aws-sdk-securityhub 1.37.0 → 1.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +223 -0
  3. data/LICENSE.txt +202 -0
  4. data/VERSION +1 -0
  5. data/lib/aws-sdk-securityhub.rb +2 -2
  6. data/lib/aws-sdk-securityhub/client.rb +679 -15
  7. data/lib/aws-sdk-securityhub/client_api.rb +282 -6
  8. data/lib/aws-sdk-securityhub/errors.rb +1 -1
  9. data/lib/aws-sdk-securityhub/resource.rb +1 -1
  10. data/lib/aws-sdk-securityhub/types.rb +3478 -77
  11. metadata +8 -5
data/lib/aws-sdk-securityhub/errors.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
data/lib/aws-sdk-securityhub/resource.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -85,6 +85,313 @@ module Aws::SecurityHub
85
85
  include Aws::Structure
86
86
  end
87
87
 
88
+ # Provides details about one of the following actions that affects or
89
+ # that was taken on a resource:
90
+ #
91
+ # * A remote IP address issued an AWS API call
92
+ #
93
+ # * A DNS request was received
94
+ #
95
+ # * A remote IP address attempted to connect to an EC2 instance
96
+ #
97
+ # * A remote IP address attempted a port probe on an EC2 instance
98
+ #
99
+ # @note When making an API call, you may pass Action
100
+ # data as a hash:
101
+ #
102
+ # {
103
+ # action_type: "NonEmptyString",
104
+ # network_connection_action: {
105
+ # connection_direction: "NonEmptyString",
106
+ # remote_ip_details: {
107
+ # ip_address_v4: "NonEmptyString",
108
+ # organization: {
109
+ # asn: 1,
110
+ # asn_org: "NonEmptyString",
111
+ # isp: "NonEmptyString",
112
+ # org: "NonEmptyString",
113
+ # },
114
+ # country: {
115
+ # country_code: "NonEmptyString",
116
+ # country_name: "NonEmptyString",
117
+ # },
118
+ # city: {
119
+ # city_name: "NonEmptyString",
120
+ # },
121
+ # geo_location: {
122
+ # lon: 1.0,
123
+ # lat: 1.0,
124
+ # },
125
+ # },
126
+ # remote_port_details: {
127
+ # port: 1,
128
+ # port_name: "NonEmptyString",
129
+ # },
130
+ # local_port_details: {
131
+ # port: 1,
132
+ # port_name: "NonEmptyString",
133
+ # },
134
+ # protocol: "NonEmptyString",
135
+ # blocked: false,
136
+ # },
137
+ # aws_api_call_action: {
138
+ # api: "NonEmptyString",
139
+ # service_name: "NonEmptyString",
140
+ # caller_type: "NonEmptyString",
141
+ # remote_ip_details: {
142
+ # ip_address_v4: "NonEmptyString",
143
+ # organization: {
144
+ # asn: 1,
145
+ # asn_org: "NonEmptyString",
146
+ # isp: "NonEmptyString",
147
+ # org: "NonEmptyString",
148
+ # },
149
+ # country: {
150
+ # country_code: "NonEmptyString",
151
+ # country_name: "NonEmptyString",
152
+ # },
153
+ # city: {
154
+ # city_name: "NonEmptyString",
155
+ # },
156
+ # geo_location: {
157
+ # lon: 1.0,
158
+ # lat: 1.0,
159
+ # },
160
+ # },
161
+ # domain_details: {
162
+ # domain: "NonEmptyString",
163
+ # },
164
+ # affected_resources: {
165
+ # "NonEmptyString" => "NonEmptyString",
166
+ # },
167
+ # first_seen: "NonEmptyString",
168
+ # last_seen: "NonEmptyString",
169
+ # },
170
+ # dns_request_action: {
171
+ # domain: "NonEmptyString",
172
+ # protocol: "NonEmptyString",
173
+ # blocked: false,
174
+ # },
175
+ # port_probe_action: {
176
+ # port_probe_details: [
177
+ # {
178
+ # local_port_details: {
179
+ # port: 1,
180
+ # port_name: "NonEmptyString",
181
+ # },
182
+ # local_ip_details: {
183
+ # ip_address_v4: "NonEmptyString",
184
+ # },
185
+ # remote_ip_details: {
186
+ # ip_address_v4: "NonEmptyString",
187
+ # organization: {
188
+ # asn: 1,
189
+ # asn_org: "NonEmptyString",
190
+ # isp: "NonEmptyString",
191
+ # org: "NonEmptyString",
192
+ # },
193
+ # country: {
194
+ # country_code: "NonEmptyString",
195
+ # country_name: "NonEmptyString",
196
+ # },
197
+ # city: {
198
+ # city_name: "NonEmptyString",
199
+ # },
200
+ # geo_location: {
201
+ # lon: 1.0,
202
+ # lat: 1.0,
203
+ # },
204
+ # },
205
+ # },
206
+ # ],
207
+ # blocked: false,
208
+ # },
209
+ # }
210
+ #
211
+ # @!attribute [rw] action_type
212
+ # The type of action that was detected. The possible action types are:
213
+ #
214
+ # * `NETWORK_CONNECTION`
215
+ #
216
+ # * `AWS_API_CALL`
217
+ #
218
+ # * `DNS_REQUEST`
219
+ #
220
+ # * `PORT_PROBE`
221
+ # @return [String]
222
+ #
223
+ # @!attribute [rw] network_connection_action
224
+ # Included if `ActionType` is `NETWORK_CONNECTION`. Provides details
225
+ # about the network connection that was detected.
226
+ # @return [Types::NetworkConnectionAction]
227
+ #
228
+ # @!attribute [rw] aws_api_call_action
229
+ # Included if `ActionType` is `AWS_API_CALL`. Provides details about
230
+ # the API call that was detected.
231
+ # @return [Types::AwsApiCallAction]
232
+ #
233
+ # @!attribute [rw] dns_request_action
234
+ # Included if `ActionType` is `DNS_REQUEST`. Provides details about
235
+ # the DNS request that was detected.
236
+ # @return [Types::DnsRequestAction]
237
+ #
238
+ # @!attribute [rw] port_probe_action
239
+ # Included if `ActionType` is `PORT_PROBE`. Provides details about the
240
+ # port probe that was detected.
241
+ # @return [Types::PortProbeAction]
242
+ #
243
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Action AWS API Documentation
244
+ #
245
+ class Action < Struct.new(
246
+ :action_type,
247
+ :network_connection_action,
248
+ :aws_api_call_action,
249
+ :dns_request_action,
250
+ :port_probe_action)
251
+ SENSITIVE = []
252
+ include Aws::Structure
253
+ end
254
+
255
+ # Provides information about the IP address where the scanned port is
256
+ # located.
257
+ #
258
+ # @note When making an API call, you may pass ActionLocalIpDetails
259
+ # data as a hash:
260
+ #
261
+ # {
262
+ # ip_address_v4: "NonEmptyString",
263
+ # }
264
+ #
265
+ # @!attribute [rw] ip_address_v4
266
+ # The IP address.
267
+ # @return [String]
268
+ #
269
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalIpDetails AWS API Documentation
270
+ #
271
+ class ActionLocalIpDetails < Struct.new(
272
+ :ip_address_v4)
273
+ SENSITIVE = []
274
+ include Aws::Structure
275
+ end
276
+
277
+ # For `NetworkConnectionAction` and `PortProbeDetails`,
278
+ # `LocalPortDetails` provides information about the local port that was
279
+ # involved in the action.
280
+ #
281
+ # @note When making an API call, you may pass ActionLocalPortDetails
282
+ # data as a hash:
283
+ #
284
+ # {
285
+ # port: 1,
286
+ # port_name: "NonEmptyString",
287
+ # }
288
+ #
289
+ # @!attribute [rw] port
290
+ # The number of the port.
291
+ # @return [Integer]
292
+ #
293
+ # @!attribute [rw] port_name
294
+ # The port name of the local connection.
295
+ # @return [String]
296
+ #
297
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalPortDetails AWS API Documentation
298
+ #
299
+ class ActionLocalPortDetails < Struct.new(
300
+ :port,
301
+ :port_name)
302
+ SENSITIVE = []
303
+ include Aws::Structure
304
+ end
305
+
306
+ # For `AwsApiAction`, `NetworkConnectionAction`, and `PortProbeAction`,
307
+ # `RemoteIpDetails` provides information about the remote IP address
308
+ # that was involved in the action.
309
+ #
310
+ # @note When making an API call, you may pass ActionRemoteIpDetails
311
+ # data as a hash:
312
+ #
313
+ # {
314
+ # ip_address_v4: "NonEmptyString",
315
+ # organization: {
316
+ # asn: 1,
317
+ # asn_org: "NonEmptyString",
318
+ # isp: "NonEmptyString",
319
+ # org: "NonEmptyString",
320
+ # },
321
+ # country: {
322
+ # country_code: "NonEmptyString",
323
+ # country_name: "NonEmptyString",
324
+ # },
325
+ # city: {
326
+ # city_name: "NonEmptyString",
327
+ # },
328
+ # geo_location: {
329
+ # lon: 1.0,
330
+ # lat: 1.0,
331
+ # },
332
+ # }
333
+ #
334
+ # @!attribute [rw] ip_address_v4
335
+ # The IP address.
336
+ # @return [String]
337
+ #
338
+ # @!attribute [rw] organization
339
+ # The internet service provider (ISP) organization associated with the
340
+ # remote IP address.
341
+ # @return [Types::IpOrganizationDetails]
342
+ #
343
+ # @!attribute [rw] country
344
+ # The country where the remote IP address is located.
345
+ # @return [Types::Country]
346
+ #
347
+ # @!attribute [rw] city
348
+ # The city where the remote IP address is located.
349
+ # @return [Types::City]
350
+ #
351
+ # @!attribute [rw] geo_location
352
+ # The coordinates of the location of the remote IP address.
353
+ # @return [Types::GeoLocation]
354
+ #
355
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemoteIpDetails AWS API Documentation
356
+ #
357
+ class ActionRemoteIpDetails < Struct.new(
358
+ :ip_address_v4,
359
+ :organization,
360
+ :country,
361
+ :city,
362
+ :geo_location)
363
+ SENSITIVE = []
364
+ include Aws::Structure
365
+ end
366
+
367
+ # Provides information about the remote port that was involved in an
368
+ # attempted network connection.
369
+ #
370
+ # @note When making an API call, you may pass ActionRemotePortDetails
371
+ # data as a hash:
372
+ #
373
+ # {
374
+ # port: 1,
375
+ # port_name: "NonEmptyString",
376
+ # }
377
+ #
378
+ # @!attribute [rw] port
379
+ # The number of the port.
380
+ # @return [Integer]
381
+ #
382
+ # @!attribute [rw] port_name
383
+ # The port name of the remote connection.
384
+ # @return [String]
385
+ #
386
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemotePortDetails AWS API Documentation
387
+ #
388
+ class ActionRemotePortDetails < Struct.new(
389
+ :port,
390
+ :port_name)
391
+ SENSITIVE = []
392
+ include Aws::Structure
393
+ end
394
+
88
395
  # An `ActionTarget` object.
89
396
  #
90
397
  # @!attribute [rw] action_target_arn
@@ -160,6 +467,120 @@ module Aws::SecurityHub
160
467
  include Aws::Structure
161
468
  end
162
469
 
470
+ # Provided if `ActionType` is `AWS_API_CALL`. It provides details about
471
+ # the API call that was detected.
472
+ #
473
+ # @note When making an API call, you may pass AwsApiCallAction
474
+ # data as a hash:
475
+ #
476
+ # {
477
+ # api: "NonEmptyString",
478
+ # service_name: "NonEmptyString",
479
+ # caller_type: "NonEmptyString",
480
+ # remote_ip_details: {
481
+ # ip_address_v4: "NonEmptyString",
482
+ # organization: {
483
+ # asn: 1,
484
+ # asn_org: "NonEmptyString",
485
+ # isp: "NonEmptyString",
486
+ # org: "NonEmptyString",
487
+ # },
488
+ # country: {
489
+ # country_code: "NonEmptyString",
490
+ # country_name: "NonEmptyString",
491
+ # },
492
+ # city: {
493
+ # city_name: "NonEmptyString",
494
+ # },
495
+ # geo_location: {
496
+ # lon: 1.0,
497
+ # lat: 1.0,
498
+ # },
499
+ # },
500
+ # domain_details: {
501
+ # domain: "NonEmptyString",
502
+ # },
503
+ # affected_resources: {
504
+ # "NonEmptyString" => "NonEmptyString",
505
+ # },
506
+ # first_seen: "NonEmptyString",
507
+ # last_seen: "NonEmptyString",
508
+ # }
509
+ #
510
+ # @!attribute [rw] api
511
+ # The name of the API method that was issued.
512
+ # @return [String]
513
+ #
514
+ # @!attribute [rw] service_name
515
+ # The name of the AWS service that the API method belongs to.
516
+ # @return [String]
517
+ #
518
+ # @!attribute [rw] caller_type
519
+ # Indicates whether the API call originated from a remote IP address
520
+ # (`remoteip`) or from a DNS domain (`domain`).
521
+ # @return [String]
522
+ #
523
+ # @!attribute [rw] remote_ip_details
524
+ # Provided if `CallerType` is `remoteIp`. Provides information about
525
+ # the remote IP address that the API call originated from.
526
+ # @return [Types::ActionRemoteIpDetails]
527
+ #
528
+ # @!attribute [rw] domain_details
529
+ # Provided if `CallerType` is `domain`. Provides information about the
530
+ # DNS domain that the API call originated from.
531
+ # @return [Types::AwsApiCallActionDomainDetails]
532
+ #
533
+ # @!attribute [rw] affected_resources
534
+ # Identifies the resources that were affected by the API call.
535
+ # @return [Hash<String,String>]
536
+ #
537
+ # @!attribute [rw] first_seen
538
+ # An ISO8601-formatted timestamp that indicates when the API call was
539
+ # first observed.
540
+ # @return [String]
541
+ #
542
+ # @!attribute [rw] last_seen
543
+ # An ISO8601-formatted timestamp that indicates when the API call was
544
+ # most recently observed.
545
+ # @return [String]
546
+ #
547
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallAction AWS API Documentation
548
+ #
549
+ class AwsApiCallAction < Struct.new(
550
+ :api,
551
+ :service_name,
552
+ :caller_type,
553
+ :remote_ip_details,
554
+ :domain_details,
555
+ :affected_resources,
556
+ :first_seen,
557
+ :last_seen)
558
+ SENSITIVE = []
559
+ include Aws::Structure
560
+ end
561
+
562
+ # Provided if `CallerType` is `domain`. It provides information about
563
+ # the DNS domain that issued the API call.
564
+ #
565
+ # @note When making an API call, you may pass AwsApiCallActionDomainDetails
566
+ # data as a hash:
567
+ #
568
+ # {
569
+ # domain: "NonEmptyString",
570
+ # }
571
+ #
572
+ # @!attribute [rw] domain
573
+ # The name of the DNS domain that issued the API call.
574
+ # @return [String]
575
+ #
576
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallActionDomainDetails AWS API Documentation
577
+ #
578
+ class AwsApiCallActionDomainDetails < Struct.new(
579
+ :domain)
580
+ SENSITIVE = []
581
+ include Aws::Structure
582
+ end
583
+
163
584
  # Contains information about settings for logging access for the stage.
164
585
  #
165
586
  # @note When making an API call, you may pass AwsApiGatewayAccessLogSettings
@@ -3488,6 +3909,19 @@ module Aws::SecurityHub
3488
3909
  # },
3489
3910
  # ],
3490
3911
  # source_dest_check: false,
3912
+ # ip_v6_addresses: [
3913
+ # {
3914
+ # ip_v6_address: "NonEmptyString",
3915
+ # },
3916
+ # ],
3917
+ # private_ip_addresses: [
3918
+ # {
3919
+ # private_ip_address: "NonEmptyString",
3920
+ # private_dns_name: "NonEmptyString",
3921
+ # },
3922
+ # ],
3923
+ # public_dns_name: "NonEmptyString",
3924
+ # public_ip: "NonEmptyString",
3491
3925
  # }
3492
3926
  #
3493
3927
  # @!attribute [rw] attachment
@@ -3506,13 +3940,84 @@ module Aws::SecurityHub
3506
3940
  # Indicates whether traffic to or from the instance is validated.
3507
3941
  # @return [Boolean]
3508
3942
  #
3943
+ # @!attribute [rw] ip_v6_addresses
3944
+ # The IPv6 addresses associated with the network interface.
3945
+ # @return [Array<Types::AwsEc2NetworkInterfaceIpV6AddressDetail>]
3946
+ #
3947
+ # @!attribute [rw] private_ip_addresses
3948
+ # The private IPv4 addresses associated with the network interface.
3949
+ # @return [Array<Types::AwsEc2NetworkInterfacePrivateIpAddressDetail>]
3950
+ #
3951
+ # @!attribute [rw] public_dns_name
3952
+ # The public DNS name of the network interface.
3953
+ # @return [String]
3954
+ #
3955
+ # @!attribute [rw] public_ip
3956
+ # The address of the Elastic IP address bound to the network
3957
+ # interface.
3958
+ # @return [String]
3959
+ #
3509
3960
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceDetails AWS API Documentation
3510
3961
  #
3511
3962
  class AwsEc2NetworkInterfaceDetails < Struct.new(
3512
3963
  :attachment,
3513
3964
  :network_interface_id,
3514
3965
  :security_groups,
3515
- :source_dest_check)
3966
+ :source_dest_check,
3967
+ :ip_v6_addresses,
3968
+ :private_ip_addresses,
3969
+ :public_dns_name,
3970
+ :public_ip)
3971
+ SENSITIVE = []
3972
+ include Aws::Structure
3973
+ end
3974
+
3975
+ # Provides information about an IPV6 address that is associated with the
3976
+ # network interface.
3977
+ #
3978
+ # @note When making an API call, you may pass AwsEc2NetworkInterfaceIpV6AddressDetail
3979
+ # data as a hash:
3980
+ #
3981
+ # {
3982
+ # ip_v6_address: "NonEmptyString",
3983
+ # }
3984
+ #
3985
+ # @!attribute [rw] ip_v6_address
3986
+ # The IPV6 address.
3987
+ # @return [String]
3988
+ #
3989
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceIpV6AddressDetail AWS API Documentation
3990
+ #
3991
+ class AwsEc2NetworkInterfaceIpV6AddressDetail < Struct.new(
3992
+ :ip_v6_address)
3993
+ SENSITIVE = []
3994
+ include Aws::Structure
3995
+ end
3996
+
3997
+ # Provides information about a private IPv4 address that is with the
3998
+ # network interface.
3999
+ #
4000
+ # @note When making an API call, you may pass AwsEc2NetworkInterfacePrivateIpAddressDetail
4001
+ # data as a hash:
4002
+ #
4003
+ # {
4004
+ # private_ip_address: "NonEmptyString",
4005
+ # private_dns_name: "NonEmptyString",
4006
+ # }
4007
+ #
4008
+ # @!attribute [rw] private_ip_address
4009
+ # The IP address.
4010
+ # @return [String]
4011
+ #
4012
+ # @!attribute [rw] private_dns_name
4013
+ # The private DNS name for the IP address.
4014
+ # @return [String]
4015
+ #
4016
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfacePrivateIpAddressDetail AWS API Documentation
4017
+ #
4018
+ class AwsEc2NetworkInterfacePrivateIpAddressDetail < Struct.new(
4019
+ :private_ip_address,
4020
+ :private_dns_name)
3516
4021
  SENSITIVE = []
3517
4022
  include Aws::Structure
3518
4023
  end
@@ -6884,6 +7389,8 @@ module Aws::SecurityHub
6884
7389
  # @return [String]
6885
7390
  #
6886
7391
  # @!attribute [rw] engine
7392
+ # The name of the database engine that you want to use for this DB
7393
+ # instance.
6887
7394
  # @return [String]
6888
7395
  #
6889
7396
  # @!attribute [rw] allocated_storage
@@ -7667,6 +8174,8 @@ module Aws::SecurityHub
7667
8174
  include Aws::Structure
7668
8175
  end
7669
8176
 
