aws-sdk-securityhub 1.35.0 → 1.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -64,7 +64,7 @@ module Aws::SecurityHub
64
64
  # data as a hash:
65
65
  #
66
66
  # {
67
- # account_id: "AccountId",
67
+ # account_id: "AccountId", # required
68
68
  # email: "NonEmptyString",
69
69
  # }
70
70
  #
@@ -85,6 +85,313 @@ module Aws::SecurityHub
85
85
  include Aws::Structure
86
86
  end
87
87
 
88
+ # Provides details about one of the following actions that affects or
89
+ # that was taken on a resource:
90
+ #
91
+ # * A remote IP address issued an AWS API call
92
+ #
93
+ # * A DNS request was received
94
+ #
95
+ # * A remote IP address attempted to connect to an EC2 instance
96
+ #
97
+ # * A remote IP address attempted a port probe on an EC2 instance
98
+ #
99
+ # @note When making an API call, you may pass Action
100
+ # data as a hash:
101
+ #
102
+ # {
103
+ # action_type: "NonEmptyString",
104
+ # network_connection_action: {
105
+ # connection_direction: "NonEmptyString",
106
+ # remote_ip_details: {
107
+ # ip_address_v4: "NonEmptyString",
108
+ # organization: {
109
+ # asn: 1,
110
+ # asn_org: "NonEmptyString",
111
+ # isp: "NonEmptyString",
112
+ # org: "NonEmptyString",
113
+ # },
114
+ # country: {
115
+ # country_code: "NonEmptyString",
116
+ # country_name: "NonEmptyString",
117
+ # },
118
+ # city: {
119
+ # city_name: "NonEmptyString",
120
+ # },
121
+ # geo_location: {
122
+ # lon: 1.0,
123
+ # lat: 1.0,
124
+ # },
125
+ # },
126
+ # remote_port_details: {
127
+ # port: 1,
128
+ # port_name: "NonEmptyString",
129
+ # },
130
+ # local_port_details: {
131
+ # port: 1,
132
+ # port_name: "NonEmptyString",
133
+ # },
134
+ # protocol: "NonEmptyString",
135
+ # blocked: false,
136
+ # },
137
+ # aws_api_call_action: {
138
+ # api: "NonEmptyString",
139
+ # service_name: "NonEmptyString",
140
+ # caller_type: "NonEmptyString",
141
+ # remote_ip_details: {
142
+ # ip_address_v4: "NonEmptyString",
143
+ # organization: {
144
+ # asn: 1,
145
+ # asn_org: "NonEmptyString",
146
+ # isp: "NonEmptyString",
147
+ # org: "NonEmptyString",
148
+ # },
149
+ # country: {
150
+ # country_code: "NonEmptyString",
151
+ # country_name: "NonEmptyString",
152
+ # },
153
+ # city: {
154
+ # city_name: "NonEmptyString",
155
+ # },
156
+ # geo_location: {
157
+ # lon: 1.0,
158
+ # lat: 1.0,
159
+ # },
160
+ # },
161
+ # domain_details: {
162
+ # domain: "NonEmptyString",
163
+ # },
164
+ # affected_resources: {
165
+ # "NonEmptyString" => "NonEmptyString",
166
+ # },
167
+ # first_seen: "NonEmptyString",
168
+ # last_seen: "NonEmptyString",
169
+ # },
170
+ # dns_request_action: {
171
+ # domain: "NonEmptyString",
172
+ # protocol: "NonEmptyString",
173
+ # blocked: false,
174
+ # },
175
+ # port_probe_action: {
176
+ # port_probe_details: [
177
+ # {
178
+ # local_port_details: {
179
+ # port: 1,
180
+ # port_name: "NonEmptyString",
181
+ # },
182
+ # local_ip_details: {
183
+ # ip_address_v4: "NonEmptyString",
184
+ # },
185
+ # remote_ip_details: {
186
+ # ip_address_v4: "NonEmptyString",
187
+ # organization: {
188
+ # asn: 1,
189
+ # asn_org: "NonEmptyString",
190
+ # isp: "NonEmptyString",
191
+ # org: "NonEmptyString",
192
+ # },
193
+ # country: {
194
+ # country_code: "NonEmptyString",
195
+ # country_name: "NonEmptyString",
196
+ # },
197
+ # city: {
198
+ # city_name: "NonEmptyString",
199
+ # },
200
+ # geo_location: {
201
+ # lon: 1.0,
202
+ # lat: 1.0,
203
+ # },
204
+ # },
205
+ # },
206
+ # ],
207
+ # blocked: false,
208
+ # },
209
+ # }
210
+ #
211
+ # @!attribute [rw] action_type
212
+ # The type of action that was detected. The possible action types are:
213
+ #
214
+ # * `NETWORK_CONNECTION`
215
+ #
216
+ # * `AWS_API_CALL`
217
+ #
218
+ # * `DNS_REQUEST`
219
+ #
220
+ # * `PORT_PROBE`
221
+ # @return [String]
222
+ #
223
+ # @!attribute [rw] network_connection_action
224
+ # Included if `ActionType` is `NETWORK_CONNECTION`. Provides details
225
+ # about the network connection that was detected.
226
+ # @return [Types::NetworkConnectionAction]
227
+ #
228
+ # @!attribute [rw] aws_api_call_action
229
+ # Included if `ActionType` is `AWS_API_CALL`. Provides details about
230
+ # the API call that was detected.
231
+ # @return [Types::AwsApiCallAction]
232
+ #
233
+ # @!attribute [rw] dns_request_action
234
+ # Included if `ActionType` is `DNS_REQUEST`. Provides details about
235
+ # the DNS request that was detected.
236
+ # @return [Types::DnsRequestAction]
237
+ #
238
+ # @!attribute [rw] port_probe_action
239
+ # Included if `ActionType` is `PORT_PROBE`. Provides details about the
240
+ # port probe that was detected.
241
+ # @return [Types::PortProbeAction]
242
+ #
243
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Action AWS API Documentation
244
+ #
245
+ class Action < Struct.new(
246
+ :action_type,
247
+ :network_connection_action,
248
+ :aws_api_call_action,
249
+ :dns_request_action,
250
+ :port_probe_action)
251
+ SENSITIVE = []
252
+ include Aws::Structure
253
+ end
254
+
255
+ # Provides information about the IP address where the scanned port is
256
+ # located.
257
+ #
258
+ # @note When making an API call, you may pass ActionLocalIpDetails
259
+ # data as a hash:
260
+ #
261
+ # {
262
+ # ip_address_v4: "NonEmptyString",
263
+ # }
264
+ #
265
+ # @!attribute [rw] ip_address_v4
266
+ # The IP address.
267
+ # @return [String]
268
+ #
269
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalIpDetails AWS API Documentation
270
+ #
271
+ class ActionLocalIpDetails < Struct.new(
272
+ :ip_address_v4)
273
+ SENSITIVE = []
274
+ include Aws::Structure
275
+ end
276
+
277
+ # For `NetworkConnectionAction` and `PortProbeDetails`,
278
+ # `LocalPortDetails` provides information about the local port that was
279
+ # involved in the action.
280
+ #
281
+ # @note When making an API call, you may pass ActionLocalPortDetails
282
+ # data as a hash:
283
+ #
284
+ # {
285
+ # port: 1,
286
+ # port_name: "NonEmptyString",
287
+ # }
288
+ #
289
+ # @!attribute [rw] port
290
+ # The number of the port.
291
+ # @return [Integer]
292
+ #
293
+ # @!attribute [rw] port_name
294
+ # The port name of the local connection.
295
+ # @return [String]
296
+ #
297
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalPortDetails AWS API Documentation
298
+ #
299
+ class ActionLocalPortDetails < Struct.new(
300
+ :port,
301
+ :port_name)
302
+ SENSITIVE = []
303
+ include Aws::Structure
304
+ end
305
+
306
+ # For `AwsApiAction`, `NetworkConnectionAction`, and `PortProbeAction`,
307
+ # `RemoteIpDetails` provides information about the remote IP address
308
+ # that was involved in the action.
309
+ #
310
+ # @note When making an API call, you may pass ActionRemoteIpDetails
311
+ # data as a hash:
312
+ #
313
+ # {
314
+ # ip_address_v4: "NonEmptyString",
315
+ # organization: {
316
+ # asn: 1,
317
+ # asn_org: "NonEmptyString",
318
+ # isp: "NonEmptyString",
319
+ # org: "NonEmptyString",
320
+ # },
321
+ # country: {
322
+ # country_code: "NonEmptyString",
323
+ # country_name: "NonEmptyString",
324
+ # },
325
+ # city: {
326
+ # city_name: "NonEmptyString",
327
+ # },
328
+ # geo_location: {
329
+ # lon: 1.0,
330
+ # lat: 1.0,
331
+ # },
332
+ # }
333
+ #
334
+ # @!attribute [rw] ip_address_v4
335
+ # The IP address.
336
+ # @return [String]
337
+ #
338
+ # @!attribute [rw] organization
339
+ # The internet service provider (ISP) organization associated with the
340
+ # remote IP address.
341
+ # @return [Types::IpOrganizationDetails]
342
+ #
343
+ # @!attribute [rw] country
344
+ # The country where the remote IP address is located.
345
+ # @return [Types::Country]
346
+ #
347
+ # @!attribute [rw] city
348
+ # The city where the remote IP address is located.
349
+ # @return [Types::City]
350
+ #
351
+ # @!attribute [rw] geo_location
352
+ # The coordinates of the location of the remote IP address.
353
+ # @return [Types::GeoLocation]
354
+ #
355
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemoteIpDetails AWS API Documentation
356
+ #
357
+ class ActionRemoteIpDetails < Struct.new(
358
+ :ip_address_v4,
359
+ :organization,
360
+ :country,
361
+ :city,
362
+ :geo_location)
363
+ SENSITIVE = []
364
+ include Aws::Structure
365
+ end
366
+
367
+ # Provides information about the remote port that was involved in an
368
+ # attempted network connection.
369
+ #
370
+ # @note When making an API call, you may pass ActionRemotePortDetails
371
+ # data as a hash:
372
+ #
373
+ # {
374
+ # port: 1,
375
+ # port_name: "NonEmptyString",
376
+ # }
377
+ #
378
+ # @!attribute [rw] port
379
+ # The number of the port.
380
+ # @return [Integer]
381
+ #
382
+ # @!attribute [rw] port_name
383
+ # The port name of the remote connection.
384
+ # @return [String]
385
+ #
386
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemotePortDetails AWS API Documentation
387
+ #
388
+ class ActionRemotePortDetails < Struct.new(
389
+ :port,
390
+ :port_name)
391
+ SENSITIVE = []
392
+ include Aws::Structure
393
+ end
394
+
88
395
  # An `ActionTarget` object.
89
396
  #
90
397
  # @!attribute [rw] action_target_arn
@@ -109,6 +416,29 @@ module Aws::SecurityHub
109
416
  include Aws::Structure
110
417
  end
111
418
 
419
+ # Represents a Security Hub administrator account designated by an
420
+ # organization management account.
421
+ #
422
+ # @!attribute [rw] account_id
423
+ # The AWS account identifier of the Security Hub administrator
424
+ # account.
425
+ # @return [String]
426
+ #
427
+ # @!attribute [rw] status
428
+ # The current status of the Security Hub administrator account.
429
+ # Indicates whether the account is currently enabled as a Security Hub
430
+ # administrator.
431
+ # @return [String]
432
+ #
433
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AdminAccount AWS API Documentation
434
+ #
435
+ class AdminAccount < Struct.new(
436
+ :account_id,
437
+ :status)
438
+ SENSITIVE = []
439
+ include Aws::Structure
440
+ end
441
+
112
442
  # Information about an Availability Zone.
113
443
  #
114
444
  # @note When making an API call, you may pass AvailabilityZone
@@ -137,6 +467,120 @@ module Aws::SecurityHub
137
467
  include Aws::Structure
138
468
  end
139
469
 
