aws-sdk-securityhub 1.37.0 → 1.42.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +223 -0
  3. data/LICENSE.txt +202 -0
  4. data/VERSION +1 -0
  5. data/lib/aws-sdk-securityhub.rb +2 -2
  6. data/lib/aws-sdk-securityhub/client.rb +679 -15
  7. data/lib/aws-sdk-securityhub/client_api.rb +282 -6
  8. data/lib/aws-sdk-securityhub/errors.rb +1 -1
  9. data/lib/aws-sdk-securityhub/resource.rb +1 -1
  10. data/lib/aws-sdk-securityhub/types.rb +3478 -77
  11. metadata +8 -5
data/lib/aws-sdk-securityhub/errors.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
data/lib/aws-sdk-securityhub/resource.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -85,6 +85,313 @@ module Aws::SecurityHub
85
85
  include Aws::Structure
86
86
  end
87
87
 
88
+ # Provides details about one of the following actions that affects or
89
+ # that was taken on a resource:
90
+ #
91
+ # * A remote IP address issued an AWS API call
92
+ #
93
+ # * A DNS request was received
94
+ #
95
+ # * A remote IP address attempted to connect to an EC2 instance
96
+ #
97
+ # * A remote IP address attempted a port probe on an EC2 instance
98
+ #
99
+ # @note When making an API call, you may pass Action
100
+ # data as a hash:
101
+ #
102
+ # {
103
+ # action_type: "NonEmptyString",
104
+ # network_connection_action: {
105
+ # connection_direction: "NonEmptyString",
106
+ # remote_ip_details: {
107
+ # ip_address_v4: "NonEmptyString",
108
+ # organization: {
109
+ # asn: 1,
110
+ # asn_org: "NonEmptyString",
111
+ # isp: "NonEmptyString",
112
+ # org: "NonEmptyString",
113
+ # },
114
+ # country: {
115
+ # country_code: "NonEmptyString",
116
+ # country_name: "NonEmptyString",
117
+ # },
118
+ # city: {
119
+ # city_name: "NonEmptyString",
120
+ # },
121
+ # geo_location: {
122
+ # lon: 1.0,
123
+ # lat: 1.0,
124
+ # },
125
+ # },
126
+ # remote_port_details: {
127
+ # port: 1,
128
+ # port_name: "NonEmptyString",
129
+ # },
130
+ # local_port_details: {
131
+ # port: 1,
132
+ # port_name: "NonEmptyString",
133
+ # },
134
+ # protocol: "NonEmptyString",
135
+ # blocked: false,
136
+ # },
137
+ # aws_api_call_action: {
138
+ # api: "NonEmptyString",
139
+ # service_name: "NonEmptyString",
140
+ # caller_type: "NonEmptyString",
141
+ # remote_ip_details: {
142
+ # ip_address_v4: "NonEmptyString",
143
+ # organization: {
144
+ # asn: 1,
145
+ # asn_org: "NonEmptyString",
146
+ # isp: "NonEmptyString",
147
+ # org: "NonEmptyString",
148
+ # },
149
+ # country: {
150
+ # country_code: "NonEmptyString",
151
+ # country_name: "NonEmptyString",
152
+ # },
153
+ # city: {
154
+ # city_name: "NonEmptyString",
155
+ # },
156
+ # geo_location: {
157
+ # lon: 1.0,
158
+ # lat: 1.0,
159
+ # },
160
+ # },
161
+ # domain_details: {
162
+ # domain: "NonEmptyString",
163
+ # },
164
+ # affected_resources: {
165
+ # "NonEmptyString" => "NonEmptyString",
166
+ # },
167
+ # first_seen: "NonEmptyString",
168
+ # last_seen: "NonEmptyString",
169
+ # },
170
+ # dns_request_action: {
171
+ # domain: "NonEmptyString",
172
+ # protocol: "NonEmptyString",
173
+ # blocked: false,
174
+ # },
175
+ # port_probe_action: {
176
+ # port_probe_details: [
177
+ # {
178
+ # local_port_details: {
179
+ # port: 1,
180
+ # port_name: "NonEmptyString",
181
+ # },
182
+ # local_ip_details: {
183
+ # ip_address_v4: "NonEmptyString",
184
+ # },
185
+ # remote_ip_details: {
186
+ # ip_address_v4: "NonEmptyString",
187
+ # organization: {
188
+ # asn: 1,
189
+ # asn_org: "NonEmptyString",
190
+ # isp: "NonEmptyString",
191
+ # org: "NonEmptyString",
192
+ # },
193
+ # country: {
194
+ # country_code: "NonEmptyString",
195
+ # country_name: "NonEmptyString",
196
+ # },
197
+ # city: {
198
+ # city_name: "NonEmptyString",
199
+ # },
200
+ # geo_location: {
201
+ # lon: 1.0,
202
+ # lat: 1.0,
203
+ # },
204
+ # },
205
+ # },
206
+ # ],
207
+ # blocked: false,
208
+ # },
209
+ # }
210
+ #
211
+ # @!attribute [rw] action_type
212
+ # The type of action that was detected. The possible action types are:
213
+ #
214
+ # * `NETWORK_CONNECTION`
215
+ #
216
+ # * `AWS_API_CALL`
217
+ #
218
+ # * `DNS_REQUEST`
219
+ #
220
+ # * `PORT_PROBE`
221
+ # @return [String]
222
+ #
223
+ # @!attribute [rw] network_connection_action
224
+ # Included if `ActionType` is `NETWORK_CONNECTION`. Provides details
225
+ # about the network connection that was detected.
226
+ # @return [Types::NetworkConnectionAction]
227
+ #
228
+ # @!attribute [rw] aws_api_call_action
229
+ # Included if `ActionType` is `AWS_API_CALL`. Provides details about
230
+ # the API call that was detected.
231
+ # @return [Types::AwsApiCallAction]
232
+ #
233
+ # @!attribute [rw] dns_request_action
234
+ # Included if `ActionType` is `DNS_REQUEST`. Provides details about
235
+ # the DNS request that was detected.
236
+ # @return [Types::DnsRequestAction]
237
+ #
238
+ # @!attribute [rw] port_probe_action
239
+ # Included if `ActionType` is `PORT_PROBE`. Provides details about the
240
+ # port probe that was detected.
241
+ # @return [Types::PortProbeAction]
242
+ #
243
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Action AWS API Documentation
244
+ #
245
+ class Action < Struct.new(
246
+ :action_type,
247
+ :network_connection_action,
248
+ :aws_api_call_action,
249
+ :dns_request_action,
250
+ :port_probe_action)
251
+ SENSITIVE = []
252
+ include Aws::Structure
253
+ end
254
+
255
+ # Provides information about the IP address where the scanned port is
256
+ # located.
257
+ #
258
+ # @note When making an API call, you may pass ActionLocalIpDetails
259
+ # data as a hash:
260
+ #
261
+ # {
262
+ # ip_address_v4: "NonEmptyString",
263
+ # }
264
+ #
265
+ # @!attribute [rw] ip_address_v4
266
+ # The IP address.
267
+ # @return [String]
268
+ #
269
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalIpDetails AWS API Documentation
270
+ #
271
+ class ActionLocalIpDetails < Struct.new(
272
+ :ip_address_v4)
273
+ SENSITIVE = []
274
+ include Aws::Structure
275
+ end
276
+
277
+ # For `NetworkConnectionAction` and `PortProbeDetails`,
278
+ # `LocalPortDetails` provides information about the local port that was
279
+ # involved in the action.
280
+ #
281
+ # @note When making an API call, you may pass ActionLocalPortDetails
282
+ # data as a hash:
283
+ #
284
+ # {
285
+ # port: 1,
286
+ # port_name: "NonEmptyString",
287
+ # }
288
+ #
289
+ # @!attribute [rw] port
290
+ # The number of the port.
291
+ # @return [Integer]
292
+ #
293
+ # @!attribute [rw] port_name
294
+ # The port name of the local connection.
295
+ # @return [String]
296
+ #
297
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalPortDetails AWS API Documentation
298
+ #
299
+ class ActionLocalPortDetails < Struct.new(
300
+ :port,
301
+ :port_name)
302
+ SENSITIVE = []
303
+ include Aws::Structure
304
+ end
305
+
306
+ # For `AwsApiAction`, `NetworkConnectionAction`, and `PortProbeAction`,
307
+ # `RemoteIpDetails` provides information about the remote IP address
308
+ # that was involved in the action.
309
+ #
310
+ # @note When making an API call, you may pass ActionRemoteIpDetails
311
+ # data as a hash:
312
+ #
313
+ # {
314
+ # ip_address_v4: "NonEmptyString",
315
+ # organization: {
316
+ # asn: 1,
317
+ # asn_org: "NonEmptyString",
318
+ # isp: "NonEmptyString",
319
+ # org: "NonEmptyString",
320
+ # },
321
+ # country: {
322
+ # country_code: "NonEmptyString",
323
+ # country_name: "NonEmptyString",
324
+ # },
325
+ # city: {
326
+ # city_name: "NonEmptyString",
327
+ # },
328
+ # geo_location: {
329
+ # lon: 1.0,
330
+ # lat: 1.0,
331
+ # },
332
+ # }
333
+ #
334
+ # @!attribute [rw] ip_address_v4
335
+ # The IP address.
336
+ # @return [String]
337
+ #
338
+ # @!attribute [rw] organization
339
+ # The internet service provider (ISP) organization associated with the
340
+ # remote IP address.
341
+ # @return [Types::IpOrganizationDetails]
342
+ #
343
+ # @!attribute [rw] country
344
+ # The country where the remote IP address is located.
345
+ # @return [Types::Country]
346
+ #
347
+ # @!attribute [rw] city
348
+ # The city where the remote IP address is located.
349
+ # @return [Types::City]
350
+ #
351
+ # @!attribute [rw] geo_location
352
+ # The coordinates of the location of the remote IP address.
353
+ # @return [Types::GeoLocation]
354
+ #
355
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemoteIpDetails AWS API Documentation
356
+ #
357
+ class ActionRemoteIpDetails < Struct.new(
358
+ :ip_address_v4,
359
+ :organization,
360
+ :country,
361
+ :city,
362
+ :geo_location)
363
+ SENSITIVE = []
364
+ include Aws::Structure
365
+ end
366
+
367
+ # Provides information about the remote port that was involved in an
368
+ # attempted network connection.
369
+ #
370
+ # @note When making an API call, you may pass ActionRemotePortDetails
371
+ # data as a hash:
372
+ #
373
+ # {
374
+ # port: 1,
375
+ # port_name: "NonEmptyString",
376
+ # }
377
+ #
378
+ # @!attribute [rw] port
379
+ # The number of the port.
380
+ # @return [Integer]
381
+ #
382
+ # @!attribute [rw] port_name
383
+ # The port name of the remote connection.
384
+ # @return [String]
385
+ #
386
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemotePortDetails AWS API Documentation
387
+ #
388
+ class ActionRemotePortDetails < Struct.new(
389
+ :port,
390
+ :port_name)
391
+ SENSITIVE = []
392
+ include Aws::Structure
393
+ end
394
+
88
395
  # An `ActionTarget` object.
89
396
  #
90
397
  # @!attribute [rw] action_target_arn
@@ -160,6 +467,120 @@ module Aws::SecurityHub
160
467
  include Aws::Structure
161
468
  end
162
469
 
470
+ # Provided if `ActionType` is `AWS_API_CALL`. It provides details about
471
+ # the API call that was detected.
472
+ #
473
+ # @note When making an API call, you may pass AwsApiCallAction
474
+ # data as a hash:
475
+ #
476
+ # {
477
+ # api: "NonEmptyString",
478
+ # service_name: "NonEmptyString",
479
+ # caller_type: "NonEmptyString",
480
+ # remote_ip_details: {
481
+ # ip_address_v4: "NonEmptyString",
482
+ # organization: {
483
+ # asn: 1,
484
+ # asn_org: "NonEmptyString",
485
+ # isp: "NonEmptyString",
486
+ # org: "NonEmptyString",
487
+ # },
488
+ # country: {
489
+ # country_code: "NonEmptyString",
490
+ # country_name: "NonEmptyString",
491
+ # },
492
+ # city: {
493
+ # city_name: "NonEmptyString",
494
+ # },
495
+ # geo_location: {
496
+ # lon: 1.0,
497
+ # lat: 1.0,
498
+ # },
499
+ # },
500
+ # domain_details: {
501
+ # domain: "NonEmptyString",
502
+ # },
503
+ # affected_resources: {
504
+ # "NonEmptyString" => "NonEmptyString",
505
+ # },
506
+ # first_seen: "NonEmptyString",
507
+ # last_seen: "NonEmptyString",
508
+ # }
509
+ #
510
+ # @!attribute [rw] api
511
+ # The name of the API method that was issued.
512
+ # @return [String]
513
+ #
514
+ # @!attribute [rw] service_name
515
+ # The name of the AWS service that the API method belongs to.
516
+ # @return [String]
517
+ #
518
+ # @!attribute [rw] caller_type
519
+ # Indicates whether the API call originated from a remote IP address
520
+ # (`remoteip`) or from a DNS domain (`domain`).
521
+ # @return [String]
522
+ #
523
+ # @!attribute [rw] remote_ip_details
524
+ # Provided if `CallerType` is `remoteIp`. Provides information about
525
+ # the remote IP address that the API call originated from.
526
+ # @return [Types::ActionRemoteIpDetails]
527
+ #
528
+ # @!attribute [rw] domain_details
529
+ # Provided if `CallerType` is `domain`. Provides information about the
530
+ # DNS domain that the API call originated from.
531
+ # @return [Types::AwsApiCallActionDomainDetails]
532
+ #
533
+ # @!attribute [rw] affected_resources
534
+ # Identifies the resources that were affected by the API call.
535
+ # @return [Hash<String,String>]
536
+ #
537
+ # @!attribute [rw] first_seen
538
+ # An ISO8601-formatted timestamp that indicates when the API call was
539
+ # first observed.
540
+ # @return [String]
541
+ #
542
+ # @!attribute [rw] last_seen
543
+ # An ISO8601-formatted timestamp that indicates when the API call was
544
+ # most recently observed.
545
+ # @return [String]
546
+ #
547
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallAction AWS API Documentation
548
+ #
549
+ class AwsApiCallAction < Struct.new(
550
+ :api,
551
+ :service_name,
552
+ :caller_type,
553
+ :remote_ip_details,
554
+ :domain_details,
555
+ :affected_resources,
556
+ :first_seen,
557
+ :last_seen)
558
+ SENSITIVE = []
559
+ include Aws::Structure
560
+ end
561
+
562
+ # Provided if `CallerType` is `domain`. It provides information about
563
+ # the DNS domain that issued the API call.
564
+ #
565
+ # @note When making an API call, you may pass AwsApiCallActionDomainDetails
566
+ # data as a hash:
567
+ #
568
+ # {
569
+ # domain: "NonEmptyString",
570
+ # }
571
+ #
572
+ # @!attribute [rw] domain
573
+ # The name of the DNS domain that issued the API call.
574
+ # @return [String]
575
+ #
576
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallActionDomainDetails AWS API Documentation
577
+ #
578
+ class AwsApiCallActionDomainDetails < Struct.new(
579
+ :domain)
580
+ SENSITIVE = []
581
+ include Aws::Structure
582
+ end
583
+
163
584
  # Contains information about settings for logging access for the stage.
164
585
  #
165
586
  # @note When making an API call, you may pass AwsApiGatewayAccessLogSettings
@@ -3488,6 +3909,19 @@ module Aws::SecurityHub
3488
3909
  # },
3489
3910
  # ],
3490
3911
  # source_dest_check: false,
3912
+ # ip_v6_addresses: [
3913
+ # {
3914
+ # ip_v6_address: "NonEmptyString",
3915
+ # },
3916
+ # ],
3917
+ # private_ip_addresses: [
3918
+ # {
3919
+ # private_ip_address: "NonEmptyString",
3920
+ # private_dns_name: "NonEmptyString",
3921
+ # },
3922
+ # ],
3923
+ # public_dns_name: "NonEmptyString",
3924
+ # public_ip: "NonEmptyString",
3491
3925
  # }
3492
3926
  #
3493
3927
  # @!attribute [rw] attachment
@@ -3506,13 +3940,84 @@ module Aws::SecurityHub
3506
3940
  # Indicates whether traffic to or from the instance is validated.
3507
3941
  # @return [Boolean]
3508
3942
  #
3943
+ # @!attribute [rw] ip_v6_addresses
3944
+ # The IPv6 addresses associated with the network interface.
3945
+ # @return [Array<Types::AwsEc2NetworkInterfaceIpV6AddressDetail>]
3946
+ #
3947
+ # @!attribute [rw] private_ip_addresses
3948
+ # The private IPv4 addresses associated with the network interface.
3949
+ # @return [Array<Types::AwsEc2NetworkInterfacePrivateIpAddressDetail>]
3950
+ #
3951
+ # @!attribute [rw] public_dns_name
3952
+ # The public DNS name of the network interface.
3953
+ # @return [String]
3954
+ #
3955
+ # @!attribute [rw] public_ip
3956
+ # The address of the Elastic IP address bound to the network
3957
+ # interface.
3958
+ # @return [String]
3959
+ #
3509
3960
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceDetails AWS API Documentation
3510
3961
  #
3511
3962
  class AwsEc2NetworkInterfaceDetails < Struct.new(
3512
3963
  :attachment,
3513
3964
  :network_interface_id,
3514
3965
  :security_groups,
3515
- :source_dest_check)
3966
+ :source_dest_check,
3967
+ :ip_v6_addresses,
3968
+ :private_ip_addresses,
3969
+ :public_dns_name,
3970
+ :public_ip)
3971
+ SENSITIVE = []
3972
+ include Aws::Structure
3973
+ end
3974
+
3975
+ # Provides information about an IPV6 address that is associated with the
3976
+ # network interface.
3977
+ #
3978
+ # @note When making an API call, you may pass AwsEc2NetworkInterfaceIpV6AddressDetail
3979
+ # data as a hash:
3980
+ #
3981
+ # {
3982
+ # ip_v6_address: "NonEmptyString",
3983
+ # }
3984
+ #
3985
+ # @!attribute [rw] ip_v6_address
3986
+ # The IPV6 address.
3987
+ # @return [String]
3988
+ #
3989
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceIpV6AddressDetail AWS API Documentation
3990
+ #
3991
+ class AwsEc2NetworkInterfaceIpV6AddressDetail < Struct.new(
3992
+ :ip_v6_address)
3993
+ SENSITIVE = []
3994
+ include Aws::Structure
3995
+ end
3996
+
3997
+ # Provides information about a private IPv4 address that is with the
3998
+ # network interface.
3999
+ #
4000
+ # @note When making an API call, you may pass AwsEc2NetworkInterfacePrivateIpAddressDetail
4001
+ # data as a hash:
4002
+ #
4003
+ # {
4004
+ # private_ip_address: "NonEmptyString",
4005
+ # private_dns_name: "NonEmptyString",
4006
+ # }
4007
+ #
4008
+ # @!attribute [rw] private_ip_address
4009
+ # The IP address.
4010
+ # @return [String]
4011
+ #
4012
+ # @!attribute [rw] private_dns_name
4013
+ # The private DNS name for the IP address.
4014
+ # @return [String]
4015
+ #
4016
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfacePrivateIpAddressDetail AWS API Documentation
4017
+ #
4018
+ class AwsEc2NetworkInterfacePrivateIpAddressDetail < Struct.new(
4019
+ :private_ip_address,
4020
+ :private_dns_name)
3516
4021
  SENSITIVE = []
3517
4022
  include Aws::Structure
3518
4023
  end
@@ -6884,6 +7389,8 @@ module Aws::SecurityHub
6884
7389
  # @return [String]
6885
7390
  #
6886
7391
  # @!attribute [rw] engine
7392
+ # The name of the database engine that you want to use for this DB
7393
+ # instance.
6887
7394
  # @return [String]
6888
7395
  #
6889
7396
  # @!attribute [rw] allocated_storage
@@ -7667,6 +8174,8 @@ module Aws::SecurityHub
7667
8174
  include Aws::Structure
7668
8175
  end
7669
8176
 