8177
+ # An option group membership.
8178
+ #
7670
8179
  # @note When making an API call, you may pass AwsRdsDbOptionGroupMembership
7671
8180
  # data as a hash:
7672
8181
  #
@@ -7676,9 +8185,11 @@ module Aws::SecurityHub
7676
8185
  # }
7677
8186
  #
7678
8187
  # @!attribute [rw] option_group_name
8188
+ # The name of the option group.
7679
8189
  # @return [String]
7680
8190
  #
7681
8191
  # @!attribute [rw] status
8192
+ # The status of the option group membership.
7682
8193
  # @return [String]
7683
8194
  #
7684
8195
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbOptionGroupMembership AWS API Documentation
@@ -7690,6 +8201,8 @@ module Aws::SecurityHub
7690
8201
  include Aws::Structure
7691
8202
  end
7692
8203
 
8204
+ # Provides information about a parameter group for a DB instance.
8205
+ #
7693
8206
  # @note When making an API call, you may pass AwsRdsDbParameterGroup
7694
8207
  # data as a hash:
7695
8208
  #
@@ -7699,9 +8212,11 @@ module Aws::SecurityHub
7699
8212
  # }
7700
8213
  #
7701
8214
  # @!attribute [rw] db_parameter_group_name
8215
+ # The name of the parameter group.
7702
8216
  # @return [String]
7703
8217
  #
7704
8218
  # @!attribute [rw] parameter_apply_status
8219
+ # The status of parameter updates.
7705
8220
  # @return [String]
7706
8221
  #
7707
8222
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbParameterGroup AWS API Documentation
@@ -7713,6 +8228,8 @@ module Aws::SecurityHub
7713
8228
  include Aws::Structure
7714
8229
  end
7715
8230
 
8231
+ # Changes to a DB instance that are currently pending.
8232
+ #
7716
8233
  # @note When making an API call, you may pass AwsRdsDbPendingModifiedValues
7717
8234
  # data as a hash:
7718
8235
  #
@@ -7743,48 +8260,64 @@ module Aws::SecurityHub
7743
8260
  # }
7744
8261
  #
7745
8262
  # @!attribute [rw] db_instance_class
8263
+ # The new DB instance class for the DB instance.
7746
8264
  # @return [String]
7747
8265
  #
7748
8266
  # @!attribute [rw] allocated_storage
8267
+ # The new value of the allocated storage for the DB instance.
7749
8268
  # @return [Integer]
7750
8269
  #
7751
8270
  # @!attribute [rw] master_user_password
8271
+ # The new master user password for the DB instance.
7752
8272
  # @return [String]
7753
8273
  #
7754
8274
  # @!attribute [rw] port
8275
+ # The new port for the DB instance.
7755
8276
  # @return [Integer]
7756
8277
  #
7757
8278
  # @!attribute [rw] backup_retention_period
8279
+ # The new backup retention period for the DB instance.
7758
8280
  # @return [Integer]
7759
8281
  #
7760
8282
  # @!attribute [rw] multi_az
8283
+ # Indicates that a single Availability Zone DB instance is changing to
8284
+ # a multiple Availability Zone deployment.
7761
8285
  # @return [Boolean]
7762
8286
  #
7763
8287
  # @!attribute [rw] engine_version
8288
+ # The new engine version for the DB instance.
7764
8289
  # @return [String]
7765
8290
  #
7766
8291
  # @!attribute [rw] license_model
8292
+ # The new license model value for the DB instance.
7767
8293
  # @return [String]
7768
8294
  #
7769
8295
  # @!attribute [rw] iops
8296
+ # The new provisioned IOPS value for the DB instance.
7770
8297
  # @return [Integer]
7771
8298
  #
7772
8299
  # @!attribute [rw] db_instance_identifier
8300
+ # The new DB instance identifier for the DB instance.
7773
8301
  # @return [String]
7774
8302
  #
7775
8303
  # @!attribute [rw] storage_type
8304
+ # The new storage type for the DB instance.
7776
8305
  # @return [String]
7777
8306
  #
7778
8307
  # @!attribute [rw] ca_certificate_identifier
8308
+ # The new CA certificate identifier for the DB instance.
7779
8309
  # @return [String]
7780
8310
  #
7781
8311
  # @!attribute [rw] db_subnet_group_name
8312
+ # The name of the new subnet group for the DB instance.
7782
8313
  # @return [String]
7783
8314
  #
7784
8315
  # @!attribute [rw] pending_cloud_watch_logs_exports
8316
+ # A list of log types that are being enabled or disabled.
7785
8317
  # @return [Types::AwsRdsPendingCloudWatchLogsExports]
7786
8318
  #
7787
8319
  # @!attribute [rw] processor_features
8320
+ # Processor features that are being updated.
7788
8321
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7789
8322
  #
7790
8323
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbPendingModifiedValues AWS API Documentation
@@ -7809,6 +8342,8 @@ module Aws::SecurityHub
7809
8342
  include Aws::Structure
7810
8343
  end
7811
8344
 
8345
+ # A processor feature.
8346
+ #
7812
8347
  # @note When making an API call, you may pass AwsRdsDbProcessorFeature
7813
8348
  # data as a hash:
7814
8349
  #
@@ -7818,9 +8353,11 @@ module Aws::SecurityHub
7818
8353
  # }
7819
8354
  #
7820
8355
  # @!attribute [rw] name
8356
+ # The name of the processor feature.
7821
8357
  # @return [String]
7822
8358
  #
7823
8359
  # @!attribute [rw] value
8360
+ # The value of the processor feature.
7824
8361
  # @return [String]
7825
8362
  #
7826
8363
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbProcessorFeature AWS API Documentation
@@ -7832,6 +8369,8 @@ module Aws::SecurityHub
7832
8369
  include Aws::Structure
7833
8370
  end
7834
8371
 
8372
+ # Provides details about an Amazon RDS DB cluster snapshot.
8373
+ #
7835
8374
  # @note When making an API call, you may pass AwsRdsDbSnapshotDetails
7836
8375
  # data as a hash:
7837
8376
  #
@@ -7871,84 +8410,120 @@ module Aws::SecurityHub
7871
8410
  # }
7872
8411
  #
7873
8412
  # @!attribute [rw] db_snapshot_identifier
8413
+ # The name or ARN of the DB snapshot that is used to restore the DB
8414
+ # instance.
7874
8415
  # @return [String]
7875
8416
  #
7876
8417
  # @!attribute [rw] db_instance_identifier
8418
+ # A name for the DB instance.
7877
8419
  # @return [String]
7878
8420
  #
7879
8421
  # @!attribute [rw] snapshot_create_time
8422
+ # When the snapshot was taken in Coordinated Universal Time (UTC).
7880
8423
  # @return [String]
7881
8424
  #
7882
8425
  # @!attribute [rw] engine
8426
+ # The name of the database engine to use for this DB instance.
7883
8427
  # @return [String]
7884
8428
  #
7885
8429
  # @!attribute [rw] allocated_storage
8430
+ # The amount of storage (in gigabytes) to be initially allocated for
8431
+ # the database instance.
7886
8432
  # @return [Integer]
7887
8433
  #
7888
8434
  # @!attribute [rw] status
8435
+ # The status of this DB snapshot.
7889
8436
  # @return [String]
7890
8437
  #
7891
8438
  # @!attribute [rw] port
8439
+ # The port that the database engine was listening on at the time of
8440
+ # the snapshot.
7892
8441
  # @return [Integer]
7893
8442
  #
7894
8443
  # @!attribute [rw] availability_zone
8444
+ # Specifies the name of the Availability Zone in which the DB instance
8445
+ # was located at the time of the DB snapshot.
7895
8446
  # @return [String]
7896
8447
  #
7897
8448
  # @!attribute [rw] vpc_id
8449
+ # The VPC ID associated with the DB snapshot.
7898
8450
  # @return [String]
7899
8451
  #
7900
8452
  # @!attribute [rw] instance_create_time
8453
+ # Specifies the time in Coordinated Universal Time (UTC) when the DB
8454
+ # instance, from which the snapshot was taken, was created.
7901
8455
  # @return [String]
7902
8456
  #
7903
8457
  # @!attribute [rw] master_username
8458
+ # The master user name for the DB snapshot.
7904
8459
  # @return [String]
7905
8460
  #
7906
8461
  # @!attribute [rw] engine_version
8462
+ # The version of the database engine.
7907
8463
  # @return [String]
7908
8464
  #
7909
8465
  # @!attribute [rw] license_model
8466
+ # License model information for the restored DB instance.
7910
8467
  # @return [String]
7911
8468
  #
7912
8469
  # @!attribute [rw] snapshot_type
8470
+ # The type of the DB snapshot.
7913
8471
  # @return [String]
7914
8472
  #
7915
8473
  # @!attribute [rw] iops
8474
+ # The provisioned IOPS (I/O operations per second) value of the DB
8475
+ # instance at the time of the snapshot.
7916
8476
  # @return [Integer]
7917
8477
  #
7918
8478
  # @!attribute [rw] option_group_name
8479
+ # The option group name for the DB snapshot.
7919
8480
  # @return [String]
7920
8481
  #
7921
8482
  # @!attribute [rw] percent_progress
8483
+ # The percentage of the estimated data that has been transferred.
7922
8484
  # @return [Integer]
7923
8485
  #
7924
8486
  # @!attribute [rw] source_region
8487
+ # The AWS Region that the DB snapshot was created in or copied from.
7925
8488
  # @return [String]
7926
8489
  #
7927
8490
  # @!attribute [rw] source_db_snapshot_identifier
8491
+ # The DB snapshot ARN that the DB snapshot was copied from.
7928
8492
  # @return [String]
7929
8493
  #
7930
8494
  # @!attribute [rw] storage_type
8495
+ # The storage type associated with the DB snapshot.
7931
8496
  # @return [String]
7932
8497
  #
7933
8498
  # @!attribute [rw] tde_credential_arn
8499
+ # The ARN from the key store with which to associate the instance for
8500
+ # TDE encryption.
7934
8501
  # @return [String]
7935
8502
  #
7936
8503
  # @!attribute [rw] encrypted
8504
+ # Whether the DB snapshot is encrypted.
7937
8505
  # @return [Boolean]
7938
8506
  #
7939
8507
  # @!attribute [rw] kms_key_id
8508
+ # If `Encrypted` is `true`, the AWS KMS key identifier for the
8509
+ # encrypted DB snapshot.
7940
8510
  # @return [String]
7941
8511
  #
7942
8512
  # @!attribute [rw] timezone
8513
+ # The time zone of the DB snapshot.
7943
8514
  # @return [String]
7944
8515
  #
7945
8516
  # @!attribute [rw] iam_database_authentication_enabled
8517
+ # Whether mapping of IAM accounts to database accounts is enabled.
7946
8518
  # @return [Boolean]
7947
8519
  #
7948
8520
  # @!attribute [rw] processor_features
8521
+ # The number of CPU cores and the number of threads per core for the
8522
+ # DB instance class of the DB instance.
7949
8523
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7950
8524
  #
7951
8525
  # @!attribute [rw] dbi_resource_id
8526
+ # The identifier for the source DB instance.
7952
8527
  # @return [String]
7953
8528
  #
7954
8529
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSnapshotDetails AWS API Documentation
@@ -9190,6 +9765,51 @@ module Aws::SecurityHub
9190
9765
  include Aws::Structure
9191
9766
  end
9192
9767
 