470
+ # Provided if `ActionType` is `AWS_API_CALL`. It provides details about
471
+ # the API call that was detected.
472
+ #
473
+ # @note When making an API call, you may pass AwsApiCallAction
474
+ # data as a hash:
475
+ #
476
+ # {
477
+ # api: "NonEmptyString",
478
+ # service_name: "NonEmptyString",
479
+ # caller_type: "NonEmptyString",
480
+ # remote_ip_details: {
481
+ # ip_address_v4: "NonEmptyString",
482
+ # organization: {
483
+ # asn: 1,
484
+ # asn_org: "NonEmptyString",
485
+ # isp: "NonEmptyString",
486
+ # org: "NonEmptyString",
487
+ # },
488
+ # country: {
489
+ # country_code: "NonEmptyString",
490
+ # country_name: "NonEmptyString",
491
+ # },
492
+ # city: {
493
+ # city_name: "NonEmptyString",
494
+ # },
495
+ # geo_location: {
496
+ # lon: 1.0,
497
+ # lat: 1.0,
498
+ # },
499
+ # },
500
+ # domain_details: {
501
+ # domain: "NonEmptyString",
502
+ # },
503
+ # affected_resources: {
504
+ # "NonEmptyString" => "NonEmptyString",
505
+ # },
506
+ # first_seen: "NonEmptyString",
507
+ # last_seen: "NonEmptyString",
508
+ # }
509
+ #
510
+ # @!attribute [rw] api
511
+ # The name of the API method that was issued.
512
+ # @return [String]
513
+ #
514
+ # @!attribute [rw] service_name
515
+ # The name of the AWS service that the API method belongs to.
516
+ # @return [String]
517
+ #
518
+ # @!attribute [rw] caller_type
519
+ # Indicates whether the API call originated from a remote IP address
520
+ # (`remoteip`) or from a DNS domain (`domain`).
521
+ # @return [String]
522
+ #
523
+ # @!attribute [rw] remote_ip_details
524
+ # Provided if `CallerType` is `remoteIp`. Provides information about
525
+ # the remote IP address that the API call originated from.
526
+ # @return [Types::ActionRemoteIpDetails]
527
+ #
528
+ # @!attribute [rw] domain_details
529
+ # Provided if `CallerType` is `domain`. Provides information about the
530
+ # DNS domain that the API call originated from.
531
+ # @return [Types::AwsApiCallActionDomainDetails]
532
+ #
533
+ # @!attribute [rw] affected_resources
534
+ # Identifies the resources that were affected by the API call.
535
+ # @return [Hash<String,String>]
536
+ #
537
+ # @!attribute [rw] first_seen
538
+ # An ISO8601-formatted timestamp that indicates when the API call was
539
+ # first observed.
540
+ # @return [String]
541
+ #
542
+ # @!attribute [rw] last_seen
543
+ # An ISO8601-formatted timestamp that indicates when the API call was
544
+ # most recently observed.
545
+ # @return [String]
546
+ #
547
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallAction AWS API Documentation
548
+ #
549
+ class AwsApiCallAction < Struct.new(
550
+ :api,
551
+ :service_name,
552
+ :caller_type,
553
+ :remote_ip_details,
554
+ :domain_details,
555
+ :affected_resources,
556
+ :first_seen,
557
+ :last_seen)
558
+ SENSITIVE = []
559
+ include Aws::Structure
560
+ end
561
+
562
+ # Provided if `CallerType` is `domain`. It provides information about
563
+ # the DNS domain that issued the API call.
564
+ #
565
+ # @note When making an API call, you may pass AwsApiCallActionDomainDetails
566
+ # data as a hash:
567
+ #
568
+ # {
569
+ # domain: "NonEmptyString",
570
+ # }
571
+ #
572
+ # @!attribute [rw] domain
573
+ # The name of the DNS domain that issued the API call.
574
+ # @return [String]
575
+ #
576
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallActionDomainDetails AWS API Documentation
577
+ #
578
+ class AwsApiCallActionDomainDetails < Struct.new(
579
+ :domain)
580
+ SENSITIVE = []
581
+ include Aws::Structure
582
+ end
583
+
140
584
  # Contains information about settings for logging access for the stage.
141
585
  #
142
586
  # @note When making an API call, you may pass AwsApiGatewayAccessLogSettings
@@ -3465,6 +3909,19 @@ module Aws::SecurityHub
3465
3909
  # },
3466
3910
  # ],
3467
3911
  # source_dest_check: false,
3912
+ # ip_v6_addresses: [
3913
+ # {
3914
+ # ip_v6_address: "NonEmptyString",
3915
+ # },
3916
+ # ],
3917
+ # private_ip_addresses: [
3918
+ # {
3919
+ # private_ip_address: "NonEmptyString",
3920
+ # private_dns_name: "NonEmptyString",
3921
+ # },
3922
+ # ],
3923
+ # public_dns_name: "NonEmptyString",
3924
+ # public_ip: "NonEmptyString",
3468
3925
  # }
3469
3926
  #
3470
3927
  # @!attribute [rw] attachment
@@ -3483,13 +3940,84 @@ module Aws::SecurityHub
3483
3940
  # Indicates whether traffic to or from the instance is validated.
3484
3941
  # @return [Boolean]
3485
3942
  #
3943
+ # @!attribute [rw] ip_v6_addresses
3944
+ # The IPv6 addresses associated with the network interface.
3945
+ # @return [Array<Types::AwsEc2NetworkInterfaceIpV6AddressDetail>]
3946
+ #
3947
+ # @!attribute [rw] private_ip_addresses
3948
+ # The private IPv4 addresses associated with the network interface.
3949
+ # @return [Array<Types::AwsEc2NetworkInterfacePrivateIpAddressDetail>]
3950
+ #
3951
+ # @!attribute [rw] public_dns_name
3952
+ # The public DNS name of the network interface.
3953
+ # @return [String]
3954
+ #
3955
+ # @!attribute [rw] public_ip
3956
+ # The address of the Elastic IP address bound to the network
3957
+ # interface.
3958
+ # @return [String]
3959
+ #
3486
3960
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceDetails AWS API Documentation
3487
3961
  #
3488
3962
  class AwsEc2NetworkInterfaceDetails < Struct.new(
3489
3963
  :attachment,
3490
3964
  :network_interface_id,
3491
3965
  :security_groups,
3492
- :source_dest_check)
3966
+ :source_dest_check,
3967
+ :ip_v6_addresses,
3968
+ :private_ip_addresses,
3969
+ :public_dns_name,
3970
+ :public_ip)
3971
+ SENSITIVE = []
3972
+ include Aws::Structure
3973
+ end
3974
+
3975
+ # Provides information about an IPV6 address that is associated with the
3976
+ # network interface.
3977
+ #
3978
+ # @note When making an API call, you may pass AwsEc2NetworkInterfaceIpV6AddressDetail
3979
+ # data as a hash:
3980
+ #
3981
+ # {
3982
+ # ip_v6_address: "NonEmptyString",
3983
+ # }
3984
+ #
3985
+ # @!attribute [rw] ip_v6_address
3986
+ # The IPV6 address.
3987
+ # @return [String]
3988
+ #
3989
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceIpV6AddressDetail AWS API Documentation
3990
+ #
3991
+ class AwsEc2NetworkInterfaceIpV6AddressDetail < Struct.new(
3992
+ :ip_v6_address)
3993
+ SENSITIVE = []
3994
+ include Aws::Structure
3995
+ end
3996
+
3997
+ # Provides information about a private IPv4 address that is with the
3998
+ # network interface.
3999
+ #
4000
+ # @note When making an API call, you may pass AwsEc2NetworkInterfacePrivateIpAddressDetail
4001
+ # data as a hash:
4002
+ #
4003
+ # {
4004
+ # private_ip_address: "NonEmptyString",
4005
+ # private_dns_name: "NonEmptyString",
4006
+ # }
4007
+ #
4008
+ # @!attribute [rw] private_ip_address
4009
+ # The IP address.
4010
+ # @return [String]
4011
+ #
4012
+ # @!attribute [rw] private_dns_name
4013
+ # The private DNS name for the IP address.
4014
+ # @return [String]
4015
+ #
4016
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfacePrivateIpAddressDetail AWS API Documentation
4017
+ #
4018
+ class AwsEc2NetworkInterfacePrivateIpAddressDetail < Struct.new(
4019
+ :private_ip_address,
4020
+ :private_dns_name)
3493
4021
  SENSITIVE = []
3494
4022
  include Aws::Structure
3495
4023
  end
@@ -6861,6 +7389,8 @@ module Aws::SecurityHub
6861
7389
  # @return [String]
6862
7390
  #
6863
7391
  # @!attribute [rw] engine
7392
+ # The name of the database engine that you want to use for this DB
7393
+ # instance.
6864
7394
  # @return [String]
6865
7395
  #
6866
7396
  # @!attribute [rw] allocated_storage
@@ -7644,6 +8174,8 @@ module Aws::SecurityHub
7644
8174
  include Aws::Structure
7645
8175
  end
7646
8176
 
8177
+ # An option group membership.
8178
+ #
7647
8179
  # @note When making an API call, you may pass AwsRdsDbOptionGroupMembership
7648
8180
  # data as a hash:
7649
8181
  #
@@ -7653,9 +8185,11 @@ module Aws::SecurityHub
7653
8185
  # }
7654
8186
  #
7655
8187
  # @!attribute [rw] option_group_name
8188
+ # The name of the option group.
7656
8189
  # @return [String]
7657
8190
  #
7658
8191
  # @!attribute [rw] status
8192
+ # The status of the option group membership.
7659
8193
  # @return [String]
7660
8194
  #
7661
8195
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbOptionGroupMembership AWS API Documentation
@@ -7667,6 +8201,8 @@ module Aws::SecurityHub
7667
8201
  include Aws::Structure
7668
8202
  end
7669
8203
 
8204
+ # Provides information about a parameter group for a DB instance.
8205
+ #
7670
8206
  # @note When making an API call, you may pass AwsRdsDbParameterGroup
7671
8207
  # data as a hash:
7672
8208
  #
@@ -7676,9 +8212,11 @@ module Aws::SecurityHub
7676
8212
  # }
7677
8213
  #
7678
8214
  # @!attribute [rw] db_parameter_group_name
8215
+ # The name of the parameter group.
7679
8216
  # @return [String]
7680
8217
  #
7681
8218
  # @!attribute [rw] parameter_apply_status
8219
+ # The status of parameter updates.
7682
8220
  # @return [String]
7683
8221
  #
7684
8222
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbParameterGroup AWS API Documentation
@@ -7690,6 +8228,8 @@ module Aws::SecurityHub
7690
8228
  include Aws::Structure
7691
8229
  end
7692
8230
 