8177
+ # An option group membership.
8178
+ #
7670
8179
  # @note When making an API call, you may pass AwsRdsDbOptionGroupMembership
7671
8180
  # data as a hash:
7672
8181
  #
@@ -7676,9 +8185,11 @@ module Aws::SecurityHub
7676
8185
  # }
7677
8186
  #
7678
8187
  # @!attribute [rw] option_group_name
8188
+ # The name of the option group.
7679
8189
  # @return [String]
7680
8190
  #
7681
8191
  # @!attribute [rw] status
8192
+ # The status of the option group membership.
7682
8193
  # @return [String]
7683
8194
  #
7684
8195
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbOptionGroupMembership AWS API Documentation
@@ -7690,6 +8201,8 @@ module Aws::SecurityHub
7690
8201
  include Aws::Structure
7691
8202
  end
7692
8203
 
8204
+ # Provides information about a parameter group for a DB instance.
8205
+ #
7693
8206
  # @note When making an API call, you may pass AwsRdsDbParameterGroup
7694
8207
  # data as a hash:
7695
8208
  #
@@ -7699,9 +8212,11 @@ module Aws::SecurityHub
7699
8212
  # }
7700
8213
  #
7701
8214
  # @!attribute [rw] db_parameter_group_name
8215
+ # The name of the parameter group.
7702
8216
  # @return [String]
7703
8217
  #
7704
8218
  # @!attribute [rw] parameter_apply_status
8219
+ # The status of parameter updates.
7705
8220
  # @return [String]
7706
8221
  #
7707
8222
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbParameterGroup AWS API Documentation
@@ -7713,6 +8228,8 @@ module Aws::SecurityHub
7713
8228
  include Aws::Structure
7714
8229
  end
7715
8230
 
8231
+ # Changes to a DB instance that are currently pending.
8232
+ #
7716
8233
  # @note When making an API call, you may pass AwsRdsDbPendingModifiedValues
7717
8234
  # data as a hash:
7718
8235
  #
@@ -7743,48 +8260,64 @@ module Aws::SecurityHub
7743
8260
  # }
7744
8261
  #
7745
8262
  # @!attribute [rw] db_instance_class
8263
+ # The new DB instance class for the DB instance.
7746
8264
  # @return [String]
7747
8265
  #
7748
8266
  # @!attribute [rw] allocated_storage
8267
+ # The new value of the allocated storage for the DB instance.
7749
8268
  # @return [Integer]
7750
8269
  #
7751
8270
  # @!attribute [rw] master_user_password
8271
+ # The new master user password for the DB instance.
7752
8272
  # @return [String]
7753
8273
  #
7754
8274
  # @!attribute [rw] port
8275
+ # The new port for the DB instance.
7755
8276
  # @return [Integer]
7756
8277
  #
7757
8278
  # @!attribute [rw] backup_retention_period
8279
+ # The new backup retention period for the DB instance.
7758
8280
  # @return [Integer]
7759
8281
  #
7760
8282
  # @!attribute [rw] multi_az
8283
+ # Indicates that a single Availability Zone DB instance is changing to
8284
+ # a multiple Availability Zone deployment.
7761
8285
  # @return [Boolean]
7762
8286
  #
7763
8287
  # @!attribute [rw] engine_version
8288
+ # The new engine version for the DB instance.
7764
8289
  # @return [String]
7765
8290
  #
7766
8291
  # @!attribute [rw] license_model
8292
+ # The new license model value for the DB instance.
7767
8293
  # @return [String]
7768
8294
  #
7769
8295
  # @!attribute [rw] iops
8296
+ # The new provisioned IOPS value for the DB instance.
7770
8297
  # @return [Integer]
7771
8298
  #
7772
8299
  # @!attribute [rw] db_instance_identifier
8300
+ # The new DB instance identifier for the DB instance.
7773
8301
  # @return [String]
7774
8302
  #
7775
8303
  # @!attribute [rw] storage_type
8304
+ # The new storage type for the DB instance.
7776
8305
  # @return [String]
7777
8306
  #
7778
8307
  # @!attribute [rw] ca_certificate_identifier
8308
+ # The new CA certificate identifier for the DB instance.
7779
8309
  # @return [String]
7780
8310
  #
7781
8311
  # @!attribute [rw] db_subnet_group_name
8312
+ # The name of the new subnet group for the DB instance.
7782
8313
  # @return [String]
7783
8314
  #
7784
8315
  # @!attribute [rw] pending_cloud_watch_logs_exports
8316
+ # A list of log types that are being enabled or disabled.
7785
8317
  # @return [Types::AwsRdsPendingCloudWatchLogsExports]
7786
8318
  #
7787
8319
  # @!attribute [rw] processor_features
8320
+ # Processor features that are being updated.
7788
8321
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7789
8322
  #
7790
8323
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbPendingModifiedValues AWS API Documentation
@@ -7809,6 +8342,8 @@ module Aws::SecurityHub
7809
8342
  include Aws::Structure
7810
8343
  end
7811
8344
 
8345
+ # A processor feature.
8346
+ #
7812
8347
  # @note When making an API call, you may pass AwsRdsDbProcessorFeature
7813
8348
  # data as a hash:
7814
8349
  #
@@ -7818,9 +8353,11 @@ module Aws::SecurityHub
7818
8353
  # }
7819
8354
  #
7820
8355
  # @!attribute [rw] name
8356
+ # The name of the processor feature.
7821
8357
  # @return [String]
7822
8358
  #
7823
8359
  # @!attribute [rw] value
8360
+ # The value of the processor feature.
7824
8361
  # @return [String]
7825
8362
  #
7826
8363
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbProcessorFeature AWS API Documentation
@@ -7832,6 +8369,8 @@ module Aws::SecurityHub
7832
8369
  include Aws::Structure
7833
8370
  end
7834
8371
 
8372
+ # Provides details about an Amazon RDS DB cluster snapshot.
8373
+ #
7835
8374
  # @note When making an API call, you may pass AwsRdsDbSnapshotDetails
7836
8375
  # data as a hash:
7837
8376
  #
@@ -7871,84 +8410,120 @@ module Aws::SecurityHub
7871
8410
  # }
7872
8411
  #
7873
8412
  # @!attribute [rw] db_snapshot_identifier
8413
+ # The name or ARN of the DB snapshot that is used to restore the DB
8414
+ # instance.
7874
8415
  # @return [String]
7875
8416
  #
7876
8417
  # @!attribute [rw] db_instance_identifier
8418
+ # A name for the DB instance.
7877
8419
  # @return [String]
7878
8420
  #
7879
8421
  # @!attribute [rw] snapshot_create_time
8422
+ # When the snapshot was taken in Coordinated Universal Time (UTC).
7880
8423
  # @return [String]
7881
8424
  #
7882
8425
  # @!attribute [rw] engine
8426
+ # The name of the database engine to use for this DB instance.
7883
8427
  # @return [String]
7884
8428
  #
7885
8429
  # @!attribute [rw] allocated_storage
8430
+ # The amount of storage (in gigabytes) to be initially allocated for
8431
+ # the database instance.
7886
8432
  # @return [Integer]
7887
8433
  #
7888
8434
  # @!attribute [rw] status
8435
+ # The status of this DB snapshot.
7889
8436
  # @return [String]
7890
8437
  #
7891
8438
  # @!attribute [rw] port
8439
+ # The port that the database engine was listening on at the time of
8440
+ # the snapshot.
7892
8441
  # @return [Integer]
7893
8442
  #
7894
8443
  # @!attribute [rw] availability_zone
8444
+ # Specifies the name of the Availability Zone in which the DB instance
8445
+ # was located at the time of the DB snapshot.
7895
8446
  # @return [String]
7896
8447
  #
7897
8448
  # @!attribute [rw] vpc_id
8449
+ # The VPC ID associated with the DB snapshot.
7898
8450
  # @return [String]
7899
8451
  #
7900
8452
  # @!attribute [rw] instance_create_time
8453
+ # Specifies the time in Coordinated Universal Time (UTC) when the DB
8454
+ # instance, from which the snapshot was taken, was created.
7901
8455
  # @return [String]
7902
8456
  #
7903
8457
  # @!attribute [rw] master_username
8458
+ # The master user name for the DB snapshot.
7904
8459
  # @return [String]
7905
8460
  #
7906
8461
  # @!attribute [rw] engine_version
8462
+ # The version of the database engine.
7907
8463
  # @return [String]
7908
8464
  #
7909
8465
  # @!attribute [rw] license_model
8466
+ # License model information for the restored DB instance.
7910
8467
  # @return [String]
7911
8468
  #
7912
8469
  # @!attribute [rw] snapshot_type
8470
+ # The type of the DB snapshot.
7913
8471
  # @return [String]
7914
8472
  #
7915
8473
  # @!attribute [rw] iops
8474
+ # The provisioned IOPS (I/O operations per second) value of the DB
8475
+ # instance at the time of the snapshot.
7916
8476
  # @return [Integer]
7917
8477
  #
7918
8478
  # @!attribute [rw] option_group_name
8479
+ # The option group name for the DB snapshot.
7919
8480
  # @return [String]
7920
8481
  #
7921
8482
  # @!attribute [rw] percent_progress
8483
+ # The percentage of the estimated data that has been transferred.
7922
8484
  # @return [Integer]
7923
8485
  #
7924
8486
  # @!attribute [rw] source_region
8487
+ # The AWS Region that the DB snapshot was created in or copied from.
7925
8488
  # @return [String]
7926
8489
  #
7927
8490
  # @!attribute [rw] source_db_snapshot_identifier
8491
+ # The DB snapshot ARN that the DB snapshot was copied from.
7928
8492
  # @return [String]
7929
8493
  #
7930
8494
  # @!attribute [rw] storage_type
8495
+ # The storage type associated with the DB snapshot.
7931
8496
  # @return [String]
7932
8497
  #
7933
8498
  # @!attribute [rw] tde_credential_arn
8499
+ # The ARN from the key store with which to associate the instance for
8500
+ # TDE encryption.
7934
8501
  # @return [String]
7935
8502
  #
7936
8503
  # @!attribute [rw] encrypted
8504
+ # Whether the DB snapshot is encrypted.
7937
8505
  # @return [Boolean]
7938
8506
  #
7939
8507
  # @!attribute [rw] kms_key_id
8508
+ # If `Encrypted` is `true`, the AWS KMS key identifier for the
8509
+ # encrypted DB snapshot.
7940
8510
  # @return [String]
7941
8511
  #
7942
8512
  # @!attribute [rw] timezone
8513
+ # The time zone of the DB snapshot.
7943
8514
  # @return [String]
7944
8515
  #
7945
8516
  # @!attribute [rw] iam_database_authentication_enabled
8517
+ # Whether mapping of IAM accounts to database accounts is enabled.
7946
8518
  # @return [Boolean]
7947
8519
  #
7948
8520
  # @!attribute [rw] processor_features
8521
+ # The number of CPU cores and the number of threads per core for the
8522
+ # DB instance class of the DB instance.
7949
8523
  # @return [Array<Types::AwsRdsDbProcessorFeature>]
7950
8524
  #
7951
8525
  # @!attribute [rw] dbi_resource_id
8526
+ # The identifier for the source DB instance.
7952
8527
  # @return [String]
7953
8528
  #
7954
8529
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSnapshotDetails AWS API Documentation
@@ -9190,6 +9765,51 @@ module Aws::SecurityHub
9190
9765
  include Aws::Structure
9191
9766
  end
9192
9767
 