9768
+ # provides information about the Amazon S3 Public Access Block
9769
+ # configuration for accounts.
9770
+ #
9771
+ # @note When making an API call, you may pass AwsS3AccountPublicAccessBlockDetails
9772
+ # data as a hash:
9773
+ #
9774
+ # {
9775
+ # block_public_acls: false,
9776
+ # block_public_policy: false,
9777
+ # ignore_public_acls: false,
9778
+ # restrict_public_buckets: false,
9779
+ # }
9780
+ #
9781
+ # @!attribute [rw] block_public_acls
9782
+ # Indicates whether to reject calls to update an S3 bucket if the
9783
+ # calls include a public access control list (ACL).
9784
+ # @return [Boolean]
9785
+ #
9786
+ # @!attribute [rw] block_public_policy
9787
+ # Indicates whether to reject calls to update the access policy for an
9788
+ # S3 bucket or access point if the policy allows public access.
9789
+ # @return [Boolean]
9790
+ #
9791
+ # @!attribute [rw] ignore_public_acls
9792
+ # Indicates whether Amazon S3 ignores public ACLs that are associated
9793
+ # with an S3 bucket.
9794
+ # @return [Boolean]
9795
+ #
9796
+ # @!attribute [rw] restrict_public_buckets
9797
+ # Indicates whether to restrict access to an access point or S3 bucket
9798
+ # that has a public policy to only AWS service principals and
9799
+ # authorized users within the S3 bucket owner's account.
9800
+ # @return [Boolean]
9801
+ #
9802
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3AccountPublicAccessBlockDetails AWS API Documentation
9803
+ #
9804
+ class AwsS3AccountPublicAccessBlockDetails < Struct.new(
9805
+ :block_public_acls,
9806
+ :block_public_policy,
9807
+ :ignore_public_acls,
9808
+ :restrict_public_buckets)
9809
+ SENSITIVE = []
9810
+ include Aws::Structure
9811
+ end
9812
+
9193
9813
  # The details of an Amazon S3 bucket.
9194
9814
  #
9195
9815
  # @note When making an API call, you may pass AwsS3BucketDetails
@@ -9209,6 +9829,12 @@ module Aws::SecurityHub
9209
9829
  # },
9210
9830
  # ],
9211
9831
  # },
9832
+ # public_access_block_configuration: {
9833
+ # block_public_acls: false,
9834
+ # block_public_policy: false,
9835
+ # ignore_public_acls: false,
9836
+ # restrict_public_buckets: false,
9837
+ # },
9212
9838
  # }
9213
9839
  #
9214
9840
  # @!attribute [rw] owner_id
@@ -9235,13 +9861,19 @@ module Aws::SecurityHub
9235
9861
  # The encryption rules that are applied to the S3 bucket.
9236
9862
  # @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
9237
9863
  #
9864
+ # @!attribute [rw] public_access_block_configuration
9865
+ # Provides information about the Amazon S3 Public Access Block
9866
+ # configuration for the S3 bucket.
9867
+ # @return [Types::AwsS3AccountPublicAccessBlockDetails]
9868
+ #
9238
9869
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
9239
9870
  #
9240
9871
  class AwsS3BucketDetails < Struct.new(
9241
9872
  :owner_id,
9242
9873
  :owner_name,
9243
9874
  :created_at,
9244
- :server_side_encryption_configuration)
9875
+ :server_side_encryption_configuration,
9876
+ :public_access_block_configuration)
9245
9877
  SENSITIVE = []
9246
9878
  include Aws::Structure
9247
9879
  end
@@ -9502,12 +10134,12 @@ module Aws::SecurityHub
9502
10134
  # product_arn: "NonEmptyString", # required
9503
10135
  # generator_id: "NonEmptyString", # required
9504
10136
  # aws_account_id: "NonEmptyString", # required
9505
- # types: ["NonEmptyString"], # required
10137
+ # types: ["NonEmptyString"],
9506
10138
  # first_observed_at: "NonEmptyString",
9507
10139
  # last_observed_at: "NonEmptyString",
9508
10140
  # created_at: "NonEmptyString", # required
9509
10141
  # updated_at: "NonEmptyString", # required
9510
- # severity: { # required
10142
+ # severity: {
9511
10143
  # product: 1.0,
9512
10144
  # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
9513
10145
  # normalized: 1,
@@ -9631,12 +10263,136 @@ module Aws::SecurityHub
9631
10263
  # tags: {
9632
10264
  # "NonEmptyString" => "NonEmptyString",
9633
10265
  # },
9634
- # details: {
9635
- # aws_auto_scaling_auto_scaling_group: {
9636
- # launch_configuration_name: "NonEmptyString",
9637
- # load_balancer_names: ["NonEmptyString"],
9638
- # health_check_type: "NonEmptyString",
9639
- # health_check_grace_period: 1,
10266
+ # data_classification: {
10267
+ # detailed_results_location: "NonEmptyString",
10268
+ # result: {
10269
+ # mime_type: "NonEmptyString",
10270
+ # size_classified: 1,
10271
+ # additional_occurrences: false,
10272
+ # status: {
10273
+ # code: "NonEmptyString",
10274
+ # reason: "NonEmptyString",
10275
+ # },
10276
+ # sensitive_data: [
10277
+ # {
10278
+ # category: "NonEmptyString",
10279
+ # detections: [
10280
+ # {
10281
+ # count: 1,
10282
+ # type: "NonEmptyString",
10283
+ # occurrences: {
10284
+ # line_ranges: [
10285
+ # {
10286
+ # start: 1,
10287
+ # end: 1,
10288
+ # start_column: 1,
10289
+ # },
10290
+ # ],
10291
+ # offset_ranges: [
10292
+ # {
10293
+ # start: 1,
10294
+ # end: 1,
10295
+ # start_column: 1,
10296
+ # },
10297
+ # ],
10298
+ # pages: [
10299
+ # {
10300
+ # page_number: 1,
10301
+ # line_range: {
10302
+ # start: 1,
10303
+ # end: 1,
10304
+ # start_column: 1,
10305
+ # },
10306
+ # offset_range: {
10307
+ # start: 1,
10308
+ # end: 1,
10309
+ # start_column: 1,
10310
+ # },
10311
+ # },
10312
+ # ],
10313
+ # records: [
10314
+ # {
10315
+ # json_path: "NonEmptyString",
10316
+ # record_index: 1,
10317
+ # },
10318
+ # ],
10319
+ # cells: [
10320
+ # {
10321
+ # column: 1,
10322
+ # row: 1,
10323
+ # column_name: "NonEmptyString",
10324
+ # cell_reference: "NonEmptyString",
10325
+ # },
10326
+ # ],
10327
+ # },
10328
+ # },
10329
+ # ],
10330
+ # total_count: 1,
10331
+ # },
10332
+ # ],
10333
+ # custom_data_identifiers: {
10334
+ # detections: [
10335
+ # {
10336
+ # count: 1,
10337
+ # arn: "NonEmptyString",
10338
+ # name: "NonEmptyString",
10339
+ # occurrences: {
10340
+ # line_ranges: [
10341
+ # {
10342
+ # start: 1,
10343
+ # end: 1,
10344
+ # start_column: 1,
10345
+ # },
10346
+ # ],
10347
+ # offset_ranges: [
10348
+ # {
10349
+ # start: 1,
10350
+ # end: 1,
10351
+ # start_column: 1,
10352
+ # },
10353
+ # ],
10354
+ # pages: [
10355
+ # {
10356
+ # page_number: 1,
10357
+ # line_range: {
10358
+ # start: 1,
10359
+ # end: 1,
10360
+ # start_column: 1,
10361
+ # },
10362
+ # offset_range: {
10363
+ # start: 1,
10364
+ # end: 1,
10365
+ # start_column: 1,
10366
+ # },
10367
+ # },
10368
+ # ],
10369
+ # records: [
10370
+ # {
10371
+ # json_path: "NonEmptyString",
10372
+ # record_index: 1,
10373
+ # },
10374
+ # ],
10375
+ # cells: [
10376
+ # {
10377
+ # column: 1,
10378
+ # row: 1,
10379
+ # column_name: "NonEmptyString",
10380
+ # cell_reference: "NonEmptyString",
10381
+ # },
10382
+ # ],
10383
+ # },
10384
+ # },
10385
+ # ],
10386
+ # total_count: 1,
10387
+ # },
10388
+ # },
10389
+ # },
10390
+ # details: {
10391
+ # aws_auto_scaling_auto_scaling_group: {
10392
+ # launch_configuration_name: "NonEmptyString",
10393
+ # load_balancer_names: ["NonEmptyString"],
10394
+ # health_check_type: "NonEmptyString",
10395
+ # health_check_grace_period: 1,
9640
10396
  # created_time: "NonEmptyString",
9641
10397
  # },
9642
10398
  # aws_code_build_project: {
@@ -9741,6 +10497,19 @@ module Aws::SecurityHub
9741
10497
  # },
9742
10498
  # ],
9743
10499
  # source_dest_check: false,
10500
+ # ip_v6_addresses: [
10501
+ # {
10502
+ # ip_v6_address: "NonEmptyString",
10503
+ # },
10504
+ # ],
10505
+ # private_ip_addresses: [
10506
+ # {
10507
+ # private_ip_address: "NonEmptyString",
10508
+ # private_dns_name: "NonEmptyString",
10509
+ # },
10510
+ # ],
10511
+ # public_dns_name: "NonEmptyString",
10512
+ # public_ip: "NonEmptyString",
9744
10513
  # },
9745
10514
  # aws_ec2_security_group: {
9746
10515
  # group_name: "NonEmptyString",
@@ -9919,6 +10688,18 @@ module Aws::SecurityHub
9919
10688
  # },
9920
10689
  # ],
9921
10690
  # },
10691
+ # public_access_block_configuration: {
10692
+ # block_public_acls: false,
10693
+ # block_public_policy: false,
10694
+ # ignore_public_acls: false,
10695
+ # restrict_public_buckets: false,
10696
+ # },
10697
+ # },
10698
+ # aws_s3_account_public_access_block: {
10699
+ # block_public_acls: false,
10700
+ # block_public_policy: false,
10701
+ # ignore_public_acls: false,
10702
+ # restrict_public_buckets: false,
9922
10703
  # },
9923
10704
  # aws_s3_object: {
9924
10705
  # last_modified: "NonEmptyString",
@@ -10241,6 +11022,30 @@ module Aws::SecurityHub
10241
11022
  # sns_topic_name: "NonEmptyString",
10242
11023
  # trail_arn: "NonEmptyString",
10243
11024
  # },
11025
+ # aws_ssm_patch_compliance: {
11026
+ # patch: {
11027
+ # compliance_summary: {
11028
+ # status: "NonEmptyString",
11029
+ # compliant_critical_count: 1,
11030
+ # compliant_high_count: 1,
11031
+ # compliant_medium_count: 1,
11032
+ # execution_type: "NonEmptyString",
11033
+ # non_compliant_critical_count: 1,
11034
+ # compliant_informational_count: 1,
11035
+ # non_compliant_informational_count: 1,
11036
+ # compliant_unspecified_count: 1,
11037
+ # non_compliant_low_count: 1,
11038
+ # non_compliant_high_count: 1,
11039
+ # compliant_low_count: 1,
11040
+ # compliance_type: "NonEmptyString",
11041
+ # patch_baseline_id: "NonEmptyString",
11042
+ # overall_severity: "NonEmptyString",
11043
+ # non_compliant_medium_count: 1,
11044
+ # non_compliant_unspecified_count: 1,
11045
+ # patch_group: "NonEmptyString",
11046
+ # },
11047
+ # },
11048
+ # },
10244
11049
  # aws_certificate_manager_certificate: {
10245
11050
  # certificate_authority_arn: "NonEmptyString",
10246
11051
  # created_at: "NonEmptyString",
@@ -11017,6 +11822,129 @@ module Aws::SecurityHub
11017
11822
  # reboot_option: "NonEmptyString",
11018
11823
  # operation: "NonEmptyString",
11019
11824
  # },
11825
+ # action: {
11826
+ # action_type: "NonEmptyString",
11827
+ # network_connection_action: {
11828
+ # connection_direction: "NonEmptyString",
11829
+ # remote_ip_details: {
11830
+ # ip_address_v4: "NonEmptyString",
11831
+ # organization: {
11832
+ # asn: 1,
11833
+ # asn_org: "NonEmptyString",
11834
+ # isp: "NonEmptyString",
11835
+ # org: "NonEmptyString",
11836
+ # },
11837
+ # country: {
11838
+ # country_code: "NonEmptyString",
11839
+ # country_name: "NonEmptyString",
11840
+ # },
11841
+ # city: {
11842
+ # city_name: "NonEmptyString",
11843
+ # },
11844
+ # geo_location: {
11845
+ # lon: 1.0,
11846
+ # lat: 1.0,
11847
+ # },
11848
+ # },
11849
+ # remote_port_details: {
11850
+ # port: 1,
11851
+ # port_name: "NonEmptyString",
11852
+ # },
11853
+ # local_port_details: {
11854
+ # port: 1,
11855
+ # port_name: "NonEmptyString",
11856
+ # },
11857
+ # protocol: "NonEmptyString",
11858
+ # blocked: false,
11859
+ # },
11860
+ # aws_api_call_action: {
11861
+ # api: "NonEmptyString",
11862
+ # service_name: "NonEmptyString",
11863
+ # caller_type: "NonEmptyString",
11864
+ # remote_ip_details: {
11865
+ # ip_address_v4: "NonEmptyString",
11866
+ # organization: {
11867
+ # asn: 1,
11868
+ # asn_org: "NonEmptyString",
11869
+ # isp: "NonEmptyString",
11870
+ # org: "NonEmptyString",
11871
+ # },
11872
+ # country: {
11873
+ # country_code: "NonEmptyString",
11874
+ # country_name: "NonEmptyString",
11875
+ # },
11876
+ # city: {
11877
+ # city_name: "NonEmptyString",
11878
+ # },
11879
+ # geo_location: {
11880
+ # lon: 1.0,
11881
+ # lat: 1.0,
11882
+ # },
11883
+ # },
11884
+ # domain_details: {
11885
+ # domain: "NonEmptyString",
11886
+ # },
11887
+ # affected_resources: {
11888
+ # "NonEmptyString" => "NonEmptyString",
11889
+ # },
11890
+ # first_seen: "NonEmptyString",
11891
+ # last_seen: "NonEmptyString",
11892
+ # },
11893
+ # dns_request_action: {
11894
+ # domain: "NonEmptyString",
11895
+ # protocol: "NonEmptyString",
11896
+ # blocked: false,
11897
+ # },
11898
+ # port_probe_action: {
11899
+ # port_probe_details: [
11900
+ # {
11901
+ # local_port_details: {
11902
+ # port: 1,
11903
+ # port_name: "NonEmptyString",
11904
+ # },
11905
+ # local_ip_details: {
11906
+ # ip_address_v4: "NonEmptyString",
11907
+ # },
11908
+ # remote_ip_details: {
11909
+ # ip_address_v4: "NonEmptyString",
11910
+ # organization: {
11911
+ # asn: 1,
11912
+ # asn_org: "NonEmptyString",
11913
+ # isp: "NonEmptyString",
11914
+ # org: "NonEmptyString",
11915
+ # },
11916
+ # country: {
11917
+ # country_code: "NonEmptyString",
11918
+ # country_name: "NonEmptyString",
11919
+ # },
11920
+ # city: {
11921
+ # city_name: "NonEmptyString",
11922
+ # },
11923
+ # geo_location: {
11924
+ # lon: 1.0,
11925
+ # lat: 1.0,
11926
+ # },
11927
+ # },
11928
+ # },
11929
+ # ],
11930
+ # blocked: false,
11931
+ # },
11932
+ # },
11933
+ # finding_provider_fields: {
11934
+ # confidence: 1,
11935
+ # criticality: 1,
11936
+ # related_findings: [
11937
+ # {
11938
+ # product_arn: "NonEmptyString", # required
11939
+ # id: "NonEmptyString", # required
11940
+ # },
11941
+ # ],
11942
+ # severity: {
11943
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
11944
+ # original: "NonEmptyString",
11945
+ # },
11946
+ # types: ["NonEmptyString"],
11947
+ # },
11020
11948
  # }
11021
11949
  #
11022
11950
  # @!attribute [rw] schema_version
@@ -11232,6 +12160,17 @@ module Aws::SecurityHub
11232
12160
  # against a selected compliance standard.
11233
12161
  # @return [Types::PatchSummary]
11234
12162
  #
12163
+ # @!attribute [rw] action
12164
+ # Provides details about an action that affects or that was taken on a
12165
+ # resource.
12166
+ # @return [Types::Action]
12167
+ #
12168
+ # @!attribute [rw] finding_provider_fields
12169
+ # In a `BatchImportFindings` request, finding providers use
12170
+ # `FindingProviderFields` to provide and update their own values for
12171
+ # confidence, criticality, related findings, severity, and types.
12172
+ # @return [Types::FindingProviderFields]
12173
+ #
11235
12174
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
11236
12175
  #
11237
12176
  class AwsSecurityFinding < Struct.new(
@@ -11268,7 +12207,9 @@ module Aws::SecurityHub
11268
12207
  :related_findings,
11269
12208
  :note,
11270
12209
  :vulnerabilities,
11271
- :patch_summary)
12210
+ :patch_summary,
12211
+ :action,
12212
+ :finding_provider_fields)
11272
12213
  SENSITIVE = []
11273
12214
  include Aws::Structure
11274
12215
  end
@@ -11837,6 +12778,50 @@ module Aws::SecurityHub
11837
12778
  # value: "NonEmptyString",
11838
12779
  # },
11839
12780
  # ],
12781
+ # finding_provider_fields_confidence: [
12782
+ # {
12783
+ # gte: 1.0,
12784
+ # lte: 1.0,
12785
+ # eq: 1.0,
12786
+ # },
12787
+ # ],
12788
+ # finding_provider_fields_criticality: [
12789
+ # {
12790
+ # gte: 1.0,
12791
+ # lte: 1.0,
12792
+ # eq: 1.0,
12793
+ # },
12794
+ # ],
12795
+ # finding_provider_fields_related_findings_id: [
12796
+ # {
12797
+ # value: "NonEmptyString",
12798
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12799
+ # },
12800
+ # ],
12801
+ # finding_provider_fields_related_findings_product_arn: [
12802
+ # {
12803
+ # value: "NonEmptyString",
12804
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12805
+ # },
12806
+ # ],
12807
+ # finding_provider_fields_severity_label: [
12808
+ # {
12809
+ # value: "NonEmptyString",
12810
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12811
+ # },
12812
+ # ],
12813
+ # finding_provider_fields_severity_original: [
12814
+ # {
12815
+ # value: "NonEmptyString",
12816
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12817
+ # },
12818
+ # ],
12819
+ # finding_provider_fields_types: [
12820
+ # {
12821
+ # value: "NonEmptyString",
12822
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12823
+ # },
12824
+ # ],
11840
12825
  # }
11841
12826
  #
11842
12827
  # @!attribute [rw] product_arn
@@ -12196,6 +13181,14 @@ module Aws::SecurityHub
12196
13181
  #
12197
13182
  # * `NEW` - The initial state of a finding, before it is reviewed.
12198
13183
  #
13184
+ # Security Hub also resets the workflow status from `NOTIFIED` or
13185
+ # `RESOLVED` to `NEW` in the following cases:
13186
+ #
13187
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
13188
+ #
13189
+ # * The compliance status changes from `PASSED` to either `WARNING`,
13190
+ # `FAILED`, or `NOT_AVAILABLE`.
13191
+ #
12199
13192
  # * `NOTIFIED` - Indicates that the resource owner has been notified
12200
13193
  # about the security issue. Used when the initial reviewer is not
12201
13194
  # the resource owner, and needs intervention from the resource
@@ -12236,6 +13229,52 @@ module Aws::SecurityHub
12236
13229
  # A keyword for a finding.
12237
13230
  # @return [Array<Types::KeywordFilter>]
12238
13231
  #
13232
+ # @!attribute [rw] finding_provider_fields_confidence
13233
+ # The finding provider value for the finding confidence. Confidence is
13234
+ # defined as the likelihood that a finding accurately identifies the
13235
+ # behavior or issue that it was intended to identify.
13236
+ #
13237
+ # Confidence is scored on a 0-100 basis using a ratio scale, where 0
13238
+ # means zero percent confidence and 100 means 100 percent confidence.
13239
+ # @return [Array<Types::NumberFilter>]
13240
+ #
13241
+ # @!attribute [rw] finding_provider_fields_criticality
13242
+ # The finding provider value for the level of importance assigned to
13243
+ # the resources associated with the findings.
13244
+ #
13245
+ # A score of 0 means that the underlying resources have no
13246
+ # criticality, and a score of 100 is reserved for the most critical
13247
+ # resources.
13248
+ # @return [Array<Types::NumberFilter>]
13249
+ #
13250
+ # @!attribute [rw] finding_provider_fields_related_findings_id
13251
+ # The finding identifier of a related finding that is identified by
13252
+ # the finding provider.
13253
+ # @return [Array<Types::StringFilter>]
13254
+ #
13255
+ # @!attribute [rw] finding_provider_fields_related_findings_product_arn
13256
+ # The ARN of the solution that generated a related finding that is
13257
+ # identified by the finding provider.
13258
+ # @return [Array<Types::StringFilter>]
13259
+ #
13260
+ # @!attribute [rw] finding_provider_fields_severity_label
13261
+ # The finding provider value for the severity label.
13262
+ # @return [Array<Types::StringFilter>]
13263
+ #
13264
+ # @!attribute [rw] finding_provider_fields_severity_original
13265
+ # The finding provider's original value for the severity.
13266
+ # @return [Array<Types::StringFilter>]
13267
+ #
13268
+ # @!attribute [rw] finding_provider_fields_types
13269
+ # One or more finding types that the finding provider assigned to the
13270
+ # finding. Uses the format of `namespace/category/classifier` that
13271
+ # classify a finding.
13272
+ #
13273
+ # Valid namespace values are: Software and Configuration Checks \|
13274
+ # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
13275
+ # Identifications
13276
+ # @return [Array<Types::StringFilter>]
13277
+ #
12239
13278
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
12240
13279
  #
12241
13280
  class AwsSecurityFindingFilters < Struct.new(
@@ -12322,7 +13361,14 @@ module Aws::SecurityHub
12322
13361
  :note_text,
12323
13362
  :note_updated_at,
12324
13363
  :note_updated_by,
12325
- :keyword)
13364
+ :keyword,
13365
+ :finding_provider_fields_confidence,
13366
+ :finding_provider_fields_criticality,
13367
+ :finding_provider_fields_related_findings_id,
13368
+ :finding_provider_fields_related_findings_product_arn,
13369
+ :finding_provider_fields_severity_label,
13370
+ :finding_provider_fields_severity_original,
13371
+ :finding_provider_fields_types)
12326
13372
  SENSITIVE = []
12327
13373
  include Aws::Structure
12328
13374
  end
@@ -12475,6 +13521,236 @@ module Aws::SecurityHub
12475
13521
  include Aws::Structure
12476
13522
  end
12477
13523
 