8231
+ # Changes to a DB instance that are currently pending.
8232
+ #
7693
8233
  # @note When making an API call, you may pass AwsRdsDbPendingModifiedValues
7694
8234
  # data as a hash:
7695
8235
  #
@@ -7720,48 +8260,64 @@ module Aws::SecurityHub
7720
8260
  # }
7721
8261
  #
7722
8262
  # @!attribute [rw] db_instance_class
8263
+ # The new DB instance class for the DB instance.
7723
8264
  # @return [String]
7724
8265
  #
7725
8266
  # @!attribute [rw] allocated_storage
8267
+ # The new value of the allocated storage for the DB instance.
7726
8268
  # @return [Integer]
7727
8269
  #
7728
8270
  # @!attribute [rw] master_user_password
8271
+ # The new master user password for the DB instance.
7729
8272
  # @return [String]
7730
8273
  #
7731
8274
  # @!attribute [rw] port
8275
+ # The new port for the DB instance.
7732
8276
  # @return [Integer]
7733
8277
  #
7734
8278
  # @!attribute [rw] backup_retention_period
8279
+ # The new backup retention period for the DB instance.
7735
8280
  # @return [Integer]
7736
8281
  #
7737
8282
  # @!attribute [rw] multi_az
8283
+ # Indicates that a single Availability Zone DB instance is changing to
8284
+ # a multiple Availability Zone deployment.
7738
8285
  # @return [Boolean]
7739
8286
  #
7740
8287
  # @!attribute [rw] engine_version
8288
+ # The new engine version for the DB instance.
7741
8289
  # @return [String]
7742
8290
  #
7743
8291
  # @!attribute [rw] license_model
8292
+ # The new license model value for the DB instance.
7744
8293
  # @return [String]
7745
8294
  #
7746
8295
  # @!attribute [rw] iops
8296
+ # The new provisioned IOPS value for the DB instance.
7747
8297
  # @return [Integer]
7748
8298
  #
7749
8299
  # @!attribute [rw] db_instance_identifier
8300
+ # The new DB instance identifier for the DB instance.
7750
8301
  # @return [String]
7751
8302
  #
7752
8303
  # @!attribute [rw] storage_type
8304
+ # The new storage type for the DB instance.
7753
8305
  # @return [String]
7754
8306
  #
7755
8307
  # @!attribute [rw] ca_certificate_identifier
8308
+ # The new CA certificate identifier for the DB instance.
7756
8309
  # @return [String]
7757
8310
  #
7758
8311
  # @!attribute [rw] db_subnet_group_name
8312
+ # The name of the new subnet group for the DB instance.
7759
8313
  # @return [String]
7760
8314
  #
7761
8315
  # @!attribute [rw] pending_cloud_watch_logs_exports
8316
+ # A list of log types that are being enabled or disabled.
7762
8317
  # @return [Types::AwsRdsPendingCloudWatchLogsExports]
7763
8318
  #
7764
8319
  # @!attribute [rw] processor_features
8320
+ # Processor features that are being updated.
7765
8321
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7766
8322
  #
7767
8323
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbPendingModifiedValues AWS API Documentation
@@ -7786,6 +8342,8 @@ module Aws::SecurityHub
7786
8342
  include Aws::Structure
7787
8343
  end
7788
8344
 
8345
+ # A processor feature.
8346
+ #
7789
8347
  # @note When making an API call, you may pass AwsRdsDbProcessorFeature
7790
8348
  # data as a hash:
7791
8349
  #
@@ -7795,9 +8353,11 @@ module Aws::SecurityHub
7795
8353
  # }
7796
8354
  #
7797
8355
  # @!attribute [rw] name
8356
+ # The name of the processor feature.
7798
8357
  # @return [String]
7799
8358
  #
7800
8359
  # @!attribute [rw] value
8360
+ # The value of the processor feature.
7801
8361
  # @return [String]
7802
8362
  #
7803
8363
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbProcessorFeature AWS API Documentation
@@ -7809,6 +8369,8 @@ module Aws::SecurityHub
7809
8369
  include Aws::Structure
7810
8370
  end
7811
8371
 
8372
+ # Provides details about an Amazon RDS DB cluster snapshot.
8373
+ #
7812
8374
  # @note When making an API call, you may pass AwsRdsDbSnapshotDetails
7813
8375
  # data as a hash:
7814
8376
  #
@@ -7848,84 +8410,120 @@ module Aws::SecurityHub
7848
8410
  # }
7849
8411
  #
7850
8412
  # @!attribute [rw] db_snapshot_identifier
8413
+ # The name or ARN of the DB snapshot that is used to restore the DB
8414
+ # instance.
7851
8415
  # @return [String]
7852
8416
  #
7853
8417
  # @!attribute [rw] db_instance_identifier
8418
+ # A name for the DB instance.
7854
8419
  # @return [String]
7855
8420
  #
7856
8421
  # @!attribute [rw] snapshot_create_time
8422
+ # When the snapshot was taken in Coordinated Universal Time (UTC).
7857
8423
  # @return [String]
7858
8424
  #
7859
8425
  # @!attribute [rw] engine
8426
+ # The name of the database engine to use for this DB instance.
7860
8427
  # @return [String]
7861
8428
  #
7862
8429
  # @!attribute [rw] allocated_storage
8430
+ # The amount of storage (in gigabytes) to be initially allocated for
8431
+ # the database instance.
7863
8432
  # @return [Integer]
7864
8433
  #
7865
8434
  # @!attribute [rw] status
8435
+ # The status of this DB snapshot.
7866
8436
  # @return [String]
7867
8437
  #
7868
8438
  # @!attribute [rw] port
8439
+ # The port that the database engine was listening on at the time of
8440
+ # the snapshot.
7869
8441
  # @return [Integer]
7870
8442
  #
7871
8443
  # @!attribute [rw] availability_zone
8444
+ # Specifies the name of the Availability Zone in which the DB instance
8445
+ # was located at the time of the DB snapshot.
7872
8446
  # @return [String]
7873
8447
  #
7874
8448
  # @!attribute [rw] vpc_id
8449
+ # The VPC ID associated with the DB snapshot.
7875
8450
  # @return [String]
7876
8451
  #
7877
8452
  # @!attribute [rw] instance_create_time
8453
+ # Specifies the time in Coordinated Universal Time (UTC) when the DB
8454
+ # instance, from which the snapshot was taken, was created.
7878
8455
  # @return [String]
7879
8456
  #
7880
8457
  # @!attribute [rw] master_username
8458
+ # The master user name for the DB snapshot.
7881
8459
  # @return [String]
7882
8460
  #
7883
8461
  # @!attribute [rw] engine_version
8462
+ # The version of the database engine.
7884
8463
  # @return [String]
7885
8464
  #
7886
8465
  # @!attribute [rw] license_model
8466
+ # License model information for the restored DB instance.
7887
8467
  # @return [String]
7888
8468
  #
7889
8469
  # @!attribute [rw] snapshot_type
8470
+ # The type of the DB snapshot.
7890
8471
  # @return [String]
7891
8472
  #
7892
8473
  # @!attribute [rw] iops
8474
+ # The provisioned IOPS (I/O operations per second) value of the DB
8475
+ # instance at the time of the snapshot.
7893
8476
  # @return [Integer]
7894
8477
  #
7895
8478
  # @!attribute [rw] option_group_name
8479
+ # The option group name for the DB snapshot.
7896
8480
  # @return [String]
7897
8481
  #
7898
8482
  # @!attribute [rw] percent_progress
8483
+ # The percentage of the estimated data that has been transferred.
7899
8484
  # @return [Integer]
7900
8485
  #
7901
8486
  # @!attribute [rw] source_region
8487
+ # The AWS Region that the DB snapshot was created in or copied from.
7902
8488
  # @return [String]
7903
8489
  #
7904
8490
  # @!attribute [rw] source_db_snapshot_identifier
8491
+ # The DB snapshot ARN that the DB snapshot was copied from.
7905
8492
  # @return [String]
7906
8493
  #
7907
8494
  # @!attribute [rw] storage_type
8495
+ # The storage type associated with the DB snapshot.
7908
8496
  # @return [String]
7909
8497
  #
7910
8498
  # @!attribute [rw] tde_credential_arn
8499
+ # The ARN from the key store with which to associate the instance for
8500
+ # TDE encryption.
7911
8501
  # @return [String]
7912
8502
  #
7913
8503
  # @!attribute [rw] encrypted
8504
+ # Whether the DB snapshot is encrypted.
7914
8505
  # @return [Boolean]
7915
8506
  #
7916
8507
  # @!attribute [rw] kms_key_id
8508