9768
+ # provides information about the Amazon S3 Public Access Block
9769
+ # configuration for accounts.
9770
+ #
9771
+ # @note When making an API call, you may pass AwsS3AccountPublicAccessBlockDetails
9772
+ # data as a hash:
9773
+ #
9774
+ # {
9775
+ # block_public_acls: false,
9776
+ # block_public_policy: false,
9777
+ # ignore_public_acls: false,
9778
+ # restrict_public_buckets: false,
9779
+ # }
9780
+ #
9781
+ # @!attribute [rw] block_public_acls
9782
+ # Indicates whether to reject calls to update an S3 bucket if the
9783
+ # calls include a public access control list (ACL).
9784
+ # @return [Boolean]
9785
+ #
9786
+ # @!attribute [rw] block_public_policy
9787
+ # Indicates whether to reject calls to update the access policy for an
9788
+ # S3 bucket or access point if the policy allows public access.
9789
+ # @return [Boolean]
9790
+ #
9791
+ # @!attribute [rw] ignore_public_acls
9792
+ # Indicates whether Amazon S3 ignores public ACLs that are associated
9793
+ # with an S3 bucket.
9794
+ # @return [Boolean]
9795
+ #
9796
+ # @!attribute [rw] restrict_public_buckets
9797
+ # Indicates whether to restrict access to an access point or S3 bucket
9798
+ # that has a public policy to only AWS service principals and
9799
+ # authorized users within the S3 bucket owner's account.
9800
+ # @return [Boolean]
9801
+ #
9802
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3AccountPublicAccessBlockDetails AWS API Documentation
9803
+ #
9804
+ class AwsS3AccountPublicAccessBlockDetails < Struct.new(
9805
+ :block_public_acls,
9806
+ :block_public_policy,
9807
+ :ignore_public_acls,
9808
+ :restrict_public_buckets)
9809
+ SENSITIVE = []
9810
+ include Aws::Structure
9811
+ end
9812
+
9193
9813
  # The details of an Amazon S3 bucket.
9194
9814
  #
9195
9815
  # @note When making an API call, you may pass AwsS3BucketDetails
@@ -9209,6 +9829,12 @@ module Aws::SecurityHub
9209
9829
  # },
9210
9830
  # ],
9211
9831
  # },
9832
+ # public_access_block_configuration: {
9833
+ # block_public_acls: false,
9834
+ # block_public_policy: false,
9835
+ # ignore_public_acls: false,
9836
+ # restrict_public_buckets: false,
9837
+ # },
9212
9838
  # }
9213
9839
  #
9214
9840
  # @!attribute [rw] owner_id
@@ -9235,13 +9861,19 @@ module Aws::SecurityHub
9235
9861
  # The encryption rules that are applied to the S3 bucket.
9236
9862
  # @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
9237
9863
  #
9864
+ # @!attribute [rw] public_access_block_configuration
9865
+ # Provides information about the Amazon S3 Public Access Block
9866
+ # configuration for the S3 bucket.
9867
+ # @return [Types::AwsS3AccountPublicAccessBlockDetails]
9868
+ #
9238
9869
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
9239
9870
  #
9240
9871
  class AwsS3BucketDetails < Struct.new(
9241
9872
  :owner_id,
9242
9873
  :owner_name,
9243
9874
  :created_at,
9244
- :server_side_encryption_configuration)
9875
+ :server_side_encryption_configuration,
9876
+ :public_access_block_configuration)
9245
9877
  SENSITIVE = []
9246
9878
  include Aws::Structure
9247
9879
  end
@@ -9502,12 +10134,12 @@ module Aws::SecurityHub
9502
10134
  # product_arn: "NonEmptyString", # required
9503
10135
  # generator_id: "NonEmptyString", # required
9504
10136
  # aws_account_id: "NonEmptyString", # required
9505
- # types: ["NonEmptyString"], # required
10137
+ # types: ["NonEmptyString"],
9506
10138
  # first_observed_at: "NonEmptyString",
9507
10139
  # last_observed_at: "NonEmptyString",
9508
10140
  # created_at: "NonEmptyString", # required
9509
10141
  # updated_at: "NonEmptyString", # required
9510
- # severity: { # required
10142
+ # severity: {
9511
10143
  # product: 1.0,
9512
10144
  # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
9513
10145
  # normalized: 1,
@@ -9631,12 +10263,136 @@ module Aws::SecurityHub
9631
10263
  # tags: {
9632
10264
  # "NonEmptyString" => "NonEmptyString",
9633
10265
  # },
9634
- # details: {
9635
- # aws_auto_scaling_auto_scaling_group: {
9636
- # launch_configuration_name: "NonEmptyString",
9637
- # load_balancer_names: ["NonEmptyString"],
9638
- # health_check_type: "NonEmptyString",
9639
- # health_check_grace_period: 1,
10266
+ # data_classification: {
10267
+ # detailed_results_location: "NonEmptyString",
10268
+ # result: {
10269
+ # mime_type: "NonEmptyString",
10270
+ # size_classified: 1,
10271
+ # additional_occurrences: false,
10272
+ # status: {
10273
+ # code: "NonEmptyString",
10274
+ # reason: "NonEmptyString",
10275
+ # },
10276
+ # sensitive_data: [
10277
+ # {
10278
+ # category: "NonEmptyString",
10279
+ # detections: [
10280
+ # {
10281
+ # count: 1,
10282
+ # type: "NonEmptyString",
10283
+ # occurrences: {
10284
+ # line_ranges: [
10285
+ # {
10286
+ # start: 1,
10287
+ # end: 1,
10288
+ # start_column: 1,
10289
+ # },
10290
+ # ],
10291
+ # offset_ranges: [
10292
+ # {
10293
+ # start: 1,
10294
+ # end: 1,
10295
+ # start_column: 1,
10296
+ # },
10297
+ # ],
10298
+ # pages: [
10299
+ # {
10300
+ # page_number: 1,
10301
+ # line_range: {
10302
+ # start: 1,
10303
+ # end: 1,
10304
+ # start_column: 1,
10305
+ # },
10306
+ # offset_range: {
10307
+ # start: 1,
10308
+ # end: 1,
10309
+ # start_column: 1,
10310
+ # },
10311
+ # },
10312
+ # ],
10313
+ # records: [
10314
+ # {
10315
+ # json_path: "NonEmptyString",
10316
+ # record_index: 1,
10317
+ # },
10318
+ # ],
10319
+ # cells: [
10320
+ # {
10321
+ # column: 1,
10322
+ # row: 1,
10323
+ # column_name: "NonEmptyString",
10324
+ # cell_reference: "NonEmptyString",
10325
+ # },
10326
+ # ],
10327
+ # },
10328
+ # },
10329
+ # ],
10330
+ # total_count: 1,
10331
+ # },
10332
+ # ],
10333
+ # custom_data_identifiers: {
10334
+ # detections: [
10335
+ # {
10336
+ # count: 1,
10337
+ # arn: "NonEmptyString",
10338
+ # name: "NonEmptyString",
10339
+ # occurrences: {
10340
+ # line_ranges: [
10341
+ # {
10342
+ # start: 1,
10343
+ # end: 1,
10344
+ # start_column: 1,
10345
+ # },
10346
+ # ],
10347
+ # offset_ranges: [
10348
+ # {
10349
+ # start: 1,
10350
+ # end: 1,
10351
+ # start_column: 1,
10352
+ # },
10353
+ # ],
10354
+ # pages: [
10355
+ # {
10356
+ # page_number: 1,
10357
+ # line_range: {
10358
+ # start: 1,
10359
+ # end: 1,
10360
+ # start_column: 1,
10361
+ # },
10362
+ # offset_range: {
10363
+ # start: 1,
10364
+ # end: 1,
10365
+ # start_column: 1,
10366
+ # },
10367
+ # },
10368
+ # ],
10369
+ # records: [
10370
+ # {
10371
+ # json_path: "NonEmptyString",
10372
+ # record_index: 1,
10373
+ # },
10374
+ # ],
10375
+ # cells: [
10376
+ # {
10377
+ # column: 1,
10378
+ # row: 1,
10379
+ # column_name: "NonEmptyString",
10380
+ # cell_reference: "NonEmptyString",
10381
+ # },
10382
+ # ],
10383
+ # },
10384
+ # },
10385
+ # ],
10386
+ # total_count: 1,
10387
+ # },
10388
+ # },
10389
+ # },
10390
+ # details: {
10391
+ # aws_auto_scaling_auto_scaling_group: {
10392
+ # launch_configuration_name: "NonEmptyString",
10393
+ # load_balancer_names: ["NonEmptyString"],
10394
+ # health_check_type: "NonEmptyString",
10395
+ # health_check_grace_period: 1,
9640
10396
  # created_time: "NonEmptyString",
9641
10397
  # },
9642
10398
  # aws_code_build_project: {
@@ -9741,6 +10497,19 @@ module Aws::SecurityHub
9741
10497
  # },
9742
10498
  # ],
9743
10499
  # source_dest_check: false,
10500
+ # ip_v6_addresses: [
10501
+ # {
10502
+ # ip_v6_address: "NonEmptyString",
10503
+ # },
10504
+ # ],
10505
+ # private_ip_addresses: [
10506
+ # {
10507
+ # private_ip_address: "NonEmptyString",
10508
+ # private_dns_name: "NonEmptyString",
10509
+ # },
10510
+ # ],
10511
+ # public_dns_name: "NonEmptyString",
10512
+ # public_ip: "NonEmptyString",
9744
10513
  # },
9745
10514
  # aws_ec2_security_group: {
9746
10515
  # group_name: "NonEmptyString",
@@ -9919,6 +10688,18 @@ module Aws::SecurityHub
9919
10688
  # },
9920
10689
  # ],
9921
10690
  # },
10691
+ # public_access_block_configuration: {
10692
+ # block_public_acls: false,
10693
+ # block_public_policy: false,
10694
+ # ignore_public_acls: false,
10695
+ # restrict_public_buckets: false,
10696
+ # },
10697
+ # },
10698
+ # aws_s3_account_public_access_block: {
10699
+ # block_public_acls: false,
10700
+ # block_public_policy: false,
10701
+ # ignore_public_acls: false,
10702
+ # restrict_public_buckets: false,
9922
10703
  # },
9923
10704
  # aws_s3_object: {
9924
10705
  # last_modified: "NonEmptyString",
@@ -10241,6 +11022,30 @@ module Aws::SecurityHub
10241
11022
  # sns_topic_name: "NonEmptyString",
10242
11023
  # trail_arn: "NonEmptyString",
10243
11024
  # },
11025
+ # aws_ssm_patch_compliance: {
11026
+ # patch: {
11027
+ # compliance_summary: {
11028
+ # status: "NonEmptyString",
11029
+ # compliant_critical_count: 1,
11030
+ # compliant_high_count: 1,
11031
+ # compliant_medium_count: 1,
11032
+ # execution_type: "NonEmptyString",
11033
+ # non_compliant_critical_count: 1,
11034
+ # compliant_informational_count: 1,
11035
+ # non_compliant_informational_count: 1,
11036
+ # compliant_unspecified_count: 1,
11037
+ # non_compliant_low_count: 1,
11038
+ # non_compliant_high_count: 1,
11039
+ # compliant_low_count: 1,
11040
+ # compliance_type: "NonEmptyString",
11041
+ # patch_baseline_id: "NonEmptyString",
11042
+ # overall_severity: "NonEmptyString",
11043
+ # non_compliant_medium_count: 1,
11044
+ # non_compliant_unspecified_count: 1,
11045
+ # patch_group: "NonEmptyString",
11046
+ # },
11047
+ # },
11048
+ # },
10244
11049
  # aws_certificate_manager_certificate: {
10245
11050
  # certificate_authority_arn: "NonEmptyString",
10246
11051
  # created_at: "NonEmptyString",
@@ -11017,6 +11822,129 @@ module Aws::SecurityHub
11017
11822
  # reboot_option: "NonEmptyString",
11018
11823
  # operation: "NonEmptyString",
11019
11824
  # },
11825
+ # action: {
11826
+ # action_type: "NonEmptyString",
11827
+ # network_connection_action: {
11828
+ # connection_direction: "NonEmptyString",
11829
+ # remote_ip_details: {
11830
+ # ip_address_v4: "NonEmptyString",
11831
+ # organization: {
11832
+ # asn: 1,
11833
+ # asn_org: "NonEmptyString",
11834
+ # isp: "NonEmptyString",
11835
+ # org: "NonEmptyString",
11836
+ # },
11837
+ # country: {
11838
+ # country_code: "NonEmptyString",
11839
+ # country_name: "NonEmptyString",
11840
+ # },
11841
+ # city: {
11842
+ # city_name: "NonEmptyString",
11843
+ # },
11844
+ # geo_location: {
11845
+ # lon: 1.0,
11846
+ # lat: 1.0,
11847
+ # },
11848
+ # },
11849
+ # remote_port_details: {
11850
+ # port: 1,
11851
+ # port_name: "NonEmptyString",
11852
+ # },
11853
+ # local_port_details: {
11854
+ # port: 1,
11855
+ # port_name: "NonEmptyString",
11856
+ # },
11857
+ # protocol: "NonEmptyString",
11858
+ # blocked: false,
11859
+ # },
11860
+ # aws_api_call_action: {
11861
+ # api: "NonEmptyString",
11862
+ # service_name: "NonEmptyString",
11863
+ # caller_type: "NonEmptyString",
11864
+ # remote_ip_details: {
11865
+ # ip_address_v4: "NonEmptyString",
11866
+ # organization: {
11867
+ # asn: 1,
11868
+ # asn_org: "NonEmptyString",
11869
+ # isp: "NonEmptyString",
11870
+ # org: "NonEmptyString",
11871
+ # },
11872
+ # country: {
11873
+ # country_code: "NonEmptyString",
11874
+ # country_name: "NonEmptyString",
11875
+ # },
11876
+ # city: {
11877
+ # city_name: "NonEmptyString",
11878
+ # },
11879
+ # geo_location: {
11880
+ # lon: 1.0,
11881
+ # lat: 1.0,
11882
+ # },
11883
+ # },
11884
+ # domain_details: {
11885
+ # domain: "NonEmptyString",
11886
+ # },
11887
+ # affected_resources: {
11888
+ # "NonEmptyString" => "NonEmptyString",
11889
+ # },
11890
+ # first_seen: "NonEmptyString",
11891
+ # last_seen: "NonEmptyString",
11892
+ # },
11893
+ # dns_request_action: {
11894
+ # domain: "NonEmptyString",
11895
+ # protocol: "NonEmptyString",
11896
+ # blocked: false,
11897
+ # },
11898
+ # port_probe_action: {
11899
+ # port_probe_details: [
11900
+ # {
11901
+ # local_port_details: {
11902
+ # port: 1,
11903
+ # port_name: "NonEmptyString",
11904
+ # },
11905
+ # local_ip_details: {
11906
+ # ip_address_v4: "NonEmptyString",
11907
+ # },
11908
+ # remote_ip_details: {
11909
+ # ip_address_v4: "NonEmptyString",
11910
+ # organization: {
11911
+ # asn: 1,
11912
+ # asn_org: "NonEmptyString",
11913
+ # isp: "NonEmptyString",
11914
+ # org: "NonEmptyString",
11915
+ # },
11916
+ # country: {
11917
+ # country_code: "NonEmptyString",
11918
+ # country_name: "NonEmptyString",
11919
+ # },
11920
+ # city: {
11921
+ # city_name: "NonEmptyString",
11922
+ # },
11923
+ # geo_location: {
11924
+ # lon: 1.0,
11925
+ # lat: 1.0,
11926
+ # },
11927
+ # },
11928
+ # },
11929
+ # ],
11930
+ # blocked: false,
11931
+ # },
11932
+ # },
11933
+ # finding_provider_fields: {
11934
+ # confidence: 1,
11935
+ # criticality: 1,
11936
+ # related_findings: [
11937
+ # {
11938
+ # product_arn: "NonEmptyString", # required
11939
+ # id: "NonEmptyString", # required
11940
+ # },
11941
+ # ],
11942
+ # severity: {
11943
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
11944
+ # original: "NonEmptyString",
11945
+ # },
11946
+ # types: ["NonEmptyString"],
11947
+ # },
11020
11948
  # }
11021
11949
  #
11022
11950
  # @!attribute [rw] schema_version
@@ -11232,6 +12160,17 @@ module Aws::SecurityHub
11232
12160
  # against a selected compliance standard.
11233
12161
  # @return [Types::PatchSummary]
11234
12162
  #
12163
+ # @!attribute [rw] action
12164
+ # Provides details about an action that affects or that was taken on a
12165
+ # resource.
12166
+ # @return [Types::Action]
12167
+ #
12168
+ # @!attribute [rw] finding_provider_fields
12169
+ # In a `BatchImportFindings` request, finding providers use
12170
+ # `FindingProviderFields` to provide and update their own values for
12171
+ # confidence, criticality, related findings, severity, and types.
12172
+ # @return [Types::FindingProviderFields]
12173
+ #
11235
12174
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
11236
12175
  #
11237
12176
  class AwsSecurityFinding < Struct.new(
@@ -11268,7 +12207,9 @@ module Aws::SecurityHub
11268
12207
  :related_findings,
11269
12208
  :note,
11270
12209
  :vulnerabilities,
11271
- :patch_summary)
12210
+ :patch_summary,
12211
+ :action,
12212
+ :finding_provider_fields)
11272
12213
  SENSITIVE = []
11273
12214
  include Aws::Structure
11274
12215
  end
@@ -11837,6 +12778,50 @@ module Aws::SecurityHub
11837
12778
  # value: "NonEmptyString",
11838
12779
  # },
11839
12780
  # ],
12781
+ # finding_provider_fields_confidence: [
12782
+ # {
12783
+ # gte: 1.0,
12784
+ # lte: 1.0,
12785
+ # eq: 1.0,
12786
+ # },
12787
+ # ],
12788
+ # finding_provider_fields_criticality: [
12789
+ # {
12790
+ # gte: 1.0,
12791
+ # lte: 1.0,
12792
+ # eq: 1.0,
12793
+ # },
12794
+ # ],
12795
+ # finding_provider_fields_related_findings_id: [
12796
+ # {
12797
+ # value: "NonEmptyString",
12798
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12799
+ # },
12800
+ # ],
12801
+ # finding_provider_fields_related_findings_product_arn: [
12802
+ # {
12803
+ # value: "NonEmptyString",
12804
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12805
+ # },
12806
+ # ],
12807
+ # finding_provider_fields_severity_label: [
12808
+ # {
12809
+ # value: "NonEmptyString",
12810
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12811
+ # },
12812
+ # ],
12813
+ # finding_provider_fields_severity_original: [
12814
+ # {
12815
+ # value: "NonEmptyString",
12816
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12817
+ # },
12818
+ # ],
12819
+ # finding_provider_fields_types: [
12820
+ # {
12821
+ # value: "NonEmptyString",
12822
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
12823
+ # },
12824
+ # ],
11840
12825
  # }
11841
12826
  #
11842
12827
  # @!attribute [rw] product_arn
@@ -12196,6 +13181,14 @@ module Aws::SecurityHub
12196
13181
  #
12197
13182
  # * `NEW` - The initial state of a finding, before it is reviewed.
12198
13183
  #
13184
+ # Security Hub also resets the workflow status from `NOTIFIED` or
13185
+ # `RESOLVED` to `NEW` in the following cases:
13186
+ #
13187
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
13188
+ #
13189
+ # * The compliance status changes from `PASSED` to either `WARNING`,
13190
+ # `FAILED`, or `NOT_AVAILABLE`.
13191
+ #
12199
13192
  # * `NOTIFIED` - Indicates that the resource owner has been notified
12200
13193
  # about the security issue. Used when the initial reviewer is not
12201
13194
  # the resource owner, and needs intervention from the resource
@@ -12236,6 +13229,52 @@ module Aws::SecurityHub
12236
13229
  # A keyword for a finding.
12237
13230
  # @return [Array<Types::KeywordFilter>]
12238
13231
  #
13232
+ # @!attribute [rw] finding_provider_fields_confidence
13233
+ # The finding provider value for the finding confidence. Confidence is
13234
+ # defined as the likelihood that a finding accurately identifies the
13235
+ # behavior or issue that it was intended to identify.
13236
+ #
13237
+ # Confidence is scored on a 0-100 basis using a ratio scale, where 0
13238
+ # means zero percent confidence and 100 means 100 percent confidence.
13239
+ # @return [Array<Types::NumberFilter>]
13240
+ #
13241
+ # @!attribute [rw] finding_provider_fields_criticality
13242
+ # The finding provider value for the level of importance assigned to
13243
+ # the resources associated with the findings.
13244
+ #
13245
+ # A score of 0 means that the underlying resources have no
13246
+ # criticality, and a score of 100 is reserved for the most critical
13247
+ # resources.
13248
+ # @return [Array<Types::NumberFilter>]
13249
+ #
13250
+ # @!attribute [rw] finding_provider_fields_related_findings_id
13251
+ # The finding identifier of a related finding that is identified by
13252
+ # the finding provider.
13253
+ # @return [Array<Types::StringFilter>]
13254
+ #
13255
+ # @!attribute [rw] finding_provider_fields_related_findings_product_arn
13256
+ # The ARN of the solution that generated a related finding that is
13257
+ # identified by the finding provider.
13258
+ # @return [Array<Types::StringFilter>]
13259
+ #
13260
+ # @!attribute [rw] finding_provider_fields_severity_label
13261
+ # The finding provider value for the severity label.
13262
+ # @return [Array<Types::StringFilter>]
13263
+ #
13264
+ # @!attribute [rw] finding_provider_fields_severity_original
13265
+ # The finding provider's original value for the severity.
13266
+ # @return [Array<Types::StringFilter>]
13267
+ #
13268
+ # @!attribute [rw] finding_provider_fields_types
13269
+ # One or more finding types that the finding provider assigned to the
13270
+ # finding. Uses the format of `namespace/category/classifier` that
13271
+ # classify a finding.
13272
+ #
13273
+ # Valid namespace values are: Software and Configuration Checks \|
13274
+ # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
13275
+ # Identifications
13276
+ # @return [Array<Types::StringFilter>]
13277
+ #
12239
13278
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
12240
13279
  #
12241
13280
  class AwsSecurityFindingFilters < Struct.new(
@@ -12322,7 +13361,14 @@ module Aws::SecurityHub
12322
13361
  :note_text,
12323
13362
  :note_updated_at,
12324
13363
  :note_updated_by,
12325
- :keyword)
13364
+ :keyword,
13365
+ :finding_provider_fields_confidence,
13366
+ :finding_provider_fields_criticality,
13367
+ :finding_provider_fields_related_findings_id,
13368
+ :finding_provider_fields_related_findings_product_arn,
13369
+ :finding_provider_fields_severity_label,
13370
+ :finding_provider_fields_severity_original,
13371
+ :finding_provider_fields_types)
12326
13372
  SENSITIVE = []
12327
13373
  include Aws::Structure
12328
13374
  end
@@ -12475,6 +13521,236 @@ module Aws::SecurityHub
12475
13521
  include Aws::Structure
12476
13522
  end
12477
13523
 