13524
+ # Provides the details about the compliance status for a patch.
13525
+ #
13526
+ # @note When making an API call, you may pass AwsSsmComplianceSummary
13527
+ # data as a hash:
13528
+ #
13529
+ # {
13530
+ # status: "NonEmptyString",
13531
+ # compliant_critical_count: 1,
13532
+ # compliant_high_count: 1,
13533
+ # compliant_medium_count: 1,
13534
+ # execution_type: "NonEmptyString",
13535
+ # non_compliant_critical_count: 1,
13536
+ # compliant_informational_count: 1,
13537
+ # non_compliant_informational_count: 1,
13538
+ # compliant_unspecified_count: 1,
13539
+ # non_compliant_low_count: 1,
13540
+ # non_compliant_high_count: 1,
13541
+ # compliant_low_count: 1,
13542
+ # compliance_type: "NonEmptyString",
13543
+ # patch_baseline_id: "NonEmptyString",
13544
+ # overall_severity: "NonEmptyString",
13545
+ # non_compliant_medium_count: 1,
13546
+ # non_compliant_unspecified_count: 1,
13547
+ # patch_group: "NonEmptyString",
13548
+ # }
13549
+ #
13550
+ # @!attribute [rw] status
13551
+ # The current patch compliance status.
13552
+ #
13553
+ # The possible status values are:
13554
+ #
13555
+ # * `COMPLIANT`
13556
+ #
13557
+ # * `NON_COMPLIANT`
13558
+ #
13559
+ # * `UNSPECIFIED_DATA`
13560
+ # @return [String]
13561
+ #
13562
+ # @!attribute [rw] compliant_critical_count
13563
+ # For the patches that are compliant, the number that have a severity
13564
+ # of `CRITICAL`.
13565
+ # @return [Integer]
13566
+ #
13567
+ # @!attribute [rw] compliant_high_count
13568
+ # For the patches that are compliant, the number that have a severity
13569
+ # of `HIGH`.
13570
+ # @return [Integer]
13571
+ #
13572
+ # @!attribute [rw] compliant_medium_count
13573
+ # For the patches that are compliant, the number that have a severity
13574
+ # of `MEDIUM`.
13575
+ # @return [Integer]
13576
+ #
13577
+ # @!attribute [rw] execution_type
13578
+ # The type of execution that was used determine compliance.
13579
+ # @return [String]
13580
+ #
13581
+ # @!attribute [rw] non_compliant_critical_count
13582
+ # For the patch items that are noncompliant, the number of items that
13583
+ # have a severity of `CRITICAL`.
13584
+ # @return [Integer]
13585
+ #
13586
+ # @!attribute [rw] compliant_informational_count
13587
+ # For the patches that are compliant, the number that have a severity
13588
+ # of `INFORMATIONAL`.
13589
+ # @return [Integer]
13590
+ #
13591
+ # @!attribute [rw] non_compliant_informational_count
13592
+ # For the patches that are noncompliant, the number that have a
13593
+ # severity of `INFORMATIONAL`.
13594
+ # @return [Integer]
13595
+ #
13596
+ # @!attribute [rw] compliant_unspecified_count
13597
+ # For the patches that are compliant, the number that have a severity
13598
+ # of `UNSPECIFIED`.
13599
+ # @return [Integer]
13600
+ #
13601
+ # @!attribute [rw] non_compliant_low_count
13602
+ # For the patches that are noncompliant, the number that have a
13603
+ # severity of `LOW`.
13604
+ # @return [Integer]
13605
+ #
13606
+ # @!attribute [rw] non_compliant_high_count
13607
+ # For the patches that are noncompliant, the number that have a
13608
+ # severity of `HIGH`.
13609
+ # @return [Integer]
13610
+ #
13611
+ # @!attribute [rw] compliant_low_count
13612
+ # For the patches that are compliant, the number that have a severity
13613
+ # of `LOW`.
13614
+ # @return [Integer]
13615
+ #
13616
+ # @!attribute [rw] compliance_type
13617
+ # The type of resource for which the compliance was determined. For
13618
+ # `AwsSsmPatchCompliance`, `ComplianceType` is `Patch`.
13619
+ # @return [String]
13620
+ #
13621
+ # @!attribute [rw] patch_baseline_id
13622
+ # The identifier of the patch baseline. The patch baseline lists the
13623
+ # patches that are approved for installation.
13624
+ # @return [String]
13625
+ #
13626
+ # @!attribute [rw] overall_severity
13627
+ # The highest severity for the patches.
13628
+ # @return [String]
13629
+ #
13630
+ # @!attribute [rw] non_compliant_medium_count
13631
+ # For the patches that are noncompliant, the number that have a
13632
+ # severity of `MEDIUM`.
13633
+ # @return [Integer]
13634
+ #
13635
+ # @!attribute [rw] non_compliant_unspecified_count
13636
+ # For the patches that are noncompliant, the number that have a
13637
+ # severity of `UNSPECIFIED`.
13638
+ # @return [Integer]
13639
+ #
13640
+ # @!attribute [rw] patch_group
13641
+ # The identifier of the patch group for which compliance was
13642
+ # determined. A patch group uses tags to group EC2 instances that
13643
+ # should have the same patch compliance.
13644
+ # @return [String]
13645
+ #
13646
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmComplianceSummary AWS API Documentation
13647
+ #
13648
+ class AwsSsmComplianceSummary < Struct.new(
13649
+ :status,
13650
+ :compliant_critical_count,
13651
+ :compliant_high_count,
13652
+ :compliant_medium_count,
13653
+ :execution_type,
13654
+ :non_compliant_critical_count,
13655
+ :compliant_informational_count,
13656
+ :non_compliant_informational_count,
13657
+ :compliant_unspecified_count,
13658
+ :non_compliant_low_count,
13659
+ :non_compliant_high_count,
13660
+ :compliant_low_count,
13661
+ :compliance_type,
13662
+ :patch_baseline_id,
13663
+ :overall_severity,
13664
+ :non_compliant_medium_count,
13665
+ :non_compliant_unspecified_count,
13666
+ :patch_group)
13667
+ SENSITIVE = []
13668
+ include Aws::Structure
13669
+ end
13670
+
13671
+ # Provides details about the compliance for a patch.
13672
+ #
13673
+ # @note When making an API call, you may pass AwsSsmPatch
13674
+ # data as a hash:
13675
+ #
13676
+ # {
13677
+ # compliance_summary: {
13678
+ # status: "NonEmptyString",
13679
+ # compliant_critical_count: 1,
13680
+ # compliant_high_count: 1,
13681
+ # compliant_medium_count: 1,
13682
+ # execution_type: "NonEmptyString",
13683
+ # non_compliant_critical_count: 1,
13684
+ # compliant_informational_count: 1,
13685
+ # non_compliant_informational_count: 1,
13686
+ # compliant_unspecified_count: 1,
13687
+ # non_compliant_low_count: 1,
13688
+ # non_compliant_high_count: 1,
13689
+ # compliant_low_count: 1,
13690
+ # compliance_type: "NonEmptyString",
13691
+ # patch_baseline_id: "NonEmptyString",
13692
+ # overall_severity: "NonEmptyString",
13693
+ # non_compliant_medium_count: 1,
13694
+ # non_compliant_unspecified_count: 1,
13695
+ # patch_group: "NonEmptyString",
13696
+ # },
13697
+ # }
13698
+ #
13699
+ # @!attribute [rw] compliance_summary
13700
+ # The compliance status details for the patch.
13701
+ # @return [Types::AwsSsmComplianceSummary]
13702
+ #
13703
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatch AWS API Documentation
13704
+ #
13705
+ class AwsSsmPatch < Struct.new(
13706
+ :compliance_summary)
13707
+ SENSITIVE = []
13708
+ include Aws::Structure
13709
+ end
13710
+
13711
+ # Provides information about the state of a patch on an instance based
13712
+ # on the patch baseline that was used to patch the instance.
13713
+ #
13714
+ # @note When making an API call, you may pass AwsSsmPatchComplianceDetails
13715
+ # data as a hash:
13716
+ #
13717
+ # {
13718
+ # patch: {
13719
+ # compliance_summary: {
13720
+ # status: "NonEmptyString",
13721
+ # compliant_critical_count: 1,
13722
+ # compliant_high_count: 1,
13723
+ # compliant_medium_count: 1,
13724
+ # execution_type: "NonEmptyString",
13725
+ # non_compliant_critical_count: 1,
13726
+ # compliant_informational_count: 1,
13727
+ # non_compliant_informational_count: 1,
13728
+ # compliant_unspecified_count: 1,
13729
+ # non_compliant_low_count: 1,
13730
+ # non_compliant_high_count: 1,
13731
+ # compliant_low_count: 1,
13732
+ # compliance_type: "NonEmptyString",
13733
+ # patch_baseline_id: "NonEmptyString",
13734
+ # overall_severity: "NonEmptyString",
13735
+ # non_compliant_medium_count: 1,
13736
+ # non_compliant_unspecified_count: 1,
13737
+ # patch_group: "NonEmptyString",
13738
+ # },
13739
+ # },
13740
+ # }
13741
+ #
13742
+ # @!attribute [rw] patch
13743
+ # Information about the status of a patch.
13744
+ # @return [Types::AwsSsmPatch]
13745
+ #
13746
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatchComplianceDetails AWS API Documentation
13747
+ #
13748
+ class AwsSsmPatchComplianceDetails < Struct.new(
13749
+ :patch)
13750
+ SENSITIVE = []
13751
+ include Aws::Structure
13752
+ end
13753
+
12478
13754
  # Details about a WAF WebACL.
12479
13755
  #
12480
13756
  # @note When making an API call, you may pass AwsWafWebAclDetails
@@ -12698,12 +13974,12 @@ module Aws::SecurityHub
12698
13974
  # product_arn: "NonEmptyString", # required
12699
13975
  # generator_id: "NonEmptyString", # required
12700
13976
  # aws_account_id: "NonEmptyString", # required
12701
- # types: ["NonEmptyString"], # required
13977
+ # types: ["NonEmptyString"],
12702
13978
  # first_observed_at: "NonEmptyString",
12703
13979
  # last_observed_at: "NonEmptyString",
12704
13980
  # created_at: "NonEmptyString", # required
12705
13981
  # updated_at: "NonEmptyString", # required
12706
- # severity: { # required
13982
+ # severity: {
12707
13983
  # product: 1.0,
12708
13984
  # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
12709
13985
  # normalized: 1,
@@ -12827,9 +14103,133 @@ module Aws::SecurityHub
12827
14103
  # tags: {
12828
14104
  # "NonEmptyString" => "NonEmptyString",
12829
14105
  # },
12830
- # details: {
12831
- # aws_auto_scaling_auto_scaling_group: {
12832
- # launch_configuration_name: "NonEmptyString",
14106
+ # data_classification: {
14107
+ # detailed_results_location: "NonEmptyString",
14108
+ # result: {
14109
+ # mime_type: "NonEmptyString",
14110
+ # size_classified: 1,
14111
+ # additional_occurrences: false,
14112
+ # status: {
14113
+ # code: "NonEmptyString",
14114
+ # reason: "NonEmptyString",
14115
+ # },
14116
+ # sensitive_data: [
14117
+ # {
14118
+ # category: "NonEmptyString",
14119
+ # detections: [
14120
+ # {
14121
+ # count: 1,
14122
+ # type: "NonEmptyString",
14123
+ # occurrences: {
14124
+ # line_ranges: [
14125
+ # {
14126
+ # start: 1,
14127
+ # end: 1,
14128
+ # start_column: 1,
14129
+ # },
14130
+ # ],
14131
+ # offset_ranges: [
14132
+ # {
14133
+ # start: 1,
14134
+ # end: 1,
14135
+ # start_column: 1,
14136
+ # },
14137
+ # ],
14138
+ # pages: [
14139
+ # {
14140
+ # page_number: 1,
14141
+ # line_range: {
14142
+ # start: 1,
14143
+ # end: 1,
14144
+ # start_column: 1,
14145
+ # },
14146
+ # offset_range: {
14147
+ # start: 1,
14148
+ # end: 1,
14149
+ # start_column: 1,
14150
+ # },
14151
+ # },
14152
+ # ],
14153
+ # records: [
14154
+ # {
14155
+ # json_path: "NonEmptyString",
14156
+ # record_index: 1,
14157
+ # },
14158
+ # ],
14159
+ # cells: [
14160
+ # {
14161
+ # column: 1,
14162
+ # row: 1,
14163
+ # column_name: "NonEmptyString",
14164
+ # cell_reference: "NonEmptyString",
14165
+ # },
14166
+ # ],
14167
+ # },
14168
+ # },
14169
+ # ],
14170
+ # total_count: 1,
14171
+ # },
14172
+ # ],
14173
+ # custom_data_identifiers: {
14174
+ # detections: [
14175
+ # {
14176
+ # count: 1,
14177
+ # arn: "NonEmptyString",
14178
+ # name: "NonEmptyString",
14179
+ # occurrences: {
14180
+ # line_ranges: [
14181
+ # {
14182
+ # start: 1,
14183
+ # end: 1,
14184
+ # start_column: 1,
14185
+ # },
14186
+ # ],
14187
+ # offset_ranges: [
14188
+ # {
14189
+ # start: 1,
14190
+ # end: 1,
14191
+ # start_column: 1,
14192
+ # },
14193
+ # ],
14194
+ # pages: [
14195
+ # {
14196
+ # page_number: 1,
14197
+ # line_range: {
14198
+ # start: 1,
14199
+ # end: 1,
14200
+ # start_column: 1,
14201
+ # },
14202
+ # offset_range: {
14203
+ # start: 1,
14204
+ # end: 1,
14205
+ # start_column: 1,
14206
+ # },
14207
+ # },
14208
+ # ],
14209
+ # records: [
14210
+ # {
14211
+ # json_path: "NonEmptyString",
14212
+ # record_index: 1,
14213
+ # },
14214
+ # ],
14215
+ # cells: [
14216
+ # {
14217
+ # column: 1,
14218
+ # row: 1,
14219
+ # column_name: "NonEmptyString",
14220
+ # cell_reference: "NonEmptyString",
14221
+ # },
14222
+ # ],
14223
+ # },
14224
+ # },
14225
+ # ],
14226
+ # total_count: 1,
14227
+ # },
14228
+ # },
14229
+ # },
14230
+ # details: {
14231
+ # aws_auto_scaling_auto_scaling_group: {
14232
+ # launch_configuration_name: "NonEmptyString",
12833
14233
  # load_balancer_names: ["NonEmptyString"],
12834
14234
  # health_check_type: "NonEmptyString",
12835
14235
  # health_check_grace_period: 1,
@@ -12937,6 +14337,19 @@ module Aws::SecurityHub
12937
14337
  # },
12938
14338
  # ],
12939
14339
  # source_dest_check: false,
14340
+ # ip_v6_addresses: [
14341
+ # {
14342
+ # ip_v6_address: "NonEmptyString",
14343
+ # },
14344
+ # ],
14345
+ # private_ip_addresses: [
14346
+ # {
14347
+ # private_ip_address: "NonEmptyString",
14348
+ # private_dns_name: "NonEmptyString",
14349
+ # },
14350
+ # ],
14351
+ # public_dns_name: "NonEmptyString",
14352
+ # public_ip: "NonEmptyString",
12940
14353
  # },
12941
14354
  # aws_ec2_security_group: {
12942
14355
  # group_name: "NonEmptyString",
@@ -13115,6 +14528,18 @@ module Aws::SecurityHub
13115
14528
  # },
13116
14529
  # ],
13117
14530
  # },
14531
+ # public_access_block_configuration: {
14532
+ # block_public_acls: false,
14533
+ # block_public_policy: false,
14534
+ # ignore_public_acls: false,
14535
+ # restrict_public_buckets: false,
14536
+ # },
14537
+ # },
14538
+ # aws_s3_account_public_access_block: {
14539
+ # block_public_acls: false,
14540
+ # block_public_policy: false,
14541
+ # ignore_public_acls: false,
14542
+ # restrict_public_buckets: false,
13118
14543
  # },
13119
14544
  # aws_s3_object: {
13120
14545
  # last_modified: "NonEmptyString",
@@ -13437,6 +14862,30 @@ module Aws::SecurityHub
13437
14862
  # sns_topic_name: "NonEmptyString",
13438
14863
  # trail_arn: "NonEmptyString",
13439
14864
  # },
14865
+ # aws_ssm_patch_compliance: {
14866
+ # patch: {
14867
+ # compliance_summary: {
14868
+ # status: "NonEmptyString",
14869
+ # compliant_critical_count: 1,
14870
+ # compliant_high_count: 1,
14871
+ # compliant_medium_count: 1,
14872
+ # execution_type: "NonEmptyString",
14873
+ # non_compliant_critical_count: 1,
14874
+ # compliant_informational_count: 1,
14875
+ # non_compliant_informational_count: 1,
14876
+ # compliant_unspecified_count: 1,
14877
+ # non_compliant_low_count: 1,
14878
+ # non_compliant_high_count: 1,
14879
+ # compliant_low_count: 1,
14880
+ # compliance_type: "NonEmptyString",
14881
+ # patch_baseline_id: "NonEmptyString",
14882
+ # overall_severity: "NonEmptyString",
14883
+ # non_compliant_medium_count: 1,
14884
+ # non_compliant_unspecified_count: 1,
14885
+ # patch_group: "NonEmptyString",
14886
+ # },
14887
+ # },
14888
+ # },
13440
14889
  # aws_certificate_manager_certificate: {
13441
14890
  # certificate_authority_arn: "NonEmptyString",
13442
14891
  # created_at: "NonEmptyString",
@@ -14213,6 +15662,129 @@ module Aws::SecurityHub
14213
15662
  # reboot_option: "NonEmptyString",
14214
15663
  # operation: "NonEmptyString",
14215
15664
  # },
15665
+ # action: {
15666
+ # action_type: "NonEmptyString",
15667
+ # network_connection_action: {
15668
+ # connection_direction: "NonEmptyString",
15669
+ # remote_ip_details: {
15670
+ # ip_address_v4: "NonEmptyString",
15671
+ # organization: {
15672
+ # asn: 1,
15673
+ # asn_org: "NonEmptyString",
15674
+ # isp: "NonEmptyString",
15675
+ # org: "NonEmptyString",
15676
+ # },
15677
+ # country: {
15678
+ # country_code: "NonEmptyString",
15679
+ # country_name: "NonEmptyString",
15680
+ # },
15681
+ # city: {
15682
+ # city_name: "NonEmptyString",
15683
+ # },
15684
+ # geo_location: {
15685
+ # lon: 1.0,
15686
+ # lat: 1.0,
15687
+ # },
15688
+ # },
15689
+ # remote_port_details: {
15690
+ # port: 1,
15691
+ # port_name: "NonEmptyString",
15692
+ # },
15693
+ # local_port_details: {
15694
+ # port: 1,
15695
+ # port_name: "NonEmptyString",
15696
+ # },
15697
+ # protocol: "NonEmptyString",
15698
+ # blocked: false,
15699
+ # },
15700
+ # aws_api_call_action: {
15701
+ # api: "NonEmptyString",
15702
+ # service_name: "NonEmptyString",
15703
+ # caller_type: "NonEmptyString",
15704
+ # remote_ip_details: {
15705
+ # ip_address_v4: "NonEmptyString",
15706
+ # organization: {
15707
+ # asn: 1,
15708
+ # asn_org: "NonEmptyString",
15709
+ # isp: "NonEmptyString",
15710
+ # org: "NonEmptyString",
15711
+ # },
15712
+ # country: {
15713
+ # country_code: "NonEmptyString",
15714
+ # country_name: "NonEmptyString",
15715
+ # },
15716
+ # city: {
15717
+ # city_name: "NonEmptyString",
15718
+ # },
15719
+ # geo_location: {
15720
+ # lon: 1.0,
15721
+ # lat: 1.0,
15722
+ # },
15723
+ # },
15724
+ # domain_details: {
15725
+ # domain: "NonEmptyString",
15726
+ # },
15727
+ # affected_resources: {
15728
+ # "NonEmptyString" => "NonEmptyString",
15729
+ # },
15730
+ # first_seen: "NonEmptyString",
15731
+ # last_seen: "NonEmptyString",
15732
+ # },
15733
+ # dns_request_action: {
15734
+ # domain: "NonEmptyString",
15735
+ # protocol: "NonEmptyString",
15736
+ # blocked: false,
15737
+ # },
15738
+ # port_probe_action: {
15739
+ # port_probe_details: [
15740
+ # {
15741
+ # local_port_details: {
15742
+ # port: 1,
15743
+ # port_name: "NonEmptyString",
15744
+ # },
15745
+ # local_ip_details: {
15746
+ # ip_address_v4: "NonEmptyString",
15747
+ # },
15748
+ # remote_ip_details: {
15749
+ # ip_address_v4: "NonEmptyString",
15750
+ # organization: {
15751
+ # asn: 1,
15752
+ # asn_org: "NonEmptyString",
15753
+ # isp: "NonEmptyString",
15754
+ # org: "NonEmptyString",
15755
+ # },
15756
+ # country: {
15757
+ # country_code: "NonEmptyString",
15758
+ # country_name: "NonEmptyString",
15759
+ # },
15760
+ # city: {
15761
+ # city_name: "NonEmptyString",
15762
+ # },
15763
+ # geo_location: {
15764
+ # lon: 1.0,
15765
+ # lat: 1.0,
15766
+ # },
15767
+ # },
15768
+ # },
15769
+ # ],
15770
+ # blocked: false,
15771
+ # },
15772
+ # },
15773
+ # finding_provider_fields: {
15774
+ # confidence: 1,
15775
+ # criticality: 1,
15776
+ # related_findings: [
15777
+ # {
15778
+ # product_arn: "NonEmptyString", # required
15779
+ # id: "NonEmptyString", # required
15780
+ # },
15781
+ # ],
15782
+ # severity: {
15783
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
15784
+ # original: "NonEmptyString",
15785
+ # },
15786
+ # types: ["NonEmptyString"],
15787
+ # },
14216
15788
  # },
14217
15789
  # ],
14218
15790
  # }
@@ -14436,6 +16008,52 @@ module Aws::SecurityHub
14436
16008
  include Aws::Structure
14437
16009
  end
14438
16010
 
