attribute [rw] db_instance_identifier
8418
+ # A name for the DB instance.
7854
8419
  # @return [String]
7855
8420
  #
7856
8421
  # @!attribute [rw] snapshot_create_time
8422
+ # When the snapshot was taken in Coordinated Universal Time (UTC).
7857
8423
  # @return [String]
7858
8424
  #
7859
8425
  # @!attribute [rw] engine
8426
+ # The name of the database engine to use for this DB instance.
7860
8427
  # @return [String]
7861
8428
  #
7862
8429
  # @!attribute [rw] allocated_storage
8430
+ # The amount of storage (in gigabytes) to be initially allocated for
8431
+ # the database instance.
7863
8432
  # @return [Integer]
7864
8433
  #
7865
8434
  # @!attribute [rw] status
8435
+ # The status of this DB snapshot.
7866
8436
  # @return [String]
7867
8437
  #
7868
8438
  # @!attribute [rw] port
8439
+ # The port that the database engine was listening on at the time of
8440
+ # the snapshot.
7869
8441
  # @return [Integer]
7870
8442
  #
7871
8443
  # @!attribute [rw] availability_zone
8444
+ # Specifies the name of the Availability Zone in which the DB instance
8445
+ # was located at the time of the DB snapshot.
7872
8446
  # @return [String]
7873
8447
  #
7874
8448
  # @!attribute [rw] vpc_id
8449
+ # The VPC ID associated with the DB snapshot.
7875
8450
  # @return [String]
7876
8451
  #
7877
8452
  # @!attribute [rw] instance_create_time
8453
+ # Specifies the time in Coordinated Universal Time (UTC) when the DB
8454
+ # instance, from which the snapshot was taken, was created.
7878
8455
  # @return [String]
7879
8456
  #
7880
8457
  # @!attribute [rw] master_username
8458
+ # The master user name for the DB snapshot.
7881
8459
  # @return [String]
7882
8460
  #
7883
8461
  # @!attribute [rw] engine_version
8462
+ # The version of the database engine.
7884
8463
  # @return [String]
7885
8464
  #
7886
8465
  # @!attribute [rw] license_model
8466
+ # License model information for the restored DB instance.
7887
8467
  # @return [String]
7888
8468
  #
7889
8469
  # @!attribute [rw] snapshot_type
8470
+ # The type of the DB snapshot.
7890
8471
  # @return [String]
7891
8472
  #
7892
8473
  # @!attribute [rw] iops
8474
+ # The provisioned IOPS (I/O operations per second) value of the DB
8475
+ # instance at the time of the snapshot.
7893
8476
  # @return [Integer]
7894
8477
  #
7895
8478
  # @!attribute [rw] option_group_name
8479
+ # The option group name for the DB snapshot.
7896
8480
  # @return [String]
7897
8481
  #
7898
8482
  # @!attribute [rw] percent_progress
8483
+ # The percentage of the estimated data that has been transferred.
7899
8484
  # @return [Integer]
7900
8485
  #
7901
8486
  # @!attribute [rw] source_region
8487
+ # The AWS Region that the DB snapshot was created in or copied from.
7902
8488
  # @return [String]
7903
8489
  #
7904
8490
  # @!attribute [rw] source_db_snapshot_identifier
8491
+ # The DB snapshot ARN that the DB snapshot was copied from.
7905
8492
  # @return [String]
7906
8493
  #
7907
8494
  # @!attribute [rw] storage_type
8495
+ # The storage type associated with the DB snapshot.
7908
8496
  # @return [String]
7909
8497
  #
7910
8498
  # @!attribute [rw] tde_credential_arn
8499
+ # The ARN from the key store with which to associate the instance for
8500
+ # TDE encryption.
7911
8501
  # @return [String]
7912
8502
  #
7913
8503
  # @!attribute [rw] encrypted
8504
+ # Whether the DB snapshot is encrypted.
7914
8505
  # @return [Boolean]
7915
8506
  #
7916
8507
  # @!attribute [rw] kms_key_id
8508
+ # If `Encrypted` is `true`, the AWS KMS key identifier for the
8509
+ # encrypted DB snapshot.
7917
8510
  # @return [String]
7918
8511
  #
7919
8512
  # @!attribute [rw] timezone
8513
+ # The time zone of the DB snapshot.
7920
8514
  # @return [String]
7921
8515
  #
7922
8516
  # @!attribute [rw] iam_database_authentication_enabled
8517
+ # Whether mapping of IAM accounts to database accounts is enabled.
7923
8518
  # @return [Boolean]
7924
8519
  #
7925
8520
  # @!attribute [rw] processor_features
8521
+ # The number of CPU cores and the number of threads per core for the
8522
+ # DB instance class of the DB instance.
7926
8523
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7927
8524
  #
7928
8525
  # @!attribute [rw] dbi_resource_id
8526
+ # The identifier for the source DB instance.
7929
8527
  # @return [String]
7930
8528
  #
7931
8529
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSnapshotDetails AWS API Documentation
@@ -9718,6 +10316,19 @@ module Aws::SecurityHub
9718
10316
  # },
9719
10317
  # ],
9720
10318
  # source_dest_check: false,
10319
+ # ip_v6_addresses: [
10320
+ # {
10321
+ # ip_v6_address: "NonEmptyString",
10322
+ # },
10323
+ # ],
10324
+ # private_ip_addresses: [
10325
+ # {
10326
+ # private_ip_address: "NonEmptyString",
10327
+ # private_dns_name: "NonEmptyString",
10328
+ # },
10329
+ # ],
10330
+ # public_dns_name: "NonEmptyString",
10331
+ # public_ip: "NonEmptyString",
9721
10332
  # },
9722
10333
  # aws_ec2_security_group: {
9723
10334
  # group_name: "NonEmptyString",
@@ -10218,6 +10829,30 @@ module Aws::SecurityHub
10218
10829
  # sns_topic_name: "NonEmptyString",
10219
10830
  # trail_arn: "NonEmptyString",
10220
10831
  # },
10832
+ # aws_ssm_patch_compliance: {
10833
+ # patch: {
10834
+ # compliance_summary: {
10835
+ # status: "NonEmptyString",
10836
+ # compliant_critical_count: 1,
10837
+ # compliant_high_count: 1,
10838
+ # compliant_medium_count: 1,
10839
+ # execution_type: "NonEmptyString",
10840
+ # non_compliant_critical_count: 1,
10841
+ # compliant_informational_count: 1,
10842
+ # non_compliant_informational_count: 1,
10843
+ # compliant_unspecified_count: 1,
10844
+ # non_compliant_low_count: 1,
10845
+ # non_compliant_high_count: 1,
10846
+ # compliant_low_count: 1,
10847
+ # compliance_type: "NonEmptyString",
10848
+ # patch_baseline_id: "NonEmptyString",
10849
+ # overall_severity: "NonEmptyString",
10850
+ # non_compliant_medium_count: 1,
10851
+ # non_compliant_unspecified_count: 1,
10852
+ # patch_group: "NonEmptyString",
10853
+ # },
10854
+ # },
10855
+ # },
10221
10856
  # aws_certificate_manager_certificate: {
10222
10857
  # certificate_authority_arn: "NonEmptyString",
10223
10858
  # created_at: "NonEmptyString",
@@ -10994,9 +11629,117 @@ module Aws::SecurityHub
10994
11629
  # reboot_option: "NonEmptyString",
10995
11630
  # operation: "NonEmptyString",
10996
11631
  # },
10997
- # }
10998
- #
10999
- # @!attribute [rw] schema_version
11632
+ # action: {
11633
+ # action_type: "NonEmptyString",
11634
+ # network_connection_action: {
11635
+ # connection_direction: "NonEmptyString",
11636
+ # remote_ip_details: {
11637
+ # ip_address_v4: "NonEmptyString",
11638
+ # organization: {
11639
+ # asn: 1,
11640
+ # asn_org: "NonEmptyString",
11641
+ # isp: "NonEmptyString",
11642
+ # org: "NonEmptyString",
11643
+ # },
11644
+ # country: {
11645
+ # country_code: "NonEmptyString",
11646
+ # country_name: "NonEmptyString",
11647
+ # },
11648
+ # city: {
11649
+ # city_name: "NonEmptyString",
11650
+ # },
11651
+ # geo_location: {
11652
+ # lon: 1.0,
11653
+ # lat: 1.0,
11654
+ # },
11655
+ # },
11656
+ # remote_port_details: {
11657
+ # port: 1,
11658
+ # port_name: "NonEmptyString",
11659
+ # },
11660
+ # local_port_details: {
11661
+ # port: 1,
11662
+ # port_name: "NonEmptyString",
11663
+ # },
11664
+ # protocol: "NonEmptyString",
11665
+ # blocked: false,
11666
+ # },
11667
+ # aws_api_call_action: {
11668
+ # api: "NonEmptyString",
11669
+ # service_name: "NonEmptyString",
11670
+ # caller_type: "NonEmptyString",
11671
+ # remote_ip_details: {
11672
+ # ip_address_v4: "NonEmptyString",
11673
+ # organization: {
11674
+ # asn: 1,
11675
+ # asn_org: "NonEmptyString",
11676
+ # isp: "NonEmptyString",
11677
+ # org: "NonEmptyString",
11678
+ # },
11679
+ # country: {
11680
+ # country_code: "NonEmptyString",
11681
+ # country_name: "NonEmptyString",
11682
+ # },
11683
+ # city: {
11684
+ # city_name: "NonEmptyString",
11685
+ # },
11686
+ # geo_location: {
11687
+ # lon: 1.0,
11688
+ # lat: 1.0,
11689
+ # },
11690
+ # },
11691
+ # domain_details: {
11692
+ # domain: "NonEmptyString",
11693
+ # },
11694
+ # affected_resources: {
11695
+ # "NonEmptyString" => "NonEmptyString",
11696
+ # },
11697
+ # first_seen: "NonEmptyString",
11698
+ # last_seen: "NonEmptyString",
11699
+ # },
11700
+ # dns_request_action: {
11701
+ # domain: "NonEmptyString",
11702
+ # protocol: "NonEmptyString",
11703
+ # blocked: false,
11704
+ # },
11705
+ # port_probe_action: {
11706
+ # port_probe_details: [
11707
+ # {
11708
+ # local_port_details: {
11709
+ # port: 1,
11710
+ # port_name: "NonEmptyString",
11711
+ # },
11712
+ # local_ip_details: {
11713
+ # ip_address_v4: "NonEmptyString",
11714
+ # },
11715
+ # remote_ip_details: {
11716
+ # ip_address_v4: "NonEmptyString",
11717
+ # organization: {
11718
+ # asn: 1,
11719
+ # asn_org: "NonEmptyString",
11720
+ # isp: "NonEmptyString",
11721
+ # org: "NonEmptyString",
11722
+ # },
11723
+ # country: {
11724
+ # country_code: "NonEmptyString",
11725
+ # country_name: "NonEmptyString",
11726
+ # },
11727
+ # city: {
11728
+ # city_name: "NonEmptyString",
11729
+ # },
11730
+ # geo_location: {
11731
+ # lon: 1.0,
11732
+ # lat: 1.0,
11733
+ # },
11734
+ # },
11735
+ # },
11736
+ # ],
11737
+ # blocked: false,
11738
+ # },
11739
+ # },
11740
+ # }
11741
+ #
11742
+ # @!attribute [rw] schema_version
11000
11743
  # The schema version that a finding is formatted for.
11001
11744
  # @return [String]
11002
11745
  #
@@ -11209,6 +11952,11 @@ module Aws::SecurityHub
11209
11952
  # against a selected compliance standard.
11210
11953
  # @return [Types::PatchSummary]
11211
11954
  #
11955
+ # @!attribute [rw] action
11956
+ # Provides details about an action that affects or that was taken on a
11957
+ # resource.
11958
+ # @return [Types::Action]
11959
+ #
11212
11960
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
11213
11961
  #
11214
11962
  class AwsSecurityFinding < Struct.new(
@@ -11245,7 +11993,8 @@ module Aws::SecurityHub
11245
11993
  :related_findings,
11246
11994
  :note,
11247
11995
  :vulnerabilities,
11248
- :patch_summary)
11996
+ :patch_summary,
11997
+ :action)
11249
11998
  SENSITIVE = []
11250
11999
  include Aws::Structure
11251
12000
  end
@@ -12173,6 +12922,14 @@ module Aws::SecurityHub
12173
12922
  #
12174
12923
  # * `NEW` - The initial state of a finding, before it is reviewed.
12175
12924
  #
12925
+ # Security Hub also resets the workflow status from `NOTIFIED` or
12926
+ # `RESOLVED` to `NEW` in the following cases:
12927
+ #
12928
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
12929
+ #
12930
+ # * The compliance status changes from `PASSED` to either `WARNING`,
12931
+ # `FAILED`, or `NOT_AVAILABLE`.
12932
+ #
12176
12933
  # * `NOTIFIED` - Indicates that the resource owner has been notified
12177
12934
  # about the security issue. Used when the initial reviewer is not
12178
12935
  # the resource owner, and needs intervention from the resource
@@ -12452,6 +13209,236 @@ module Aws::SecurityHub
12452
13209
  include Aws::Structure
12453
13210
  end
12454
13211
 