13524
+ # Provides the details about the compliance status for a patch.
13525
+ #
13526
+ # @note When making an API call, you may pass AwsSsmComplianceSummary
13527
+ # data as a hash:
13528
+ #
13529
+ # {
13530
+ # status: "NonEmptyString",
13531
+ # compliant_critical_count: 1,
13532
+ # compliant_high_count: 1,
13533
+ # compliant_medium_count: 1,
13534
+ # execution_type: "NonEmptyString",
13535
+ # non_compliant_critical_count: 1,
13536
+ # compliant_informational_count: 1,
13537
+ # non_compliant_informational_count: 1,
13538
+ # compliant_unspecified_count: 1,
13539
+ # non_compliant_low_count: 1,
13540
+ # non_compliant_high_count: 1,
13541
+ # compliant_low_count: 1,
13542
+ # compliance_type: "NonEmptyString",
13543
+ # patch_baseline_id: "NonEmptyString",
13544
+ # overall_severity: "NonEmptyString",
13545
+ # non_compliant_medium_count: 1,
13546
+ # non_compliant_unspecified_count: 1,
13547
+ # patch_group: "NonEmptyString",
13548
+ # }
13549
+ #
13550
+ # @!attribute [rw] status
13551
+ # The current patch compliance status.
13552
+ #
13553
+ # The possible status values are:
13554
+ #
13555
+ # * `COMPLIANT`
13556
+ #
13557
+ # * `NON_COMPLIANT`
13558
+ #
13559
+ # * `UNSPECIFIED_DATA`
13560
+ # @return [String]
13561
+ #
13562
+ # @!attribute [rw] compliant_critical_count
13563
+ # For the patches that are compliant, the number that have a severity
13564
+ # of `CRITICAL`.
13565
+ # @return [Integer]
13566
+ #
13567
+ # @!attribute [rw] compliant_high_count
13568
+ # For the patches that are compliant, the number that have a severity
13569
+ # of `HIGH`.
13570
+ # @return [Integer]
13571
+ #
13572
+ # @!attribute [rw] compliant_medium_count
13573
+ # For the patches that are compliant, the number that have a severity
13574
+ # of `MEDIUM`.
13575
+ # @return [Integer]
13576
+ #
13577
+ # @!attribute [rw] execution_type
13578
+ # The type of execution that was used determine compliance.
13579
+ # @return [String]
13580
+ #
13581
+ # @!attribute [rw] non_compliant_critical_count
13582
+ # For the patch items that are noncompliant, the number of items that
13583
+ # have a severity of `CRITICAL`.
13584
+ # @return [Integer]
13585
+ #
13586
+ # @!attribute [rw] compliant_informational_count
13587
+ # For the patches that are compliant, the number that have a severity
13588
+ # of `INFORMATIONAL`.
13589
+ # @return [Integer]
13590
+ #
13591
+ # @!attribute [rw] non_compliant_informational_count
13592
+ # For the patches that are noncompliant, the number that have a
13593
+ # severity of `INFORMATIONAL`.
13594
+ # @return [Integer]
13595
+ #
13596
+ # @!attribute [rw] compliant_unspecified_count
13597
+ # For the patches that are compliant, the number that have a severity
13598
+ # of `UNSPECIFIED`.
13599
+ # @return [Integer]
13600
+ #
13601
+ # @!attribute [rw] non_compliant_low_count
13602
+ # For the patches that are noncompliant, the number that have a
13603
+ # severity of `LOW`.
13604
+ # @return [Integer]
13605
+ #
13606
+ # @!attribute [rw] non_compliant_high_count
13607
+ # For the patches that are noncompliant, the number that have a
13608
+ # severity of `HIGH`.
13609
+ # @return [Integer]
13610
+ #
13611
+ # @!attribute [rw] compliant_low_count
13612
+ # For the patches that are compliant, the number that have a severity
13613
+ # of `LOW`.
13614
+ # @return [Integer]
13615
+ #
13616
+ # @!attribute [rw] compliance_type
13617
+ # The type of resource for which the compliance was determined. For
13618
+ # `AwsSsmPatchCompliance`, `ComplianceType` is `Patch`.
13619
+ # @return [String]
13620
+ #
13621
+ # @!attribute [rw] patch_baseline_id
13622
+ # The identifier of the patch baseline. The patch baseline lists the
13623
+ # patches that are approved for installation.
13624
+ # @return [String]
13625
+ #
13626
+ # @!attribute [rw] overall_severity
13627
+ # The highest severity for the patches.
13628
+ # @return [String]
13629
+ #
13630
+ # @!attribute [rw] non_compliant_medium_count
13631
+ # For the patches that are noncompliant, the number that have a
13632
+ # severity of `MEDIUM`.
13633
+ # @return [Integer]
13634
+ #
13635
+ # @!attribute [rw] non_compliant_unspecified_count
13636
+ # For the patches that are noncompliant, the number that have a
13637
+ # severity of `UNSPECIFIED`.
13638
+ # @return [Integer]
13639
+ #
13640
+ # @!attribute [rw] patch_group
13641
+ # The identifier of the patch group for which compliance was
13642
+ # determined. A patch group uses tags to group EC2 instances that
13643
+ # should have the same patch compliance.
13644
+ # @return [String]
13645
+ #
13646
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmComplianceSummary AWS API Documentation
13647
+ #
13648
+ class AwsSsmComplianceSummary < Struct.new(
13649
+ :status,
13650
+ :compliant_critical_count,
13651
+ :compliant_high_count,
13652
+ :compliant_medium_count,
13653
+ :execution_type,
13654
+ :non_compliant_critical_count,
13655
+ :compliant_informational_count,
13656
+ :non_compliant_informational_count,
13657
+ :compliant_unspecified_count,
13658
+ :non_compliant_low_count,
13659
+ :non_compliant_high_count,
13660
+ :compliant_low_count,
13661
+ :compliance_type,
13662
+ :patch_baseline_id,
13663
+ :overall_severity,
13664
+ :non_compliant_medium_count,
13665
+ :non_compliant_unspecified_count,
13666
+ :patch_group)
13667
+ SENSITIVE = []
13668
+ include Aws::Structure
13669
+ end
13670
+
13671
+ # Provides details about the compliance for a patch.
13672
+ #
13673
+ # @note When making an API call, you may pass AwsSsmPatch
13674
+ # data as a hash:
13675
+ #
13676
+ # {
13677
+ # compliance_summary: {
13678
+ # status: "NonEmptyString",
13679
+ # compliant_critical_count: 1,
13680
+ # compliant_high_count: 1,
13681
+ # compliant_medium_count: 1,
13682
+ # execution_type: "NonEmptyString",
13683
+ # non_compliant_critical_count: 1,
13684
+ # compliant_informational_count: 1,
13685
+ # non_compliant_informational_count: 1,
13686
+ # compliant_unspecified_count: 1,
13687
+ # non_compliant_low_count: 1,
13688
+ # non_compliant_high_count: 1,
13689
+ # compliant_low_count: 1,
13690
+ # compliance_type: "NonEmptyString",
13691
+ # patch_baseline_id: "NonEmptyString",
13692
+ # overall_severity: "NonEmptyString",
13693
+ # non_compliant_medium_count: 1,
13694
+ # non_compliant_unspecified_count: 1,
13695
+ # patch_group: "NonEmptyString",
13696
+ # },
13697
+ # }
13698
+ #
13699
+ # @!attribute [rw] compliance_summary
13700
+ # The compliance status details for the patch.
13701
+ # @return [Types::AwsSsmComplianceSummary]
13702
+ #
13703
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatch AWS API Documentation
13704
+ #
13705
+ class AwsSsmPatch < Struct.new(
13706
+ :compliance_summary)
13707
+ SENSITIVE = []
13708
+ include Aws::Structure
13709
+ end
13710
+
13711
+ # Provides information about the state of a patch on an instance based
13712
+ # on the patch baseline that was used to patch the instance.
13713
+ #
13714
+ # @note When making an API call, you may pass AwsSsmPatchComplianceDetails
13715
+ # data as a hash:
13716
+ #
13717
+ # {
13718
+ # patch: {
13719
+ # compliance_summary: {
13720
+ # status: "NonEmptyString",
13721
+ # compliant_critical_count: 1,
13722
+ # compliant_high_count: 1,
13723
+ # compliant_medium_count: 1,
13724
+ # execution_type: "NonEmptyString",
13725
+ # non_compliant_critical_count: 1,
13726
+ # compliant_informational_count: 1,
13727
+ # non_compliant_informational_count: 1,
13728
+ # compliant_unspecified_count: 1,
13729
+ # non_compliant_low_count: 1,
13730
+ # non_compliant_high_count: 1,
13731
+ # compliant_low_count: 1,
13732
+ # compliance_type: "NonEmptyString",
13733
+ # patch_baseline_id: "NonEmptyString",
13734
+ # overall_severity: "NonEmptyString",
13735
+ # non_compliant_medium_count: 1,
13736
+ # non_compliant_unspecified_count: 1,
13737
+ # patch_group: "NonEmptyString",
13738
+ # },
13739
+ # },
13740
+ # }
13741
+ #
13742
+ # @!attribute [rw] patch
13743
+ # Information about the status of a patch.
13744
+ # @return [Types::AwsSsmPatch]
13745
+ #
13746
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatchComplianceDetails AWS API Documentation
13747
+ #
13748
+ class AwsSsmPatchComplianceDetails < Struct.new(
13749
+ :patch)
13750
+ SENSITIVE = []
13751
+ include Aws::Structure
13752
+ end
13753
+
12478
13754
  # Details about a WAF WebACL.
12479
13755
  #
12480
13756
  # @note When making an API call, you may pass AwsWafWebAclDetails
@@ -12698,12 +13974,12 @@ module Aws::SecurityHub
12698
13974
  # product_arn: "NonEmptyString", # required
12699
13975
  # generator_id: "NonEmptyString", # required
12700
13976
  # aws_account_id: "NonEmptyString", # required
12701
- # types: ["NonEmptyString"], # required
13977
+ # types: ["NonEmptyString"],
12702
13978
  # first_observed_at: "NonEmptyString",
12703
13979
  # last_observed_at: "NonEmptyString",
12704
13980
  # created_at: "NonEmptyString", # required
12705
13981
  # updated_at: "NonEmptyString", # required
12706
- # severity: { # required
13982
+ # severity: {
12707
13983
  # product: 1.0,
12708
13984
  # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
12709
13985
  # normalized: 1,
@@ -12827,9 +14103,133 @@ module Aws::SecurityHub
12827
14103
  # tags: {
12828
14104
  # "NonEmptyString" => "NonEmptyString",
12829
14105
  # },
12830
- # details: {
12831
- # aws_auto_scaling_auto_scaling_group: {
12832
- # launch_configuration_name: "NonEmptyString",
14106
+ # data_classification: {
14107
+ # detailed_results_location: "NonEmptyString",
14108
+ # result: {
14109
+ # mime_type: "NonEmptyString",
14110
+ # size_classified: 1,
14111
+ # additional_occurrences: false,
14112
+ # status: {
14113
+ # code: "NonEmptyString",
14114
+ # reason: "NonEmptyString",
14115
+ # },
14116
+ # sensitive_data: [
14117
+ # {
14118
+ # category: "NonEmptyString",
14119
+ # detections: [
14120
+ # {
14121
+ # count: 1,
14122
+ # type: "NonEmptyString",
14123
+ # occurrences: {
14124
+ # line_ranges: [
14125
+ # {
14126
+ # start: 1,
14127
+ # end: 1,
14128
+ # start_column: 1,
14129
+ # },
14130
+ # ],
14131
+ # offset_ranges: [
14132
+ # {
14133
+ # start: 1,
14134
+ # end: 1,
14135
+ # start_column: 1,
14136
+ # },
14137
+ # ],
14138
+ # pages: [
14139
+ # {
14140
+ # page_number: 1,
14141
+ # line_range: {
14142
+ # start: 1,
14143
+ # end: 1,
14144
+ # start_column: 1,
14145
+ # },
14146
+ # offset_range: {
14147
+ # start: 1,
14148
+ # end: 1,
14149
+ # start_column: 1,
14150
+ # },
14151
+ # },
14152
+ # ],
14153
+ # records: [
14154
+ # {
14155
+ # json_path: "NonEmptyString",
14156
+ # record_index: 1,
14157
+ # },
14158
+ # ],
14159
+ # cells: [
14160
+ # {
14161
+ # column: 1,
14162
+ # row: 1,
14163
+ # column_name: "NonEmptyString",
14164
+ # cell_reference: "NonEmptyString",
14165
+ # },
14166
+ # ],
14167
+ # },
14168
+ # },
14169
+ # ],
14170
+ # total_count: 1,
14171
+ # },
14172
+ # ],
14173
+ # custom_data_identifiers: {
14174
+ # detections: [
14175
+ # {
14176
+ # count: 1,
14177
+ # arn: "NonEmptyString",
14178
+ # name: "NonEmptyString",
14179
+ # occurrences: {
14180
+ # line_ranges: [
14181
+ # {
14182
+ # start: 1,
14183
+ # end: 1,
14184
+ # start_column: 1,
14185
+ # },
14186
+ # ],
14187
+ # offset_ranges: [
14188
+ # {
14189
+ # start: 1,
14190
+ # end: 1,
14191
+ # start_column: 1,
14192
+ # },
14193
+ # ],
14194
+ # pages: [
14195
+ # {
14196
+ # page_number: 1,
14197
+ # line_range: {
14198
+ # start: 1,
14199
+ # end: 1,
14200
+ # start_column: 1,
14201
+ # },
14202
+ # offset_range: {
14203
+ # start: 1,
14204
+ # end: 1,
14205
+ # start_column: 1,
14206
+ # },
14207
+ # },
14208
+ # ],
14209
+ # records: [
14210
+ # {
14211
+ # json_path: "NonEmptyString",
14212
+ # record_index: 1,
14213
+ # },
14214
+ # ],
14215
+ # cells: [
14216
+ # {
14217
+ # column: 1,
14218
+ # row: 1,
14219
+ # column_name: "NonEmptyString",
14220
+ # cell_reference: "NonEmptyString",
14221
+ # },
14222
+ # ],
14223
+ # },
14224
+ # },
14225
+ # ],
14226
+ # total_count: 1,
14227
+ # },
14228
+ # },
14229
+ # },
14230
+ # details: {
14231
+ # aws_auto_scaling_auto_scaling_group: {
14232
+ # launch_configuration_name: "NonEmptyString",
12833
14233
  # load_balancer_names: ["NonEmptyString"],
12834
14234
  # health_check_type: "NonEmptyString",
12835
14235
  # health_check_grace_period: 1,
@@ -12937,6 +14337,19 @@ module Aws::SecurityHub
12937
14337
  # },
12938
14338
  # ],
12939
14339
  # source_dest_check: false,
14340
+ # ip_v6_addresses: [
14341
+ # {
14342
+ # ip_v6_address: "NonEmptyString",
14343
+ # },
14344
+ # ],
14345
+ # private_ip_addresses: [
14346
+ # {
14347
+ # private_ip_address: "NonEmptyString",
14348
+ # private_dns_name: "NonEmptyString",
14349
+ # },
14350
+ # ],
14351
+ # public_dns_name: "NonEmptyString",
14352
+ # public_ip: "NonEmptyString",
12940
14353
  # },
12941
14354
  # aws_ec2_security_group: {
12942
14355
  # group_name: "NonEmptyString",
@@ -13115,6 +14528,18 @@ module Aws::SecurityHub
13115
14528
  # },
13116
14529
  # ],
13117
14530
  # },
14531
+ # public_access_block_configuration: {
14532
+ # block_public_acls: false,
14533
+ # block_public_policy: false,
14534
+ # ignore_public_acls: false,
14535
+ # restrict_public_buckets: false,
14536
+ # },
14537
+ # },
14538
+ # aws_s3_account_public_access_block: {
14539
+ # block_public_acls: false,
14540
+ # block_public_policy: false,
14541
+ # ignore_public_acls: false,
14542
+ # restrict_public_buckets: false,
13118
14543
  # },
13119
14544
  # aws_s3_object: {
13120
14545
  # last_modified: "NonEmptyString",
@@ -13437,6 +14862,30 @@ module Aws::SecurityHub
13437
14862
  # sns_topic_name: "NonEmptyString",
13438
14863
  # trail_arn: "NonEmptyString",
13439
14864
  # },
14865
+ # aws_ssm_patch_compliance: {
14866
+ # patch: {
14867
+ # compliance_summary: {
14868
+ # status: "NonEmptyString",
14869
+ # compliant_critical_count: 1,
14870
+ # compliant_high_count: 1,
14871
+ # compliant_medium_count: 1,
14872
+ # execution_type: "NonEmptyString",
14873
+ # non_compliant_critical_count: 1,
14874
+ # compliant_informational_count: 1,
14875
+ # non_compliant_informational_count: 1,
14876
+ # compliant_unspecified_count: 1,
14877
+ # non_compliant_low_count: 1,
14878
+ # non_compliant_high_count: 1,
14879
+ # compliant_low_count: 1,
14880
+ # compliance_type: "NonEmptyString",
14881
+ # patch_baseline_id: "NonEmptyString",
14882
+ # overall_severity: "NonEmptyString",
14883
+ # non_compliant_medium_count: 1,
14884
+ # non_compliant_unspecified_count: 1,
14885
+ # patch_group: "NonEmptyString",
14886
+ # },
14887
+ # },
14888
+ # },
13440
14889
  # aws_certificate_manager_certificate: {
13441
14890
  # certificate_authority_arn: "NonEmptyString",
13442
14891
  # created_at: "NonEmptyString",
@@ -14213,6 +15662,129 @@ module Aws::SecurityHub
14213
15662
  # reboot_option: "NonEmptyString",
14214
15663
  # operation: "NonEmptyString",
14215
15664
  # },
15665
+ # action: {
15666
+ # action_type: "NonEmptyString",
15667
+ # network_connection_action: {
15668
+ # connection_direction: "NonEmptyString",
15669
+ # remote_ip_details: {
15670
+ # ip_address_v4: "NonEmptyString",
15671
+ # organization: {
15672
+ # asn: 1,
15673
+ # asn_org: "NonEmptyString",
15674
+ # isp: "NonEmptyString",
15675
+ # org: "NonEmptyString",
15676
+ # },
15677
+ # country: {
15678
+ # country_code: "NonEmptyString",
15679
+ # country_name: "NonEmptyString",
15680
+ # },
15681
+ # city: {
15682
+ # city_name: "NonEmptyString",
15683
+ # },
15684
+ # geo_location: {
15685
+ # lon: 1.0,
15686
+ # lat: 1.0,
15687
+ # },
15688
+ # },
15689
+ # remote_port_details: {
15690
+ # port: 1,
15691
+ # port_name: "NonEmptyString",
15692
+ # },
15693
+ # local_port_details: {
15694
+ # port: 1,
15695
+ # port_name: "NonEmptyString",
15696
+ # },
15697
+ # protocol: "NonEmptyString",
15698
+ # blocked: false,
15699
+ # },
15700
+ # aws_api_call_action: {
15701
+ # api: "NonEmptyString",
15702
+ # service_name: "NonEmptyString",
15703
+ # caller_type: "NonEmptyString",
15704
+ # remote_ip_details: {
15705
+ # ip_address_v4: "NonEmptyString",
15706
+ # organization: {
15707
+ # asn: 1,
15708
+ # asn_org: "NonEmptyString",
15709
+ # isp: "NonEmptyString",
15710
+ # org: "NonEmptyString",
15711
+ # },
15712
+ # country: {
15713
+ # country_code: "NonEmptyString",
15714
+ # country_name: "NonEmptyString",
15715
+ # },
15716
+ # city: {
15717
+ # city_name: "NonEmptyString",
15718
+ # },
15719
+ # geo_location: {
15720
+ # lon: 1.0,
15721
+ # lat: 1.0,
15722
+ # },
15723
+ # },
15724
+ # domain_details: {
15725
+ # domain: "NonEmptyString",
15726
+ # },
15727
+ # affected_resources: {
15728
+ # "NonEmptyString" => "NonEmptyString",
15729
+ # },
15730
+ # first_seen: "NonEmptyString",
15731
+ # last_seen: "NonEmptyString",
15732
+ # },
15733
+ # dns_request_action: {
15734
+ # domain: "NonEmptyString",
15735
+ # protocol: "NonEmptyString",
15736
+ # blocked: false,
15737
+ # },
15738
+ # port_probe_action: {
15739
+ # port_probe_details: [
15740
+ # {
15741
+ # local_port_details: {
15742
+ # port: 1,
15743
+ # port_name: "NonEmptyString",
15744
+ # },
15745
+ # local_ip_details: {
15746
+ # ip_address_v4: "NonEmptyString",
15747
+ # },
15748
+ # remote_ip_details: {
15749
+ # ip_address_v4: "NonEmptyString",
15750
+ # organization: {
15751
+ # asn: 1,
15752
+ # asn_org: "NonEmptyString",
15753
+ # isp: "NonEmptyString",
15754
+ # org: "NonEmptyString",
15755
+ # },
15756
+ # country: {
15757
+ # country_code: "NonEmptyString",
15758
+ # country_name: "NonEmptyString",
15759
+ # },
15760
+ # city: {
15761
+ # city_name: "NonEmptyString",
15762
+ # },
15763
+ # geo_location: {
15764
+ # lon: 1.0,
15765
+ # lat: 1.0,
15766
+ # },
15767
+ # },
15768
+ # },
15769
+ # ],
15770
+ # blocked: false,
15771
+ # },
15772
+ # },
15773
+ # finding_provider_fields: {
15774
+ # confidence: 1,
15775
+ # criticality: 1,
15776
+ # related_findings: [
15777
+ # {
15778
+ # product_arn: "NonEmptyString", # required
15779
+ # id: "NonEmptyString", # required
15780
+ # },
15781
+ # ],
15782
+ # severity: {
15783
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
15784
+ # original: "NonEmptyString",
15785
+ # },
15786
+ # types: ["NonEmptyString"],
15787
+ # },
14216
15788
  # },
14217
15789
  # ],
14218
15790
  # }
@@ -14436,6 +16008,52 @@ module Aws::SecurityHub
14436
16008
  include Aws::Structure
14437
16009
  end
14438
16010
 