+ # If `Encrypted` is `true`, the AWS KMS key identifier for the
8509
+ # encrypted DB snapshot.
7917
8510
  # @return [String]
7918
8511
  #
7919
8512
  # @!attribute [rw] timezone
8513
+ # The time zone of the DB snapshot.
7920
8514
  # @return [String]
7921
8515
  #
7922
8516
  # @!attribute [rw] iam_database_authentication_enabled
8517
+ # Whether mapping of IAM accounts to database accounts is enabled.
7923
8518
  # @return [Boolean]
7924
8519
  #
7925
8520
  # @!attribute [rw] processor_features
8521
+ # The number of CPU cores and the number of threads per core for the
8522
+ # DB instance class of the DB instance.
7926
8523
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7927
8524
  #
7928
8525
  # @!attribute [rw] dbi_resource_id
8526
+ # The identifier for the source DB instance.
7929
8527
  # @return [String]
7930
8528
  #
7931
8529
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSnapshotDetails AWS API Documentation
@@ -9718,6 +10316,19 @@ module Aws::SecurityHub
9718
10316
  # },
9719
10317
  # ],
9720
10318
  # source_dest_check: false,
10319
+ # ip_v6_addresses: [
10320
+ # {
10321
+ # ip_v6_address: "NonEmptyString",
10322
+ # },
10323
+ # ],
10324
+ # private_ip_addresses: [
10325
+ # {
10326
+ # private_ip_address: "NonEmptyString",
10327
+ # private_dns_name: "NonEmptyString",
10328
+ # },
10329
+ # ],
10330
+ # public_dns_name: "NonEmptyString",
10331
+ # public_ip: "NonEmptyString",
9721
10332
  # },
9722
10333
  # aws_ec2_security_group: {
9723
10334
  # group_name: "NonEmptyString",
@@ -10218,6 +10829,30 @@ module Aws::SecurityHub
10218
10829
  # sns_topic_name: "NonEmptyString",
10219
10830
  # trail_arn: "NonEmptyString",
10220
10831
  # },
10832
+ # aws_ssm_patch_compliance: {
10833
+ # patch: {
10834
+ # compliance_summary: {
10835
+ # status: "NonEmptyString",
10836
+ # compliant_critical_count: 1,
10837
+ # compliant_high_count: 1,
10838
+ # compliant_medium_count: 1,
10839
+ # execution_type: "NonEmptyString",
10840
+ # non_compliant_critical_count: 1,
10841
+ # compliant_informational_count: 1,
10842
+ # non_compliant_informational_count: 1,
10843
+ # compliant_unspecified_count: 1,
10844
+ # non_compliant_low_count: 1,
10845
+ # non_compliant_high_count: 1,
10846
+ # compliant_low_count: 1,
10847
+ # compliance_type: "NonEmptyString",
10848
+ # patch_baseline_id: "NonEmptyString",
10849
+ # overall_severity: "NonEmptyString",
10850
+ # non_compliant_medium_count: 1,
10851
+ # non_compliant_unspecified_count: 1,
10852
+ # patch_group: "NonEmptyString",
10853
+ # },
10854
+ # },
10855
+ # },
10221
10856
  # aws_certificate_manager_certificate: {
10222
10857
  # certificate_authority_arn: "NonEmptyString",
10223
10858
  # created_at: "NonEmptyString",
@@ -10994,9 +11629,117 @@ module Aws::SecurityHub
10994
11629
  # reboot_option: "NonEmptyString",
10995
11630
  # operation: "NonEmptyString",
10996
11631
  # },
10997
- # }
10998
- #
10999
- # @!attribute [rw] schema_version
11632
+ # action: {
11633
+ # action_type: "NonEmptyString",
11634
+ # network_connection_action: {
11635
+ # connection_direction: "NonEmptyString",
11636
+ # remote_ip_details: {
11637
+ # ip_address_v4: "NonEmptyString",
11638
+ # organization: {
11639
+ # asn: 1,
11640
+ # asn_org: "NonEmptyString",
11641
+ # isp: "NonEmptyString",
11642
+ # org: "NonEmptyString",
11643
+ # },
11644
+ # country: {
11645
+ # country_code: "NonEmptyString",
11646
+ # country_name: "NonEmptyString",
11647
+ # },
11648
+ # city: {
11649
+ # city_name: "NonEmptyString",
11650
+ # },
11651
+ # geo_location: {
11652
+ # lon: 1.0,
11653
+ # lat: 1.0,
11654
+ # },
11655
+ # },
11656
+ # remote_port_details: {
11657
+ # port: 1,
11658
+ # port_name: "NonEmptyString",
11659
+ # },
11660
+ # local_port_details: {
11661
+ # port: 1,
11662
+ # port_name: "NonEmptyString",
11663
+ # },
11664
+ # protocol: "NonEmptyString",
11665
+ # blocked: false,
11666
+ # },
11667
+ # aws_api_call_action: {
11668
+ # api: "NonEmptyString",
11669
+ # service_name: "NonEmptyString",
11670
+ # caller_type: "NonEmptyString",
11671
+ # remote_ip_details: {
11672
+ # ip_address_v4: "NonEmptyString",
11673
+ # organization: {
11674
+ # asn: 1,
11675
+ # asn_org: "NonEmptyString",
11676
+ # isp: "NonEmptyString",
11677
+ # org: "NonEmptyString",
11678
+ # },
11679
+ # country: {
11680
+ # country_code: "NonEmptyString",
11681
+ # country_name: "NonEmptyString",
11682
+ # },
11683
+ # city: {
11684
+ # city_name: "NonEmptyString",
11685
+ # },
11686
+ # geo_location: {
11687
+ # lon: 1.0,
11688
+ # lat: 1.0,
11689
+ # },
11690
+ # },
11691
+ # domain_details: {
11692
+ # domain: "NonEmptyString",
11693
+ # },
11694
+ # affected_resources: {
11695
+ # "NonEmptyString" => "NonEmptyString",
11696
+ # },
11697
+ # first_seen: "NonEmptyString",
11698
+ # last_seen: "NonEmptyString",
11699
+ # },
11700
+ # dns_request_action: {
11701
+ # domain: "NonEmptyString",
11702
+ # protocol: "NonEmptyString",
11703
+ # blocked: false,
11704
+ # },
11705
+ # port_probe_action: {
11706
+ # port_probe_details: [
11707
+ # {
11708
+ # local_port_details: {
11709
+ # port: 1,
11710
+ # port_name: "NonEmptyString",
11711
+ # },
11712
+ # local_ip_details: {
11713
+ # ip_address_v4: "NonEmptyString",
11714
+ # },
11715
+ # remote_ip_details: {
11716
+ # ip_address_v4: "NonEmptyString",
11717
+ # organization: {
11718
+ # asn: 1,
11719
+ # asn_org: "NonEmptyString",
11720
+ # isp: "NonEmptyString",
11721
+ # org: "NonEmptyString",
11722
+ # },
11723
+ # country: {
11724
+ # country_code: "NonEmptyString",
11725
+ # country_name: "NonEmptyString",
11726
+ # },
11727
+ # city: {
11728
+ # city_name: "NonEmptyString",
11729
+ # },
11730
+ # geo_location: {
11731
+ # lon: 1.0,
11732
+ # lat: 1.0,
11733
+ # },
11734
+ # },
11735
+ # },
11736
+ # ],
11737
+ # blocked: false,
11738
+ # },
11739
+ # },
11740
+ # }
11741
+ #
11742
+ # @!attribute [rw] schema_version
11000
11743
  # The schema version that a finding is formatted for.
11001
11744
  # @return [String]
11002
11745
  #
@@ -11209,6 +11952,11 @@ module Aws::SecurityHub
11209
11952
  # against a selected compliance standard.
11210
11953
  # @return [Types::PatchSummary]
11211
11954
  #
11955
+ # @!attribute [rw] action
11956
+ # Provides details about an action that affects or that was taken on a
11957
+ # resource.
11958
+ # @return [Types::Action]
11959
+ #
11212
11960
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
11213
11961
  #
11214
11962
  class AwsSecurityFinding < Struct.new(
@@ -11245,7 +11993,8 @@ module Aws::SecurityHub
11245
11993
  :related_findings,
11246
11994
  :note,
11247
11995
  :vulnerabilities,
11248
- :patch_summary)
11996
+ :patch_summary,
11997
+ :action)
11249
11998
  SENSITIVE = []
11250
11999
  include Aws::Structure
11251
12000
  end
@@ -12173,6 +12922,14 @@ module Aws::SecurityHub
12173
12922
  #
12174
12923
  # * `NEW` - The initial state of a finding, before it is reviewed.
12175
12924
  #
12925
+ # Security Hub also resets the workflow status from `NOTIFIED` or
12926
+ # `RESOLVED` to `NEW` in the following cases:
12927
+ #
12928
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
12929
+ #
12930
+ # * The compliance status changes from `PASSED` to either `WARNING`,
12931
+ # `FAILED`, or `NOT_AVAILABLE`.
12932
+ #
12176
12933
  # * `NOTIFIED` - Indicates that the resource owner has been notified
12177
12934
  # about the security issue. Used when the initial reviewer is not
12178
12935
  # the resource owner, and needs intervention from the resource
@@ -12452,6 +13209,236 @@ module Aws::SecurityHub
12452
13209
  include Aws::Structure
12453
13210
  end
12454
13211
 