13212
+ # Provides the details about the compliance status for a patch.
13213
+ #
13214
+ # @note When making an API call, you may pass AwsSsmComplianceSummary
13215
+ # data as a hash:
13216
+ #
13217
+ # {
13218
+ # status: "NonEmptyString",
13219
+ # compliant_critical_count: 1,
13220
+ # compliant_high_count: 1,
13221
+ # compliant_medium_count: 1,
13222
+ # execution_type: "NonEmptyString",
13223
+ # non_compliant_critical_count: 1,
13224
+ # compliant_informational_count: 1,
13225
+ # non_compliant_informational_count: 1,
13226
+ # compliant_unspecified_count: 1,
13227
+ # non_compliant_low_count: 1,
13228
+ # non_compliant_high_count: 1,
13229
+ # compliant_low_count: 1,
13230
+ # compliance_type: "NonEmptyString",
13231
+ # patch_baseline_id: "NonEmptyString",
13232
+ # overall_severity: "NonEmptyString",
13233
+ # non_compliant_medium_count: 1,
13234
+ # non_compliant_unspecified_count: 1,
13235
+ # patch_group: "NonEmptyString",
13236
+ # }
13237
+ #
13238
+ # @!attribute [rw] status
13239
+ # The current patch compliance status.
13240
+ #
13241
+ # The possible status values are:
13242
+ #
13243
+ # * `COMPLIANT`
13244
+ #
13245
+ # * `NON_COMPLIANT`
13246
+ #
13247
+ # * `UNSPECIFIED_DATA`
13248
+ # @return [String]
13249
+ #
13250
+ # @!attribute [rw] compliant_critical_count
13251
+ # For the patches that are compliant, the number that have a severity
13252
+ # of `CRITICAL`.
13253
+ # @return [Integer]
13254
+ #
13255
+ # @!attribute [rw] compliant_high_count
13256
+ # For the patches that are compliant, the number that have a severity
13257
+ # of `HIGH`.
13258
+ # @return [Integer]
13259
+ #
13260
+ # @!attribute [rw] compliant_medium_count
13261
+ # For the patches that are compliant, the number that have a severity
13262
+ # of `MEDIUM`.
13263
+ # @return [Integer]
13264
+ #
13265
+ # @!attribute [rw] execution_type
13266
+ # The type of execution that was used determine compliance.
13267
+ # @return [String]
13268
+ #
13269
+ # @!attribute [rw] non_compliant_critical_count
13270
+ # For the patch items that are noncompliant, the number of items that
13271
+ # have a severity of `CRITICAL`.
13272
+ # @return [Integer]
13273
+ #
13274
+ # @!attribute [rw] compliant_informational_count
13275
+ # For the patches that are compliant, the number that have a severity
13276
+ # of `INFORMATIONAL`.
13277
+ # @return [Integer]
13278
+ #
13279
+ # @!attribute [rw] non_compliant_informational_count
13280
+ # For the patches that are noncompliant, the number that have a
13281
+ # severity of `INFORMATIONAL`.
13282
+ # @return [Integer]
13283
+ #
13284
+ # @!attribute [rw] compliant_unspecified_count
13285
+ # For the patches that are compliant, the number that have a severity
13286
+ # of `UNSPECIFIED`.
13287
+ # @return [Integer]
13288
+ #
13289
+ # @!attribute [rw] non_compliant_low_count
13290
+ # For the patches that are noncompliant, the number that have a
13291
+ # severity of `LOW`.
13292
+ # @return [Integer]
13293
+ #
13294
+ # @!attribute [rw] non_compliant_high_count
13295
+ # For the patches that are noncompliant, the number that have a
13296
+ # severity of `HIGH`.
13297
+ # @return [Integer]
13298
+ #
13299
+ # @!attribute [rw] compliant_low_count
13300
+ # For the patches that are compliant, the number that have a severity
13301
+ # of `LOW`.
13302
+ # @return [Integer]
13303
+ #
13304
+ # @!attribute [rw] compliance_type
13305
+ # The type of resource for which the compliance was determined. For
13306
+ # `AwsSsmPatchCompliance`, `ComplianceType` is `Patch`.
13307
+ # @return [String]
13308
+ #
13309
+ # @!attribute [rw] patch_baseline_id
13310
+ # The identifier of the patch baseline. The patch baseline lists the
13311
+ # patches that are approved for installation.
13312
+ # @return [String]
13313
+ #
13314
+ # @!attribute [rw] overall_severity
13315
+ # The highest severity for the patches.
13316
+ # @return [String]
13317
+ #
13318
+ # @!attribute [rw] non_compliant_medium_count
13319
+ # For the patches that are noncompliant, the number that have a
13320
+ # severity of `MEDIUM`.
13321
+ # @return [Integer]
13322
+ #
13323
+ # @!attribute [rw] non_compliant_unspecified_count
13324
+ # For the patches that are noncompliant, the number that have a
13325
+ # severity of `UNSPECIFIED`.
13326
+ # @return [Integer]
13327
+ #
13328
+ # @!attribute [rw] patch_group
13329
+ # The identifier of the patch group for which compliance was
13330
+ # determined. A patch group uses tags to group EC2 instances that
13331
+ # should have the same patch compliance.
13332
+ # @return [String]
13333
+ #
13334
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmComplianceSummary AWS API Documentation
13335
+ #
13336
+ class AwsSsmComplianceSummary < Struct.new(
13337
+ :status,
13338
+ :compliant_critical_count,
13339
+ :compliant_high_count,
13340
+ :compliant_medium_count,
13341
+ :execution_type,
13342
+ :non_compliant_critical_count,
13343
+ :compliant_informational_count,
13344
+ :non_compliant_informational_count,
13345
+ :compliant_unspecified_count,
13346
+ :non_compliant_low_count,
13347
+ :non_compliant_high_count,
13348
+ :compliant_low_count,
13349
+ :compliance_type,
13350
+ :patch_baseline_id,
13351
+ :overall_severity,
13352
+ :non_compliant_medium_count,
13353
+ :non_compliant_unspecified_count,
13354
+ :patch_group)
13355
+ SENSITIVE = []
13356
+ include Aws::Structure
13357
+ end
13358
+
13359
+ # Provides details about the compliance for a patch.
13360
+ #
13361
+ # @note When making an API call, you may pass AwsSsmPatch
13362
+ # data as a hash:
13363
+ #
13364
+ # {
13365
+ # compliance_summary: {
13366
+ # status: "NonEmptyString",
13367
+ # compliant_critical_count: 1,
13368
+ # compliant_high_count: 1,
13369
+ # compliant_medium_count: 1,
13370
+ # execution_type: "NonEmptyString",
13371
+ # non_compliant_critical_count: 1,
13372
+ # compliant_informational_count: 1,
13373
+ # non_compliant_informational_count: 1,
13374
+ # compliant_unspecified_count: 1,
13375
+ # non_compliant_low_count: 1,
13376
+ # non_compliant_high_count: 1,
13377
+ # compliant_low_count: 1,
13378
+ # compliance_type: "NonEmptyString",
13379
+ # patch_baseline_id: "NonEmptyString",
13380
+ # overall_severity: "NonEmptyString",
13381
+ # non_compliant_medium_count: 1,
13382
+ # non_compliant_unspecified_count: 1,
13383
+ # patch_group: "NonEmptyString",
13384
+ # },
13385
+ # }
13386
+ #
13387
+ # @!attribute [rw] compliance_summary
13388
+ # The compliance status details for the patch.
13389
+ # @return [Types::AwsSsmComplianceSummary]
13390
+ #
13391
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatch AWS API Documentation
13392
+ #
13393
+ class AwsSsmPatch < Struct.new(
13394
+ :compliance_summary)
13395