16011
+ # An occurrence of sensitive data detected in a Microsoft Excel
16012
+ # workbook, comma-separated value (CSV) file, or tab-separated value
16013
+ # (TSV) file.
16014
+ #
16015
+ # @note When making an API call, you may pass Cell
16016
+ # data as a hash:
16017
+ #
16018
+ # {
16019
+ # column: 1,
16020
+ # row: 1,
16021
+ # column_name: "NonEmptyString",
16022
+ # cell_reference: "NonEmptyString",
16023
+ # }
16024
+ #
16025
+ # @!attribute [rw] column
16026
+ # The column number of the column that contains the data. For a
16027
+ # Microsoft Excel workbook, the column number corresponds to the
16028
+ # alphabetical column identifiers. For example, a value of 1 for
16029
+ # Column corresponds to the A column in the workbook.
16030
+ # @return [Integer]
16031
+ #
16032
+ # @!attribute [rw] row
16033
+ # The row number of the row that contains the data.
16034
+ # @return [Integer]
16035
+ #
16036
+ # @!attribute [rw] column_name
16037
+ # The name of the column that contains the data.
16038
+ # @return [String]
16039
+ #
16040
+ # @!attribute [rw] cell_reference
16041
+ # For a Microsoft Excel workbook, provides the location of the cell,
16042
+ # as an absolute cell reference, that contains the data. For example,
16043
+ # Sheet2!C5 for cell C5 on Sheet2.
16044
+ # @return [String]
16045
+ #
16046
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Cell AWS API Documentation
16047
+ #
16048
+ class Cell < Struct.new(
16049
+ :column,
16050
+ :row,
16051
+ :column_name,
16052
+ :cell_reference)
16053
+ SENSITIVE = []
16054
+ include Aws::Structure
16055
+ end
16056
+
14439
16057
  # An IPv4 CIDR block association.
14440
16058
  #
14441
16059
  # @note When making an API call, you may pass CidrBlockAssociation
@@ -14469,6 +16087,224 @@ module Aws::SecurityHub
14469
16087
  include Aws::Structure
14470
16088
  end
14471
16089
 
16090
+ # Information about a city.
16091
+ #
16092
+ # @note When making an API call, you may pass City
16093
+ # data as a hash:
16094
+ #
16095
+ # {
16096
+ # city_name: "NonEmptyString",
16097
+ # }
16098
+ #
16099
+ # @!attribute [rw] city_name
16100
+ # The name of the city.
16101
+ # @return [String]
16102
+ #
16103
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/City AWS API Documentation
16104
+ #
16105
+ class City < Struct.new(
16106
+ :city_name)
16107
+ SENSITIVE = []
16108
+ include Aws::Structure
16109
+ end
16110
+
16111
+ # Details about the sensitive data that was detected on the resource.
16112
+ #
16113
+ # @note When making an API call, you may pass ClassificationResult
16114
+ # data as a hash:
16115
+ #
16116
+ # {
16117
+ # mime_type: "NonEmptyString",
16118
+ # size_classified: 1,
16119
+ # additional_occurrences: false,
16120
+ # status: {
16121
+ # code: "NonEmptyString",
16122
+ # reason: "NonEmptyString",
16123
+ # },
16124
+ # sensitive_data: [
16125
+ # {
16126
+ # category: "NonEmptyString",
16127
+ # detections: [
16128
+ # {
16129
+ # count: 1,
16130
+ # type: "NonEmptyString",
16131
+ # occurrences: {
16132
+ # line_ranges: [
16133
+ # {
16134
+ # start: 1,
16135
+ # end: 1,
16136
+ # start_column: 1,
16137
+ # },
16138
+ # ],
16139
+ # offset_ranges: [
16140
+ # {
16141
+ # start: 1,
16142
+ # end: 1,
16143
+ # start_column: 1,
16144
+ # },
16145
+ # ],
16146
+ # pages: [
16147
+ # {
16148
+ # page_number: 1,
16149
+ # line_range: {
16150
+ # start: 1,
16151
+ # end: 1,
16152
+ # start_column: 1,
16153
+ # },
16154
+ # offset_range: {
16155
+ # start: 1,
16156
+ # end: 1,
16157
+ # start_column: 1,
16158
+ # },
16159
+ # },
16160
+ # ],
16161
+ # records: [
16162
+ # {
16163
+ # json_path: "NonEmptyString",
16164
+ # record_index: 1,
16165
+ # },
16166
+ # ],
16167
+ # cells: [
16168
+ # {
16169
+ # column: 1,
16170
+ # row: 1,
16171
+ # column_name: "NonEmptyString",
16172
+ # cell_reference: "NonEmptyString",
16173
+ # },
16174
+ # ],
16175
+ # },
16176
+ # },
16177
+ # ],
16178
+ # total_count: 1,
16179
+ # },
16180
+ # ],
16181
+ # custom_data_identifiers: {
16182
+ # detections: [
16183
+ # {
16184
+ # count: 1,
16185
+ # arn: "NonEmptyString",
16186
+ # name: "NonEmptyString",
16187
+ # occurrences: {
16188
+ # line_ranges: [
16189
+ # {
16190
+ # start: 1,
16191
+ # end: 1,
16192
+ # start_column: 1,
16193
+ # },
16194
+ # ],
16195
+ # offset_ranges: [
16196
+ # {
16197
+ # start: 1,
16198
+ # end: 1,
16199
+ # start_column: 1,
16200
+ # },
16201
+ # ],
16202
+ # pages: [
16203
+ # {
16204
+ # page_number: 1,
16205
+ # line_range: {
16206
+ # start: 1,
16207
+ # end: 1,
16208
+ # start_column: 1,
16209
+ # },
16210
+ # offset_range: {
16211
+ # start: 1,
16212
+ # end: 1,
16213
+ # start_column: 1,
16214
+ # },
16215
+ # },
16216
+ # ],
16217
+ # records: [
16218
+ # {
16219
+ # json_path: "NonEmptyString",
16220
+ # record_index: 1,
16221
+ # },
16222
+ # ],
16223
+ # cells: [
16224
+ # {
16225
+ # column: 1,
16226
+ # row: 1,
16227
+ # column_name: "NonEmptyString",
16228
+ # cell_reference: "NonEmptyString",
16229
+ # },
16230
+ # ],
16231
+ # },
16232
+ # },
16233
+ # ],
16234
+ # total_count: 1,
16235
+ # },
16236
+ # }
16237
+ #
16238
+ # @!attribute [rw] mime_type
16239
+ # The type of content that the finding applies to.
16240
+ # @return [String]
16241
+ #
16242
+ # @!attribute [rw] size_classified
16243
+ # The total size in bytes of the affected data.
16244
+ # @return [Integer]
16245
+ #
16246
+ # @!attribute [rw] additional_occurrences
16247
+ # Indicates whether there are additional occurrences of sensitive data
16248
+ # that are not included in the finding. This occurs when the number of
16249
+ # occurrences exceeds the maximum that can be included.
16250
+ # @return [Boolean]
16251
+ #
16252
+ # @!attribute [rw] status
16253
+ # The current status of the sensitive data detection.
16254
+ # @return [Types::ClassificationStatus]
16255
+ #
16256
+ # @!attribute [rw] sensitive_data
16257
+ # Provides details about sensitive data that was identified based on
16258
+ # built-in configuration.
16259
+ # @return [Array<Types::SensitiveDataResult>]
16260
+ #
16261
+ # @!attribute [rw] custom_data_identifiers
16262
+ # Provides details about sensitive data that was identified based on
16263
+ # customer-defined configuration.
16264
+ # @return [Types::CustomDataIdentifiersResult]
16265
+ #
16266
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationResult AWS API Documentation
16267
+ #
16268
+ class ClassificationResult < Struct.new(
16269
+ :mime_type,
16270
+ :size_classified,
16271
+ :additional_occurrences,
16272
+ :status,
16273
+ :sensitive_data,
16274
+ :custom_data_identifiers)
16275
+ SENSITIVE = []
16276
+ include Aws::Structure
16277
+ end
16278
+
16279
+ # Provides details about the current status of the sensitive data
16280
+ # detection.
16281
+ #
16282
+ # @note When making an API call, you may pass ClassificationStatus
16283
+ # data as a hash:
16284
+ #
16285
+ # {
16286
+ # code: "NonEmptyString",
16287
+ # reason: "NonEmptyString",
16288
+ # }
16289
+ #
16290
+ # @!attribute [rw] code
16291
+ # The code that represents the status of the sensitive data detection.
16292
+ # @return [String]
16293
+ #
16294
+ # @!attribute [rw] reason
16295
+ # A longer description of the current status of the sensitive data
16296
+ # detection.
16297
+ # @return [String]
16298
+ #
16299
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationStatus AWS API Documentation
16300
+ #
16301
+ class ClassificationStatus < Struct.new(
16302
+ :code,
16303
+ :reason)
16304
+ SENSITIVE = []
16305
+ include Aws::Structure
16306
+ end
16307
+
14472
16308
  # Contains finding details that are specific to control-based findings.
14473
16309
  # Only returned for findings generated from controls.
14474
16310
  #
@@ -14580,6 +16416,33 @@ module Aws::SecurityHub
14580
16416
  include Aws::Structure
14581
16417
  end
14582
16418
 