16011
+ # An occurrence of sensitive data detected in a Microsoft Excel
16012
+ # workbook, comma-separated value (CSV) file, or tab-separated value
16013
+ # (TSV) file.
16014
+ #
16015
+ # @note When making an API call, you may pass Cell
16016
+ # data as a hash:
16017
+ #
16018
+ # {
16019
+ # column: 1,
16020
+ # row: 1,
16021
+ # column_name: "NonEmptyString",
16022
+ # cell_reference: "NonEmptyString",
16023
+ # }
16024
+ #
16025
+ # @!attribute [rw] column
16026
+ # The column number of the column that contains the data. For a
16027
+ # Microsoft Excel workbook, the column number corresponds to the
16028
+ # alphabetical column identifiers. For example, a value of 1 for
16029
+ # Column corresponds to the A column in the workbook.
16030
+ # @return [Integer]
16031
+ #
16032
+ # @!attribute [rw] row
16033
+ # The row number of the row that contains the data.
16034
+ # @return [Integer]
16035
+ #
16036
+ # @!attribute [rw] column_name
16037
+ # The name of the column that contains the data.
16038
+ # @return [String]
16039
+ #
16040
+ # @!attribute [rw] cell_reference
16041
+ # For a Microsoft Excel workbook, provides the location of the cell,
16042
+ # as an absolute cell reference, that contains the data. For example,
16043
+ # Sheet2!C5 for cell C5 on Sheet2.
16044
+ # @return [String]
16045
+ #
16046
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Cell AWS API Documentation
16047
+ #
16048
+ class Cell < Struct.new(
16049
+ :column,
16050
+ :row,
16051
+ :column_name,
16052
+ :cell_reference)
16053
+ SENSITIVE = []
16054
+ include Aws::Structure
16055
+ end
16056
+
14439
16057
  # An IPv4 CIDR block association.
14440
16058
  #
14441
16059
  # @note When making an API call, you may pass CidrBlockAssociation
@@ -14469,6 +16087,224 @@ module Aws::SecurityHub
14469
16087
  include Aws::Structure
14470
16088
  end
14471
16089
 
16090
+ # Information about a city.
16091
+ #
16092
+ # @note When making an API call, you may pass City
16093
+ # data as a hash:
16094
+ #
16095
+ # {
16096
+ # city_name: "NonEmptyString",
16097
+ # }
16098
+ #
16099
+ # @!attribute [rw] city_name
16100
+ # The name of the city.
16101
+ # @return [String]
16102
+ #
16103
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/City AWS API Documentation
16104
+ #
16105
+ class City < Struct.new(
16106
+ :city_name)
16107
+ SENSITIVE = []
16108
+ include Aws::Structure
16109
+ end
16110
+
16111
+ # Details about the sensitive data that was detected on the resource.
16112
+ #
16113
+ # @note When making an API call, you may pass ClassificationResult
16114
+ # data as a hash:
16115
+ #
16116
+ # {
16117
+ # mime_type: "NonEmptyString",
16118
+ # size_classified: 1,
16119
+ # additional_occurrences: false,
16120
+ # status: {
16121
+ # code: "NonEmptyString",
16122
+ # reason: "NonEmptyString",
16123
+ # },
16124
+ # sensitive_data: [
16125
+ # {
16126
+ # category: "NonEmptyString",
16127
+ # detections: [
16128
+ # {
16129
+ # count: 1,
16130
+ # type: "NonEmptyString",
16131
+ # occurrences: {
16132
+ # line_ranges: [
16133
+ # {
16134
+ # start: 1,
16135
+ # end: 1,
16136
+ # start_column: 1,
16137
+ # },
16138
+ # ],
16139
+ # offset_ranges: [
16140
+ # {
16141
+ # start: 1,
16142
+ # end: 1,
16143
+ # start_column: 1,
16144
+ # },
16145
+ # ],
16146
+ # pages: [
16147
+ # {
16148
+ # page_number: 1,
16149
+ # line_range: {
16150
+ # start: 1,
16151
+ # end: 1,
16152
+ # start_column: 1,
16153
+ # },
16154
+ # offset_range: {
16155
+ # start: 1,
16156
+ # end: 1,
16157
+ # start_column: 1,
16158
+ # },
16159
+ # },
16160
+ # ],
16161
+ # records: [
16162
+ # {
16163
+ # json_path: "NonEmptyString",
16164
+ # record_index: 1,
16165
+ # },
16166
+ # ],
16167
+ # cells: [
16168
+ # {
16169
+ # column: 1,
16170
+ # row: 1,
16171
+ # column_name: "NonEmptyString",
16172
+ # cell_reference: "NonEmptyString",
16173
+ # },
16174
+ # ],
16175
+ # },
16176
+ # },
16177
+ # ],
16178
+ # total_count: 1,
16179
+ # },
16180
+ # ],
16181
+ # custom_data_identifiers: {
16182
+ # detections: [
16183
+ # {
16184
+ # count: 1,
16185
+ # arn: "NonEmptyString",
16186
+ # name: "NonEmptyString",
16187
+ # occurrences: {
16188
+ # line_ranges: [
16189
+ # {
16190
+ # start: 1,
16191
+ # end: 1,
16192
+ # start_column: 1,
16193
+ # },
16194
+ # ],
16195
+ # offset_ranges: [
16196
+ # {
16197
+ # start: 1,
16198
+ # end: 1,
16199
+ # start_column: 1,
16200
+ # },
16201
+ # ],
16202
+ # pages: [
16203
+ # {
16204
+ # page_number: 1,
16205
+ # line_range: {
16206
+ # start: 1,
16207
+ # end: 1,
16208
+ # start_column: 1,
16209
+ # },
16210
+ # offset_range: {
16211
+ # start: 1,
16212
+ # end: 1,
16213
+ # start_column: 1,
16214
+ # },
16215
+ # },
16216
+ # ],
16217
+ # records: [
16218
+ # {
16219
+ # json_path: "NonEmptyString",
16220
+ # record_index: 1,
16221
+ # },
16222
+ # ],
16223
+ # cells: [
16224
+ # {
16225
+ # column: 1,
16226
+ # row: 1,
16227
+ # column_name: "NonEmptyString",
16228
+ # cell_reference: "NonEmptyString",
16229
+ # },
16230
+ # ],
16231
+ # },
16232
+ # },
16233
+ # ],
16234
+ # total_count: 1,
16235
+ # },
16236
+ # }
16237
+ #
16238
+ # @!attribute [rw] mime_type
16239
+ # The type of content that the finding applies to.
16240
+ # @return [String]
16241
+ #
16242
+ # @!attribute [rw] size_classified
16243
+ # The total size in bytes of the affected data.
16244
+ # @return [Integer]
16245
+ #
16246
+ # @!attribute [rw] additional_occurrences
16247
+ # Indicates whether there are additional occurrences of sensitive data
16248
+ # that are not included in the finding. This occurs when the number of
16249
+ # occurrences exceeds the maximum that can be included.
16250
+ # @return [Boolean]
16251
+ #
16252
+ # @!attribute [rw] status
16253
+ # The current status of the sensitive data detection.
16254
+ # @return [Types::ClassificationStatus]
16255
+ #
16256
+ # @!attribute [rw] sensitive_data
16257
+ # Provides details about sensitive data that was identified based on
16258
+ # built-in configuration.
16259
+ # @return [Array<Types::SensitiveDataResult>]
16260
+ #
16261
+ # @!attribute [rw] custom_data_identifiers
16262
+ # Provides details about sensitive data that was identified based on
16263
+ # customer-defined configuration.
16264
+ # @return [Types::CustomDataIdentifiersResult]
16265
+ #
16266
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationResult AWS API Documentation
16267
+ #
16268
+ class ClassificationResult < Struct.new(
16269
+ :mime_type,
16270
+ :size_classified,
16271
+ :additional_occurrences,
16272
+ :status,
16273
+ :sensitive_data,
16274
+ :custom_data_identifiers)
16275
+ SENSITIVE = []
16276
+ include Aws::Structure
16277
+ end
16278
+
16279
+ # Provides details about the current status of the sensitive data
16280
+ # detection.
16281
+ #
16282
+ # @note When making an API call, you may pass ClassificationStatus
16283
+ # data as a hash:
16284
+ #
16285
+ # {
16286
+ # code: "NonEmptyString",
16287
+ # reason: "NonEmptyString",
16288
+ # }
16289
+ #
16290
+ # @!attribute [rw] code
16291
+ # The code that represents the status of the sensitive data detection.
16292
+ # @return [String]
16293
+ #
16294
+ # @!attribute [rw] reason
16295
+ # A longer description of the current status of the sensitive data
16296
+ # detection.
16297
+ # @return [String]
16298
+ #
16299
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationStatus AWS API Documentation
16300
+ #
16301
+ class ClassificationStatus < Struct.new(
16302
+ :code,
16303
+ :reason)
16304
+ SENSITIVE = []
16305
+ include Aws::Structure
16306
+ end
16307
+
14472
16308
  # Contains finding details that are specific to control-based findings.
14473
16309
  # Only returned for findings generated from controls.
14474
16310
  #
@@ -14580,6 +16416,33 @@ module Aws::SecurityHub
14580
16416
  include Aws::Structure
14581
16417
  end
14582
16418
 
16419
+ # Information about a country.
16420
+ #
16421
+ # @note When making an API call, you may pass Country
16422
+ # data as a hash:
16423
+ #
16424
+ # {
16425
+ # country_code: "NonEmptyString",
16426
+ # country_name: "NonEmptyString",
16427
+ # }
16428
+ #
16429
+ # @!attribute [rw] country_code
16430
+ # The 2-letter ISO 3166 country code for the country.
16431
+ # @return [String]
16432
+ #
16433
+ # @!attribute [rw] country_name
16434
+ # The name of the country.
16435
+ # @return [String]
16436
+ #
16437
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Country AWS API Documentation
16438
+ #
16439
+ class Country < Struct.new(
16440
+ :country_code,
16441
+ :country_name)
16442
+ SENSITIVE = []
16443
+ include Aws::Structure
16444
+ end
16445
+
14583
16446
  # @note When making an API call, you may pass CreateActionTargetRequest
14584
16447
  # data as a hash:
14585
16448
  #
@@ -15182,37 +17045,81 @@ module Aws::SecurityHub
15182
17045
  # value: "NonEmptyString",
15183
17046
  # },
15184
17047
  # ],
15185
- # },
15186
- # group_by_attribute: "NonEmptyString", # required
15187
- # }
15188
- #
15189
- # @!attribute [rw] name
15190
- # The name of the custom insight to create.
15191
- # @return [String]
15192
- #
15193
- # @!attribute [rw] filters
15194
- # One or more attributes used to filter the findings included in the
15195
- # insight. The insight only includes findings that match the criteria
15196
- # defined in the filters.
15197
- # @return [Types::AwsSecurityFindingFilters]
15198
- #
15199
- # @!attribute [rw] group_by_attribute
15200
- # The attribute used to group the findings for the insight. The
15201
- # grouping attribute identifies the type of item that the insight
15202
- # applies to. For example, if an insight is grouped by resource
15203
- # identifier, then the insight produces a list of resource
15204
- # identifiers.
15205
- # @return [String]
15206
- #
15207
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation
15208
- #
15209
- class CreateInsightRequest < Struct.new(
15210
- :name,
15211
- :filters,
15212
- :group_by_attribute)
15213
- SENSITIVE = []
15214
- include Aws::Structure
15215
- end
17048
+ # finding_provider_fields_confidence: [
17049
+ # {
17050
+ # gte: 1.0,
17051
+ # lte: 1.0,
17052
+ # eq: 1.0,
17053
+ # },
17054
+ # ],
17055
+ # finding_provider_fields_criticality: [
17056
+ # {
17057
+ # gte: 1.0,
17058
+ # lte: 1.0,
17059
+ # eq: 1.0,
17060
+ # },
17061
+ # ],
17062
+ # finding_provider_fields_related_findings_id: [
17063
+ # {
17064
+ # value: "NonEmptyString",
17065
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17066
+ # },
17067
+ # ],
17068
+ # finding_provider_fields_related_findings_product_arn: [
17069
+ # {
17070
+ # value: "NonEmptyString",
17071
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17072
+ # },
17073
+ # ],
17074
+ # finding_provider_fields_severity_label: [
17075
+ # {
17076
+ # value: "NonEmptyString",
17077
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17078
+ # },
17079
+ # ],
17080
+ # finding_provider_fields_severity_original: [
17081
+ # {
17082
+ # value: "NonEmptyString",
17083
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17084
+ # },
17085
+ # ],
17086
+ # finding_provider_fields_types: [
17087
+ # {
17088
+ # value: "NonEmptyString",
17089
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17090
+ # },
17091
+ # ],
17092
+ # },
17093
+ # group_by_attribute: "NonEmptyString", # required
17094
+ # }
17095
+ #
17096
+ # @!attribute [rw] name
17097
+ # The name of the custom insight to create.
17098
+ # @return [String]
17099
+ #
17100
+ # @!attribute [rw] filters
17101
+ # One or more attributes used to filter the findings included in the
17102
+ # insight. The insight only includes findings that match the criteria
17103
+ # defined in the filters.
17104
+ # @return [Types::AwsSecurityFindingFilters]
17105
+ #
17106
+ # @!attribute [rw] group_by_attribute
17107
+ # The attribute used to group the findings for the insight. The
17108
+ # grouping attribute identifies the type of item that the insight
17109
+ # applies to. For example, if an insight is grouped by resource
17110
+ # identifier, then the insight produces a list of resource
17111
+ # identifiers.
17112
+ # @return [String]
17113
+ #
17114
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation
17115
+ #
17116
+ class CreateInsightRequest < Struct.new(
17117
+ :name,
17118
+ :filters,
17119
+ :group_by_attribute)
17120
+ SENSITIVE = []
17121
+ include Aws::Structure
17122
+ end
15216
17123
 
15217
17124
  # @!attribute [rw] insight_arn
15218
17125
  # The ARN of the insight created.
@@ -15265,6 +17172,170 @@ module Aws::SecurityHub
15265
17172
  include Aws::Structure
15266
17173
  end
15267
17174
 
17175
+ # The list of detected instances of sensitive data.
17176
+ #
17177
+ # @note When making an API call, you may pass CustomDataIdentifiersDetections
17178
+ # data as a hash:
17179
+ #
17180
+ # {
17181
+ # count: 1,
17182
+ # arn: "NonEmptyString",
17183
+ # name: "NonEmptyString",
17184
+ # occurrences: {
17185
+ # line_ranges: [
17186
+ # {
17187
+ # start: 1,
17188
+ # end: 1,
17189
+ # start_column: 1,
17190
+ # },
17191
+ # ],
17192
+ # offset_ranges: [
17193
+ # {
17194
+ # start: 1,
17195
+ # end: 1,
17196
+ # start_column: 1,
17197
+ # },
17198
+ # ],
17199
+ # pages: [
17200
+ # {
17201
+ # page_number: 1,
17202
+ # line_range: {
17203
+ # start: 1,
17204
+ # end: 1,
17205
+ # start_column: 1,
17206
+ # },
17207
+ # offset_range: {
17208
+ # start: 1,
17209
+ # end: 1,
17210
+ # start_column: 1,
17211
+ # },
17212
+ # },
17213
+ # ],
17214
+ # records: [
17215
+ # {
17216
+ # json_path: "NonEmptyString",
17217
+ # record_index: 1,
17218
+ # },
17219
+ # ],
17220
+ # cells: [
17221
+ # {
17222
+ # column: 1,
17223
+ # row: 1,
17224
+ # column_name: "NonEmptyString",
17225
+ # cell_reference: "NonEmptyString",
17226
+ # },
17227
+ # ],
17228
+ # },
17229
+ # }
17230
+ #
17231
+ # @!attribute [rw] count
17232
+ # The total number of occurrences of sensitive data that were
17233
+ # detected.
17234
+ # @return [Integer]
17235
+ #
17236
+ # @!attribute [rw] arn
17237
+ # The ARN of the custom identifier that was used to detect the
17238
+ # sensitive data.
17239
+ # @return [String]
17240
+ #
17241
+ # @!attribute [rw] name
17242
+ # he name of the custom identifier that detected the sensitive data.
17243
+ # @return [String]
17244
+ #
17245
+ # @!attribute [rw] occurrences
17246
+ # Details about the sensitive data that was detected.
17247
+ # @return [Types::Occurrences]
17248
+ #
17249
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersDetections AWS API Documentation
17250
+ #
17251
+ class CustomDataIdentifiersDetections < Struct.new(
17252
+ :count,
17253
+ :arn,
17254
+ :name,
17255
+ :occurrences)
17256
+ SENSITIVE = []
17257
+ include Aws::Structure
17258
+ end
17259
+
17260
+ # Contains an instance of sensitive data that was detected by a
17261
+ # customer-defined identifier.
17262
+ #
17263
+ # @note When making an API call, you may pass CustomDataIdentifiersResult
17264
+ # data as a hash:
17265
+ #
17266
+ # {
17267
+ # detections: [
17268
+ # {
17269
+ # count: 1,
17270
+ # arn: "NonEmptyString",
17271
+ # name: "NonEmptyString",
17272
+ # occurrences: {
17273
+ # line_ranges: [
17274
+ # {
17275
+ # start: 1,
17276
+ # end: 1,
17277
+ # start_column: 1,
17278
+ # },
17279
+ # ],
17280
+ # offset_ranges: [
17281
+ # {
17282
+ # start: 1,
17283
+ # end: 1,
17284
+ # start_column: 1,
17285
+ # },
17286
+ # ],
17287
+ # pages: [
17288
+ # {
17289
+ # page_number: 1,
17290
+ # line_range: {
17291
+ # start: 1,
17292
+ # end: 1,
17293
+ # start_column: 1,
17294
+ # },
17295
+ # offset_range: {
17296
+ # start: 1,
17297
+ # end: 1,
17298
+ # start_column: 1,
17299
+ # },
17300
+ # },
17301
+ # ],
17302
+ # records: [
17303
+ # {
17304
+ # json_path: "NonEmptyString",
17305
+ # record_index: 1,
17306
+ # },
17307
+ # ],
17308
+ # cells: [
17309
+ # {
17310
+ # column: 1,
17311
+ # row: 1,
17312
+ # column_name: "NonEmptyString",
17313
+ # cell_reference: "NonEmptyString",
17314
+ # },
17315
+ # ],
17316
+ # },
17317
+ # },
17318
+ # ],
17319
+ # total_count: 1,
17320
+ # }
17321
+ #
17322
+ # @!attribute [rw] detections
17323
+ # The list of detected instances of sensitive data.
17324
+ # @return [Array<Types::CustomDataIdentifiersDetections>]
17325
+ #
17326
+ # @!attribute [rw] total_count
17327
+ # The total number of occurrences of sensitive data.
17328
+ # @return [Integer]
17329
+ #
17330
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersResult AWS API Documentation
17331
+ #
17332
+ class CustomDataIdentifiersResult < Struct.new(
17333
+ :detections,
17334
+ :total_count)
17335
+ SENSITIVE = []
17336
+ include Aws::Structure
17337
+ end
17338
+
15268
17339
  # CVSS scores from the advisory related to the vulnerability.
15269
17340
  #
15270
17341
  # @note When making an API call, you may pass Cvss
@@ -15298,6 +17369,154 @@ module Aws::SecurityHub
15298
17369
  include Aws::Structure
15299
17370
  end
15300
17371
 