+ SENSITIVE = []
13396
+ include Aws::Structure
13397
+ end
13398
+
13399
+ # Provides information about the state of a patch on an instance based
13400
+ # on the patch baseline that was used to patch the instance.
13401
+ #
13402
+ # @note When making an API call, you may pass AwsSsmPatchComplianceDetails
13403
+ # data as a hash:
13404
+ #
13405
+ # {
13406
+ # patch: {
13407
+ # compliance_summary: {
13408
+ # status: "NonEmptyString",
13409
+ # compliant_critical_count: 1,
13410
+ # compliant_high_count: 1,
13411
+ # compliant_medium_count: 1,
13412
+ # execution_type: "NonEmptyString",
13413
+ # non_compliant_critical_count: 1,
13414
+ # compliant_informational_count: 1,
13415
+ # non_compliant_informational_count: 1,
13416
+ # compliant_unspecified_count: 1,
13417
+ # non_compliant_low_count: 1,
13418
+ # non_compliant_high_count: 1,
13419
+ # compliant_low_count: 1,
13420
+ # compliance_type: "NonEmptyString",
13421
+ # patch_baseline_id: "NonEmptyString",
13422
+ # overall_severity: "NonEmptyString",
13423
+ # non_compliant_medium_count: 1,
13424
+ # non_compliant_unspecified_count: 1,
13425
+ # patch_group: "NonEmptyString",
13426
+ # },
13427
+ # },
13428
+ # }
13429
+ #
13430
+ # @!attribute [rw] patch
13431
+ # Information about the status of a patch.
13432
+ # @return [Types::AwsSsmPatch]
13433
+ #
13434
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatchComplianceDetails AWS API Documentation
13435
+ #
13436
+ class AwsSsmPatchComplianceDetails < Struct.new(
13437
+ :patch)
13438
+ SENSITIVE = []
13439
+ include Aws::Structure
13440
+ end
13441
+
12455
13442
  # Details about a WAF WebACL.
12456
13443
  #
12457
13444
  # @note When making an API call, you may pass AwsWafWebAclDetails
@@ -12914,6 +13901,19 @@ module Aws::SecurityHub
12914
13901
  # },
12915
13902
  # ],
12916
13903
  # source_dest_check: false,
13904
+ # ip_v6_addresses: [
13905
+ # {
13906
+ # ip_v6_address: "NonEmptyString",
13907
+ # },
13908
+ # ],
13909
+ # private_ip_addresses: [
13910
+ # {
13911
+ # private_ip_address: "NonEmptyString",
13912
+ # private_dns_name: "NonEmptyString",
13913
+ # },
13914
+ # ],
13915
+ # public_dns_name: "NonEmptyString",
13916
+ # public_ip: "NonEmptyString",
12917
13917
  # },
12918
13918
  # aws_ec2_security_group: {
12919
13919
  # group_name: "NonEmptyString",
@@ -13414,6 +14414,30 @@ module Aws::SecurityHub
13414
14414
  # sns_topic_name: "NonEmptyString",
13415
14415
  # trail_arn: "NonEmptyString",
13416
14416
  # },
14417
+ # aws_ssm_patch_compliance: {
14418
+ # patch: {
14419
+ # compliance_summary: {
14420
+ # status: "NonEmptyString",
14421
+ # compliant_critical_count: 1,
14422
+ # compliant_high_count: 1,
14423
+ # compliant_medium_count: 1,
14424
+ # execution_type: "NonEmptyString",
14425
+ # non_compliant_critical_count: 1,
14426
+ # compliant_informational_count: 1,
14427
+ # non_compliant_informational_count: 1,
14428
+ # compliant_unspecified_count: 1,
14429
+ # non_compliant_low_count: 1,
14430
+ # non_compliant_high_count: 1,
14431
+ # compliant_low_count: 1,
14432
+ # compliance_type: "NonEmptyString",
14433
+ # patch_baseline_id: "NonEmptyString",
14434
+ # overall_severity: "NonEmptyString",
14435
+ # non_compliant_medium_count: 1,
14436
+ # non_compliant_unspecified_count: 1,
14437
+ # patch_group: "NonEmptyString",
14438
+ # },
14439
+ # },
14440
+ # },
13417
14441
  # aws_certificate_manager_certificate: {
13418
14442
  # certificate_authority_arn: "NonEmptyString",
13419
14443
  # created_at: "NonEmptyString",
@@ -14190,6 +15214,114 @@ module Aws::SecurityHub
14190
15214
  # reboot_option: "NonEmptyString",
14191
15215
  # operation: "NonEmptyString",
14192
15216
  # },
15217
+ # action: {
15218
+ # action_type: "NonEmptyString",
15219
+ # network_connection_action: {
15220
+ # connection_direction: "NonEmptyString",
15221
+ # remote_ip_details: {
15222
+ # ip_address_v4: "NonEmptyString",
15223
+ # organization: {
15224
+ # asn: 1,
15225
+ # asn_org: "NonEmptyString",
15226
+ # isp: "NonEmptyString",
15227
+ # org: "NonEmptyString",
15228
+ # },
15229
+ # country: {
15230
+ # country_code: "NonEmptyString",
15231
+ # country_name: "NonEmptyString",
15232
+ # },
15233
+ # city: {
15234
+ # city_name: "NonEmptyString",
15235
+ # },
15236
+ # geo_location: {
15237
+ # lon: 1.0,
15238
+ # lat: 1.0,
15239
+ # },
15240
+ # },
15241
+ # remote_port_details: {
15242
+ # port: 1,
15243
+ # port_name: "NonEmptyString",
15244
+ # },
15245
+ # local_port_details: {
15246
+ # port: 1,
15247
+ # port_name: "NonEmptyString",
15248
+ # },
15249
+ # protocol: "NonEmptyString",
15250
+ # blocked: false,
15251
+ # },
15252
+ # aws_api_call_action: {
15253
+ # api: "NonEmptyString",
15254
+ # service_name: "NonEmptyString",
15255
+ # caller_type: "NonEmptyString",
15256
+ # remote_ip_details: {
15257
+ # ip_address_v4: "NonEmptyString",
15258
+ # organization: {
15259
+ # asn: 1,
15260
+ # asn_org: "NonEmptyString",
15261
+ # isp: "NonEmptyString",
15262
+ # org: "NonEmptyString",
15263
+ # },
15264
+ # country: {
15265
+ # country_code: "NonEmptyString",
15266
+ # country_name: "NonEmptyString",
15267
+ # },
15268
+ # city: {
15269
+ # city_name: "NonEmptyString",
15270
+ # },
15271
+ # geo_location: {
15272
+ # lon: 1.0,
15273
+ # lat: 1.0,
15274
+ # },
15275
+ # },
15276
+ # domain_details: {
15277
+ # domain: "NonEmptyString",
15278
+ # },
15279
+ # affected_resources: {
15280
+ # "NonEmptyString" => "NonEmptyString",
15281
+ # },
15282
+ # first_seen: "NonEmptyString",
15283
+ # last_seen: "NonEmptyString",
15284
+ # },
15285
+ # dns_request_action: {
15286
+ # domain: "NonEmptyString",
15287
+ # protocol: "NonEmptyString",
15288
+ # blocked: false,
15289
+ # },
15290
+ # port_probe_action: {
15291
+ # port_probe_details: [
15292
+ # {
15293
+ # local_port_details: {
15294
+ # port: 1,
15295
+ # port_name: "NonEmptyString",
15296
+ # },
15297
+ # local_ip_details: {
15298
+ # ip_address_v4: "NonEmptyString",
15299
+ # },
15300
+ # remote_ip_details: {
15301
+ # ip_address_v4: "NonEmptyString",
15302
+ # organization: {
15303
+ # asn: 1,
15304
+ # asn_org: "NonEmptyString",
15305
+ # isp: "NonEmptyString",
15306
+ # org: "NonEmptyString",
15307
+ # },
15308
+ # country: {
15309
+ # country_code: "NonEmptyString",
15310
+ # country_name: "NonEmptyString",
15311
+ # },
15312
+ # city: {
15313
+ # city_name: "NonEmptyString",
15314
+ # },
15315
+ # geo_location: {
15316
+ # lon: 1.0,
15317
+ # lat: 1.0,
15318
+ # },
15319
+ # },
15320
+ # },
15321
+ # ],
15322
+ # blocked: false,
15323
+ # },
15324
+ # },
14193
15325
  # },
14194
15326
  # ],
14195
15327
  # }
@@ -14446,6 +15578,27 @@ module Aws::SecurityHub
14446
15578
  include Aws::Structure
14447
15579
  end
14448
15580
 