16419
+ # Information about a country.
16420
+ #
16421
+ # @note When making an API call, you may pass Country
16422
+ # data as a hash:
16423
+ #
16424
+ # {
16425
+ # country_code: "NonEmptyString",
16426
+ # country_name: "NonEmptyString",
16427
+ # }
16428
+ #
16429
+ # @!attribute [rw] country_code
16430
+ # The 2-letter ISO 3166 country code for the country.
16431
+ # @return [String]
16432
+ #
16433
+ # @!attribute [rw] country_name
16434
+ # The name of the country.
16435
+ # @return [String]
16436
+ #
16437
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Country AWS API Documentation
16438
+ #
16439
+ class Country < Struct.new(
16440
+ :country_code,
16441
+ :country_name)
16442
+ SENSITIVE = []
16443
+ include Aws::Structure
16444
+ end
16445
+
14583
16446
  # @note When making an API call, you may pass CreateActionTargetRequest
14584
16447
  # data as a hash:
14585
16448
  #
@@ -15182,37 +17045,81 @@ module Aws::SecurityHub
15182
17045
  # value: "NonEmptyString",
15183
17046
  # },
15184
17047
  # ],
15185
- # },
15186
- # group_by_attribute: "NonEmptyString", # required
15187
- # }
15188
- #
15189
- # @!attribute [rw] name
15190
- # The name of the custom insight to create.
15191
- # @return [String]
15192
- #
15193
- # @!attribute [rw] filters
15194
- # One or more attributes used to filter the findings included in the
15195
- # insight. The insight only includes findings that match the criteria
15196
- # defined in the filters.
15197
- # @return [Types::AwsSecurityFindingFilters]
15198
- #
15199
- # @!attribute [rw] group_by_attribute
15200
- # The attribute used to group the findings for the insight. The
15201
- # grouping attribute identifies the type of item that the insight
15202
- # applies to. For example, if an insight is grouped by resource
15203
- # identifier, then the insight produces a list of resource
15204
- # identifiers.
15205
- # @return [String]
15206
- #
15207
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation
15208
- #
15209
- class CreateInsightRequest < Struct.new(
15210
- :name,
15211
- :filters,
15212
- :group_by_attribute)
15213
- SENSITIVE = []
15214
- include Aws::Structure
15215
- end
17048
+ # finding_provider_fields_confidence: [
17049
+ # {
17050
+ # gte: 1.0,
17051
+ # lte: 1.0,
17052
+ # eq: 1.0,
17053
+ # },
17054
+ # ],
17055
+ # finding_provider_fields_criticality: [
17056
+ # {
17057
+ # gte: 1.0,
17058
+ # lte: 1.0,
17059
+ # eq: 1.0,
17060
+ # },
17061
+ # ],
17062
+ # finding_provider_fields_related_findings_id: [
17063
+ # {
17064
+ # value: "NonEmptyString",
17065
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17066
+ # },
17067
+ # ],
17068
+ # finding_provider_fields_related_findings_product_arn: [
17069
+ # {
17070
+ # value: "NonEmptyString",
17071
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17072
+ # },
17073
+ # ],
17074
+ # finding_provider_fields_severity_label: [
17075
+ # {
17076
+ # value: "NonEmptyString",
17077
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17078
+ # },
17079
+ # ],
17080
+ # finding_provider_fields_severity_original: [
17081
+ # {
17082
+ # value: "NonEmptyString",
17083
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17084
+ # },
17085
+ # ],
17086
+ # finding_provider_fields_types: [
17087
+ # {
17088
+ # value: "NonEmptyString",
17089
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17090
+ # },
17091
+ # ],
17092
+ # },
17093
+ # group_by_attribute: "NonEmptyString", # required
17094
+ # }
17095
+ #
17096
+ # @!attribute [rw] name
17097
+ # The name of the custom insight to create.
17098
+ # @return [String]
17099
+ #
17100
+ # @!attribute [rw] filters
17101
+ # One or more attributes used to filter the findings included in the
17102
+ # insight. The insight only includes findings that match the criteria
17103
+ # defined in the filters.
17104
+ # @return [Types::AwsSecurityFindingFilters]
17105
+ #
17106
+ # @!attribute [rw] group_by_attribute
17107
+ # The attribute used to group the findings for the insight. The
17108
+ # grouping attribute identifies the type of item that the insight
17109
+ # applies to. For example, if an insight is grouped by resource
17110
+ # identifier, then the insight produces a list of resource
17111
+ # identifiers.
17112
+ # @return [String]
17113
+ #
17114
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation
17115
+ #
17116
+ class CreateInsightRequest < Struct.new(
17117
+ :name,
17118
+ :filters,
17119
+ :group_by_attribute)
17120
+ SENSITIVE = []
17121
+ include Aws::Structure
17122
+ end
15216
17123
 
15217
17124
  # @!attribute [rw] insight_arn
15218
17125
  # The ARN of the insight created.
@@ -15265,6 +17172,170 @@ module Aws::SecurityHub
15265
17172
  include Aws::Structure
15266
17173
  end
15267
17174
 
17175
+ # The list of detected instances of sensitive data.
17176
+ #
17177
+ # @note When making an API call, you may pass CustomDataIdentifiersDetections
17178
+ # data as a hash:
17179
+ #
17180
+ # {
17181
+ # count: 1,
17182
+ # arn: "NonEmptyString",
17183
+ # name: "NonEmptyString",
17184
+ # occurrences: {
17185
+ # line_ranges: [
17186
+ # {
17187
+ # start: 1,
17188
+ # end: 1,
17189
+ # start_column: 1,
17190
+ # },
17191
+ # ],
17192
+ # offset_ranges: [
17193
+ # {
17194
+ # start: 1,
17195
+ # end: 1,
17196
+ # start_column: 1,
17197
+ # },
17198
+ # ],
17199
+ # pages: [
17200
+ # {
17201
+ # page_number: 1,
17202
+ # line_range: {
17203
+ # start: 1,
17204
+ # end: 1,
17205
+ # start_column: 1,
17206
+ # },
17207
+ # offset_range: {
17208
+ # start: 1,
17209
+ # end: 1,
17210
+ # start_column: 1,
17211
+ # },
17212
+ # },
17213
+ # ],
17214
+ # records: [
17215
+ # {
17216
+ # json_path: "NonEmptyString",
17217
+ # record_index: 1,
17218
+ # },
17219
+ # ],
17220
+ # cells: [
17221
+ # {
17222
+ # column: 1,
17223
+ # row: 1,
17224
+ # column_name: "NonEmptyString",
17225
+ # cell_reference: "NonEmptyString",
17226
+ # },
17227
+ # ],
17228
+ # },
17229
+ # }
17230
+ #
17231
+ # @!attribute [rw] count
17232
+ # The total number of occurrences of sensitive data that were
17233
+ # detected.
17234
+ # @return [Integer]
17235
+ #
17236
+ # @!attribute [rw] arn
17237
+ # The ARN of the custom identifier that was used to detect the
17238
+ # sensitive data.
17239
+ # @return [String]
17240
+ #
17241
+ # @!attribute [rw] name
17242
+ # he name of the custom identifier that detected the sensitive data.
17243
+ # @return [String]
17244
+ #
17245
+ # @!attribute [rw] occurrences
17246
+ # Details about the sensitive data that was detected.
17247
+ # @return [Types::Occurrences]
17248
+ #
17249
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersDetections AWS API Documentation
17250
+ #
17251
+ class CustomDataIdentifiersDetections < Struct.new(
17252
+ :count,
17253
+ :arn,
17254
+ :name,
17255
+ :occurrences)
17256
+ SENSITIVE = []
17257
+ include Aws::Structure
17258
+ end
17259
+
17260
+ # Contains an instance of sensitive data that was detected by a
17261
+ # customer-defined identifier.
17262
+ #
17263
+ # @note When making an API call, you may pass CustomDataIdentifiersResult
17264
+ # data as a hash:
17265
+ #
17266
+ # {
17267
+ # detections: [
17268
+ # {
17269
+ # count: 1,
17270
+ # arn: "NonEmptyString",
17271
+ # name: "NonEmptyString",
17272
+ # occurrences: {
17273
+ # line_ranges: [
17274
+ # {
17275
+ # start: 1,
17276
+ # end: 1,
17277
+ # start_column: 1,
17278
+ # },
17279
+ # ],
17280
+ # offset_ranges: [
17281
+ # {
17282
+ # start: 1,
17283
+ # end: 1,
17284
+ # start_column: 1,
17285
+ # },
17286
+ # ],
17287
+ # pages: [
17288
+ # {
17289
+ # page_number: 1,
17290
+ # line_range: {
17291
+ # start: 1,
17292
+ # end: 1,
17293
+ # start_column: 1,
17294
+ # },
17295
+ # offset_range: {
17296
+ # start: 1,
17297
+ # end: 1,
17298
+ # start_column: 1,
17299
+ # },
17300
+ # },
17301
+ # ],
17302
+ # records: [
17303
+ # {
17304
+ # json_path: "NonEmptyString",
17305
+ # record_index: 1,
17306
+ # },
17307
+ # ],
17308
+ # cells: [
17309
+ # {
17310
+ # column: 1,
17311
+ # row: 1,
17312
+ # column_name: "NonEmptyString",
17313
+ # cell_reference: "NonEmptyString",
17314
+ # },
17315
+ # ],
17316
+ # },
17317
+ # },
17318
+ # ],
17319
+ # total_count: 1,
17320
+ # }
17321
+ #
17322
+ # @!attribute [rw] detections
17323
+ # The list of detected instances of sensitive data.
17324
+ # @return [Array<Types::CustomDataIdentifiersDetections>]
17325
+ #
17326
+ # @!attribute [rw] total_count
17327
+ # The total number of occurrences of sensitive data.
17328
+ # @return [Integer]
17329
+ #
17330
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersResult AWS API Documentation
17331
+ #
17332
+ class CustomDataIdentifiersResult < Struct.new(
17333
+ :detections,
17334
+ :total_count)
17335
+ SENSITIVE = []
17336
+ include Aws::Structure
17337
+ end
17338
+
15268
17339
  # CVSS scores from the advisory related to the vulnerability.
15269
17340
  #
15270
17341
  # @note When making an API call, you may pass Cvss
@@ -15298,6 +17369,154 @@ module Aws::SecurityHub
15298
17369
  include Aws::Structure
15299
17370
  end
15300
17371
 
17372
+ # Provides details about sensitive data that was detected on a resource.
17373
+ #
17374
+ # @note When making an API call, you may pass DataClassificationDetails
17375
+ # data as a hash:
17376
+ #
17377
+ # {
17378
+ # detailed_results_location: "NonEmptyString",
17379
+ # result: {
17380
+ # mime_type: "NonEmptyString",
17381
+ # size_classified: 1,
17382
+ # additional_occurrences: false,
17383
+ # status: {
17384
+ # code: "NonEmptyString",
17385
+ # reason: "NonEmptyString",
17386
+ # },
17387
+ # sensitive_data: [
17388
+ # {
17389
+ # category: "NonEmptyString",
17390
+ # detections: [
17391
+ # {
17392
+ # count: 1,
17393
+ # type: "NonEmptyString",
17394
+ # occurrences: {
17395
+ # line_ranges: [
17396
+ # {
17397
+ # start: 1,
17398
+ # end: 1,
17399
+ # start_column: 1,
17400
+ # },
17401
+ # ],
17402
+ # offset_ranges: [
17403
+ # {
17404
+ # start: 1,
17405
+ # end: 1,
17406
+ # start_column: 1,
17407
+ # },
17408
+ # ],
17409
+ # pages: [
17410
+ # {
17411
+ # page_number: 1,
17412
+ # line_range: {
17413
+ # start: 1,
17414
+ # end: 1,
17415
+ # start_column: 1,
17416
+ # },
17417
+ # offset_range: {
17418
+ # start: 1,
17419
+ # end: 1,
17420
+ # start_column: 1,
17421
+ # },
17422
+ # },
17423
+ # ],
17424
+ # records: [
17425
+ # {
17426
+ # json_path: "NonEmptyString",
17427
+ # record_index: 1,
17428
+ # },
17429
+ # ],
17430
+ # cells: [
17431
+ # {
17432
+ # column: 1,
17433
+ # row: 1,
17434
+ # column_name: "NonEmptyString",
17435
+ # cell_reference: "NonEmptyString",
17436
+ # },
17437
+ # ],
17438
+ # },
17439
+ # },
17440
+ # ],
17441
+ # total_count: 1,
17442
+ # },
17443
+ # ],
17444
+ # custom_data_identifiers: {
17445
+ # detections: [
17446
+ # {
17447
+ # count: 1,
17448
+ # arn: "NonEmptyString",
17449
+ # name: "NonEmptyString",
17450
+ # occurrences: {
17451
+ # line_ranges: [
17452
+ # {
17453
+ # start: 1,
17454
+ # end: 1,
17455
+ # start_column: 1,
17456
+ # },
17457
+ # ],
17458
+ # offset_ranges: [
17459
+ # {
17460
+ # start: 1,
17461
+ # end: 1,
17462
+ # start_column: 1,
17463
+ # },
17464
+ # ],
17465
+ # pages: [
17466
+ # {
17467
+ # page_number: 1,
17468
+ # line_range: {
17469
+ # start: 1,
17470
+ # end: 1,
17471
+ # start_column: 1,
17472
+ # },
17473
+ # offset_range: {
17474
+ # start: 1,
17475
+ # end: 1,
17476
+ # start_column: 1,
17477
+ # },
17478
+ # },
17479
+ # ],
17480
+ # records: [
17481
+ # {
17482
+ # json_path: "NonEmptyString",
17483
+ # record_index: 1,
17484
+ # },
17485
+ # ],
17486
+ # cells: [
17487
+ # {
17488
+ # column: 1,
17489
+ # row: 1,
17490
+ # column_name: "NonEmptyString",
17491
+ # cell_reference: "NonEmptyString",
17492
+ # },
17493
+ # ],
17494
+ # },
17495
+ # },
17496
+ # ],
17497
+ # total_count: 1,
17498
+ # },
17499
+ # },
17500
+ # }
17501
+ #
17502
+ # @!attribute [rw] detailed_results_location
17503
+ # The path to the folder or file that contains the sensitive data.
17504
+ # @return [String]
17505
+ #
17506
+ # @!attribute [rw] result
17507
+ # The details about the sensitive data that was detected on the
17508
+ # resource.
17509
+ # @return [Types::ClassificationResult]
17510
+ #
17511
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DataClassificationDetails AWS API Documentation
17512
+ #
17513
+ class DataClassificationDetails < Struct.new(
17514
+ :detailed_results_location,
17515
+ :result)
17516
+ SENSITIVE = []
17517
+ include Aws::Structure
17518
+ end
17519
+
15301
17520
  # A date filter for querying findings.
15302
17521
  #
15303
17522
  # @note When making an API call, you may pass DateFilter
@@ -15658,6 +17877,7 @@ module Aws::SecurityHub
15658
17877
  # {
15659
17878
  # next_token: "NextToken",
15660
17879
  # max_results: 1,
17880
+ # product_arn: "NonEmptyString",
15661
17881
  # }
15662
17882
  #
15663
17883
  # @!attribute [rw] next_token
@@ -15674,11 +17894,16 @@ module Aws::SecurityHub
15674
17894
  # The maximum number of results to return.
15675
17895
  # @return [Integer]
15676
17896
  #
17897
+ # @!attribute [rw] product_arn
17898
+ # The ARN of the integration to return.
17899
+ # @return [String]
17900
+ #
15677
17901
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeProductsRequest AWS API Documentation
15678
17902
  #
15679
17903
  class DescribeProductsRequest < Struct.new(
15680
17904
  :next_token,
15681
- :max_results)
17905
+ :max_results,
17906
+ :product_arn)
15682
17907
  SENSITIVE = []
15683
17908
  include Aws::Structure
15684
17909
  end
@@ -15895,6 +18120,40 @@ module Aws::SecurityHub
15895
18120
  #
15896
18121
  class DisassociateMembersResponse < Aws::EmptyStructure; end
15897
18122
 