17372
+ # Provides details about sensitive data that was detected on a resource.
17373
+ #
17374
+ # @note When making an API call, you may pass DataClassificationDetails
17375
+ # data as a hash:
17376
+ #
17377
+ # {
17378
+ # detailed_results_location: "NonEmptyString",
17379
+ # result: {
17380
+ # mime_type: "NonEmptyString",
17381
+ # size_classified: 1,
17382
+ # additional_occurrences: false,
17383
+ # status: {
17384
+ # code: "NonEmptyString",
17385
+ # reason: "NonEmptyString",
17386
+ # },
17387
+ # sensitive_data: [
17388
+ # {
17389
+ # category: "NonEmptyString",
17390
+ # detections: [
17391
+ # {
17392
+ # count: 1,
17393
+ # type: "NonEmptyString",
17394
+ # occurrences: {
17395
+ # line_ranges: [
17396
+ # {
17397
+ # start: 1,
17398
+ # end: 1,
17399
+ # start_column: 1,
17400
+ # },
17401
+ # ],
17402
+ # offset_ranges: [
17403
+ # {
17404
+ # start: 1,
17405
+ # end: 1,
17406
+ # start_column: 1,
17407
+ # },
17408
+ # ],
17409
+ # pages: [
17410
+ # {
17411
+ # page_number: 1,
17412
+ # line_range: {
17413
+ # start: 1,
17414
+ # end: 1,
17415
+ # start_column: 1,
17416
+ # },
17417
+ # offset_range: {
17418
+ # start: 1,
17419
+ # end: 1,
17420
+ # start_column: 1,
17421
+ # },
17422
+ # },
17423
+ # ],
17424
+ # records: [
17425
+ # {
17426
+ # json_path: "NonEmptyString",
17427
+ # record_index: 1,
17428
+ # },
17429
+ # ],
17430
+ # cells: [
17431
+ # {
17432
+ # column: 1,
17433
+ # row: 1,
17434
+ # column_name: "NonEmptyString",
17435
+ # cell_reference: "NonEmptyString",
17436
+ # },
17437
+ # ],
17438
+ # },
17439
+ # },
17440
+ # ],
17441
+ # total_count: 1,
17442
+ # },
17443
+ # ],
17444
+ # custom_data_identifiers: {
17445
+ # detections: [
17446
+ # {
17447
+ # count: 1,
17448
+ # arn: "NonEmptyString",
17449
+ # name: "NonEmptyString",
17450
+ # occurrences: {
17451
+ # line_ranges: [
17452
+ # {
17453
+ # start: 1,
17454
+ # end: 1,
17455
+ # start_column: 1,
17456
+ # },
17457
+ # ],
17458
+ # offset_ranges: [
17459
+ # {
17460
+ # start: 1,
17461
+ # end: 1,
17462
+ # start_column: 1,
17463
+ # },
17464
+ # ],
17465
+ # pages: [
17466
+ # {
17467
+ # page_number: 1,
17468
+ # line_range: {
17469
+ # start: 1,
17470
+ # end: 1,
17471
+ # start_column: 1,
17472
+ # },
17473
+ # offset_range: {
17474
+ # start: 1,
17475
+ # end: 1,
17476
+ # start_column: 1,
17477
+ # },
17478
+ # },
17479
+ # ],
17480
+ # records: [
17481
+ # {
17482
+ # json_path: "NonEmptyString",
17483
+ # record_index: 1,
17484
+ # },
17485
+ # ],
17486
+ # cells: [
17487
+ # {
17488
+ # column: 1,
17489
+ # row: 1,
17490
+ # column_name: "NonEmptyString",
17491
+ # cell_reference: "NonEmptyString",
17492
+ # },
17493
+ # ],
17494
+ # },
17495
+ # },
17496
+ # ],
17497
+ # total_count: 1,
17498
+ # },
17499
+ # },
17500
+ # }
17501
+ #
17502
+ # @!attribute [rw] detailed_results_location
17503
+ # The path to the folder or file that contains the sensitive data.
17504
+ # @return [String]
17505
+ #
17506
+ # @!attribute [rw] result
17507
+ # The details about the sensitive data that was detected on the
17508
+ # resource.
17509
+ # @return [Types::ClassificationResult]
17510
+ #
17511
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DataClassificationDetails AWS API Documentation
17512
+ #
17513
+ class DataClassificationDetails < Struct.new(
17514
+ :detailed_results_location,
17515
+ :result)
17516
+ SENSITIVE = []
17517
+ include Aws::Structure
17518
+ end
17519
+
15301
17520
  # A date filter for querying findings.
15302
17521
  #
15303
17522
  # @note When making an API call, you may pass DateFilter
@@ -15658,6 +17877,7 @@ module Aws::SecurityHub
15658
17877
  # {
15659
17878
  # next_token: "NextToken",
15660
17879
  # max_results: 1,
17880
+ # product_arn: "NonEmptyString",
15661
17881
  # }
15662
17882
  #
15663
17883
  # @!attribute [rw] next_token
@@ -15674,11 +17894,16 @@ module Aws::SecurityHub
15674
17894
  # The maximum number of results to return.
15675
17895
  # @return [Integer]
15676
17896
  #
17897
+ # @!attribute [rw] product_arn
17898
+ # The ARN of the integration to return.
17899
+ # @return [String]
17900
+ #
15677
17901
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeProductsRequest AWS API Documentation
15678
17902
  #
15679
17903
  class DescribeProductsRequest < Struct.new(
15680
17904
  :next_token,
15681
- :max_results)
17905
+ :max_results,
17906
+ :product_arn)
15682
17907
  SENSITIVE = []
15683
17908
  include Aws::Structure
15684
17909
  end
@@ -15895,6 +18120,40 @@ module Aws::SecurityHub
15895
18120
  #
15896
18121
  class DisassociateMembersResponse < Aws::EmptyStructure; end
15897
18122
 
18123
+ # Provided if `ActionType` is `DNS_REQUEST`. It provides details about
18124
+ # the DNS request that was detected.
18125
+ #
18126
+ # @note When making an API call, you may pass DnsRequestAction
18127
+ # data as a hash:
18128
+ #
18129
+ # {
18130
+ # domain: "NonEmptyString",
18131
+ # protocol: "NonEmptyString",
18132
+ # blocked: false,
18133
+ # }
18134
+ #
18135
+ # @!attribute [rw] domain
18136
+ # The DNS domain that is associated with the DNS request.
18137
+ # @return [String]
18138
+ #
18139
+ # @!attribute [rw] protocol
18140
+ # The protocol that was used for the DNS request.
18141
+ # @return [String]
18142
+ #
18143
+ # @!attribute [rw] blocked
18144
+ # Indicates whether the DNS request was blocked.
18145
+ # @return [Boolean]
18146
+ #
18147
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DnsRequestAction AWS API Documentation
18148
+ #
18149
+ class DnsRequestAction < Struct.new(
18150
+ :domain,
18151
+ :protocol,
18152
+ :blocked)
18153
+ SENSITIVE = []
18154
+ include Aws::Structure
18155
+ end
18156
+
15898
18157
  # @note When making an API call, you may pass EnableImportFindingsForProductRequest
15899
18158
  # data as a hash:
15900
18159
  #
@@ -15947,45 +18206,169 @@ module Aws::SecurityHub
15947
18206
  include Aws::Structure
15948
18207
  end
15949
18208
 
15950
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
18209
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
18210
+ #
18211
+ class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
18212
+
18213
+ # @note When making an API call, you may pass EnableSecurityHubRequest
18214
+ # data as a hash:
18215
+ #
18216
+ # {
18217
+ # tags: {
18218
+ # "TagKey" => "TagValue",
18219
+ # },
18220
+ # enable_default_standards: false,
18221
+ # }
18222
+ #
18223
+ # @!attribute [rw] tags
18224
+ # The tags to add to the hub resource when you enable Security Hub.
18225
+ # @return [Hash<String,String>]
18226
+ #
18227
+ # @!attribute [rw] enable_default_standards
18228
+ # Whether to enable the security standards that Security Hub has
18229
+ # designated as automatically enabled. If you do not provide a value
18230
+ # for `EnableDefaultStandards`, it is set to `true`. To not enable the
18231
+ # automatically enabled standards, set `EnableDefaultStandards` to
18232
+ # `false`.
18233
+ # @return [Boolean]
18234
+ #
18235
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
18236
+ #
18237
+ class EnableSecurityHubRequest < Struct.new(
18238
+ :tags,
18239
+ :enable_default_standards)
18240
+ SENSITIVE = []
18241
+ include Aws::Structure
18242
+ end
18243
+
18244
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation
18245
+ #
18246
+ class EnableSecurityHubResponse < Aws::EmptyStructure; end
18247
+
18248
+ # In a `BatchImportFindings` request, finding providers use
18249
+ # `FindingProviderFields` to provide and update values for confidence,
18250
+ # criticality, related findings, severity, and types.
18251
+ #
18252
+ # @note When making an API call, you may pass FindingProviderFields
18253
+ # data as a hash:
18254
+ #
18255
+ # {
18256
+ # confidence: 1,
18257
+ # criticality: 1,
18258
+ # related_findings: [
18259
+ # {
18260
+ # product_arn: "NonEmptyString", # required
18261
+ # id: "NonEmptyString", # required
18262
+ # },
18263
+ # ],
18264
+ # severity: {
18265
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
18266
+ # original: "NonEmptyString",
18267
+ # },
18268
+ # types: ["NonEmptyString"],
18269
+ # }
18270
+ #
18271
+ # @!attribute [rw] confidence
18272
+ # A finding's confidence. Confidence is defined as the likelihood
18273
+ # that a finding accurately identifies the behavior or issue that it
18274
+ # was intended to identify.
18275
+ #
18276
+ # Confidence is scored on a 0-100 basis using a ratio scale, where 0
18277
+ # means zero percent confidence and 100 means 100 percent confidence.
18278
+ # @return [Integer]
18279
+ #
18280
+ # @!attribute [rw] criticality
18281
+ # The level of importance assigned to the resources associated with
18282
+ # the finding.
18283
+ #
18284
+ # A score of 0 means that the underlying resources have no
18285
+ # criticality, and a score of 100 is reserved for the most critical
18286
+ # resources.
18287
+ # @return [Integer]
18288
+ #
18289
+ # @!attribute [rw] related_findings
18290
+ # A list of findings that are related to the current finding.
18291
+ # @return [Array<Types::RelatedFinding>]
18292
+ #
18293
+ # @!attribute [rw] severity
18294
+ # The severity of a finding.
18295
+ # @return [Types::FindingProviderSeverity]
18296
+ #
18297
+ # @!attribute [rw] types
18298
+ # One or more finding types in the format of
18299
+ # `namespace/category/classifier` that classify a finding.
18300
+ #
18301
+ # Valid namespace values are: Software and Configuration Checks \|
18302
+ # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
18303
+ # Identifications
18304
+ # @return [Array<String>]
18305
+ #
18306
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderFields AWS API Documentation
18307
+ #
18308
+ class FindingProviderFields < Struct.new(
18309
+ :confidence,
18310
+ :criticality,
18311
+ :related_findings,
18312
+ :severity,
18313
+ :types)
18314
+ SENSITIVE = []
18315
+ include Aws::Structure
18316
+ end
18317
+
18318
+ # The severity assigned to the finding by the finding provider.
18319
+ #
18320
+ # @note When making an API call, you may pass FindingProviderSeverity
18321
+ # data as a hash:
18322
+ #
18323
+ # {
18324
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
18325
+ # original: "NonEmptyString",
18326
+ # }
18327
+ #
18328
+ # @!attribute [rw] label
18329
+ # The severity label assigned to the finding by the finding provider.
18330
+ # @return [String]
18331
+ #
18332
+ # @!attribute [rw] original
18333
+ # The finding provider's original value for the severity.
18334
+ # @return [String]
18335
+ #
18336
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderSeverity AWS API Documentation
18337
+ #
18338
+ class FindingProviderSeverity < Struct.new(
18339
+ :label,
18340
+ :original)
18341
+ SENSITIVE = []
18342
+ include Aws::Structure
18343
+ end
18344
+
18345
+ # Provides the latitude and longitude coordinates of a location.
15951
18346
  #
15952
- class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
15953
-
15954
- # @note When making an API call, you may pass EnableSecurityHubRequest
18347
+ # @note When making an API call, you may pass GeoLocation
15955
18348
  # data as a hash:
15956
18349
  #
15957
18350
  # {
15958
- # tags: {
15959
- # "TagKey" => "TagValue",
15960
- # },
15961
- # enable_default_standards: false,
18351
+ # lon: 1.0,
18352
+ # lat: 1.0,
15962
18353
  # }
15963
18354
  #
15964
- # @!attribute [rw] tags
15965
- # The tags to add to the hub resource when you enable Security Hub.
15966
- # @return [Hash<String,String>]
18355
+ # @!attribute [rw] lon
18356
+ # The longitude of the location.
18357
+ # @return [Float]
15967
18358
  #
15968
- # @!attribute [rw] enable_default_standards
15969
- # Whether to enable the security standards that Security Hub has
15970
- # designated as automatically enabled. If you do not provide a value
15971
- # for `EnableDefaultStandards`, it is set to `true`. To not enable the
15972
- # automatically enabled standards, set `EnableDefaultStandards` to
15973
- # `false`.
15974
- # @return [Boolean]
18359
+ # @!attribute [rw] lat
18360
+ # The latitude of the location.
18361
+ # @return [Float]
15975
18362
  #
15976
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
18363
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GeoLocation AWS API Documentation
15977
18364
  #
15978
- class EnableSecurityHubRequest < Struct.new(
15979
- :tags,
15980
- :enable_default_standards)
18365
+ class GeoLocation < Struct.new(
18366
+ :lon,
18367
+ :lat)
15981
18368
  SENSITIVE = []
15982
18369
  include Aws::Structure
15983
18370
  end
15984
18371
 
15985
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation
15986
- #
15987
- class EnableSecurityHubResponse < Aws::EmptyStructure; end
15988
-
15989
18372
  # @note When making an API call, you may pass GetEnabledStandardsRequest
15990
18373
  # data as a hash:
15991
18374
  #
@@ -16600,6 +18983,50 @@ module Aws::SecurityHub
16600
18983
  # value: "NonEmptyString",
16601
18984
  # },
16602
18985
  # ],
18986
+ # finding_provider_fields_confidence: [
18987
+ # {
18988
+ # gte: 1.0,
18989
+ # lte: 1.0,
18990
+ # eq: 1.0,
18991
+ # },
18992
+ # ],
18993
+ # finding_provider_fields_criticality: [
18994
+ # {
18995
+ # gte: 1.0,
18996
+ # lte: 1.0,
18997
+ # eq: 1.0,
18998
+ # },
18999
+ # ],
19000
+ # finding_provider_fields_related_findings_id: [
19001
+ # {
19002
+ # value: "NonEmptyString",
19003
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19004
+ # },
19005
+ # ],
19006
+ # finding_provider_fields_related_findings_product_arn: [
19007
+ # {
19008
+ # value: "NonEmptyString",
19009
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19010
+ # },
19011
+ # ],
19012
+ # finding_provider_fields_severity_label: [
19013
+ # {
19014
+ # value: "NonEmptyString",
19015
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19016
+ # },
19017
+ # ],
19018
+ # finding_provider_fields_severity_original: [
19019
+ # {
19020
+ # value: "NonEmptyString",
19021
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19022
+ # },
19023
+ # ],
19024
+ # finding_provider_fields_types: [
19025
+ # {
19026
+ # value: "NonEmptyString",
19027
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19028
+ # },
19029
+ # ],
16603
19030
  # },
16604
19031
  # sort_criteria: [
16605
19032
  # {
@@ -17080,6 +19507,45 @@ module Aws::SecurityHub
17080
19507
  include Aws::Structure
17081
19508
  end
17082
19509
 
19510
+ # Provides information about an internet provider.
19511
+ #
19512
+ # @note When making an API call, you may pass IpOrganizationDetails
19513
+ # data as a hash:
19514
+ #
19515
+ # {
19516
+ # asn: 1,
19517
+ # asn_org: "NonEmptyString",
19518
+ # isp: "NonEmptyString",
19519
+ # org: "NonEmptyString",
19520
+ # }
19521
+ #
19522
+ # @!attribute [rw] asn
19523
+ # The Autonomous System Number (ASN) of the internet provider
19524
+ # @return [Integer]
19525
+ #
19526
+ # @!attribute [rw] asn_org
19527
+ # The name of the organization that registered the ASN.
19528
+ # @return [String]
19529
+ #
19530
+ # @!attribute [rw] isp
19531
+ # The ISP information for the internet provider.
19532
+ # @return [String]
19533
+ #
19534
+ # @!attribute [rw] org
19535
+ # The name of the internet provider.
19536
+ # @return [String]
19537
+ #
19538
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IpOrganizationDetails AWS API Documentation
19539
+ #
19540
+ class IpOrganizationDetails < Struct.new(
19541
+ :asn,
19542
+ :asn_org,
19543
+ :isp,
19544
+ :org)
19545
+ SENSITIVE = []
19546
+ include Aws::Structure
19547
+ end
19548
+
17083
19549
  # An IPV6 CIDR block association.
17084
19550
  #
17085
19551
  # @note When making an API call, you may pass Ipv6CidrBlockAssociation
@@ -17681,6 +20147,84 @@ module Aws::SecurityHub
17681
20147
  include Aws::Structure
17682
20148
  end
17683
20149
 
20150
+ # Provided if `ActionType` is `NETWORK_CONNECTION`. It provides details
20151
+ # about the attempted network connection that was detected.
20152
+ #
20153
+ # @note When making an API call, you may pass NetworkConnectionAction
20154
+ # data as a hash:
20155
+ #
20156
+ # {
20157
+ # connection_direction: "NonEmptyString",
20158
+ # remote_ip_details: {
20159
+ # ip_address_v4: "NonEmptyString",
20160
+ # organization: {
20161
+ # asn: 1,
20162
+ # asn_org: "NonEmptyString",
20163
+ # isp: "NonEmptyString",
20164
+ # org: "NonEmptyString",
20165
+ # },
20166
+ # country: {
20167
+ # country_code: "NonEmptyString",
20168
+ # country_name: "NonEmptyString",
20169
+ # },
20170
+ # city: {
20171
+ # city_name: "NonEmptyString",
20172
+ # },
20173
+ # geo_location: {
20174
+ # lon: 1.0,
20175
+ # lat: 1.0,
20176
+ # },
20177
+ # },
20178
+ # remote_port_details: {
20179
+ # port: 1,
20180
+ # port_name: "NonEmptyString",
20181
+ # },
20182
+ # local_port_details: {
20183
+ # port: 1,
20184
+ # port_name: "NonEmptyString",
20185
+ # },
20186
+ # protocol: "NonEmptyString",
20187
+ # blocked: false,
20188
+ # }
20189
+ #
20190
+ # @!attribute [rw] connection_direction
20191
+ # The direction of the network connection request (`IN` or `OUT`).
20192
+ # @return [String]
20193
+ #
20194
+ # @!attribute [rw] remote_ip_details
20195
+ # Information about the remote IP address that issued the network
20196
+ # connection request.
20197
+ # @return [Types::ActionRemoteIpDetails]
20198
+ #
20199
+ # @!attribute [rw] remote_port_details
20200
+ # Information about the port on the remote IP address.
20201
+ # @return [Types::ActionRemotePortDetails]
20202
+ #
20203
+ # @!attribute [rw] local_port_details
20204
+ # Information about the port on the EC2 instance.
20205
+ # @return [Types::ActionLocalPortDetails]
20206
+ #
20207
+ # @!attribute [rw] protocol
20208
+ # The protocol used to make the network connection request.
20209
+ # @return [String]
20210
+ #
20211
+ # @!attribute [rw] blocked
20212
+ # Indicates whether the network connection attempt was blocked.
20213
+ # @return [Boolean]
20214
+ #
20215
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkConnectionAction AWS API Documentation
20216
+ #
20217
+ class NetworkConnectionAction < Struct.new(
20218
+ :connection_direction,
20219
+ :remote_ip_details,
20220
+ :remote_port_details,
20221
+ :local_port_details,
20222
+ :protocol,
20223
+ :blocked)
20224
+ SENSITIVE = []
20225
+ include Aws::Structure
20226
+ end
20227
+
17684
20228
  # Details about a network path component that occurs before or after the
17685
20229
  # current component.
17686
20230
  #
@@ -17949,6 +20493,139 @@ module Aws::SecurityHub
17949
20493
  include Aws::Structure
17950
20494
  end
17951
20495
 