13212
+ # Provides the details about the compliance status for a patch.
13213
+ #
13214
+ # @note When making an API call, you may pass AwsSsmComplianceSummary
13215
+ # data as a hash:
13216
+ #
13217
+ # {
13218
+ # status: "NonEmptyString",
13219
+ # compliant_critical_count: 1,
13220
+ # compliant_high_count: 1,
13221
+ # compliant_medium_count: 1,
13222
+ # execution_type: "NonEmptyString",
13223
+ # non_compliant_critical_count: 1,
13224
+ # compliant_informational_count: 1,
13225
+ # non_compliant_informational_count: 1,
13226
+ # compliant_unspecified_count: 1,
13227
+ # non_compliant_low_count: 1,
13228
+ # non_compliant_high_count: 1,
13229
+ # compliant_low_count: 1,
13230
+ # compliance_type: "NonEmptyString",
13231
+ # patch_baseline_id: "NonEmptyString",
13232
+ # overall_severity: "NonEmptyString",
13233
+ # non_compliant_medium_count: 1,
13234
+ # non_compliant_unspecified_count: 1,
13235
+ # patch_group: "NonEmptyString",
13236
+ # }
13237
+ #
13238
+ # @!attribute [rw] status
13239
+ # The current patch compliance status.
13240
+ #
13241
+ # The possible status values are:
13242
+ #
13243
+ # * `COMPLIANT`
13244
+ #
13245
+ # * `NON_COMPLIANT`
13246
+ #
13247
+ # * `UNSPECIFIED_DATA`
13248
+ # @return [String]
13249
+ #
13250
+ # @!attribute [rw] compliant_critical_count
13251
+ # For the patches that are compliant, the number that have a severity
13252
+ # of `CRITICAL`.
13253
+ # @return [Integer]
13254
+ #
13255
+ # @!attribute [rw] compliant_high_count
13256
+ # For the patches that are compliant, the number that have a severity
13257
+ # of `HIGH`.
13258
+ # @return [Integer]
13259
+ #
13260
+ # @!attribute [rw] compliant_medium_count
13261
+ # For the patches that are compliant, the number that have a severity
13262
+ # of `MEDIUM`.
13263
+ # @return [Integer]
13264
+ #
13265
+ # @!attribute [rw] execution_type
13266
+ # The type of execution that was used determine compliance.
13267
+ # @return [String]
13268
+ #
13269
+ # @!attribute [rw] non_compliant_critical_count
13270
+ # For the patch items that are noncompliant, the number of items that
13271
+ # have a severity of `CRITICAL`.
13272
+ # @return [Integer]
13273
+ #
13274
+ # @!attribute [rw] compliant_informational_count
13275
+ # For the patches that are compliant, the number that have a severity
13276
+ # of `INFORMATIONAL`.
13277
+ # @return [Integer]
13278
+ #
13279
+ # @!attribute [rw] non_compliant_informational_count
13280
+ # For the patches that are noncompliant, the number that have a
13281
+ # severity of `INFORMATIONAL`.
13282
+ # @return [Integer]
13283
+ #
13284
+ # @!attribute [rw] compliant_unspecified_count
13285
+ # For the patches that are compliant, the number that have a severity
13286
+ # of `UNSPECIFIED`.
13287
+ # @return [Integer]
13288
+ #
13289
+ # @!attribute [rw] non_compliant_low_count
13290
+ # For the patches that are noncompliant, the number that have a
13291
+ # severity of `LOW`.
13292
+ # @return [Integer]
13293
+ #
13294
+ # @!attribute [rw] non_compliant_high_count
13295
+ # For the patches that are noncompliant, the number that have a
13296
+ # severity of `HIGH`.
13297
+ # @return [Integer]
13298
+ #
13299
+ # @!attribute [rw] compliant_low_count
13300
+ # For the patches that are compliant, the number that have a severity
13301
+ # of `LOW`.
13302
+ # @return [Integer]
13303
+ #
13304
+ # @!attribute [rw] compliance_type
13305
+ # The type of resource for which the compliance was determined. For
13306
+ # `AwsSsmPatchCompliance`, `ComplianceType` is `Patch`.
13307
+ # @return [String]
13308
+ #
13309
+ # @!attribute [rw] patch_baseline_id
13310
+ # The identifier of the patch baseline. The patch baseline lists the
13311
+ # patches that are approved for installation.
13312
+ # @return [String]
13313
+ #
13314
+ # @!attribute [rw] overall_severity
13315
+ # The highest severity for the patches.
13316
+ # @return [String]
13317
+ #
13318
+ # @!attribute [rw] non_compliant_medium_count
13319
+ # For the patches that are noncompliant, the number that have a
13320
+ # severity of `MEDIUM`.
13321
+ # @return [Integer]
13322
+ #
13323
+ # @!attribute [rw] non_compliant_unspecified_count
13324
+ # For the patches that are noncompliant, the number that have a
13325
+ # severity of `UNSPECIFIED`.
13326
+ # @return [Integer]
13327
+ #
13328
+ # @!attribute [rw] patch_group
13329
+ # The identifier of the patch group for which compliance was
13330
+ # determined. A patch group uses tags to group EC2 instances that
13331
+ # should have the same patch compliance.
13332
+ # @return [String]
13333
+ #
13334
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmComplianceSummary AWS API Documentation
13335
+ #
13336
+ class AwsSsmComplianceSummary < Struct.new(
13337
+ :status,
13338
+ :compliant_critical_count,
13339
+ :compliant_high_count,
13340
+ :compliant_medium_count,
13341
+ :execution_type,
13342
+ :non_compliant_critical_count,
13343
+ :compliant_informational_count,
13344
+ :non_compliant_informational_count,
13345
+ :compliant_unspecified_count,
13346
+ :non_compliant_low_count,
13347
+ :non_compliant_high_count,
13348
+ :compliant_low_count,
13349
+ :compliance_type,
13350
+ :patch_baseline_id,
13351
+ :overall_severity,
13352
+ :non_compliant_medium_count,
13353
+ :non_compliant_unspecified_count,
13354
+ :patch_group)
13355
+ SENSITIVE = []
13356
+ include Aws::Structure
13357
+ end
13358
+
13359
+ # Provides details about the compliance for a patch.
13360
+ #
13361
+ # @note When making an API call, you may pass AwsSsmPatch
13362
+ # data as a hash:
13363
+ #
13364
+ # {
13365
+ # compliance_summary: {
13366
+ # status: "NonEmptyString",
13367
+ # compliant_critical_count: 1,
13368
+ # compliant_high_count: 1,
13369
+ # compliant_medium_count: 1,
13370
+ # execution_type: "NonEmptyString",
13371
+ # non_compliant_critical_count: 1,
13372
+ # compliant_informational_count: 1,
13373
+ # non_compliant_informational_count: 1,
13374
+ # compliant_unspecified_count: 1,
13375
+ # non_compliant_low_count: 1,
13376
+ # non_compliant_high_count: 1,
13377
+ # compliant_low_count: 1,
13378
+ # compliance_type: "NonEmptyString",
13379
+ # patch_baseline_id: "NonEmptyString",
13380
+ # overall_severity: "NonEmptyString",
13381
+ # non_compliant_medium_count: 1,
13382
+ # non_compliant_unspecified_count: 1,
13383
+ # patch_group: "NonEmptyString",
13384
+ # },
13385
+ # }
13386
+ #
13387
+ # @!attribute [rw] compliance_summary
13388
+ # The compliance status details for the patch.
13389
+ # @return [Types::AwsSsmComplianceSummary]
13390
+ #
13391
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatch AWS API Documentation
13392
+ #
13393
+ class AwsSsmPatch < Struct.new(
13394
+ :compliance_summary)
13395
+ SENSITIVE = []
13396
+ include Aws::Structure
13397
+ end
13398
+
13399
+ # Provides information about the state of a patch on an instance based
13400
+ # on the patch baseline that was used to patch the instance.
13401
+ #
13402
+ # @note When making an API call, you may pass AwsSsmPatchComplianceDetails
13403
+ # data as a hash:
13404
+ #
13405
+ # {
13406
+ # patch: {
13407
+ # compliance_summary: {
13408
+ # status: "NonEmptyString",
13409
+ # compliant_critical_count: 1,
13410
+ # compliant_high_count: 1,
13411
+ # compliant_medium_count: 1,
13412
+ # execution_type: "NonEmptyString",
13413
+ # non_compliant_critical_count: 1,
13414
+ # compliant_informational_count: 1,
13415
+ # non_compliant_informational_count: 1,
13416
+ # compliant_unspecified_count: 1,
13417
+ # non_compliant_low_count: 1,
13418
+ # non_compliant_high_count: 1,
13419
+ # compliant_low_count: 1,
13420
+ # compliance_type: "NonEmptyString",
13421
+ # patch_baseline_id: "NonEmptyString",
13422
+ # overall_severity: "NonEmptyString",
13423
+ # non_compliant_medium_count: 1,
13424
+ # non_compliant_unspecified_count: 1,
13425
+ # patch_group: "NonEmptyString",
13426
+ # },
13427
+ # },
13428
+ # }
13429
+ #
13430
+ # @!attribute [rw] patch
13431
+ # Information about the status of a patch.
13432
+ # @return [Types::AwsSsmPatch]
13433
+ #
13434
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatchComplianceDetails AWS API Documentation
13435
+ #
13436
+ class AwsSsmPatchComplianceDetails < Struct.new(
13437
+ :patch)
13438
+ SENSITIVE = []
13439
+ include Aws::Structure
13440
+ end
13441
+
12455
13442
  # Details about a WAF WebACL.
12456
13443
  #
12457
13444
  # @note When making an API call, you may pass AwsWafWebAclDetails
@@ -12914,6 +13901,19 @@ module Aws::SecurityHub
12914
13901
  # },
12915
13902
  # ],
12916
13903
  # source_dest_check: false,
13904
+ # ip_v6_addresses: [
13905
+ # {
13906
+ # ip_v6_address: "NonEmptyString",
13907
+ # },
13908
+ # ],
13909
+ # private_ip_addresses: [
13910
+ # {
13911
+ # private_ip_address: "NonEmptyString",
13912
+ # private_dns_name: "NonEmptyString",
13913
+ # },
13914
+ # ],
13915
+ # public_dns_name: "NonEmptyString",
13916
+ # public_ip: "NonEmptyString",
12917
13917
  # },
12918
13918
  # aws_ec2_security_group: {
12919
13919
  # group_name: "NonEmptyString",
@@ -13414,6 +14414,30 @@ module Aws::SecurityHub
13414
14414
  # sns_topic_name: "NonEmptyString",
13415
14415
  # trail_arn: "NonEmptyString",
13416
14416
  # },
14417
+ # aws_ssm_patch_compliance: {
14418
+ # patch: {
14419
+ # compliance_summary: {
14420
+ # status: "NonEmptyString",
14421
+ # compliant_critical_count: 1,
14422
+ # compliant_high_count: 1,
14423
+ # compliant_medium_count: 1,
14424
+ # execution_type: "NonEmptyString",
14425
+ # non_compliant_critical_count: 1,
14426
+ # compliant_informational_count: 1,
14427
+ # non_compliant_informational_count: 1,
14428
+ # compliant_unspecified_count: 1,
14429
+ # non_compliant_low_count: 1,
14430
+ # non_compliant_high_count: 1,
14431
+ # compliant_low_count: 1,
14432
+ # compliance_type: "NonEmptyString",
14433
+ # patch_baseline_id: "NonEmptyString",
14434
+ # overall_severity: "NonEmptyString",
14435
+ # non_compliant_medium_count: 1,
14436
+ # non_compliant_unspecified_count: 1,
14437
+ # patch_group: "NonEmptyString",
14438
+ # },
14439
+ # },
14440
+ # },
13417
14441
  # aws_certificate_manager_certificate: {
13418
14442
  # certificate_authority_arn: "NonEmptyString",
13419
14443
  # created_at: "NonEmptyString",
@@ -14190,6 +15214,114 @@ module Aws::SecurityHub
14190
15214
  # reboot_option: "NonEmptyString",
14191
15215
  # operation: "NonEmptyString",
14192
15216
  # },
15217
+ # action: {
15218
+ # action_type: "NonEmptyString",
15219
+ # network_connection_action: {
15220
+ # connection_direction: "NonEmptyString",
15221
+ # remote_ip_details: {
15222
+ # ip_address_v4: "NonEmptyString",
15223
+ # organization: {
15224
+ # asn: 1,
15225
+ # asn_org: "NonEmptyString",
15226
+ # isp: "NonEmptyString",
15227
+ # org: "NonEmptyString",
15228
+ # },
15229
+ # country: {
15230
+ # country_code: "NonEmptyString",
15231
+ # country_name: "NonEmptyString",
15232
+ # },
15233
+ # city: {
15234
+ # city_name: "NonEmptyString",
15235
+ # },
15236
+ # geo_location: {
15237
+ # lon: 1.0,
15238
+ # lat: 1.0,
15239
+ # },
15240
+ # },
15241
+ # remote_port_details: {
15242
+ # port: 1,
15243
+ # port_name: "NonEmptyString",
15244
+ # },
15245
+ # local_port_details: {
15246
+ # port: 1,
15247
+ # port_name: "NonEmptyString",
15248
+ # },
15249
+ # protocol: "NonEmptyString",
15250
+ # blocked: false,
15251
+ # },
15252
+ # aws_api_call_action: {
15253
+ # api: "NonEmptyString",
15254
+ # service_name: "NonEmptyString",
15255
+ # caller_type: "NonEmptyString",
15256
+ # remote_ip_details: {
15257
+ # ip_address_v4: "NonEmptyString",
15258
+ # organization: {
15259
+ # asn: 1,
15260
+ # asn_org: "NonEmptyString",
15261
+ # isp: "NonEmptyString",
15262
+ # org: "NonEmptyString",
15263
+ # },
15264
+ # country: {
15265
+ # country_code: "NonEmptyString",
15266
+ # country_name: "NonEmptyString",
15267
+ # },
15268
+ # city: {
15269
+ # city_name: "NonEmptyString",
15270
+ # },
15271
+ # geo_location: {
15272
+ # lon: 1.0,
15273
+ # lat: 1.0,
15274
+ # },
15275
+ # },
15276
+ # domain_details: {
15277
+ # domain: "NonEmptyString",
15278
+ # },
15279
+ # affected_resources: {
15280
+ # "NonEmptyString" => "NonEmptyString",
15281
+ # },
15282
+ # first_seen: "NonEmptyString",
15283
+ # last_seen: "NonEmptyString",
15284
+ # },
15285
+ # dns_request_action: {
15286
+ # domain: "NonEmptyString",
15287
+ # protocol: "NonEmptyString",
15288
+ # blocked: false,
15289
+ # },
15290
+ # port_probe_action: {
15291
+ # port_probe_details: [
15292
+ # {
15293
+ # local_port_details: {
15294
+ # port: 1,
15295
+ # port_name: "NonEmptyString",
15296
+ # },
15297
+ # local_ip_details: {
15298
+ # ip_address_v4: "NonEmptyString",
15299
+ # },
15300
+ # remote_ip_details: {
15301
+ # ip_address_v4: "NonEmptyString",
15302
+ # organization: {
15303
+ # asn: 1,
15304
+ # asn_org: "NonEmptyString",
15305
+ # isp: "NonEmptyString",
15306
+ # org: "NonEmptyString",
15307
+ # },
15308
+ # country: {
15309
+ # country_code: "NonEmptyString",
15310
+ # country_name: "NonEmptyString",
15311
+ # },
15312
+ # city: {
15313
+ # city_name: "NonEmptyString",
15314
+ # },
15315
+ # geo_location: {
15316
+ # lon: 1.0,
15317
+ # lat: 1.0,
15318
+ # },
15319
+ # },
15320
+ # },
15321
+ # ],
15322
+ # blocked: false,
15323
+ # },
15324
+ # },
14193
15325
  # },
14194
15326
  # ],
14195
15327
  # }
@@ -14446,6 +15578,27 @@ module Aws::SecurityHub
14446
15578
  include Aws::Structure
14447
15579
  end
14448
15580
 