18123
+ # Provided if `ActionType` is `DNS_REQUEST`. It provides details about
18124
+ # the DNS request that was detected.
18125
+ #
18126
+ # @note When making an API call, you may pass DnsRequestAction
18127
+ # data as a hash:
18128
+ #
18129
+ # {
18130
+ # domain: "NonEmptyString",
18131
+ # protocol: "NonEmptyString",
18132
+ # blocked: false,
18133
+ # }
18134
+ #
18135
+ # @!attribute [rw] domain
18136
+ # The DNS domain that is associated with the DNS request.
18137
+ # @return [String]
18138
+ #
18139
+ # @!attribute [rw] protocol
18140
+ # The protocol that was used for the DNS request.
18141
+ # @return [String]
18142
+ #
18143
+ # @!attribute [rw] blocked
18144
+ # Indicates whether the DNS request was blocked.
18145
+ # @return [Boolean]
18146
+ #
18147
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DnsRequestAction AWS API Documentation
18148
+ #
18149
+ class DnsRequestAction < Struct.new(
18150
+ :domain,
18151
+ :protocol,
18152
+ :blocked)
18153
+ SENSITIVE = []
18154
+ include Aws::Structure
18155
+ end
18156
+
15898
18157
  # @note When making an API call, you may pass EnableImportFindingsForProductRequest
15899
18158
  # data as a hash:
15900
18159
  #
@@ -15947,45 +18206,169 @@ module Aws::SecurityHub
15947
18206
  include Aws::Structure
15948
18207
  end
15949
18208
 
15950
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
18209
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
18210
+ #
18211
+ class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
18212
+
18213
+ # @note When making an API call, you may pass EnableSecurityHubRequest
18214
+ # data as a hash:
18215
+ #
18216
+ # {
18217
+ # tags: {
18218
+ # "TagKey" => "TagValue",
18219
+ # },
18220
+ # enable_default_standards: false,
18221
+ # }
18222
+ #
18223
+ # @!attribute [rw] tags
18224
+ # The tags to add to the hub resource when you enable Security Hub.
18225
+ # @return [Hash<String,String>]
18226
+ #
18227
+ # @!attribute [rw] enable_default_standards
18228
+ # Whether to enable the security standards that Security Hub has
18229
+ # designated as automatically enabled. If you do not provide a value
18230
+ # for `EnableDefaultStandards`, it is set to `true`. To not enable the
18231
+ # automatically enabled standards, set `EnableDefaultStandards` to
18232
+ # `false`.
18233
+ # @return [Boolean]
18234
+ #
18235
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
18236
+ #
18237
+ class EnableSecurityHubRequest < Struct.new(
18238
+ :tags,
18239
+ :enable_default_standards)
18240
+ SENSITIVE = []
18241
+ include Aws::Structure
18242
+ end
18243
+
18244
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation
18245
+ #
18246
+ class EnableSecurityHubResponse < Aws::EmptyStructure; end
18247
+
18248
+ # In a `BatchImportFindings` request, finding providers use
18249
+ # `FindingProviderFields` to provide and update values for confidence,
18250
+ # criticality, related findings, severity, and types.
18251
+ #
18252
+ # @note When making an API call, you may pass FindingProviderFields
18253
+ # data as a hash:
18254
+ #
18255
+ # {
18256
+ # confidence: 1,
18257
+ # criticality: 1,
18258
+ # related_findings: [
18259
+ # {
18260
+ # product_arn: "NonEmptyString", # required
18261
+ # id: "NonEmptyString", # required
18262
+ # },
18263
+ # ],
18264
+ # severity: {
18265
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
18266
+ # original: "NonEmptyString",
18267
+ # },
18268
+ # types: ["NonEmptyString"],
18269
+ # }
18270
+ #
18271
+ # @!attribute [rw] confidence
18272
+ # A finding's confidence. Confidence is defined as the likelihood
18273
+ # that a finding accurately identifies the behavior or issue that it
18274
+ # was intended to identify.
18275
+ #
18276
+ # Confidence is scored on a 0-100 basis using a ratio scale, where 0
18277
+ # means zero percent confidence and 100 means 100 percent confidence.
18278
+ # @return [Integer]
18279
+ #
18280
+ # @!attribute [rw] criticality
18281
+ # The level of importance assigned to the resources associated with
18282
+ # the finding.
18283
+ #
18284
+ # A score of 0 means that the underlying resources have no
18285
+ # criticality, and a score of 100 is reserved for the most critical
18286
+ # resources.
18287
+ # @return [Integer]
18288
+ #
18289
+ # @!attribute [rw] related_findings
18290
+ # A list of findings that are related to the current finding.
18291
+ # @return [Array<Types::RelatedFinding>]
18292
+ #
18293
+ # @!attribute [rw] severity
18294
+ # The severity of a finding.
18295
+ # @return [Types::FindingProviderSeverity]
18296
+ #
18297
+ # @!attribute [rw] types
18298
+ # One or more finding types in the format of
18299
+ # `namespace/category/classifier` that classify a finding.
18300
+ #
18301
+ # Valid namespace values are: Software and Configuration Checks \|
18302
+ # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
18303
+ # Identifications
18304
+ # @return [Array<String>]
18305
+ #
18306
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderFields AWS API Documentation
18307
+ #
18308
+ class FindingProviderFields < Struct.new(
18309
+ :confidence,
18310
+ :criticality,
18311
+ :related_findings,
18312
+ :severity,
18313
+ :types)
18314
+ SENSITIVE = []
18315
+ include Aws::Structure
18316
+ end
18317
+
18318
+ # The severity assigned to the finding by the finding provider.
18319
+ #
18320
+ # @note When making an API call, you may pass FindingProviderSeverity
18321
+ # data as a hash:
18322
+ #
18323
+ # {
18324
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
18325
+ # original: "NonEmptyString",
18326
+ # }
18327
+ #
18328
+ # @!attribute [rw] label
18329
+ # The severity label assigned to the finding by the finding provider.
18330
+ # @return [String]
18331
+ #
18332
+ # @!attribute [rw] original
18333
+ # The finding provider's original value for the severity.
18334
+ # @return [String]
18335
+ #
18336
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderSeverity AWS API Documentation
18337
+ #
18338
+ class FindingProviderSeverity < Struct.new(
18339
+ :label,
18340
+ :original)
18341
+ SENSITIVE = []
18342
+ include Aws::Structure
18343
+ end
18344
+
18345
+ # Provides the latitude and longitude coordinates of a location.
15951
18346
  #
15952
- class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
15953
-
15954
- # @note When making an API call, you may pass EnableSecurityHubRequest
18347
+ # @note When making an API call, you may pass GeoLocation
15955
18348
  # data as a hash:
15956
18349
  #
15957
18350
  # {
15958
- # tags: {
15959
- # "TagKey" => "TagValue",
15960
- # },
15961
- # enable_default_standards: false,
18351
+ # lon: 1.0,
18352
+ # lat: 1.0,
15962
18353
  # }
15963
18354
  #
15964
- # @!attribute [rw] tags
15965
- # The tags to add to the hub resource when you enable Security Hub.
15966
- # @return [Hash<String,String>]
18355
+ # @!attribute [rw] lon
18356
+ # The longitude of the location.
18357
+ # @return [Float]
15967
18358
  #
15968
- # @!attribute [rw] enable_default_standards
15969
- # Whether to enable the security standards that Security Hub has
15970
- # designated as automatically enabled. If you do not provide a value
15971
- # for `EnableDefaultStandards`, it is set to `true`. To not enable the
15972
- # automatically enabled standards, set `EnableDefaultStandards` to
15973
- # `false`.
15974
- # @return [Boolean]
18359
+ # @!attribute [rw] lat
18360
+ # The latitude of the location.
18361
+ # @return [Float]
15975
18362
  #
15976
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
18363
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GeoLocation AWS API Documentation
15977
18364
  #
15978
- class EnableSecurityHubRequest < Struct.new(
15979
- :tags,
15980
- :enable_default_standards)
18365
+ class GeoLocation < Struct.new(
18366
+ :lon,
18367
+ :lat)
15981
18368
  SENSITIVE = []
15982
18369
  include Aws::Structure
15983
18370
  end
15984
18371
 
15985
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation
15986
- #
15987
- class EnableSecurityHubResponse < Aws::EmptyStructure; end
15988
-
15989
18372
  # @note When making an API call, you may pass GetEnabledStandardsRequest
15990
18373
  # data as a hash:
15991
18374
  #
@@ -16600,6 +18983,50 @@ module Aws::SecurityHub
16600
18983
  # value: "NonEmptyString",
16601
18984
  # },
16602
18985
  # ],
18986
+ # finding_provider_fields_confidence: [
18987
+ # {
18988
+ # gte: 1.0,
18989
+ # lte: 1.0,
18990
+ # eq: 1.0,
18991
+ # },
18992
+ # ],
18993
+ # finding_provider_fields_criticality: [
18994
+ # {
18995
+ # gte: 1.0,
18996
+ # lte: 1.0,
18997
+ # eq: 1.0,
18998
+ # },
18999
+ # ],
19000
+ # finding_provider_fields_related_findings_id: [
19001
+ # {
19002
+ # value: "NonEmptyString",
19003
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19004
+ # },
19005
+ # ],
19006
+ # finding_provider_fields_related_findings_product_arn: [
19007
+ # {
19008
+ # value: "NonEmptyString",
19009
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19010
+ # },
19011
+ # ],
19012
+ # finding_provider_fields_severity_label: [
19013
+ # {
19014
+ # value: "NonEmptyString",
19015
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19016
+ # },
19017
+ # ],
19018
+ # finding_provider_fields_severity_original: [
19019
+ # {
19020
+ # value: "NonEmptyString",
19021
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19022
+ # },
19023
+ # ],
19024
+ # finding_provider_fields_types: [
19025
+ # {
19026
+ # value: "NonEmptyString",
19027
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19028
+ # },
19029
+ # ],
16603
19030
  # },
16604
19031
  # sort_criteria: [
16605
19032
  # {
@@ -17080,6 +19507,45 @@ module Aws::SecurityHub
17080
19507
  include Aws::Structure
17081
19508
  end
17082
19509
 
19510
+ # Provides information about an internet provider.
19511
+ #
19512
+ # @note When making an API call, you may pass IpOrganizationDetails
19513
+ # data as a hash:
19514
+ #
19515
+ # {
19516
+ # asn: 1,
19517
+ # asn_org: "NonEmptyString",
19518
+ # isp: "NonEmptyString",
19519
+ # org: "NonEmptyString",
19520
+ # }
19521
+ #
19522
+ # @!attribute [rw] asn
19523
+ # The Autonomous System Number (ASN) of the internet provider
19524
+ # @return [Integer]
19525
+ #
19526
+ # @!attribute [rw] asn_org
19527
+ # The name of the organization that registered the ASN.
19528
+ # @return [String]
19529
+ #
19530
+ # @!attribute [rw] isp
19531
+ # The ISP information for the internet provider.
19532
+ # @return [String]
19533
+ #
19534
+ # @!attribute [rw] org
19535
+ # The name of the internet provider.
19536
+ # @return [String]
19537
+ #
19538
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IpOrganizationDetails AWS API Documentation
19539
+ #
19540
+ class IpOrganizationDetails < Struct.new(
19541
+ :asn,
19542
+ :asn_org,
19543
+ :isp,
19544
+ :org)
19545
+ SENSITIVE = []
19546
+ include Aws::Structure
19547
+ end
19548
+
17083
19549
  # An IPV6 CIDR block association.
17084
19550
  #
17085
19551
  # @note When making an API call, you may pass Ipv6CidrBlockAssociation
@@ -17681,6 +20147,84 @@ module Aws::SecurityHub
17681
20147
  include Aws::Structure
17682
20148
  end
17683
20149
 
20150
+ # Provided if `ActionType` is `NETWORK_CONNECTION`. It provides details
20151
+ # about the attempted network connection that was detected.
20152
+ #
20153
+ # @note When making an API call, you may pass NetworkConnectionAction
20154
+ # data as a hash:
20155
+ #
20156
+ # {
20157
+ # connection_direction: "NonEmptyString",
20158
+ # remote_ip_details: {
20159
+ # ip_address_v4: "NonEmptyString",
20160
+ # organization: {
20161
+ # asn: 1,
20162
+ # asn_org: "NonEmptyString",
20163
+ # isp: "NonEmptyString",
20164
+ # org: "NonEmptyString",
20165
+ # },
20166
+ # country: {
20167
+ # country_code: "NonEmptyString",
20168
+ # country_name: "NonEmptyString",
20169
+ # },
20170
+ # city: {
20171
+ # city_name: "NonEmptyString",
20172
+ # },
20173
+ # geo_location: {
20174
+ # lon: 1.0,
20175
+ # lat: 1.0,
20176
+ # },
20177
+ # },
20178
+ # remote_port_details: {
20179
+ # port: 1,
20180
+ # port_name: "NonEmptyString",
20181
+ # },
20182
+ # local_port_details: {
20183
+ # port: 1,
20184
+ # port_name: "NonEmptyString",
20185
+ # },
20186
+ # protocol: "NonEmptyString",
20187
+ # blocked: false,
20188
+ # }
20189
+ #
20190
+ # @!attribute [rw] connection_direction
20191
+ # The direction of the network connection request (`IN` or `OUT`).
20192
+ # @return [String]
20193
+ #
20194
+ # @!attribute [rw] remote_ip_details
20195
+ # Information about the remote IP address that issued the network
20196
+ # connection request.
20197
+ # @return [Types::ActionRemoteIpDetails]
20198
+ #
20199
+ # @!attribute [rw] remote_port_details
20200
+ # Information about the port on the remote IP address.
20201
+ # @return [Types::ActionRemotePortDetails]
20202
+ #
20203
+ # @!attribute [rw] local_port_details
20204
+ # Information about the port on the EC2 instance.
20205
+ # @return [Types::ActionLocalPortDetails]
20206
+ #
20207
+ # @!attribute [rw] protocol
20208
+ # The protocol used to make the network connection request.
20209
+ # @return [String]
20210
+ #
20211
+ # @!attribute [rw] blocked
20212
+ # Indicates whether the network connection attempt was blocked.
20213
+ # @return [Boolean]
20214
+ #
20215
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkConnectionAction AWS API Documentation
20216
+ #
20217
+ class NetworkConnectionAction < Struct.new(
20218
+ :connection_direction,
20219
+ :remote_ip_details,
20220
+ :remote_port_details,
20221
+ :local_port_details,
20222
+ :protocol,
20223
+ :blocked)
20224
+ SENSITIVE = []
20225
+ include Aws::Structure
20226
+ end
20227
+
17684
20228
  # Details about a network path component that occurs before or after the
17685
20229
  # current component.
17686
20230
  #
@@ -17949,6 +20493,139 @@ module Aws::SecurityHub
17949
20493
  include Aws::Structure
17950
20494
  end
17951
20495
 
20496
+ # The detected occurrences of sensitive data.
20497
+ #
20498
+ # @note When making an API call, you may pass Occurrences
20499
+ # data as a hash:
20500
+ #
20501
+ # {
20502
+ # line_ranges: [
20503
+ # {
20504
+ # start: 1,
20505
+ # end: 1,
20506
+ # start_column: 1,
20507
+ # },
20508
+ # ],
20509
+ # offset_ranges: [
20510
+ # {
20511
+ # start: 1,
20512
+ # end: 1,
20513
+ # start_column: 1,
20514
+ # },
20515
+ # ],
20516
+ # pages: [
20517
+ # {
20518
+ # page_number: 1,
20519
+ # line_range: {
20520
+ # start: 1,
20521
+ # end: 1,
20522
+ # start_column: 1,
20523
+ # },
20524
+ # offset_range: {
20525
+ # start: 1,
20526
+ # end: 1,
20527
+ # start_column: 1,
20528
+ # },
20529
+ # },
20530
+ # ],
20531
+ # records: [
20532
+ # {
20533
+ # json_path: "NonEmptyString",
20534
+ # record_index: 1,
20535
+ # },
20536
+ # ],
20537
+ # cells: [
20538
+ # {
20539
+ # column: 1,
20540
+ # row: 1,
20541
+ # column_name: "NonEmptyString",
20542
+ # cell_reference: "NonEmptyString",
20543
+ # },
20544
+ # ],
20545
+ # }
20546
+ #
20547
+ # @!attribute [rw] line_ranges
20548
+ # Occurrences of sensitive data detected in a non-binary text file or
20549
+ # a Microsoft Word file. Non-binary text files include files such as
20550
+ # HTML, XML, JSON, and TXT files.
20551
+ # @return [Array<Types::Range>]
20552
+ #
20553
+ # @!attribute [rw] offset_ranges
20554
+ # Occurrences of sensitive data detected in a binary text file.
20555
+ # @return [Array<Types::Range>]
20556
+ #
20557
+ # @!attribute [rw] pages
20558
+ # Occurrences of sensitive data in an Adobe Portable Document Format
20559
+ # (PDF) file.
20560
+ # @return [Array<Types::Page>]
20561
+ #
20562
+ # @!attribute [rw] records
20563
+ # Occurrences of sensitive data in an Apache Avro object container or
20564
+ # an Apache Parquet file.
20565
+ # @return [Array<Types::Record>]
20566
+ #
20567
+ # @!attribute [rw] cells
20568
+ # Occurrences of sensitive data detected in Microsoft Excel workbooks,
20569
+ # comma-separated value (CSV) files, or tab-separated value (TSV)
20570
+ # files.
20571
+ # @return [Array<Types::Cell>]
20572
+ #
20573
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Occurrences AWS API Documentation
20574
+ #
20575
+ class Occurrences < Struct.new(
20576
+ :line_ranges,
20577
+ :offset_ranges,
20578
+ :pages,
20579
+ :records,
20580
+ :cells)
20581
+ SENSITIVE = []
20582
+ include Aws::Structure
20583
+ end
20584
+
20585
+ # An occurrence of sensitive data in an Adobe Portable Document Format
20586
+ # (PDF) file.
20587
+ #
20588
+ # @note When making an API call, you may pass Page
20589
+ # data as a hash:
20590
+ #
20591
+ # {
20592
+ # page_number: 1,
20593
+ # line_range: {
20594
+ # start: 1,
20595
+ # end: 1,
20596
+ # start_column: 1,
20597
+ # },
20598
+ # offset_range: {
20599
+ # start: 1,
20600
+ # end: 1,
20601
+ # start_column: 1,
20602
+ # },
20603
+ # }
20604
+ #
20605
+ # @!attribute [rw] page_number
20606
+ # The page number of the page that contains the sensitive data.
20607
+ # @return [Integer]
20608
+ #
20609
+ # @!attribute [rw] line_range
20610
+ # An occurrence of sensitive data detected in a non-binary text file
20611
+ # or a Microsoft Word file. Non-binary text files include files such
20612
+ # as HTML, XML, JSON, and TXT files.
20613
+ # @return [Types::Range]
20614
+ #
20615
+ # @!attribute [rw] offset_range
20616
+ # An occurrence of sensitive data detected in a binary text file.
20617
+ # @return [Types::Range]
20618
+ #
20619
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Page AWS API Documentation
20620
+ #
20621
+ class Page < Struct.new(
20622
+ :page_number,
20623
+ :line_range,
20624
+ :offset_range)
20625
+ SENSITIVE = []
20626
+ include Aws::Structure
20627
+ end
20628
+
17952
20629
  # Provides an overview of the patch compliance status for an instance
17953
20630
  # against a selected compliance standard.
17954
20631
  #
@@ -18056,6 +20733,126 @@ module Aws::SecurityHub
18056
20733
  include Aws::Structure
18057
20734
  end
18058
20735
 