15581
+ # Information about a city.
15582
+ #
15583
+ # @note When making an API call, you may pass City
15584
+ # data as a hash:
15585
+ #
15586
+ # {
15587
+ # city_name: "NonEmptyString",
15588
+ # }
15589
+ #
15590
+ # @!attribute [rw] city_name
15591
+ # The name of the city.
15592
+ # @return [String]
15593
+ #
15594
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/City AWS API Documentation
15595
+ #
15596
+ class City < Struct.new(
15597
+ :city_name)
15598
+ SENSITIVE = []
15599
+ include Aws::Structure
15600
+ end
15601
+
14449
15602
  # Contains finding details that are specific to control-based findings.
14450
15603
  # Only returned for findings generated from controls.
14451
15604
  #
@@ -14557,6 +15710,33 @@ module Aws::SecurityHub
14557
15710
  include Aws::Structure
14558
15711
  end
14559
15712
 
15713
+ # Information about a country.
15714
+ #
15715
+ # @note When making an API call, you may pass Country
15716
+ # data as a hash:
15717
+ #
15718
+ # {
15719
+ # country_code: "NonEmptyString",
15720
+ # country_name: "NonEmptyString",
15721
+ # }
15722
+ #
15723
+ # @!attribute [rw] country_code
15724
+ # The 2-letter ISO 3166 country code for the country.
15725
+ # @return [String]
15726
+ #
15727
+ # @!attribute [rw] country_name
15728
+ # The name of the country.
15729
+ # @return [String]
15730
+ #
15731
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Country AWS API Documentation
15732
+ #
15733
+ class Country < Struct.new(
15734
+ :country_code,
15735
+ :country_name)
15736
+ SENSITIVE = []
15737
+ include Aws::Structure
15738
+ end
15739
+
14560
15740
  # @note When making an API call, you may pass CreateActionTargetRequest
14561
15741
  # data as a hash:
14562
15742
  #
@@ -15207,9 +16387,9 @@ module Aws::SecurityHub
15207
16387
  # data as a hash:
15208
16388
  #
15209
16389
  # {
15210
- # account_details: [
16390
+ # account_details: [ # required
15211
16391
  # {
15212
- # account_id: "AccountId",
16392
+ # account_id: "AccountId", # required
15213
16393
  # email: "NonEmptyString",
15214
16394
  # },
15215
16395
  # ],
@@ -15217,8 +16397,8 @@ module Aws::SecurityHub
15217
16397
  #
15218
16398
  # @!attribute [rw] account_details
15219
16399
  # The list of accounts to associate with the Security Hub master
15220
- # account. For each account, the list includes the account ID and the
15221
- # email address.
16400
+ # account. For each account, the list includes the account ID and
16401
+ # optionally the email address.
15222
16402
  # @return [Array<Types::AccountDetails>]
15223
16403
  #
15224
16404
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateMembersRequest AWS API Documentation
@@ -15470,7 +16650,7 @@ module Aws::SecurityHub
15470
16650
  # data as a hash:
15471
16651
  #
15472
16652
  # {
15473
- # account_ids: ["NonEmptyString"],
16653
+ # account_ids: ["NonEmptyString"], # required
15474
16654
  # }
15475
16655
  #
15476
16656
  # @!attribute [rw] account_ids
@@ -15601,12 +16781,41 @@ module Aws::SecurityHub
15601
16781
  include Aws::Structure
15602
16782
  end
15603
16783
 