15581
+ # Information about a city.
15582
+ #
15583
+ # @note When making an API call, you may pass City
15584
+ # data as a hash:
15585
+ #
15586
+ # {
15587
+ # city_name: "NonEmptyString",
15588
+ # }
15589
+ #
15590
+ # @!attribute [rw] city_name
15591
+ # The name of the city.
15592
+ # @return [String]
15593
+ #
15594
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/City AWS API Documentation
15595
+ #
15596
+ class City < Struct.new(
15597
+ :city_name)
15598
+ SENSITIVE = []
15599
+ include Aws::Structure
15600
+ end
15601
+
14449
15602
  # Contains finding details that are specific to control-based findings.
14450
15603
  # Only returned for findings generated from controls.
14451
15604
  #
@@ -14557,6 +15710,33 @@ module Aws::SecurityHub
14557
15710
  include Aws::Structure
14558
15711
  end
14559
15712
 
15713
+ # Information about a country.
15714
+ #
15715
+ # @note When making an API call, you may pass Country
15716
+ # data as a hash:
15717
+ #
15718
+ # {
15719
+ # country_code: "NonEmptyString",
15720
+ # country_name: "NonEmptyString",
15721
+ # }
15722
+ #
15723
+ # @!attribute [rw] country_code
15724
+ # The 2-letter ISO 3166 country code for the country.
15725
+ # @return [String]
15726
+ #
15727
+ # @!attribute [rw] country_name
15728
+ # The name of the country.
15729
+ # @return [String]
15730
+ #
15731
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Country AWS API Documentation
15732
+ #
15733
+ class Country < Struct.new(
15734
+ :country_code,
15735
+ :country_name)
15736
+ SENSITIVE = []
15737
+ include Aws::Structure
15738
+ end
15739
+
14560
15740
  # @note When making an API call, you may pass CreateActionTargetRequest
14561
15741
  # data as a hash:
14562
15742
  #
@@ -15207,9 +16387,9 @@ module Aws::SecurityHub
15207
16387
  # data as a hash:
15208
16388
  #
15209
16389
  # {
15210
- # account_details: [
16390
+ # account_details: [ # required
15211
16391
  # {
15212
- # account_id: "AccountId",
16392
+ # account_id: "AccountId", # required
15213
16393
  # email: "NonEmptyString",
15214
16394
  # },
15215
16395
  # ],
@@ -15217,8 +16397,8 @@ module Aws::SecurityHub
15217
16397
  #
15218
16398
  # @!attribute [rw] account_details
15219
16399
  # The list of accounts to associate with the Security Hub master
15220
- # account. For each account, the list includes the account ID and the
15221
- # email address.
16400
+ # account. For each account, the list includes the account ID and
16401
+ # optionally the email address.
15222
16402
  # @return [Array<Types::AccountDetails>]
15223
16403
  #
15224
16404
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateMembersRequest AWS API Documentation
@@ -15470,7 +16650,7 @@ module Aws::SecurityHub
15470
16650
  # data as a hash:
15471
16651
  #
15472
16652
  # {
15473
- # account_ids: ["NonEmptyString"],
16653
+ # account_ids: ["NonEmptyString"], # required
15474
16654
  # }
15475
16655
  #
15476
16656
  # @!attribute [rw] account_ids
@@ -15601,12 +16781,41 @@ module Aws::SecurityHub
15601
16781
  include Aws::Structure
15602
16782
  end
15603
16783
 
16784
+ # @api private
16785
+ #
16786
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationRequest AWS API Documentation
16787
+ #
16788
+ class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
16789
+
16790
+ # @!attribute [rw] auto_enable
16791
+ # Whether to automatically enable Security Hub for new accounts in the
16792
+ # organization.
16793
+ #
16794
+ # If set to `true`, then Security Hub is enabled for new accounts. If
16795
+ # set to false, then new accounts are not added automatically.
16796
+ # @return [Boolean]
16797
+ #
16798
+ # @!attribute [rw] member_account_limit_reached
16799
+ # Whether the maximum number of allowed member accounts are already
16800
+ # associated with the Security Hub administrator account.
16801
+ # @return [Boolean]
16802
+ #
16803
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
16804
+ #
16805
+ class DescribeOrganizationConfigurationResponse < Struct.new(
16806
+ :auto_enable,
16807
+ :member_account_limit_reached)
16808
+ SENSITIVE = []
16809
+ include Aws::Structure
16810
+ end
16811
+
15604
16812
  # @note When making an API call, you may pass DescribeProductsRequest
15605
16813
  # data as a hash:
15606
16814
  #
15607
16815
  # {
15608
16816
  # next_token: "NextToken",
15609
16817
  # max_results: 1,
16818
+ # product_arn: "NonEmptyString",
15610
16819
  # }
15611
16820
  #
15612
16821
  # @!attribute [rw] next_token
@@ -15623,11 +16832,16 @@ module Aws::SecurityHub
15623
16832
  # The maximum number of results to return.
15624
16833
  # @return [Integer]
15625
16834
  #
16835
+ # @!attribute [rw] product_arn
16836
+ # The ARN of the integration to return.
16837
+ # @return [String]
16838
+ #
15626
16839
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeProductsRequest AWS API Documentation
15627
16840
  #
15628
16841
  class DescribeProductsRequest < Struct.new(
15629
16842
  :next_token,
15630
- :max_results)
16843
+ :max_results,
16844
+ :product_arn)
15631
16845
  SENSITIVE = []
15632
16846
  include Aws::Structure
15633
16847
  end
@@ -15660,7 +16874,8 @@ module Aws::SecurityHub
15660
16874
  #
15661
16875
  # @!attribute [rw] standards_subscription_arn
15662
16876
  # The ARN of a resource that represents your subscription to a
15663
- # supported standard.
16877
+ # supported standard. To get the subscription ARNs of the standards
16878
+ # you have enabled, use the ` GetEnabledStandards ` operation.
15664
16879
  # @return [String]
15665
16880
  #
15666
16881
  # @!attribute [rw] next_token
@@ -15775,6 +16990,30 @@ module Aws::SecurityHub
15775
16990
  #
15776
16991
  class DisableImportFindingsForProductResponse < Aws::EmptyStructure; end
15777
16992
 
16993
+ # @note When making an API call, you may pass DisableOrganizationAdminAccountRequest
16994
+ # data as a hash:
16995
+ #
16996
+ # {
16997
+ # admin_account_id: "NonEmptyString", # required
16998
+ # }
16999
+ #
17000
+ # @!attribute [rw] admin_account_id
17001
+ # The AWS account identifier of the Security Hub administrator
17002
+ # account.
17003
+ # @return [String]
17004
+ #
17005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountRequest AWS API Documentation
17006
+ #
17007
+ class DisableOrganizationAdminAccountRequest < Struct.new(
17008
+ :admin_account_id)
17009
+ SENSITIVE = []
17010
+ include Aws::Structure
17011
+ end
17012
+
17013
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountResponse AWS API Documentation
17014
+ #
17015
+ class DisableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
17016
+
15778
17017
  # @api private
15779
17018
  #
15780
17019
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableSecurityHubRequest AWS API Documentation
@@ -15799,7 +17038,7 @@ module Aws::SecurityHub
15799
17038
  # data as a hash:
15800
17039
  #
15801
17040
  # {
15802
- # account_ids: ["NonEmptyString"],
17041
+ # account_ids: ["NonEmptyString"], # required
15803
17042
  # }
15804
17043
  #
15805
17044
  # @!attribute [rw] account_ids
@@ -15819,6 +17058,40 @@ module Aws::SecurityHub
15819
17058
  #
15820
17059
  class DisassociateMembersResponse < Aws::EmptyStructure; end
15821
17060
 
17061
+ # Provided if `ActionType` is `DNS_REQUEST`. It provides details about
17062
+ # the DNS request that was detected.
17063
+ #
17064
+ # @note When making an API call, you may pass DnsRequestAction
17065
+ # data as a hash:
17066
+ #
17067
+ # {
17068
+ # domain: "NonEmptyString",
17069
+ # protocol: "NonEmptyString",
17070
+ # blocked: false,
17071
+ # }
17072
+ #
17073
+ # @!attribute [rw] domain
17074
+ # The DNS domain that is associated with the DNS request.
17075
+ # @return [String]
17076
+ #
17077
+ # @!attribute [rw] protocol
17078
+ # The protocol that was used for the DNS request.
17079
+ # @return [String]
17080
+ #
17081
+ # @!attribute [rw] blocked
17082
+ # Indicates whether the DNS request was blocked.
17083
+ # @return [Boolean]
17084
+ #
17085
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DnsRequestAction AWS API Documentation
17086
+ #
17087
+ class DnsRequestAction < Struct.new(
17088
+ :domain,
17089
+ :protocol,
17090
+ :blocked)
17091
+ SENSITIVE = []
17092
+ include Aws::Structure
17093
+ end
17094
+
15822
17095
  # @note When making an API call, you may pass EnableImportFindingsForProductRequest
15823
17096
  # data as a hash:
15824
17097
  #
@@ -15851,6 +17124,30 @@ module Aws::SecurityHub
15851
17124
  include Aws::Structure
15852
17125
  end
15853
17126
 
17127
+ # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
17128
+ # data as a hash:
17129
+ #
17130
+ # {
17131
+ # admin_account_id: "NonEmptyString", # required
17132
+ # }
17133
+ #
17134
+ # @!attribute [rw] admin_account_id
17135
+ # The AWS account identifier of the account to designate as the
17136
+ # Security Hub administrator account.
17137
+ # @return [String]
17138
+ #
17139
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountRequest AWS API Documentation
17140
+ #
17141
+ class EnableOrganizationAdminAccountRequest < Struct.new(
17142
+ :admin_account_id)
17143
+ SENSITIVE = []
17144
+ include Aws::Structure
17145
+ end
17146
+
17147
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
17148
+ #
17149
+ class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
17150
+
15854
17151
  # @note When making an API call, you may pass EnableSecurityHubRequest
15855
17152
  # data as a hash:
15856
17153
  #
@@ -15886,6 +17183,33 @@ module Aws::SecurityHub
15886
17183
  #
15887
17184
  class EnableSecurityHubResponse < Aws::EmptyStructure; end
15888
17185
 
17186
+ # Provides the latitude and longitude coordinates of a location.
17187
+ #
17188
+ # @note When making an API call, you may pass GeoLocation
17189
+ # data as a hash:
17190
+ #
17191
+ # {
17192
+ # lon: 1.0,
17193
+ # lat: 1.0,
17194
+ # }
17195
+ #
17196
+ # @!attribute [rw] lon
17197
+ # The longitude of the location.
17198
+ # @return [Float]
17199
+ #
17200
+ # @!attribute [rw] lat
17201
+ # The latitude of the location.
17202
+ # @return [Float]
17203
+ #
17204
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GeoLocation AWS API Documentation
17205
+ #
17206
+ class GeoLocation < Struct.new(
17207
+ :lon,
17208
+ :lat)
17209
+ SENSITIVE = []
17210
+ include Aws::Structure
17211
+ end
17212
+
15889
17213
  # @note When making an API call, you may pass GetEnabledStandardsRequest
15890
17214
  # data as a hash:
15891
17215
  #
@@ -16858,8 +18182,9 @@ module Aws::SecurityHub
16858
18182
  include Aws::Structure
16859
18183
  end
16860
18184
 
16861
- # AWS Security Hub isn't enabled for the account used to make this
16862
- # request.
18185
+ # There is an issue with the account used to make the request. Either
18186
+ # Security Hub is not enabled for the account, or the account does not
18187
+ # have permission to perform this action.
16863
18188
  #
16864
18189
  # @!attribute [rw] message
16865
18190
  # @return [String]
@@ -16929,7 +18254,7 @@ module Aws::SecurityHub
16929
18254
  # data as a hash:
16930
18255
  #
16931
18256
  # {
16932
- # account_ids: ["NonEmptyString"],
18257
+ # account_ids: ["NonEmptyString"], # required
16933
18258
  # }
16934
18259
  #
16935
18260
  # @!attribute [rw] account_ids
@@ -16979,6 +18304,45 @@ module Aws::SecurityHub
16979
18304
  include Aws::Structure
16980
18305
  end
16981
18306
 
18307
+ # Provides information about an internet provider.
18308
+ #
18309
+ # @note When making an API call, you may pass IpOrganizationDetails
18310
+ # data as a hash:
18311
+ #
18312
+ # {
18313
+ # asn: 1,
18314
+ # asn_org: "NonEmptyString",
18315
+ # isp: "NonEmptyString",
18316
+ # org: "NonEmptyString",
18317
+ # }
18318
+ #
18319
+ # @!attribute [rw] asn
18320
+ # The Autonomous System Number (ASN) of the internet provider
18321
+ # @return [Integer]
18322
+ #
18323
+ # @!attribute [rw] asn_org
18324
+ # The name of the organization that registered the ASN.
18325
+ # @return [String]
18326
+ #
18327
+ # @!attribute [rw] isp
18328
+ # The ISP information for the internet provider.
18329
+ # @return [String]
18330
+ #
18331
+ # @!attribute [rw] org
18332
+ # The name of the internet provider.
18333
+ # @return [String]
18334
+ #
18335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IpOrganizationDetails AWS API Documentation
18336
+ #
18337
+ class IpOrganizationDetails < Struct.new(
18338
+ :asn,
18339
+ :asn_org,
18340
+ :isp,
18341
+ :org)
18342
+ SENSITIVE = []
18343
+ include Aws::Structure
18344
+ end
18345
+
16982
18346
  # An IPV6 CIDR block association.
16983
18347
  #
16984
18348
  # @note When making an API call, you may pass Ipv6CidrBlockAssociation
@@ -17034,8 +18398,8 @@ module Aws::SecurityHub
17034
18398
  end
17035
18399
 