20496
+ # The detected occurrences of sensitive data.
20497
+ #
20498
+ # @note When making an API call, you may pass Occurrences
20499
+ # data as a hash:
20500
+ #
20501
+ # {
20502
+ # line_ranges: [
20503
+ # {
20504
+ # start: 1,
20505
+ # end: 1,
20506
+ # start_column: 1,
20507
+ # },
20508
+ # ],
20509
+ # offset_ranges: [
20510
+ # {
20511
+ # start: 1,
20512
+ # end: 1,
20513
+ # start_column: 1,
20514
+ # },
20515
+ # ],
20516
+ # pages: [
20517
+ # {
20518
+ # page_number: 1,
20519
+ # line_range: {
20520
+ # start: 1,
20521
+ # end: 1,
20522
+ # start_column: 1,
20523
+ # },
20524
+ # offset_range: {
20525
+ # start: 1,
20526
+ # end: 1,
20527
+ # start_column: 1,
20528
+ # },
20529
+ # },
20530
+ # ],
20531
+ # records: [
20532
+ # {
20533
+ # json_path: "NonEmptyString",
20534
+ # record_index: 1,
20535
+ # },
20536
+ # ],
20537
+ # cells: [
20538
+ # {
20539
+ # column: 1,
20540
+ # row: 1,
20541
+ # column_name: "NonEmptyString",
20542
+ # cell_reference: "NonEmptyString",
20543
+ # },
20544
+ # ],
20545
+ # }
20546
+ #
20547
+ # @!attribute [rw] line_ranges
20548
+ # Occurrences of sensitive data detected in a non-binary text file or
20549
+ # a Microsoft Word file. Non-binary text files include files such as
20550
+ # HTML, XML, JSON, and TXT files.
20551
+ # @return [Array<Types::Range>]
20552
+ #
20553
+ # @!attribute [rw] offset_ranges
20554
+ # Occurrences of sensitive data detected in a binary text file.
20555
+ # @return [Array<Types::Range>]
20556
+ #
20557
+ # @!attribute [rw] pages
20558
+ # Occurrences of sensitive data in an Adobe Portable Document Format
20559
+ # (PDF) file.
20560
+ # @return [Array<Types::Page>]
20561
+ #
20562
+ # @!attribute [rw] records
20563
+ # Occurrences of sensitive data in an Apache Avro object container or
20564
+ # an Apache Parquet file.
20565
+ # @return [Array<Types::Record>]
20566
+ #
20567
+ # @!attribute [rw] cells
20568
+ # Occurrences of sensitive data detected in Microsoft Excel workbooks,
20569
+ # comma-separated value (CSV) files, or tab-separated value (TSV)
20570
+ # files.
20571
+ # @return [Array<Types::Cell>]
20572
+ #
20573
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Occurrences AWS API Documentation
20574
+ #
20575
+ class Occurrences < Struct.new(
20576
+ :line_ranges,
20577
+ :offset_ranges,
20578
+ :pages,
20579
+ :records,
20580
+ :cells)
20581
+ SENSITIVE = []
20582
+ include Aws::Structure
20583
+ end
20584
+
20585
+ # An occurrence of sensitive data in an Adobe Portable Document Format
20586
+ # (PDF) file.
20587
+ #
20588
+ # @note When making an API call, you may pass Page
20589
+ # data as a hash:
20590
+ #
20591
+ # {
20592
+ # page_number: 1,
20593
+ # line_range: {
20594
+ # start: 1,
20595
+ # end: 1,
20596
+ # start_column: 1,
20597
+ # },
20598
+ # offset_range: {
20599
+ # start: 1,
20600
+ # end: 1,
20601
+ # start_column: 1,
20602
+ # },
20603
+ # }
20604
+ #
20605
+ # @!attribute [rw] page_number
20606
+ # The page number of the page that contains the sensitive data.
20607
+ # @return [Integer]
20608
+ #
20609
+ # @!attribute [rw] line_range
20610
+ # An occurrence of sensitive data detected in a non-binary text file
20611
+ # or a Microsoft Word file. Non-binary text files include files such
20612
+ # as HTML, XML, JSON, and TXT files.
20613
+ # @return [Types::Range]
20614
+ #
20615
+ # @!attribute [rw] offset_range
20616
+ # An occurrence of sensitive data detected in a binary text file.
20617
+ # @return [Types::Range]
20618
+ #
20619
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Page AWS API Documentation
20620
+ #
20621
+ class Page < Struct.new(
20622
+ :page_number,
20623
+ :line_range,
20624
+ :offset_range)
20625
+ SENSITIVE = []
20626
+ include Aws::Structure
20627
+ end
20628
+
17952
20629
  # Provides an overview of the patch compliance status for an instance
17953
20630
  # against a selected compliance standard.
17954
20631
  #
@@ -18056,6 +20733,126 @@ module Aws::SecurityHub
18056
20733
  include Aws::Structure
18057
20734
  end
18058
20735
 
20736
+ # Provided if `ActionType` is `PORT_PROBE`. It provides details about
20737
+ # the attempted port probe that was detected.
20738
+ #
20739
+ # @note When making an API call, you may pass PortProbeAction
20740
+ # data as a hash:
20741
+ #
20742
+ # {
20743
+ # port_probe_details: [
20744
+ # {
20745
+ # local_port_details: {
20746
+ # port: 1,
20747
+ # port_name: "NonEmptyString",
20748
+ # },
20749
+ # local_ip_details: {
20750
+ # ip_address_v4: "NonEmptyString",
20751
+ # },
20752
+ # remote_ip_details: {
20753
+ # ip_address_v4: "NonEmptyString",
20754
+ # organization: {
20755
+ # asn: 1,
20756
+ # asn_org: "NonEmptyString",
20757
+ # isp: "NonEmptyString",
20758
+ # org: "NonEmptyString",
20759
+ # },
20760
+ # country: {
20761
+ # country_code: "NonEmptyString",
20762
+ # country_name: "NonEmptyString",
20763
+ # },
20764
+ # city: {
20765
+ # city_name: "NonEmptyString",
20766
+ # },
20767
+ # geo_location: {
20768
+ # lon: 1.0,
20769
+ # lat: 1.0,
20770
+ # },
20771
+ # },
20772
+ # },
20773
+ # ],
20774
+ # blocked: false,
20775
+ # }
20776
+ #
20777
+ # @!attribute [rw] port_probe_details
20778
+ # Information about the ports affected by the port probe.
20779
+ # @return [Array<Types::PortProbeDetail>]
20780
+ #
20781
+ # @!attribute [rw] blocked
20782
+ # Indicates whether the port probe was blocked.
20783
+ # @return [Boolean]
20784
+ #
20785
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeAction AWS API Documentation
20786
+ #
20787
+ class PortProbeAction < Struct.new(
20788
+ :port_probe_details,
20789
+ :blocked)
20790
+ SENSITIVE = []
20791
+ include Aws::Structure
20792
+ end
20793
+
20794
+ # A port scan that was part of the port probe. For each scan,
20795
+ # PortProbeDetails provides information about the local IP address and
20796
+ # port that were scanned, and the remote IP address that the scan
20797
+ # originated from.
20798
+ #
20799
+ # @note When making an API call, you may pass PortProbeDetail
20800
+ # data as a hash:
20801
+ #
20802
+ # {
20803
+ # local_port_details: {
20804
+ # port: 1,
20805
+ # port_name: "NonEmptyString",
20806
+ # },
20807
+ # local_ip_details: {
20808
+ # ip_address_v4: "NonEmptyString",
20809
+ # },
20810
+ # remote_ip_details: {
20811
+ # ip_address_v4: "NonEmptyString",
20812
+ # organization: {
20813
+ # asn: 1,
20814
+ # asn_org: "NonEmptyString",
20815
+ # isp: "NonEmptyString",
20816
+ # org: "NonEmptyString",
20817
+ # },
20818
+ # country: {
20819
+ # country_code: "NonEmptyString",
20820
+ # country_name: "NonEmptyString",
20821
+ # },
20822
+ # city: {
20823
+ # city_name: "NonEmptyString",
20824
+ # },
20825
+ # geo_location: {
20826
+ # lon: 1.0,
20827
+ # lat: 1.0,
20828
+ # },
20829
+ # },
20830
+ # }
20831
+ #
20832
+ # @!attribute [rw] local_port_details
20833
+ # Provides information about the port that was scanned.
20834
+ # @return [Types::ActionLocalPortDetails]
20835
+ #
20836
+ # @!attribute [rw] local_ip_details
20837
+ # Provides information about the IP address where the scanned port is
20838
+ # located.
20839
+ # @return [Types::ActionLocalIpDetails]
20840
+ #
20841
+ # @!attribute [rw] remote_ip_details
20842
+ # Provides information about the remote IP address that performed the
20843
+ # scan.
20844
+ # @return [Types::ActionRemoteIpDetails]
20845
+ #
20846
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeDetail AWS API Documentation
20847
+ #
20848
+ class PortProbeDetail < Struct.new(
20849
+ :local_port_details,
20850
+ :local_ip_details,
20851
+ :remote_ip_details)
20852
+ SENSITIVE = []
20853
+ include Aws::Structure
20854
+ end
20855
+
18059
20856
  # A range of ports.
18060
20857
  #
18061
20858
  # @note When making an API call, you may pass PortRange
@@ -18212,6 +21009,44 @@ module Aws::SecurityHub
18212
21009
  include Aws::Structure
18213
21010
  end
18214
21011
 
21012
+ # Identifies where the sensitive data begins and ends.
21013
+ #
21014
+ # @note When making an API call, you may pass Range
21015
+ # data as a hash:
21016
+ #
21017
+ # {
21018
+ # start: 1,
21019
+ # end: 1,
21020
+ # start_column: 1,
21021
+ # }
21022
+ #
21023
+ # @!attribute [rw] start
21024
+ # The number of lines (for a line range) or characters (for an offset
21025
+ # range) from the beginning of the file to the end of the sensitive
21026
+ # data.
21027
+ # @return [Integer]
21028
+ #
21029
+ # @!attribute [rw] end
21030
+ # The number of lines (for a line range) or characters (for an offset
21031
+ # range) from the beginning of the file to the end of the sensitive
21032
+ # data.
21033
+ # @return [Integer]
21034
+ #
21035
+ # @!attribute [rw] start_column
21036
+ # In the line where the sensitive data starts, the column within the
21037
+ # line where the sensitive data starts.
21038
+ # @return [Integer]
21039
+ #
21040
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Range AWS API Documentation
21041
+ #
21042
+ class Range < Struct.new(
21043
+ :start,
21044
+ :end,
21045
+ :start_column)
21046
+ SENSITIVE = []
21047
+ include Aws::Structure
21048
+ end
21049
+
18215
21050
  # A recommendation on how to remediate the issue identified in a
18216
21051
  # finding.
18217
21052
  #
@@ -18242,6 +21077,38 @@ module Aws::SecurityHub
18242
21077
  include Aws::Structure
18243
21078
  end
18244
21079
 