16784
+ # @api private
16785
+ #
16786
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationRequest AWS API Documentation
16787
+ #
16788
+ class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
16789
+
16790
+ # @!attribute [rw] auto_enable
16791
+ # Whether to automatically enable Security Hub for new accounts in the
16792
+ # organization.
16793
+ #
16794
+ # If set to `true`, then Security Hub is enabled for new accounts. If
16795
+ # set to false, then new accounts are not added automatically.
16796
+ # @return [Boolean]
16797
+ #
16798
+ # @!attribute [rw] member_account_limit_reached
16799
+ # Whether the maximum number of allowed member accounts are already
16800
+ # associated with the Security Hub administrator account.
16801
+ # @return [Boolean]
16802
+ #
16803
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
16804
+ #
16805
+ class DescribeOrganizationConfigurationResponse < Struct.new(
16806
+ :auto_enable,
16807
+ :member_account_limit_reached)
16808
+ SENSITIVE = []
16809
+ include Aws::Structure
16810
+ end
16811
+
15604
16812
  # @note When making an API call, you may pass DescribeProductsRequest
15605
16813
  # data as a hash:
15606
16814
  #
15607
16815
  # {
15608
16816
  # next_token: "NextToken",
15609
16817
  # max_results: 1,
16818
+ # product_arn: "NonEmptyString",
15610
16819
  # }
15611
16820
  #
15612
16821
  # @!attribute [rw] next_token
@@ -15623,11 +16832,16 @@ module Aws::SecurityHub
15623
16832
  # The maximum number of results to return.
15624
16833
  # @return [Integer]
15625
16834
  #
16835
+ # @!attribute [rw] product_arn
16836
+ # The ARN of the integration to return.
16837
+ # @return [String]
16838
+ #
15626
16839
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeProductsRequest AWS API Documentation
15627
16840
  #
15628
16841
  class DescribeProductsRequest < Struct.new(
15629
16842
  :next_token,
15630
- :max_results)
16843
+ :max_results,
16844
+ :product_arn)
15631
16845
  SENSITIVE = []
15632
16846
  include Aws::Structure
15633
16847
  end
@@ -15660,7 +16874,8 @@ module Aws::SecurityHub
15660
16874
  #
15661
16875
  # @!attribute [rw] standards_subscription_arn
15662
16876
  # The ARN of a resource that represents your subscription to a
15663
- # supported standard.
16877
+ # supported standard. To get the subscription ARNs of the standards
16878
+ # you have enabled, use the ` GetEnabledStandards ` operation.
15664
16879
  # @return [String]
15665
16880
  #
15666
16881
  # @!attribute [rw] next_token
@@ -15775,6 +16990,30 @@ module Aws::SecurityHub
15775
16990
  #
15776
16991
  class DisableImportFindingsForProductResponse < Aws::EmptyStructure; end
15777
16992
 
16993
+ # @note When making an API call, you may pass DisableOrganizationAdminAccountRequest
16994
+ # data as a hash:
16995
+ #
16996
+ # {
16997
+ # admin_account_id: "NonEmptyString", # required
16998
+ # }
16999
+ #
17000
+ # @!attribute [rw] admin_account_id
17001
+ # The AWS account identifier of the Security Hub administrator
17002
+ # account.
17003
+ # @return [String]
17004
+ #
17005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountRequest AWS API Documentation
17006
+ #
17007
+ class DisableOrganizationAdminAccountRequest < Struct.new(
17008
+ :admin_account_id)
17009
+ SENSITIVE = []
17010
+ include Aws::Structure
17011
+ end
17012
+
17013
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountResponse AWS API Documentation
17014
+ #
17015
+ class DisableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
17016
+
15778
17017
  # @api private
15779
17018
  #
15780
17019
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableSecurityHubRequest AWS API Documentation
@@ -15799,7 +17038,7 @@ module Aws::SecurityHub
15799
17038
  # data as a hash:
15800
17039
  #
15801
17040
  # {
15802
- # account_ids: ["NonEmptyString"],
17041
+ # account_ids: ["NonEmptyString"], # required
15803
17042
  # }
15804
17043
  #
15805
17044
  # @!attribute [rw] account_ids
@@ -15819,6 +17058,40 @@ module Aws::SecurityHub
15819
17058
  #
15820
17059
  class DisassociateMembersResponse < Aws::EmptyStructure; end
15821
17060
 
17061
+ # Provided if `ActionType` is `DNS_REQUEST`. It provides details about
17062
+ # the DNS request that was detected.
17063
+ #
17064
+ # @note When making an API call, you may pass DnsRequestAction
17065
+ # data as a hash:
17066
+ #
17067
+ # {
17068
+ # domain: "NonEmptyString",
17069
+ # protocol: "NonEmptyString",
17070
+ # blocked: false,
17071
+ # }
17072
+ #
17073
+ # @!attribute [rw] domain
17074
+ # The DNS domain that is associated with the DNS request.
17075
+ # @return [String]
17076
+ #
17077
+ # @!attribute [rw] protocol
17078
+ # The protocol that was used for the DNS request.
17079
+ # @return [String]
17080
+ #
17081
+ # @!attribute [rw] blocked
17082
+ # Indicates whether the DNS request was blocked.
17083
+ # @return [Boolean]
17084
+ #
17085
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DnsRequestAction AWS API Documentation
17086
+ #
17087
+ class DnsRequestAction < Struct.new(
17088
+ :domain,
17089
+ :protocol,
17090
+ :blocked)
17091
+ SENSITIVE = []
17092
+ include Aws::Structure
17093
+ end
17094
+
15822
17095
  # @note When making an API call, you may pass EnableImportFindingsForProductRequest
15823
17096
  # data as a hash:
15824
17097
  #
@@ -15851,6 +17124,30 @@ module Aws::SecurityHub
15851
17124
  include Aws::Structure
15852
17125
  end
15853
17126
 
17127
+ # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
17128
+ # data as a hash:
17129
+ #
17130
+ # {
17131
+ # admin_account_id: "NonEmptyString", # required
17132
+ # }
17133
+ #
17134
+ # @!attribute [rw] admin_account_id
17135
+ # The AWS account identifier of the account to designate as the
17136
+ # Security Hub administrator account.
17137
+ # @return [String]
17138
+ #
17139
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountRequest AWS API Documentation
17140
+ #
17141
+ class EnableOrganizationAdminAccountRequest < Struct.new(
17142
+ :admin_account_id)
17143
+ SENSITIVE = []
17144
+ include Aws::Structure
17145
+ end
17146
+
17147
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
17148
+ #
17149
+ class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
17150
+
15854
17151
  # @note When making an API call, you may pass EnableSecurityHubRequest
15855
17152
  # data as a hash:
15856
17153
  #
@@ -15886,6 +17183,33 @@ module Aws::SecurityHub
15886
17183
  #
15887
17184
  class EnableSecurityHubResponse < Aws::EmptyStructure; end
15888
17185
 
17186
+ # Provides the latitude and longitude coordinates of a location.
17187
+ #
17188
+ # @note When making an API call, you may pass GeoLocation
17189
+ # data as a hash:
17190
+ #
17191
+ # {
17192
+ # lon: 1.0,
17193
+ # lat: 1.0,
17194
+ # }
17195
+ #
17196
+ # @!attribute [rw] lon
17197
+ # The longitude of the location.
17198
+ # @return [Float]
17199
+ #
17200
+ # @!attribute [rw] lat
17201
+ # The latitude of the location.
17202
+ # @return [Float]
17203
+ #
17204
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GeoLocation AWS API Documentation
17205
+ #
17206
+ class GeoLocation < Struct.new(
17207
+ :lon,
17208
+ :lat)
17209
+ SENSITIVE = []
17210
+ include Aws::Structure
17211
+ end
17212
+
15889
17213
  # @note When making an API call, you may pass GetEnabledStandardsRequest
15890
17214
  # data as a hash:
15891
17215
  #
@@ -16858,8 +18182,9 @@ module Aws::SecurityHub
16858
18182
  include Aws::Structure
16859
18183
  end
16860
18184
 
16861
- # AWS Security Hub isn't enabled for the account used to make this
16862
- # request.
18185
+ # There is an issue with the account used to make the request. Either
18186
+ # Security Hub is not enabled for the account, or the account does not
18187
+ # have permission to perform this action.
16863
18188
  #
16864
18189
  # @!attribute [rw] message
16865
18190
  # @return [String]
@@ -16929,7 +18254,7 @@ module Aws::SecurityHub
16929
18254
  # data as a hash:
16930
18255
  #
16931
18256
  # {
16932
- # account_ids: ["NonEmptyString"],
18257
+ # account_ids: ["NonEmptyString"], # required
16933
18258
  # }
16934
18259
  #
16935
18260
  # @!attribute [rw] account_ids
@@ -16979,6 +18304,45 @@ module Aws::SecurityHub
16979
18304
  include Aws::Structure
16980
18305
  end
16981
18306
 