17036
18400
  # The request was rejected because it attempted to create resources
17037
- # beyond the current AWS account limits. The error code describes the
17038
- # limit exceeded.
18401
+ # beyond the current AWS account or throttling limits. The error code
18402
+ # describes the limit exceeded.
17039
18403
  #
17040
18404
  # @!attribute [rw] message
17041
18405
  # @return [String]
@@ -17165,7 +18529,7 @@ module Aws::SecurityHub
17165
18529
  #
17166
18530
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
17167
18531
  # accounts whose relationship status with the master is set to
17168
- # `ENABLED` or `DISABLED`.
18532
+ # `ENABLED`.
17169
18533
  #
17170
18534
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
17171
18535
  # existing member accounts.
@@ -17211,6 +18575,52 @@ module Aws::SecurityHub
17211
18575
  include Aws::Structure
17212
18576
  end
17213
18577
 
18578
+ # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest
18579
+ # data as a hash:
18580
+ #
18581
+ # {
18582
+ # max_results: 1,
18583
+ # next_token: "NextToken",
18584
+ # }
18585
+ #
18586
+ # @!attribute [rw] max_results
18587
+ # The maximum number of items to return in the response.
18588
+ # @return [Integer]
18589
+ #
18590
+ # @!attribute [rw] next_token
18591
+ # The token that is required for pagination. On your first call to the
18592
+ # `ListOrganizationAdminAccounts` operation, set the value of this
18593
+ # parameter to `NULL`. For subsequent calls to the operation, to
18594
+ # continue listing data, set the value of this parameter to the value
18595
+ # returned from the previous response.
18596
+ # @return [String]
18597
+ #
18598
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsRequest AWS API Documentation
18599
+ #
18600
+ class ListOrganizationAdminAccountsRequest < Struct.new(
18601
+ :max_results,
18602
+ :next_token)
18603
+ SENSITIVE = []
18604
+ include Aws::Structure
18605
+ end
18606
+
18607
+ # @!attribute [rw] admin_accounts
18608
+ # The list of Security Hub administrator accounts.
18609
+ # @return [Array<Types::AdminAccount>]
18610
+ #
18611
+ # @!attribute [rw] next_token
18612
+ # The pagination token to use to request the next page of results.
18613
+ # @return [String]
18614
+ #
18615
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsResponse AWS API Documentation
18616
+ #
18617
+ class ListOrganizationAdminAccountsResponse < Struct.new(
18618
+ :admin_accounts,
18619
+ :next_token)
18620
+ SENSITIVE = []
18621
+ include Aws::Structure
18622
+ end
18623
+
17214
18624
  # @note When making an API call, you may pass ListTagsForResourceRequest
17215
18625
  # data as a hash:
17216
18626
  #
@@ -17401,8 +18811,9 @@ module Aws::SecurityHub
17401
18811
  # account. The member account has not yet responded to the
17402
18812
  # invitation.
17403
18813
  #
17404
- # * `ASSOCIATED` - Indicates that the member account accepted the
17405
- # invitation.
18814
+ # * `ENABLED` - Indicates that the member account is currently active.
18815
+ # For manually invited member accounts, indicates that the member
18816
+ # account accepted the invitation.
17406
18817
  #
17407
18818
  # * `REMOVED` - Indicates that the master account disassociated the
17408
18819
  # member account.
@@ -17533,6 +18944,84 @@ module Aws::SecurityHub
17533
18944
  include Aws::Structure
17534
18945
  end
17535
18946
 
18947
+ # Provided if `ActionType` is `NETWORK_CONNECTION`. It provides details
18948
+ # about the attempted network connection that was detected.
18949
+ #
18950
+ # @note When making an API call, you may pass NetworkConnectionAction
18951
+ # data as a hash:
18952
+ #
18953
+ # {
18954
+ # connection_direction: "NonEmptyString",
18955
+ # remote_ip_details: {
18956
+ # ip_address_v4: "NonEmptyString",
18957
+ # organization: {
18958
+ # asn: 1,
18959
+ # asn_org: "NonEmptyString",
18960
+ # isp: "NonEmptyString",
18961
+ # org: "NonEmptyString",
18962
+ # },
18963
+ # country: {
18964
+ # country_code: "NonEmptyString",
18965
+ # country_name: "NonEmptyString",
18966
+ # },
18967
+ # city: {
18968
+ # city_name: "NonEmptyString",
18969
+ # },
18970
+ # geo_location: {
18971
+ # lon: 1.0,
18972
+ # lat: 1.0,
18973
+ # },
18974
+ # },
18975
+ # remote_port_details: {
18976
+ # port: 1,
18977
+ # port_name: "NonEmptyString",
18978
+ # },
18979
+ # local_port_details: {
18980
+ # port: 1,
18981
+ # port_name: "NonEmptyString",
18982
+ # },
18983
+ # protocol: "NonEmptyString",
18984
+ # blocked: false,
18985
+ # }
18986
+ #
18987
+ # @!attribute [rw] connection_direction
18988
+ # The direction of the network connection request (`IN` or `OUT`).
18989
+ # @return [String]
18990
+ #
18991
+ # @!attribute [rw] remote_ip_details
18992
+ # Information about the remote IP address that issued the network
18993
+ # connection request.
18994
+ # @return [Types::ActionRemoteIpDetails]
18995
+ #
18996
+ # @!attribute [rw] remote_port_details
18997
+ # Information about the port on the remote IP address.
18998
+ # @return [Types::ActionRemotePortDetails]
18999
+ #
19000
+ # @!attribute [rw] local_port_details
19001
+ # Information about the port on the EC2 instance.
19002
+ # @return [Types::ActionLocalPortDetails]
19003
+ #
19004
+ # @!attribute [rw] protocol
19005
+ # The protocol used to make the network connection request.
19006
+ # @return [String]
19007
+ #
19008
+ # @!attribute [rw] blocked
19009
+ # Indicates whether the network connection attempt was blocked.
19010
+ # @return [Boolean]
19011
+ #
19012
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkConnectionAction AWS API Documentation
19013
+ #
19014
+ class NetworkConnectionAction < Struct.new(
19015
+ :connection_direction,
19016
+ :remote_ip_details,
19017
+ :remote_port_details,
19018
+ :local_port_details,
19019
+ :protocol,
19020
+ :blocked)
19021
+ SENSITIVE = []
19022
+ include Aws::Structure
19023
+ end
19024
+
17536
19025
  # Details about a network path component that occurs before or after the
17537
19026
  # current component.
17538
19027
  #
@@ -17908,6 +19397,126 @@ module Aws::SecurityHub
17908
19397
  include Aws::Structure
17909
19398
  end
17910
19399
 