21080
+ # An occurrence of sensitive data in an Apache Avro object container or
21081
+ # an Apache Parquet file.
21082
+ #
21083
+ # @note When making an API call, you may pass Record
21084
+ # data as a hash:
21085
+ #
21086
+ # {
21087
+ # json_path: "NonEmptyString",
21088
+ # record_index: 1,
21089
+ # }
21090
+ #
21091
+ # @!attribute [rw] json_path
21092
+ # The path, as a JSONPath expression, to the field in the record that
21093
+ # contains the data. If the field name is longer than 20 characters,
21094
+ # it is truncated. If the path is longer than 250 characters, it is
21095
+ # truncated.
21096
+ # @return [String]
21097
+ #
21098
+ # @!attribute [rw] record_index
21099
+ # The record index, starting from 0, for the record that contains the
21100
+ # data.
21101
+ # @return [Integer]
21102
+ #
21103
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Record AWS API Documentation
21104
+ #
21105
+ class Record < Struct.new(
21106
+ :json_path,
21107
+ :record_index)
21108
+ SENSITIVE = []
21109
+ include Aws::Structure
21110
+ end
21111
+
18245
21112
  # Details about a related finding.
18246
21113
  #
18247
21114
  # @note When making an API call, you may pass RelatedFinding
@@ -18308,6 +21175,130 @@ module Aws::SecurityHub
18308
21175
  # tags: {
18309
21176
  # "NonEmptyString" => "NonEmptyString",
18310
21177
  # },
21178
+ # data_classification: {
21179
+ # detailed_results_location: "NonEmptyString",
21180
+ # result: {
21181
+ # mime_type: "NonEmptyString",
21182
+ # size_classified: 1,
21183
+ # additional_occurrences: false,
21184
+ # status: {
21185
+ # code: "NonEmptyString",
21186
+ # reason: "NonEmptyString",
21187
+ # },
21188
+ # sensitive_data: [
21189
+ # {
21190
+ # category: "NonEmptyString",
21191
+ # detections: [
21192
+ # {
21193
+ # count: 1,
21194
+ # type: "NonEmptyString",
21195
+ # occurrences: {
21196
+ # line_ranges: [
21197
+ # {
21198
+ # start: 1,
21199
+ # end: 1,
21200
+ # start_column: 1,
21201
+ # },
21202
+ # ],
21203
+ # offset_ranges: [
21204
+ # {
21205
+ # start: 1,
21206
+ # end: 1,
21207
+ # start_column: 1,
21208
+ # },
21209
+ # ],
21210
+ # pages: [
21211
+ # {
21212
+ # page_number: 1,
21213
+ # line_range: {
21214
+ # start: 1,
21215
+ # end: 1,
21216
+ # start_column: 1,
21217
+ # },
21218
+ # offset_range: {
21219
+ # start: 1,
21220
+ # end: 1,
21221
+ # start_column: 1,
21222
+ # },
21223
+ # },
21224
+ # ],
21225
+ # records: [
21226
+ # {
21227
+ # json_path: "NonEmptyString",
21228
+ # record_index: 1,
21229
+ # },
21230
+ # ],
21231
+ # cells: [
21232
+ # {
21233
+ # column: 1,
21234
+ # row: 1,
21235
+ # column_name: "NonEmptyString",
21236
+ # cell_reference: "NonEmptyString",
21237
+ # },
21238
+ # ],
21239
+ # },
21240
+ # },
21241
+ # ],
21242
+ # total_count: 1,
21243
+ # },
21244
+ # ],
21245
+ # custom_data_identifiers: {
21246
+ # detections: [
21247
+ # {
21248
+ # count: 1,
21249
+ # arn: "NonEmptyString",
21250
+ # name: "NonEmptyString",
21251
+ # occurrences: {
21252
+ # line_ranges: [
21253
+ # {
21254
+ # start: 1,
21255
+ # end: 1,
21256
+ # start_column: 1,
21257
+ # },
21258
+ # ],
21259
+ # offset_ranges: [
21260
+ # {
21261
+ # start: 1,
21262
+ # end: 1,
21263
+ # start_column: 1,
21264
+ # },
21265
+ # ],
21266
+ # pages: [
21267
+ # {
21268
+ # page_number: 1,
21269
+ # line_range: {
21270
+ # start: 1,
21271
+ # end: 1,
21272
+ # start_column: 1,
21273
+ # },
21274
+ # offset_range: {
21275
+ # start: 1,
21276
+ # end: 1,
21277
+ # start_column: 1,
21278
+ # },
21279
+ # },
21280
+ # ],
21281
+ # records: [
21282
+ # {
21283
+ # json_path: "NonEmptyString",
21284
+ # record_index: 1,
21285
+ # },
21286
+ # ],
21287
+ # cells: [
21288
+ # {
21289
+ # column: 1,
21290
+ # row: 1,
21291
+ # column_name: "NonEmptyString",
21292
+ # cell_reference: "NonEmptyString",
21293
+ # },
21294
+ # ],
21295
+ # },
21296
+ # },
21297
+ # ],
21298
+ # total_count: 1,
21299
+ # },
21300
+ # },
21301
+ # },
18311
21302
  # details: {
18312
21303
  # aws_auto_scaling_auto_scaling_group: {
18313
21304
  # launch_configuration_name: "NonEmptyString",
@@ -18418,6 +21409,19 @@ module Aws::SecurityHub
18418
21409
  # },
18419
21410
  # ],
18420
21411
  # source_dest_check: false,
21412
+ # ip_v6_addresses: [
21413
+ # {
21414
+ # ip_v6_address: "NonEmptyString",
21415
+ # },
21416
+ # ],
21417
+ # private_ip_addresses: [
21418
+ # {
21419
+ # private_ip_address: "NonEmptyString",
21420
+ # private_dns_name: "NonEmptyString",
21421
+ # },
21422
+ # ],
21423
+ # public_dns_name: "NonEmptyString",
21424
+ # public_ip: "NonEmptyString",
18421
21425
  # },
18422
21426
  # aws_ec2_security_group: {
18423
21427
  # group_name: "NonEmptyString",
@@ -18596,6 +21600,18 @@ module Aws::SecurityHub
18596
21600
  # },
18597
21601
  # ],
18598
21602
  # },
21603
+ # public_access_block_configuration: {
21604
+ # block_public_acls: false,
21605
+ # block_public_policy: false,
21606
+ # ignore_public_acls: false,
21607
+ # restrict_public_buckets: false,
21608
+ # },
21609
+ # },
21610
+ # aws_s3_account_public_access_block: {
21611
+ # block_public_acls: false,
21612
+ # block_public_policy: false,
21613
+ # ignore_public_acls: false,
21614
+ # restrict_public_buckets: false,
18599
21615
  # },
18600
21616
  # aws_s3_object: {
18601
21617
  # last_modified: "NonEmptyString",
@@ -18918,6 +21934,30 @@ module Aws::SecurityHub
18918
21934
  # sns_topic_name: "NonEmptyString",
18919
21935
  # trail_arn: "NonEmptyString",
18920
21936
  # },
21937
+ # aws_ssm_patch_compliance: {
21938
+ # patch: {
21939
+ # compliance_summary: {
21940
+ # status: "NonEmptyString",
21941
+ # compliant_critical_count: 1,
21942
+ # compliant_high_count: 1,
21943
+ # compliant_medium_count: 1,
21944
+ # execution_type: "NonEmptyString",
21945
+ # non_compliant_critical_count: 1,
21946
+ # compliant_informational_count: 1,
21947
+ # non_compliant_informational_count: 1,
21948
+ # compliant_unspecified_count: 1,
21949
+ # non_compliant_low_count: 1,
21950
+ # non_compliant_high_count: 1,
21951
+ # compliant_low_count: 1,
21952
+ # compliance_type: "NonEmptyString",
21953
+ # patch_baseline_id: "NonEmptyString",
21954
+ # overall_severity: "NonEmptyString",
21955
+ # non_compliant_medium_count: 1,
21956
+ # non_compliant_unspecified_count: 1,
21957
+ # patch_group: "NonEmptyString",
21958
+ # },
21959
+ # },
21960
+ # },
18921
21961
  # aws_certificate_manager_certificate: {
18922
21962
  # certificate_authority_arn: "NonEmptyString",
18923
21963
  # created_at: "NonEmptyString",
@@ -19648,6 +22688,8 @@ module Aws::SecurityHub
19648
22688
  # @return [String]
19649
22689
  #
19650
22690
  # @!attribute [rw] resource_role
22691
+ # Identifies the role of the resource in the finding. A resource is
22692
+ # either the actor or target of the finding activity,
19651
22693
  # @return [String]
19652
22694
  #
19653
22695
  # @!attribute [rw] tags
@@ -19655,6 +22697,11 @@ module Aws::SecurityHub
19655
22697
  # finding was processed.
19656
22698
  # @return [Hash<String,String>]
19657
22699
  #
22700
+ # @!attribute [rw] data_classification
22701
+ # Contains information about sensitive data that was detected on the
22702
+ # resource.
22703
+ # @return [Types::DataClassificationDetails]
22704
+ #
19658
22705
  # @!attribute [rw] details
19659
22706
  # Additional details about the resource related to a finding.
19660
22707
  # @return [Types::ResourceDetails]
@@ -19668,6 +22715,7 @@ module Aws::SecurityHub
19668
22715
  :region,
19669
22716
  :resource_role,
19670
22717
  :tags,
22718
+ :data_classification,
19671
22719
  :details)
19672
22720
  SENSITIVE = []
19673
22721
  include Aws::Structure
@@ -19817,6 +22865,19 @@ module Aws::SecurityHub
19817
22865
  # },
19818
22866
  # ],
19819
22867
  # source_dest_check: false,
22868
+ # ip_v6_addresses: [
22869
+ # {
22870
+ # ip_v6_address: "NonEmptyString",
22871
+ # },
22872
+ # ],
22873
+ # private_ip_addresses: [
22874
+ # {
22875
+ # private_ip_address: "NonEmptyString",
22876
+ # private_dns_name: "NonEmptyString",
22877
+ # },
22878
+ # ],
22879
+ # public_dns_name: "NonEmptyString",
22880
+ # public_ip: "NonEmptyString",
19820
22881
  # },
19821
22882
  # aws_ec2_security_group: {
19822
22883
  # group_name: "NonEmptyString",
@@ -19995,6 +23056,18 @@ module Aws::SecurityHub
19995
23056
  # },
19996
23057
  # ],
19997
23058
  # },
23059
+ # public_access_block_configuration: {
23060
+ # block_public_acls: false,
23061
+ # block_public_policy: false,
23062
+ # ignore_public_acls: false,
23063
+ # restrict_public_buckets: false,
23064
+ # },
23065
+ # },
23066
+ # aws_s3_account_public_access_block: {
23067
+ # block_public_acls: false,
23068
+ # block_public_policy: false,
23069
+ # ignore_public_acls: false,
23070
+ # restrict_public_buckets: false,
19998
23071
  # },
19999
23072
  # aws_s3_object: {
20000
23073
  # last_modified: "NonEmptyString",
@@ -20317,6 +23390,30 @@ module Aws::SecurityHub
20317
23390
  # sns_topic_name: "NonEmptyString",
20318
23391
  # trail_arn: "NonEmptyString",
20319
23392
  # },
23393
+ # aws_ssm_patch_compliance: {
23394
+ # patch: {
23395
+ # compliance_summary: {
23396
+ # status: "NonEmptyString",
23397
+ # compliant_critical_count: 1,
23398
+ # compliant_high_count: 1,
23399
+ # compliant_medium_count: 1,
23400
+ # execution_type: "NonEmptyString",
23401
+ # non_compliant_critical_count: 1,
23402
+ # compliant_informational_count: 1,
23403
+ # non_compliant_informational_count: 1,
23404
+ # compliant_unspecified_count: 1,
23405
+ # non_compliant_low_count: 1,
23406
+ # non_compliant_high_count: 1,
23407
+ # compliant_low_count: 1,
23408
+ # compliance_type: "NonEmptyString",
23409
+ # patch_baseline_id: "NonEmptyString",
23410
+ # overall_severity: "NonEmptyString",
23411
+ # non_compliant_medium_count: 1,
23412
+ # non_compliant_unspecified_count: 1,
23413
+ # patch_group: "NonEmptyString",
23414
+ # },
23415
+ # },
23416
+ # },
20320
23417
  # aws_certificate_manager_certificate: {
20321
23418
  # certificate_authority_arn: "NonEmptyString",
20322
23419
  # created_at: "NonEmptyString",
@@ -21070,6 +24167,11 @@ module Aws::SecurityHub
21070
24167
  # Details about an Amazon S3 bucket related to a finding.
21071
24168
  # @return [Types::AwsS3BucketDetails]
21072
24169
  #
24170
+ # @!attribute [rw] aws_s3_account_public_access_block
24171
+ # Details about the Amazon S3 Public Access Block configuration for an
24172
+ # account.
24173
+ # @return [Types::AwsS3AccountPublicAccessBlockDetails]
24174
+ #
21073
24175
  # @!attribute [rw] aws_s3_object
21074
24176
  # Details about an Amazon S3 object related to a finding.
21075
24177
  # @return [Types::AwsS3ObjectDetails]
@@ -21091,9 +24193,11 @@ module Aws::SecurityHub
21091
24193
  # @return [Types::AwsIamPolicyDetails]
21092
24194
  #
21093
24195
  # @!attribute [rw] aws_api_gateway_v2_stage
24196
+ # Provides information about a version 2 stage for Amazon API Gateway.
21094
24197
  # @return [Types::AwsApiGatewayV2StageDetails]
21095
24198
  #
21096
24199
  # @!attribute [rw] aws_api_gateway_v2_api
24200
+ # Provides information about a version 2 API in Amazon API Gateway.
21097
24201
  # @return [Types::AwsApiGatewayV2ApiDetails]
21098
24202
  #
21099
24203
  # @!attribute [rw] aws_dynamo_db_table
@@ -21101,24 +24205,37 @@ module Aws::SecurityHub
21101
24205
  # @return [Types::AwsDynamoDbTableDetails]
21102
24206
  #
21103
24207
  # @!attribute [rw] aws_api_gateway_stage
24208
+ # Provides information about a version 1 Amazon API Gateway stage.
21104
24209
  # @return [Types::AwsApiGatewayStageDetails]
21105
24210
  #
21106
24211
  # @!attribute [rw] aws_api_gateway_rest_api
24212
+ # Provides information about a REST API in version 1 of Amazon API
24213
+ # Gateway.
21107
24214
  # @return [Types::AwsApiGatewayRestApiDetails]
21108
24215
  #
21109
24216
  # @!attribute [rw] aws_cloud_trail_trail
24217
+ # Provides details about a CloudTrail trail.
21110
24218
  # @return [Types::AwsCloudTrailTrailDetails]
21111
24219
  #
24220
+ # @!attribute [rw] aws_ssm_patch_compliance
24221
+ # Provides information about the state of a patch on an instance based
24222
+ # on the patch baseline that was used to patch the instance.
24223
+ # @return [Types::AwsSsmPatchComplianceDetails]
24224
+ #
21112
24225
  # @!attribute [rw] aws_certificate_manager_certificate
24226
+ # Provides details about an AWS Certificate Manager (ACM) certificate.
21113
24227
  # @return [Types::AwsCertificateManagerCertificateDetails]
21114
24228
  #
21115
24229
  # @!attribute [rw] aws_redshift_cluster
24230
+ # Contains details about an Amazon Redshift cluster.
21116
24231
  # @return [Types::AwsRedshiftClusterDetails]
21117
24232
  #
21118
24233
  # @!attribute [rw] aws_elb_load_balancer
24234
+ # contains details about a Classic Load Balancer.
21119
24235
  # @return [Types::AwsElbLoadBalancerDetails]
21120
24236
  #
21121
24237
  # @!attribute [rw] aws_iam_group
24238
+ # Contains details about an IAM group.
21122
24239
  # @return [Types::AwsIamGroupDetails]
21123
24240
  #
21124
24241
  # @!attribute [rw] aws_iam_role
@@ -21198,6 +24315,7 @@ module Aws::SecurityHub
21198
24315
  :aws_elbv_2_load_balancer,
21199
24316
  :aws_elasticsearch_domain,
21200
24317
  :aws_s3_bucket,
24318
+ :aws_s3_account_public_access_block,
21201
24319
  :aws_s3_object,
21202
24320
  :aws_secrets_manager_secret,
21203
24321
  :aws_iam_access_key,
@@ -21209,6 +24327,7 @@ module Aws::SecurityHub
21209
24327
  :aws_api_gateway_stage,
21210
24328
  :aws_api_gateway_rest_api,
21211
24329
  :aws_cloud_trail_trail,
24330
+ :aws_ssm_patch_compliance,
21212
24331
  :aws_certificate_manager_certificate,
21213
24332
  :aws_redshift_cluster,
21214
24333
  :aws_elb_load_balancer,
@@ -21267,6 +24386,171 @@ module Aws::SecurityHub
21267
24386
  include Aws::Structure
21268
24387
  end
21269
24388
 
24389
+ # The list of detected instances of sensitive data.
24390
+ #
24391
+ # @note When making an API call, you may pass SensitiveDataDetections
24392
+ # data as a hash:
24393
+ #
24394
+ # {
24395
+ # count: 1,
24396
+ # type: "NonEmptyString",
24397
+ # occurrences: {
24398
+ # line_ranges: [
24399
+ # {
24400
+ # start: 1,
24401
+ # end: 1,
24402
+ # start_column: 1,
24403
+ # },
24404
+ # ],
24405
+ # offset_ranges: [
24406
+ # {
24407
+ # start: 1,
24408
+ # end: 1,
24409
+ # start_column: 1,
24410
+ # },
24411
+ # ],
24412
+ # pages: [
24413
+ # {
24414
+ # page_number: 1,
24415
+ # line_range: {
24416
+ # start: 1,
24417
+ # end: 1,
24418
+ # start_column: 1,
24419
+ # },
24420
+ # offset_range: {
24421
+ # start: 1,
24422
+ # end: 1,
24423
+ # start_column: 1,
24424
+ # },
24425
+ # },
24426
+ # ],
24427
+ # records: [
24428
+ # {
24429
+ # json_path: "NonEmptyString",
24430
+ # record_index: 1,
24431
+ # },
24432
+ # ],
24433
+ # cells: [
24434
+ # {
24435
+ # column: 1,
24436
+ # row: 1,
24437
+ # column_name: "NonEmptyString",
24438
+ # cell_reference: "NonEmptyString",
24439
+ # },
24440
+ # ],
24441
+ # },
24442
+ # }
24443
+ #
24444
+ # @!attribute [rw] count
24445
+ # The total number of occurrences of sensitive data that were
24446
+ # detected.
24447
+ # @return [Integer]
24448
+ #
24449
+ # @!attribute [rw] type
24450
+ # The type of sensitive data that was detected. For example, the type
24451
+ # might indicate that the data is an email address.
24452
+ # @return [String]
24453
+ #
24454
+ # @!attribute [rw] occurrences
24455
+ # Details about the sensitive data that was detected.
24456
+ # @return [Types::Occurrences]
24457
+ #
24458
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataDetections AWS API Documentation
24459
+ #
24460
+ class SensitiveDataDetections < Struct.new(
24461
+ :count,
24462
+ :type,
24463
+ :occurrences)
24464
+ SENSITIVE = []
24465
+ include Aws::Structure
24466
+ end
24467
+
24468
+ # Contains a detected instance of sensitive data that are based on
24469
+ # built-in identifiers.
24470
+ #
24471
+ # @note When making an API call, you may pass SensitiveDataResult
24472
+ # data as a hash:
24473
+ #
24474
+ # {
24475
+ # category: "NonEmptyString",
24476
+ # detections: [
24477
+ # {
24478
+ # count: 1,
24479
+ # type: "NonEmptyString",
24480
+ # occurrences: {
24481
+ # line_ranges: [
24482
+ # {
24483
+ # start: 1,
24484
+ # end: 1,
24485
+ # start_column: 1,
24486
+ # },
24487
+ # ],
24488
+ # offset_ranges: [
24489
+ # {
24490
+ # start: 1,
24491
+ # end: 1,
24492
+ # start_column: 1,
24493
+ # },
24494
+ # ],
24495
+ # pages: [
24496
+ # {
24497
+ # page_number: 1,
24498
+ # line_range: {
24499
+ # start: 1,
24500
+ # end: 1,
24501
+ # start_column: 1,
24502
+ # },
24503
+ # offset_range: {
24504
+ # start: 1,
24505
+ # end: 1,
24506
+ # start_column: 1,
24507
+ # },
24508
+ # },
24509
+ # ],
24510
+ # records: [
24511
+ # {
24512
+ # json_path: "NonEmptyString",
24513
+ # record_index: 1,
24514
+ # },
24515
+ # ],
24516
+ # cells: [
24517
+ # {
24518
+ # column: 1,
24519
+ # row: 1,
24520
+ # column_name: "NonEmptyString",
24521
+ # cell_reference: "NonEmptyString",
24522
+ # },
24523
+ # ],
24524
+ # },
24525
+ # },
24526
+ # ],
24527
+ # total_count: 1,
24528
+ # }
24529
+ #
24530
+ # @!attribute [rw] category
24531
+ # The category of sensitive data that was detected. For example, the
24532
+ # category can indicate that the sensitive data involved credentials,
24533
+ # financial information, or personal information.
24534
+ # @return [String]
24535
+ #
24536
+ # @!attribute [rw] detections
24537
+ # The list of detected instances of sensitive data.
24538
+ # @return [Array<Types::SensitiveDataDetections>]
24539
+ #
24540
+ # @!attribute [rw] total_count
24541
+ # The total number of occurrences of sensitive data.
24542
+ # @return [Integer]
24543
+ #
24544
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataResult AWS API Documentation
24545
+ #
24546
+ class SensitiveDataResult < Struct.new(
24547
+ :category,
24548
+ :detections,
24549
+ :total_count)
24550
+ SENSITIVE = []
24551
+ include Aws::Structure
24552
+ end
24553
+
21270
24554
  # The severity of the finding.
21271
24555
  #
21272
24556
  # The finding provider can provide the initial severity. The finding
@@ -21613,7 +24897,20 @@ module Aws::SecurityHub
21613
24897
  # @return [Hash<String,String>]
21614
24898
  #
21615
24899
  # @!attribute [rw] standards_status
21616
- # The status of the standards subscription.
24900
+ # The status of the standard subscription.
24901
+ #
24902
+ # The status values are as follows:
24903
+ #
24904
+ # * `PENDING` - Standard is in the process of being enabled.
24905
+ #
24906
+ # * `READY` - Standard is enabled.
24907
+ #
24908
+ # * `INCOMPLETE` - Standard could not be enabled completely. Some
24909
+ # controls may not be available.
24910
+ #
24911
+ # * `DELETING` - Standard is in the process of being disabled.
24912
+ #
24913
+ # * `FAILED` - Standard could not be disabled.
21617
24914
  # @return [String]
21618
24915
  #
21619
24916
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
@@ -22502,6 +25799,50 @@ module Aws::SecurityHub
22502
25799
  # value: "NonEmptyString",
22503
25800
  # },
22504
25801
  # ],
25802
+ # finding_provider_fields_confidence: [
25803
+ # {
25804
+ # gte: 1.0,
25805
+ # lte: 1.0,
25806
+ # eq: 1.0,
25807
+ # },
25808
+ # ],
25809
+ # finding_provider_fields_criticality: [
25810
+ # {
25811
+ # gte: 1.0,
25812
+ # lte: 1.0,
25813
+ # eq: 1.0,
25814
+ # },
25815
+ # ],
25816
+ # finding_provider_fields_related_findings_id: [
25817
+ # {
25818
+ # value: "NonEmptyString",
25819
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25820
+ # },
25821
+ # ],
25822
+ # finding_provider_fields_related_findings_product_arn: [
25823
+ # {
25824
+ # value: "NonEmptyString",
25825
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25826
+ # },
25827
+ # ],
25828
+ # finding_provider_fields_severity_label: [
25829
+ # {
25830
+ # value: "NonEmptyString",
25831
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25832
+ # },
25833
+ # ],
25834
+ # finding_provider_fields_severity_original: [
25835
+ # {
25836
+ # value: "NonEmptyString",
25837
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25838
+ # },
25839
+ # ],
25840
+ # finding_provider_fields_types: [
25841
+ # {
25842
+ # value: "NonEmptyString",
25843
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25844
+ # },
25845
+ # ],
22505
25846
  # },
22506
25847
  # note: {
22507
25848
  # text: "NonEmptyString", # required
@@ -23097,6 +26438,50 @@ module Aws::SecurityHub
23097
26438
  # value: "NonEmptyString",
23098
26439
  # },
23099
26440
  # ],
26441
+ # finding_provider_fields_confidence: [
26442
+ # {
26443
+ # gte: 1.0,
26444
+ # lte: 1.0,
26445
+ # eq: 1.0,
26446
+ # },
26447
+ # ],
26448
+ # finding_provider_fields_criticality: [
26449
+ # {
26450
+ # gte: 1.0,
26451
+ # lte: 1.0,
26452
+ # eq: 1.0,
26453
+ # },
26454
+ # ],
26455
+ # finding_provider_fields_related_findings_id: [
26456
+ # {
26457
+ # value: "NonEmptyString",
26458
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26459
+ # },
26460
+ # ],
26461
+ # finding_provider_fields_related_findings_product_arn: [
26462
+ # {
26463
+ # value: "NonEmptyString",
26464
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26465
+ # },
26466
+ # ],
26467
+ # finding_provider_fields_severity_label: [
26468
+ # {
26469
+ # value: "NonEmptyString",
26470
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26471
+ # },
26472
+ # ],
26473
+ # finding_provider_fields_severity_original: [
26474
+ # {
26475
+ # value: "NonEmptyString",
26476
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26477
+ # },
26478
+ # ],
26479
+ # finding_provider_fields_types: [
26480
+ # {
26481
+ # value: "NonEmptyString",
26482
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26483
+ # },
26484
+ # ],
23100
26485
  # },
23101
26486
  # group_by_attribute: "NonEmptyString",
23102
26487
  # }
@@ -23457,6 +26842,14 @@ module Aws::SecurityHub
23457
26842
  #
23458
26843
  # * `NEW` - The initial state of a finding, before it is reviewed.
23459
26844
  #
26845
+ # Security Hub also resets the workflow status from `NOTIFIED` or
26846
+ # `RESOLVED` to `NEW` in the following cases:
26847
+ #
26848
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
26849
+ #
26850
+ # * `ComplianceStatus` changes from `PASSED` to either `WARNING`,
26851
+ # `FAILED`, or `NOT_AVAILABLE`.
26852
+ #
23460
26853
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23461
26854
  # the security issue. Used when the initial reviewer is not the
23462
26855
  # resource owner, and needs intervention from the resource owner.
@@ -23491,6 +26884,14 @@ module Aws::SecurityHub
23491
26884
  #
23492
26885
  # * `NEW` - The initial state of a finding, before it is reviewed.
23493
26886
  #
26887
+ # Security Hub also resets `WorkFlowStatus` from `NOTIFIED` or
26888
+ # `RESOLVED` to `NEW` in the following cases:
26889
+ #
26890
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
26891
+ #
26892
+ # * The compliance status changes from `PASSED` to either `WARNING`,
26893
+ # `FAILED`, or `NOT_AVAILABLE`.
26894
+ #
23494
26895
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23495
26896
  # the security issue. Used when the initial reviewer is not the
23496
26897
  # resource owner, and needs intervention from the resource owner.