18307
+ # Provides information about an internet provider.
18308
+ #
18309
+ # @note When making an API call, you may pass IpOrganizationDetails
18310
+ # data as a hash:
18311
+ #
18312
+ # {
18313
+ # asn: 1,
18314
+ # asn_org: "NonEmptyString",
18315
+ # isp: "NonEmptyString",
18316
+ # org: "NonEmptyString",
18317
+ # }
18318
+ #
18319
+ # @!attribute [rw] asn
18320
+ # The Autonomous System Number (ASN) of the internet provider
18321
+ # @return [Integer]
18322
+ #
18323
+ # @!attribute [rw] asn_org
18324
+ # The name of the organization that registered the ASN.
18325
+ # @return [String]
18326
+ #
18327
+ # @!attribute [rw] isp
18328
+ # The ISP information for the internet provider.
18329
+ # @return [String]
18330
+ #
18331
+ # @!attribute [rw] org
18332
+ # The name of the internet provider.
18333
+ # @return [String]
18334
+ #
18335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IpOrganizationDetails AWS API Documentation
18336
+ #
18337
+ class IpOrganizationDetails < Struct.new(
18338
+ :asn,
18339
+ :asn_org,
18340
+ :isp,
18341
+ :org)
18342
+ SENSITIVE = []
18343
+ include Aws::Structure
18344
+ end
18345
+
16982
18346
  # An IPV6 CIDR block association.
16983
18347
  #
16984
18348
  # @note When making an API call, you may pass Ipv6CidrBlockAssociation
@@ -17034,8 +18398,8 @@ module Aws::SecurityHub
17034
18398
  end
17035
18399
 
17036
18400
  # The request was rejected because it attempted to create resources
17037
- # beyond the current AWS account limits. The error code describes the
17038
- # limit exceeded.
18401
+ # beyond the current AWS account or throttling limits. The error code
18402
+ # describes the limit exceeded.
17039
18403
  #
17040
18404
  # @!attribute [rw] message
17041
18405
  # @return [String]
@@ -17165,7 +18529,7 @@ module Aws::SecurityHub
17165
18529
  #
17166
18530
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
17167
18531
  # accounts whose relationship status with the master is set to
17168
- # `ENABLED` or `DISABLED`.
18532
+ # `ENABLED`.
17169
18533
  #
17170
18534
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
17171
18535
  # existing member accounts.
@@ -17211,6 +18575,52 @@ module Aws::SecurityHub
17211
18575
  include Aws::Structure
17212
18576
  end
17213
18577
 
18578
+ # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest
18579
+ # data as a hash:
18580
+ #
18581
+ # {
18582
+ # max_results: 1,
18583
+ # next_token: "NextToken",
18584
+ # }
18585
+ #
18586
+ # @!attribute [rw] max_results
18587
+ # The maximum number of items to return in the response.
18588
+ # @return [Integer]
18589
+ #
18590
+ # @!attribute [rw] next_token
18591
+ # The token that is required for pagination. On your first call to the
18592
+ # `ListOrganizationAdminAccounts` operation, set the value of this
18593
+ # parameter to `NULL`. For subsequent calls to the operation, to
18594
+ # continue listing data, set the value of this parameter to the value
18595
+ # returned from the previous response.
18596
+ # @return [String]
18597
+ #
18598
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsRequest AWS API Documentation
18599
+ #
18600
+ class ListOrganizationAdminAccountsRequest < Struct.new(
18601
+ :max_results,
18602
+ :next_token)
18603
+ SENSITIVE = []
18604
+ include Aws::Structure
18605
+ end
18606
+
18607
+ # @!attribute [rw] admin_accounts
18608
+ # The list of Security Hub administrator accounts.
18609
+ # @return [Array<Types::AdminAccount>]
18610
+ #
18611
+ # @!attribute [rw] next_token
18612
+ # The pagination token to use to request the next page of results.
18613
+ # @return [String]
18614
+ #
18615
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsResponse AWS API Documentation
18616
+ #
18617
+ class ListOrganizationAdminAccountsResponse < Struct.new(
18618
+ :admin_accounts,
18619
+ :next_token)
18620
+ SENSITIVE = []
18621
+ include Aws::Structure
18622
+ end
18623
+
17214
18624
  # @note When making an API call, you may pass ListTagsForResourceRequest
17215
18625
  # data as a hash:
17216
18626
  #
@@ -17401,8 +18811,9 @@ module Aws::SecurityHub
17401
18811
  # account. The member account has not yet responded to the
17402
18812
  # invitation.
17403
18813
  #
17404
- # * `ASSOCIATED` - Indicates that the member account accepted the
17405
- # invitation.
18814
+ # * `ENABLED` - Indicates that the member account is currently active.
18815
+ # For manually invited member accounts, indicates that the member
18816
+ # account accepted the invitation.
17406
18817
  #
17407
18818
  # * `REMOVED` - Indicates that the master account disassociated the
17408
18819
  # member account.
@@ -17533,6 +18944,84 @@ module Aws::SecurityHub
17533
18944
  include Aws::Structure
17534
18945
  end
17535
18946
 
18947
+ # Provided if `ActionType` is `NETWORK_CONNECTION`. It provides details
18948
+ # about the attempted network connection that was detected.
18949
+ #
18950
+ # @note When making an API call, you may pass NetworkConnectionAction
18951
+ # data as a hash:
18952
+ #
18953
+ # {
18954
+ # connection_direction: "NonEmptyString",
18955
+ # remote_ip_details: {
18956
+ # ip_address_v4: "NonEmptyString",
18957
+ # organization: {
18958
+ # asn: 1,
18959
+ # asn_org: "NonEmptyString",
18960
+ # isp: "NonEmptyString",
18961
+ # org: "NonEmptyString",
18962
+ # },
18963
+ # country: {
18964
+ # country_code: "NonEmptyString",
18965
+ # country_name: "NonEmptyString",
18966
+ # },
18967
+ # city: {
18968
+ # city_name: "NonEmptyString",
18969
+ # },
18970
+ # geo_location: {
18971
+ # lon: 1.0,
18972
+ # lat: 1.0,
18973
+ # },
18974
+ # },
18975
+ # remote_port_details: {
18976
+ # port: 1,
18977
+ # port_name: "NonEmptyString",
18978
+ # },
18979
+ # local_port_details: {
18980
+ # port: 1,
18981
+ # port_name: "NonEmptyString",
18982
+ # },
18983
+ # protocol: "NonEmptyString",
18984
+ # blocked: false,
18985
+ # }
18986
+ #
18987
+ # @!attribute [rw] connection_direction
18988
+ # The direction of the network connection request (`IN` or `OUT`).
18989
+ # @return [String]
18990
+ #
18991
+ # @!attribute [rw] remote_ip_details
18992
+ # Information about the remote IP address that issued the network
18993
+ # connection request.
18994
+ # @return [Types::ActionRemoteIpDetails]
18995
+ #
18996
+ # @!attribute [rw] remote_port_details
18997
+ # Information about the port on the remote IP address.
18998
+ # @return [Types::ActionRemotePortDetails]
18999
+ #
19000
+ # @!attribute [rw] local_port_details
19001
+ # Information about the port on the EC2 instance.
19002
+ # @return [Types::ActionLocalPortDetails]
19003
+ #
19004
+ # @!attribute [rw] protocol
19005
+ # The protocol used to make the network connection request.
19006
+ # @return [String]
19007
+ #
19008
+ # @!attribute [rw] blocked
19009
+ # Indicates whether the network connection attempt was blocked.
19010
+ # @return [Boolean]
19011
+ #
19012
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkConnectionAction AWS API Documentation
19013
+ #
19014
+ class NetworkConnectionAction < Struct.new(
19015
+ :connection_direction,
19016
+ :remote_ip_details,
19017
+ :remote_port_details,
19018
+ :local_port_details,
19019
+ :protocol,
19020
+ :blocked)
19021
+ SENSITIVE = []
19022
+ include Aws::Structure
19023
+ end
19024
+
17536
19025
  # Details about a network path component that occurs before or after the
17537
19026
  # current component.
17538
19027
  #
@@ -17908,6 +19397,126 @@ module Aws::SecurityHub
17908
19397
  include Aws::Structure
17909
19398
  end
17910
19399
 