19400
+ # Provided if `ActionType` is `PORT_PROBE`. It provides details about
19401
+ # the attempted port probe that was detected.
19402
+ #
19403
+ # @note When making an API call, you may pass PortProbeAction
19404
+ # data as a hash:
19405
+ #
19406
+ # {
19407
+ # port_probe_details: [
19408
+ # {
19409
+ # local_port_details: {
19410
+ # port: 1,
19411
+ # port_name: "NonEmptyString",
19412
+ # },
19413
+ # local_ip_details: {
19414
+ # ip_address_v4: "NonEmptyString",
19415
+ # },
19416
+ # remote_ip_details: {
19417
+ # ip_address_v4: "NonEmptyString",
19418
+ # organization: {
19419
+ # asn: 1,
19420
+ # asn_org: "NonEmptyString",
19421
+ # isp: "NonEmptyString",
19422
+ # org: "NonEmptyString",
19423
+ # },
19424
+ # country: {
19425
+ # country_code: "NonEmptyString",
19426
+ # country_name: "NonEmptyString",
19427
+ # },
19428
+ # city: {
19429
+ # city_name: "NonEmptyString",
19430
+ # },
19431
+ # geo_location: {
19432
+ # lon: 1.0,
19433
+ # lat: 1.0,
19434
+ # },
19435
+ # },
19436
+ # },
19437
+ # ],
19438
+ # blocked: false,
19439
+ # }
19440
+ #
19441
+ # @!attribute [rw] port_probe_details
19442
+ # Information about the ports affected by the port probe.
19443
+ # @return [Array<Types::PortProbeDetail>]
19444
+ #
19445
+ # @!attribute [rw] blocked
19446
+ # Indicates whether the port probe was blocked.
19447
+ # @return [Boolean]
19448
+ #
19449
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeAction AWS API Documentation
19450
+ #
19451
+ class PortProbeAction < Struct.new(
19452
+ :port_probe_details,
19453
+ :blocked)
19454
+ SENSITIVE = []
19455
+ include Aws::Structure
19456
+ end
19457
+
19458
+ # A port scan that was part of the port probe. For each scan,
19459
+ # PortProbeDetails provides information about the local IP address and
19460
+ # port that were scanned, and the remote IP address that the scan
19461
+ # originated from.
19462
+ #
19463
+ # @note When making an API call, you may pass PortProbeDetail
19464
+ # data as a hash:
19465
+ #
19466
+ # {
19467
+ # local_port_details: {
19468
+ # port: 1,
19469
+ # port_name: "NonEmptyString",
19470
+ # },
19471
+ # local_ip_details: {
19472
+ # ip_address_v4: "NonEmptyString",
19473
+ # },
19474
+ # remote_ip_details: {
19475
+ # ip_address_v4: "NonEmptyString",
19476
+ # organization: {
19477
+ # asn: 1,
19478
+ # asn_org: "NonEmptyString",
19479
+ # isp: "NonEmptyString",
19480
+ # org: "NonEmptyString",
19481
+ # },
19482
+ # country: {
19483
+ # country_code: "NonEmptyString",
19484
+ # country_name: "NonEmptyString",
19485
+ # },
19486
+ # city: {
19487
+ # city_name: "NonEmptyString",
19488
+ # },
19489
+ # geo_location: {
19490
+ # lon: 1.0,
19491
+ # lat: 1.0,
19492
+ # },
19493
+ # },
19494
+ # }
19495
+ #
19496
+ # @!attribute [rw] local_port_details
19497
+ # Provides information about the port that was scanned.
19498
+ # @return [Types::ActionLocalPortDetails]
19499
+ #
19500
+ # @!attribute [rw] local_ip_details
19501
+ # Provides information about the IP address where the scanned port is
19502
+ # located.
19503
+ # @return [Types::ActionLocalIpDetails]
19504
+ #
19505
+ # @!attribute [rw] remote_ip_details
19506
+ # Provides information about the remote IP address that performed the
19507
+ # scan.
19508
+ # @return [Types::ActionRemoteIpDetails]
19509
+ #
19510
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeDetail AWS API Documentation
19511
+ #
19512
+ class PortProbeDetail < Struct.new(
19513
+ :local_port_details,
19514
+ :local_ip_details,
19515
+ :remote_ip_details)
19516
+ SENSITIVE = []
19517
+ include Aws::Structure
19518
+ end
19519
+
17911
19520
  # A range of ports.
17912
19521
  #
17913
19522
  # @note When making an API call, you may pass PortRange
@@ -18270,6 +19879,19 @@ module Aws::SecurityHub
18270
19879
  # },
18271
19880
  # ],
18272
19881
  # source_dest_check: false,
19882
+ # ip_v6_addresses: [
19883
+ # {
19884
+ # ip_v6_address: "NonEmptyString",
19885
+ # },
19886
+ # ],
19887
+ # private_ip_addresses: [
19888
+ # {
19889
+ # private_ip_address: "NonEmptyString",
19890
+ # private_dns_name: "NonEmptyString",
19891
+ # },
19892
+ # ],
19893
+ # public_dns_name: "NonEmptyString",
19894
+ # public_ip: "NonEmptyString",
18273
19895
  # },
18274
19896
  # aws_ec2_security_group: {
18275
19897
  # group_name: "NonEmptyString",
@@ -18770,6 +20392,30 @@ module Aws::SecurityHub
18770
20392
  # sns_topic_name: "NonEmptyString",
18771
20393
  # trail_arn: "NonEmptyString",
18772
20394
  # },
20395
+ # aws_ssm_patch_compliance: {
20396
+ # patch: {
20397
+ # compliance_summary: {
20398
+ # status: "NonEmptyString",
20399
+ # compliant_critical_count: 1,
20400
+ # compliant_high_count: 1,
20401
+ # compliant_medium_count: 1,
20402
+ # execution_type: "NonEmptyString",
20403
+ # non_compliant_critical_count: 1,
20404
+ # compliant_informational_count: 1,
20405
+ # non_compliant_informational_count: 1,
20406
+ # compliant_unspecified_count: 1,
20407
+ # non_compliant_low_count: 1,
20408
+ # non_compliant_high_count: 1,
20409
+ # compliant_low_count: 1,
20410
+ # compliance_type: "NonEmptyString",
20411
+ # patch_baseline_id: "NonEmptyString",
20412
+ # overall_severity: "NonEmptyString",
20413
+ # non_compliant_medium_count: 1,
20414
+ # non_compliant_unspecified_count: 1,
20415
+ # patch_group: "NonEmptyString",
20416
+ # },
20417
+ # },
20418
+ # },
18773
20419
  # aws_certificate_manager_certificate: {
18774
20420
  # certificate_authority_arn: "NonEmptyString",
18775
20421
  # created_at: "NonEmptyString",
@@ -19500,6 +21146,8 @@ module Aws::SecurityHub
19500
21146
  # @return [String]
19501
21147
  #
19502
21148
  # @!attribute [rw] resource_role
21149
+ # Identifies the role of the resource in the finding. A resource is
21150
+ # either the actor or target of the finding activity,
19503
21151
  # @return [String]
19504
21152
  #
19505
21153
  # @!attribute [rw] tags
@@ -19669,6 +21317,19 @@ module Aws::SecurityHub
19669
21317
  # },
19670
21318
  # ],
19671
21319
  # source_dest_check: false,
21320
+ # ip_v6_addresses: [
21321
+ # {
21322
+ # ip_v6_address: "NonEmptyString",
21323
+ # },
21324
+ # ],
21325
+ # private_ip_addresses: [
21326
+ # {
21327
+ # private_ip_address: "NonEmptyString",
21328
+ # private_dns_name: "NonEmptyString",
21329
+ # },
21330
+ # ],
21331
+ # public_dns_name: "NonEmptyString",
21332
+ # public_ip: "NonEmptyString",
19672
21333
  # },
19673
21334
  # aws_ec2_security_group: {
19674
21335
  # group_name: "NonEmptyString",
@@ -20169,6 +21830,30 @@ module Aws::SecurityHub
20169
21830
  # sns_topic_name: "NonEmptyString",
20170
21831
  # trail_arn: "NonEmptyString",
20171
21832
  # },
21833
+ # aws_ssm_patch_compliance: {
21834
+ # patch: {
21835
+ # compliance_summary: {
21836
+ # status: "NonEmptyString",
21837
+ # compliant_critical_count: 1,
21838
+ # compliant_high_count: 1,
21839
+ # compliant_medium_count: 1,
21840
+ # execution_type: "NonEmptyString",
21841
+ # non_compliant_critical_count: 1,
21842
+ # compliant_informational_count: 1,
21843
+ # non_compliant_informational_count: 1,
21844
+ # compliant_unspecified_count: 1,
21845
+ # non_compliant_low_count: 1,
21846
+ # non_compliant_high_count: 1,
21847
+ # compliant_low_count: 1,
21848
+ # compliance_type: "NonEmptyString",
21849
+ # patch_baseline_id: "NonEmptyString",
21850
+ # overall_severity: "NonEmptyString",
21851
+ # non_compliant_medium_count: 1,
21852
+ # non_compliant_unspecified_count: 1,
21853
+ # patch_group: "NonEmptyString",
21854
+ # },
21855
+ # },
21856
+ # },
20172
21857
  # aws_certificate_manager_certificate: {
20173
21858
  # certificate_authority_arn: "NonEmptyString",
20174
21859
  # created_at: "NonEmptyString",
@@ -20943,9 +22628,11 @@ module Aws::SecurityHub
20943
22628
  # @return [Types::AwsIamPolicyDetails]
20944
22629
  #
20945
22630
  # @!attribute [rw] aws_api_gateway_v2_stage
22631
+ # Provides information about a version 2 stage for Amazon API Gateway.
20946
22632
  # @return [Types::AwsApiGatewayV2StageDetails]
20947
22633
  #
20948
22634
  # @!attribute [rw] aws_api_gateway_v2_api
22635
+ # Provides information about a version 2 API in Amazon API Gateway.
20949
22636
  # @return [Types::AwsApiGatewayV2ApiDetails]
20950
22637
  #
20951
22638
  # @!attribute [rw] aws_dynamo_db_table
@@ -20953,24 +22640,37 @@ module Aws::SecurityHub
20953
22640
  # @return [Types::AwsDynamoDbTableDetails]
20954
22641
  #
20955
22642
  # @!attribute [rw] aws_api_gateway_stage
22643
+ # Provides information about a version 1 Amazon API Gateway stage.
20956
22644
  # @return [Types::AwsApiGatewayStageDetails]
20957
22645
  #
20958
22646
  # @!attribute [rw] aws_api_gateway_rest_api
22647
+ # Provides information about a REST API in version 1 of Amazon API
22648
+ # Gateway.
20959
22649
  # @return [Types::AwsApiGatewayRestApiDetails]
20960
22650
  #
20961
22651
  # @!attribute [rw] aws_cloud_trail_trail
22652
+ # Provides details about a CloudTrail trail.
20962
22653
  # @return [Types::AwsCloudTrailTrailDetails]
20963
22654
  #
22655
+ # @!attribute [rw] aws_ssm_patch_compliance
22656
+ # Provides information about the state of a patch on an instance based
22657
+ # on the patch baseline that was used to patch the instance.
22658
+ # @return [Types::AwsSsmPatchComplianceDetails]
22659
+ #
20964
22660
  # @!attribute [rw] aws_certificate_manager_certificate
22661
+ # Provides details about an AWS Certificate Manager (ACM) certificate.
20965
22662
  # @return [Types::AwsCertificateManagerCertificateDetails]
20966
22663
  #
20967
22664
  # @!attribute [rw] aws_redshift_cluster
22665
+ # Contains details about an Amazon Redshift cluster.
20968
22666
  # @return [Types::AwsRedshiftClusterDetails]
20969
22667
  #
20970
22668
  # @!attribute [rw] aws_elb_load_balancer
22669
+ # contains details about a Classic Load Balancer.
20971
22670
  # @return [Types::AwsElbLoadBalancerDetails]
20972
22671
  #
20973
22672
  # @!attribute [rw] aws_iam_group
22673
+ # Contains details about an IAM group.
20974
22674
  # @return [Types::AwsIamGroupDetails]
20975
22675
  #
20976
22676
  # @!attribute [rw] aws_iam_role
@@ -21061,6 +22761,7 @@ module Aws::SecurityHub
21061
22761
  :aws_api_gateway_stage,
21062
22762
  :aws_api_gateway_rest_api,
21063
22763
  :aws_cloud_trail_trail,
22764
+ :aws_ssm_patch_compliance,
21064
22765
  :aws_certificate_manager_certificate,
21065
22766
  :aws_redshift_cluster,
21066
22767
  :aws_elb_load_balancer,
@@ -21121,9 +22822,9 @@ module Aws::SecurityHub
21121
22822
 
21122
22823
  # The severity of the finding.
21123
22824
  #
21124
- # The finding provider can provide the initial severity, but cannot
21125
- # update it after that. The severity can only be updated by a master
21126
- # account. It cannot be updated by a member account.
22825
+ # The finding provider can provide the initial severity. The finding
22826
+ # provider can only update the severity if it has not been updated using
22827
+ # `BatchUpdateFindings`.
21127
22828
  #
21128
22829
  # The finding must have either `Label` or `Normalized` populated. If
21129
22830
  # only one of these attributes is populated, then Security Hub
@@ -21465,7 +23166,20 @@ module Aws::SecurityHub
21465
23166
  # @return [Hash<String,String>]
21466
23167
  #
21467
23168
  # @!attribute [rw] standards_status
21468
- # The status of the standards subscription.
23169
+ # The status of the standard subscription.
23170
+ #
23171
+ # The status values are as follows:
23172
+ #
23173
+ # * `PENDING` - Standard is in the process of being enabled.
23174
+ #
23175
+ # * `READY` - Standard is enabled.
23176
+ #
23177
+ # * `INCOMPLETE` - Standard could not be enabled completely. Some
23178
+ # controls may not be available.
23179
+ #
23180
+ # * `DELETING` - Standard is in the process of being disabled.
23181
+ #
23182
+ # * `FAILED` - Standard could not be disabled.
21469
23183
  # @return [String]
21470
23184
  #
21471
23185
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
@@ -22984,6 +24698,36 @@ module Aws::SecurityHub
22984
24698
  #
22985
24699
  class UpdateInsightResponse < Aws::EmptyStructure; end
22986
24700
 
24701
+ # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest
24702
+ # data as a hash:
24703
+ #
24704
+ # {
24705
+ # auto_enable: false, # required
24706
+ # }
24707
+ #
24708
+ # @!attribute [rw] auto_enable
24709
+ # Whether to automatically enable Security Hub for new accounts in the
24710
+ # organization.
24711
+ #
24712
+ # By default, this is `false`, and new accounts are not added
24713
+ # automatically.
24714
+ #
24715
+ # To automatically enable Security Hub for new accounts, set this to
24716
+ # `true`.
24717
+ # @return [Boolean]
24718
+ #
24719
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
24720
+ #
24721
+ class UpdateOrganizationConfigurationRequest < Struct.new(
24722
+ :auto_enable)
24723
+ SENSITIVE = []
24724
+ include Aws::Structure
24725
+ end
24726
+
24727
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationResponse AWS API Documentation
24728
+ #
24729
+ class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
24730
+
22987
24731
  # @note When making an API call, you may pass UpdateSecurityHubConfigurationRequest
22988
24732
  # data as a hash:
22989
24733
  #
@@ -23279,6 +25023,14 @@ module Aws::SecurityHub
23279
25023
  #
23280
25024
  # * `NEW` - The initial state of a finding, before it is reviewed.
23281
25025
  #
25026
+ # Security Hub also resets the workflow status from `NOTIFIED` or
25027
+ # `RESOLVED` to `NEW` in the following cases:
25028
+ #
25029
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
25030
+ #
25031
+ # * `ComplianceStatus` changes from `PASSED` to either `WARNING`,
25032
+ # `FAILED`, or `NOT_AVAILABLE`.
25033
+ #
23282
25034
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23283
25035
  # the security issue. Used when the initial reviewer is not the
23284
25036
  # resource owner, and needs intervention from the resource owner.
@@ -23313,6 +25065,14 @@ module Aws::SecurityHub
23313
25065
  #
23314
25066
  # * `NEW` - The initial state of a finding, before it is reviewed.
23315
25067
  #
25068
+ # Security Hub also resets `WorkFlowStatus` from `NOTIFIED` or
25069
+ # `RESOLVED` to `NEW` in the following cases:
25070
+ #
25071
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
25072
+ #
25073
+ # * The compliance status changes from `PASSED` to either `WARNING`,
25074
+ # `FAILED`, or `NOT_AVAILABLE`.
25075
+ #
23316
25076
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23317
25077
  # the security issue. Used when the initial reviewer is not the
23318
25078
  # resource owner, and needs intervention from the resource owner.