19400
+ # Provided if `ActionType` is `PORT_PROBE`. It provides details about
19401
+ # the attempted port probe that was detected.
19402
+ #
19403
+ # @note When making an API call, you may pass PortProbeAction
19404
+ # data as a hash:
19405
+ #
19406
+ # {
19407
+ # port_probe_details: [
19408
+ # {
19409
+ # local_port_details: {
19410
+ # port: 1,
19411
+ # port_name: "NonEmptyString",
19412
+ # },
19413
+ # local_ip_details: {
19414
+ # ip_address_v4: "NonEmptyString",
19415
+ # },
19416
+ # remote_ip_details: {
19417
+ # ip_address_v4: "NonEmptyString",
19418
+ # organization: {
19419
+ # asn: 1,
19420
+ # asn_org: "NonEmptyString",
19421
+ # isp: "NonEmptyString",
19422
+ # org: "NonEmptyString",
19423
+ # },
19424
+ # country: {
19425
+ # country_code: "NonEmptyString",
19426
+ # country_name: "NonEmptyString",
19427
+ # },
19428
+ # city: {
19429
+ # city_name: "NonEmptyString",
19430
+ # },
19431
+ # geo_location: {
19432
+ # lon: 1.0,
19433
+ # lat: 1.0,
19434
+ # },
19435
+ # },
19436
+ # },
19437
+ # ],
19438
+ # blocked: false,
19439
+ # }
19440
+ #
19441
+ # @!attribute [rw] port_probe_details
19442
+ # Information about the ports affected by the port probe.
19443
+ # @return [Array<Types::PortProbeDetail>]
19444
+ #
19445
+ # @!attribute [rw] blocked
19446
+ # Indicates whether the port probe was blocked.
19447
+ # @return [Boolean]
19448
+ #
19449
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeAction AWS API Documentation
19450
+ #
19451
+ class PortProbeAction < Struct.new(
19452
+ :port_probe_details,
19453
+ :blocked)
19454
+ SENSITIVE = []
19455
+ include Aws::Structure
19456
+ end
19457
+
19458
+ # A port scan that was part of the port probe. For each scan,
19459
+ # PortProbeDetails provides information about the local IP address and
19460
+ # port that were scanned, and the remote IP address that the scan
19461
+ # originated from.
19462
+ #
19463
+ # @note When making an API call, you may pass PortProbeDetail
19464
+ # data as a hash:
19465
+ #
19466
+ # {
19467
+ # local_port_details: {
19468
+ # port: 1,
19469
+ # port_name: "NonEmptyString",
19470
+ # },
19471
+ # local_ip_details: {
19472
+ # ip_address_v4: "NonEmptyString",
19473
+ # },
19474
+ # remote_ip_details: {
19475
+ # ip_address_v4: "NonEmptyString",
19476
+ # organization: {
19477
+ # asn: 1,
19478
+ # asn_org: "NonEmptyString",
19479
+ # isp: "NonEmptyString",
19480
+ # org: "NonEmptyString",
19481
+ # },
19482
+ # country: {
19483
+ # country_code: "NonEmptyString",
19484
+ # country_name: "NonEmptyString",
19485
+ # },
19486
+ # city: {
19487
+ # city_name: "NonEmptyString",
19488
+ # },
19489
+ # geo_location: {
19490
+ # lon: 1.0,
19491
+ # lat: 1.0,
19492
+ # },
19493
+ # },
19494
+ # }
19495
+ #
19496
+ # @!attribute [rw] local_port_details
19497
+ # Provides information about the port that was scanned.
19498
+ # @return [Types::ActionLocalPortDetails]
19499
+ #
19500
+ # @!attribute [rw] local_ip_details
19501
+ # Provides information about the IP address where the scanned port is
19502
+ # located.
19503
+ # @return [Types::ActionLocalIpDetails]
19504
+ #
19505
+ # @!attribute [rw] remote_ip_details
19506
+ # Provides information about the remote IP address that performed the
19507
+ # scan.
19508
+ # @return [Types::ActionRemoteIpDetails]
19509
+ #
19510
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeDetail AWS API Documentation
19511
+ #
19512
+ class PortProbeDetail < Struct.new(
19513
+ :local_port_details,
19514
+ :local_ip_details,
19515
+ :remote_ip_details)
19516
+ SENSITIVE = []
19517
+ include Aws::Structure
19518
+ end
19519
+
17911
19520
  # A range of ports.
17912
19521
  #
17913
19522
  # @note When making an API call, you may pass PortRange
@@ -18270,6 +19879,19 @@ module Aws::SecurityHub
18270
19879
  # },
18271
19880
  # ],
18272
19881
  # source_dest_check: false,
19882
+ # ip_v6_addresses: [
19883
+ # {
19884
+ # ip_v6_address: "NonEmptyString",
19885
+ # },
19886
+ # ],
19887
+ # private_ip_addresses: [
19888
+ # {
19889
+ # private_ip_address: "NonEmptyString",
19890
+ # private_dns_name: "NonEmptyString",
19891
+ # },
19892
+ # ],
19893
+ # public_dns_name: "NonEmptyString",
19894
+ # public_ip: "NonEmptyString",
18273
19895
  # },
18274
19896
  # aws_ec2_security_group: {
18275
19897
  # group_name: "NonEmptyString",
@@ -18770,6 +20392,30 @@ module Aws::SecurityHub
18770
20392
  # sns_topic_name: "NonEmptyString",
18771
20393
  # trail_arn: "NonEmptyString",
18772
20394
  # },
20395
+ # aws_ssm_patch_compliance: {
20396
+ # patch: {
20397
+ # compliance_summary: {
20398
+ # status: "NonEmptyString",
20399
+ # compliant_critical_count: 1,
20400
+ # compliant_high_count: 1,
20401
+ # compliant_medium_count: 1,
20402
+ # execution_type: "NonEmptyString",
20403
+ # non_compliant_critical_count: 1,
20404
+ # compliant_informational_count: 1,
20405
+ # non_compliant_informational_count: 1,
20406
+ # compliant_unspecified_count: 1,
20407
+ # non_compliant_low_count: 1,
20408
+ # non_compliant_high_count: 1,
20409
+ # compliant_low_count: 1,
20410
+ # compliance_type: "NonEmptyString",
20411
+ # patch_baseline_id: "NonEmptyString",
20412
+ # overall_severity: "NonEmptyString",
20413
+ # non_compliant_medium_count: 1,
20414
+ # non_compliant_unspecified_count: 1,
20415
+ # patch_group: "NonEmptyString",
20416
+ # },
20417
+ # },
20418
+ # },
18773
20419
  # aws_certificate_manager_certificate: {
18774
20420
  # certificate_authority_arn: "NonEmptyString",
18775
20421
  # created_at: "NonEmptyString",
@@ -19500,6 +21146,8 @@ module Aws::SecurityHub
19500
21146
  # @return [String]
19501
21147
  #
19502
21148
  # @!attribute [rw] resource_role
21149
+ # Identifies the role of the resource in the finding. A resource is
21150
+ # either the actor or target of the finding activity,
19503
21151
  # @return [String]
19504
21152
  #
19505
21153
  # @!attribute [rw] tags
@@ -19669,6 +21317,19 @@ module Aws::SecurityHub
19669
21317
  # },
19670
21318
  # ],
19671
21319
  # source_dest_check: false,
21320
+ # ip_v6_addresses: [
21321
+ # {
21322
+ # ip_v6_address: "NonEmptyString",
21323
+ # },
21324
+ # ],
21325
+ # private_ip_addresses: [
21326
+ # {
21327
+ # private_ip_address: "NonEmptyString",
21328
+ # private_dns_name: "NonEmptyString",
21329
+ # },
21330
+ # ],
21331
+ # public_dns_name: "NonEmptyString",
21332
+ # public_ip: "NonEmptyString",
19672
21333
  # },
19673
21334
  # aws_ec2_security_group: {
19674
21335
  # group_name: "NonEmptyString",
@@ -20169,6 +21830,30 @@ module Aws::SecurityHub
20169
21830
  # sns_topic_name: "NonEmptyString",
20170
21831
  # trail_arn: "NonEmptyString",
20171
21832
  # },
21833
+ # aws_ssm_patch_compliance: {
21834
+ # patch: {
21835
+ # compliance_summary: {
21836
+ # status: "NonEmptyString",
21837
+ # compliant_critical_count: 1,
21838
+ # compliant_high_count: 1,
21839
+ # compliant_medium_count: 1,
21840
+ # execution_type: "NonEmptyString",
21841
+ # non_compliant_critical_count: 1,
21842
+ # compliant_informational_count: 1,
21843
+ # non_compliant_informational_count: 1,
21844
+ # compliant_unspecified_count: 1,
21845
+ # non_compliant_low_count: 1,
21846
+ # non_compliant_high_count: 1,
21847
+ # compliant_low_count: 1,
21848
+ # compliance_type: "NonEmptyString",
21849
+ # patch_baseline_id: "NonEmptyString",
21850
+ # overall_severity: "NonEmptyString",
21851
+ # non_compliant_medium_count: 1,
21852
+ # non_compliant_unspecified_count: 1,
21853
+ # patch_group: "NonEmptyString",
21854
+ # },
21855
+ # },
21856
+ # },
20172
21857
  # aws_certificate_manager_certificate: {
20173
21858
  # certificate_authority_arn: "NonEmptyString",
20174
21859
  # created_at: "NonEmptyString",
@@ -20943,9 +22628,11 @@ module Aws::SecurityHub
20943
22628
  # @return [Types::AwsIamPolicyDetails]
20944
22629
  #
20945
22630
  # @!attribute [rw] aws_api_gateway_v2_stage
22631
+ # Provides information about a version 2 stage for Amazon API Gateway.
20946
22632
  # @return [Types::AwsApiGatewayV2StageDetails]
20947
22633
  #
20948
22634
  # @!attribute [rw] aws_api_gateway_v2_api
22635
+ # Provides information about a version 2 API in Amazon API Gateway.
20949
22636
  # @return [Types::AwsApiGatewayV2ApiDetails]
20950
22637
  #
20951
22638
  # @!attribute [rw] aws_dynamo_db_table
@@ -20953,24 +22640,37 @@ module Aws::SecurityHub
20953
22640
  # @return [Types::AwsDynamoDbTableDetails]
20954
22641
  #
20955
22642
  # @!attribute [rw] aws_api_gateway_stage
22643
+ # Provides information about a version 1 Amazon API Gateway stage.
20956
22644
  # @return [Types::AwsApiGatewayStageDetails]
20957
22645
  #
20958
22646
  # @!attribute [rw] aws_api_gateway_rest_api
22647
+ # Provides information about a REST API in version 1 of Amazon API
22648
+ # Gateway.
20959
22649
  # @return [Types::AwsApiGatewayRestApiDetails]
20960
22650
  #
20961
22651
  # @!attribute [rw] aws_cloud_trail_trail
22652
+ # Provides details about a CloudTrail trail.
20962
22653
  # @return [Types::AwsCloudTrailTrailDetails]
20963
22654
  #
22655
+ # @!attribute [rw] aws_ssm_patch_compliance
22656
+ # Provides information about the state of a patch on an instance based
22657
+ # on the patch baseline that was used to patch the instance.
22658
+ # @return [Types::AwsSsmPatchComplianceDetails]
22659
+ #
20964
22660
  # @!attribute [rw] aws_certificate_manager_certificate
22661
+ # Provides details about an AWS Certificate Manager (ACM) certificate.
20965
22662
  # @return [Types::AwsCertificateManagerCertificateDetails]
20966
22663
  #
20967
22664
  # @!attribute [rw] aws_redshift_cluster
22665
+ # Contains details about an Amazon Redshift cluster.
20968
22666
  # @return [Types::AwsRedshiftClusterDetails]
20969
22667
  #
20970
22668
  # @!attribute [rw] aws_elb_load_balancer
22669
+ # contains details about a Classic Load Balancer.
20971
22670
  # @return [Types::AwsElbLoadBalancerDetails]
20972
22671
  #
20973
22672
  # @!attribute [rw] aws_iam_group
22673
+ # Contains details about an IAM group.
20974
22674
  # @return [Types::AwsIamGroupDetails]
20975
22675
  #
20976
22676
  # @!attribute [rw] aws_iam_role
@@ -21061,6 +22761,7 @@ module Aws::SecurityHub
21061
22761
  :aws_api_gateway_stage,
21062
22762
  :aws_api_gateway_rest_api,
21063
22763
  :aws_cloud_trail_trail,
22764
+ :aws_ssm_patch_compliance,
21064
22765
  :aws_certificate_manager_certificate,
21065
22766
  :aws_redshift_cluster,
21066
22767
  :aws_elb_load_balancer,
@@ -21121,9 +22822,9 @@ module Aws::SecurityHub
21121
22822
 
21122
22823
  # The severity of the finding.
21123
22824
  #
21124
- # The finding provider can provide the initial severity, but cannot
21125
- # update it after that. The severity can only be updated by a master
21126
- # account. It cannot be updated by a member account.
22825
+ # The finding provider can provide the initial severity. The finding
22826
+ # provider can only update the severity if it has not been updated using
22827
+ # `BatchUpdateFindings`.
21127
22828
  #
21128
22829
  # The finding must have either `Label` or `Normalized` populated. If
21129
22830
  # only one of these attributes is populated, then Security Hub
@@ -21465,7 +23166,20 @@ module Aws::SecurityHub
21465
23166
  # @return [Hash<String,String>]
21466
23167
  #
21467
23168
  # @!attribute [rw] standards_status
21468
- # The status of the standards subscription.
23169
+ # The status of the standard subscription.
23170
+ #
23171
+ # The status values are as follows:
23172
+ #
23173
+ # * `PENDING` - Standard is in the process of being enabled.
23174
+ #
23175
+ # * `READY` - Standard is enabled.
23176
+ #
23177
+ # * `INCOMPLETE` - Standard could not be enabled completely. Some
23178
+ # controls may not be available.
23179
+ #
23180
+ # * `DELETING` - Standard is in the process of being disabled.
23181
+ #
23182
+ # * `FAILED` - Standard could not be disabled.
21469
23183
  # @return [String]
21470
23184
  #
21471
23185
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
@@ -22984,6 +24698,36 @@ module Aws::SecurityHub
22984
24698
  #
22985
24699
  class UpdateInsightResponse < Aws::EmptyStructure; end
22986
24700
 
24701
+ # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest
24702
+ # data as a hash:
24703
+ #
24704
+ # {
24705
+ # auto_enable: false, # required
24706
+ # }
24707
+ #
24708
+ # @!attribute [rw] auto_enable
24709
+ # Whether to automatically enable Security Hub for new accounts in the
24710
+ # organization.
24711
+ #
24712
+ # By default, this is `false`, and new accounts are not added
24713
+ # automatically.
24714
+ #
24715
+ # To automatically enable Security Hub for new accounts, set this to
24716
+ # `true`.
24717
+ # @return [Boolean]
24718
+ #
24719
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
24720
+ #
24721
+ class UpdateOrganizationConfigurationRequest < Struct.new(
24722
+ :auto_enable)
24723
+ SENSITIVE = []
24724
+ include Aws::Structure
24725
+ end
24726
+
24727
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationResponse AWS API Documentation
24728
+ #
24729
+ class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
24730
+
22987
24731
  # @note When making an API call, you may pass UpdateSecurityHubConfigurationRequest
22988
24732
  # data as a hash:
22989
24733
  #
@@ -23279,6 +25023,14 @@ module Aws::SecurityHub
23279
25023
  #
23280
25024
  # * `NEW` - The initial state of a finding, before it is reviewed.
23281
25025
  #
25026
+ # Security Hub also resets the workflow status from `NOTIFIED` or
25027
+ # `RESOLVED` to `NEW` in the following cases:
25028
+ #
25029
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
25030
+ #
25031
+ # * `ComplianceStatus` changes from `PASSED` to either `WARNING`,
25032
+ # `FAILED`, or `NOT_AVAILABLE`.
25033
+ #
23282
25034
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23283
25035
  # the security issue. Used when the initial reviewer is not the
23284
25036
  # resource owner, and needs intervention from the resource owner.
@@ -23313,6 +25065,14 @@ module Aws::SecurityHub
23313
25065
  #
23314
25066
  # * `NEW` - The initial state of a finding, before it is reviewed.
23315
25067
  #
25068
+ # Security Hub also resets `WorkFlowStatus` from `NOTIFIED` or
25069
+ # `RESOLVED` to `NEW` in the following cases:
25070
+ #
25071
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
25072
+ #
25073
+ # * The compliance status changes from `PASSED` to either `WARNING`,
25074
+ # `FAILED`, or `NOT_AVAILABLE`.
25075
+ #
23316
25076
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23317
25077
  # the security issue. Used when the initial reviewer is not the
23318
25078
  # resource owner, and needs intervention from the resource owner.