20736
+ # Provided if `ActionType` is `PORT_PROBE`. It provides details about
20737
+ # the attempted port probe that was detected.
20738
+ #
20739
+ # @note When making an API call, you may pass PortProbeAction
20740
+ # data as a hash:
20741
+ #
20742
+ # {
20743
+ # port_probe_details: [
20744
+ # {
20745
+ # local_port_details: {
20746
+ # port: 1,
20747
+ # port_name: "NonEmptyString",
20748
+ # },
20749
+ # local_ip_details: {
20750
+ # ip_address_v4: "NonEmptyString",
20751
+ # },
20752
+ # remote_ip_details: {
20753
+ # ip_address_v4: "NonEmptyString",
20754
+ # organization: {
20755
+ # asn: 1,
20756
+ # asn_org: "NonEmptyString",
20757
+ # isp: "NonEmptyString",
20758
+ # org: "NonEmptyString",
20759
+ # },
20760
+ # country: {
20761
+ # country_code: "NonEmptyString",
20762
+ # country_name: "NonEmptyString",
20763
+ # },
20764
+ # city: {
20765
+ # city_name: "NonEmptyString",
20766
+ # },
20767
+ # geo_location: {
20768
+ # lon: 1.0,
20769
+ # lat: 1.0,
20770
+ # },
20771
+ # },
20772
+ # },
20773
+ # ],
20774
+ # blocked: false,
20775
+ # }
20776
+ #
20777
+ # @!attribute [rw] port_probe_details
20778
+ # Information about the ports affected by the port probe.
20779
+ # @return [Array<Types::PortProbeDetail>]
20780
+ #
20781
+ # @!attribute [rw] blocked
20782
+ # Indicates whether the port probe was blocked.
20783
+ # @return [Boolean]
20784
+ #
20785
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeAction AWS API Documentation
20786
+ #
20787
+ class PortProbeAction < Struct.new(
20788
+ :port_probe_details,
20789
+ :blocked)
20790
+ SENSITIVE = []
20791
+ include Aws::Structure
20792
+ end
20793
+
20794
+ # A port scan that was part of the port probe. For each scan,
20795
+ # PortProbeDetails provides information about the local IP address and
20796
+ # port that were scanned, and the remote IP address that the scan
20797
+ # originated from.
20798
+ #
20799
+ # @note When making an API call, you may pass PortProbeDetail
20800
+ # data as a hash:
20801
+ #
20802
+ # {
20803
+ # local_port_details: {
20804
+ # port: 1,
20805
+ # port_name: "NonEmptyString",
20806
+ # },
20807
+ # local_ip_details: {
20808
+ # ip_address_v4: "NonEmptyString",
20809
+ # },
20810
+ # remote_ip_details: {
20811
+ # ip_address_v4: "NonEmptyString",
20812
+ # organization: {
20813
+ # asn: 1,
20814
+ # asn_org: "NonEmptyString",
20815
+ # isp: "NonEmptyString",
20816
+ # org: "NonEmptyString",
20817
+ # },
20818
+ # country: {
20819
+ # country_code: "NonEmptyString",
20820
+ # country_name: "NonEmptyString",
20821
+ # },
20822
+ # city: {
20823
+ # city_name: "NonEmptyString",
20824
+ # },
20825
+ # geo_location: {
20826
+ # lon: 1.0,
20827
+ # lat: 1.0,
20828
+ # },
20829
+ # },
20830
+ # }
20831
+ #
20832
+ # @!attribute [rw] local_port_details
20833
+ # Provides information about the port that was scanned.
20834
+ # @return [Types::ActionLocalPortDetails]
20835
+ #
20836
+ # @!attribute [rw] local_ip_details
20837
+ # Provides information about the IP address where the scanned port is
20838
+ # located.
20839
+ # @return [Types::ActionLocalIpDetails]
20840
+ #
20841
+ # @!attribute [rw] remote_ip_details
20842
+ # Provides information about the remote IP address that performed the
20843
+ # scan.
20844
+ # @return [Types::ActionRemoteIpDetails]
20845
+ #
20846
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeDetail AWS API Documentation
20847
+ #
20848
+ class PortProbeDetail < Struct.new(
20849
+ :local_port_details,
20850
+ :local_ip_details,
20851
+ :remote_ip_details)
20852
+ SENSITIVE = []
20853
+ include Aws::Structure
20854
+ end
20855
+
18059
20856
  # A range of ports.
18060
20857
  #
18061
20858
  # @note When making an API call, you may pass PortRange
@@ -18212,6 +21009,44 @@ module Aws::SecurityHub
18212
21009
  include Aws::Structure
18213
21010
  end
18214
21011
 
21012
+ # Identifies where the sensitive data begins and ends.
21013
+ #
21014
+ # @note When making an API call, you may pass Range
21015
+ # data as a hash:
21016
+ #
21017
+ # {
21018
+ # start: 1,
21019
+ # end: 1,
21020
+ # start_column: 1,
21021
+ # }
21022
+ #
21023
+ # @!attribute [rw] start
21024
+ # The number of lines (for a line range) or characters (for an offset
21025
+ # range) from the beginning of the file to the end of the sensitive
21026
+ # data.
21027
+ # @return [Integer]
21028
+ #
21029
+ # @!attribute [rw] end
21030
+ # The number of lines (for a line range) or characters (for an offset
21031
+ # range) from the beginning of the file to the end of the sensitive
21032
+ # data.
21033
+ # @return [Integer]
21034
+ #
21035
+ # @!attribute [rw] start_column
21036
+ # In the line where the sensitive data starts, the column within the
21037
+ # line where the sensitive data starts.
21038
+ # @return [Integer]
21039
+ #
21040
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Range AWS API Documentation
21041
+ #
21042
+ class Range < Struct.new(
21043
+ :start,
21044
+ :end,
21045
+ :start_column)
21046
+ SENSITIVE = []
21047
+ include Aws::Structure
21048
+ end
21049
+
18215
21050
  # A recommendation on how to remediate the issue identified in a
18216
21051
  # finding.
18217
21052
  #
@@ -18242,6 +21077,38 @@ module Aws::SecurityHub
18242
21077
  include Aws::Structure
18243
21078
  end
18244
21079
 
21080
+ # An occurrence of sensitive data in an Apache Avro object container or
21081
+ # an Apache Parquet file.
21082
+ #
21083
+ # @note When making an API call, you may pass Record
21084
+ # data as a hash:
21085
+ #
21086
+ # {
21087
+ # json_path: "NonEmptyString",
21088
+ # record_index: 1,
21089
+ # }
21090
+ #
21091
+ # @!attribute [rw] json_path
21092
+ # The path, as a JSONPath expression, to the field in the record that
21093
+ # contains the data. If the field name is longer than 20 characters,
21094
+ # it is truncated. If the path is longer than 250 characters, it is
21095
+ # truncated.
21096
+ # @return [String]
21097
+ #
21098
+ # @!attribute [rw] record_index
21099
+ # The record index, starting from 0, for the record that contains the
21100
+ # data.
21101
+ # @return [Integer]
21102
+ #
21103
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Record AWS API Documentation
21104
+ #
21105
+ class Record < Struct.new(
21106
+ :json_path,
21107
+ :record_index)
21108
+ SENSITIVE = []
21109
+ include Aws::Structure
21110
+ end
21111
+
18245
21112
  # Details about a related finding.
18246
21113
  #
18247
21114
  # @note When making an API call, you may pass RelatedFinding
@@ -18308,6 +21175,130 @@ module Aws::SecurityHub
18308
21175
  # tags: {
18309
21176
  # "NonEmptyString" => "NonEmptyString",
18310
21177
  # },
21178
+ # data_classification: {
21179
+ # detailed_results_location: "NonEmptyString",
21180
+ # result: {
21181
+ # mime_type: "NonEmptyString",
21182
+ # size_classified: 1,
21183
+ # additional_occurrences: false,
21184
+ # status: {
21185
+ # code: "NonEmptyString",
21186
+ # reason: "NonEmptyString",
21187
+ # },
21188
+ # sensitive_data: [
21189
+ # {
21190
+ # category: "NonEmptyString",
21191
+ # detections: [
21192
+ # {
21193
+ # count: 1,
21194
+ # type: "NonEmptyString",
21195
+ # occurrences: {
21196
+ # line_ranges: [
21197
+ # {
21198
+ # start: 1,
21199
+ # end: 1,
21200
+ # start_column: 1,
21201
+ # },
21202
+ # ],
21203
+ # offset_ranges: [
21204
+ # {
21205
+ # start: 1,
21206
+ # end: 1,
21207
+ # start_column: 1,
21208
+ # },
21209
+ # ],
21210
+ # pages: [
21211
+ # {
21212
+ # page_number: 1,
21213
+ # line_range: {
21214
+ # start: 1,
21215
+ # end: 1,
21216
+ # start_column: 1,
21217
+ # },
21218
+ # offset_range: {
21219
+ # start: 1,
21220
+ # end: 1,
21221
+ # start_column: 1,
21222
+ # },
21223
+ # },
21224
+ # ],
21225
+ # records: [
21226
+ # {
21227
+ # json_path: "NonEmptyString",
21228
+ # record_index: 1,
21229
+ # },
21230
+ # ],
21231
+ # cells: [
21232
+ # {
21233
+ # column: 1,
21234
+ # row: 1,
21235
+ # column_name: "NonEmptyString",
21236
+ # cell_reference: "NonEmptyString",
21237
+ # },
21238
+ # ],
21239
+ # },
21240
+ # },
21241
+ # ],
21242
+ # total_count: 1,
21243
+ # },
21244
+ # ],
21245
+ # custom_data_identifiers: {
21246
+ # detections: [
21247
+ # {
21248
+ # count: 1,
21249
+ # arn: "NonEmptyString",
21250
+ # name: "NonEmptyString",
21251
+ # occurrences: {
21252
+ # line_ranges: [
21253
+ # {
21254
+ # start: 1,
21255
+ # end: 1,
21256
+ # start_column: 1,
21257
+ # },
21258
+ # ],
21259
+ # offset_ranges: [
21260
+ # {
21261
+ # start: 1,
21262
+ # end: 1,
21263
+ # start_column: 1,
21264
+ # },
21265
+ # ],
21266
+ # pages: [
21267
+ # {
21268
+ # page_number: 1,
21269
+ # line_range: {
21270
+ # start: 1,
21271
+ # end: 1,
21272
+ # start_column: 1,
21273
+ # },
21274
+ # offset_range: {
21275
+ # start: 1,
21276
+ # end: 1,
21277
+ # start_column: 1,
21278
+ # },
21279
+ # },
21280
+ # ],
21281
+ # records: [
21282
+ # {
21283
+ # json_path: "NonEmptyString",
21284
+ # record_index: 1,
21285
+ # },
21286
+ # ],
21287
+ # cells: [
21288
+ # {
21289
+ # column: 1,
21290
+ # row: 1,
21291
+ # column_name: "NonEmptyString",
21292
+ # cell_reference: "NonEmptyString",
21293
+ # },
21294
+ # ],
21295
+ # },
21296
+ # },
21297
+ # ],
21298
+ # total_count: 1,
21299
+ # },
21300
+ # },
21301
+ # },
18311
21302
  # details: {
18312
21303
  # aws_auto_scaling_auto_scaling_group: {
18313
21304
  # launch_configuration_name: "NonEmptyString",
@@ -18418,6 +21409,19 @@ module Aws::SecurityHub
18418
21409
  # },
18419
21410
  # ],
18420
21411
  # source_dest_check: false,
21412
+ # ip_v6_addresses: [
21413
+ # {
21414
+ # ip_v6_address: "NonEmptyString",
21415
+ # },
21416
+ # ],
21417
+ # private_ip_addresses: [
21418
+ # {
21419
+ # private_ip_address: "NonEmptyString",
21420
+ # private_dns_name: "NonEmptyString",
21421
+ # },
21422
+ # ],
21423
+ # public_dns_name: "NonEmptyString",
21424
+ # public_ip: "NonEmptyString",
18421
21425
  # },
18422
21426
  # aws_ec2_security_group: {
18423
21427
  # group_name: "NonEmptyString",
@@ -18596,6 +21600,18 @@ module Aws::SecurityHub
18596
21600
  # },
18597
21601
  # ],
18598
21602
  # },
21603
+ # public_access_block_configuration: {
21604
+ # block_public_acls: false,
21605
+ # block_public_policy: false,
21606
+ # ignore_public_acls: false,
21607
+ # restrict_public_buckets: false,
21608
+ # },
21609
+ # },
21610
+ # aws_s3_account_public_access_block: {
21611
+ # block_public_acls: false,
21612
+ # block_public_policy: false,
21613
+ # ignore_public_acls: false,
21614
+ # restrict_public_buckets: false,
18599
21615
  # },
18600
21616
  # aws_s3_object: {
18601
21617
  # last_modified: "NonEmptyString",
@@ -18918,6 +21934,30 @@ module Aws::SecurityHub
18918
21934
  # sns_topic_name: "NonEmptyString",
18919
21935
  # trail_arn: "NonEmptyString",
18920
21936
  # },
21937
+ # aws_ssm_patch_compliance: {
21938
+ # patch: {
21939
+ # compliance_summary: {
21940
+ # status: "NonEmptyString",
21941
+ # compliant_critical_count: 1,
21942
+ # compliant_high_count: 1,
21943
+ # compliant_medium_count: 1,
21944
+ # execution_type: "NonEmptyString",
21945
+ # non_compliant_critical_count: 1,
21946
+ # compliant_informational_count: 1,
21947
+ # non_compliant_informational_count: 1,
21948
+ # compliant_unspecified_count: 1,
21949
+ # non_compliant_low_count: 1,
21950
+ # non_compliant_high_count: 1,
21951
+ # compliant_low_count: 1,
21952
+ # compliance_type: "NonEmptyString",
21953
+ # patch_baseline_id: "NonEmptyString",
21954
+ # overall_severity: "NonEmptyString",
21955
+ # non_compliant_medium_count: 1,
21956
+ # non_compliant_unspecified_count: 1,
21957
+ # patch_group: "NonEmptyString",
21958
+ # },
21959
+ # },
21960
+ # },
18921
21961
  # aws_certificate_manager_certificate: {
18922
21962
  # certificate_authority_arn: "NonEmptyString",
18923
21963
  # created_at: "NonEmptyString",
@@ -19648,6 +22688,8 @@ module Aws::SecurityHub
19648
22688
  # @return [String]
19649
22689
  #
19650
22690
  # @!attribute [rw] resource_role
22691
+ # Identifies the role of the resource in the finding. A resource is
22692
+ # either the actor or target of the finding activity,
19651
22693
  # @return [String]
19652
22694
  #
19653
22695
  # @!attribute [rw] tags
@@ -19655,6 +22697,11 @@ module Aws::SecurityHub
19655
22697
  # finding was processed.
19656
22698
  # @return [Hash<String,String>]
19657
22699
  #
22700
+ # @!attribute [rw] data_classification
22701
+ # Contains information about sensitive data that was detected on the
22702
+ # resource.
22703
+ # @return [Types::DataClassificationDetails]
22704
+ #
19658
22705
  # @!attribute [rw] details
19659
22706
  # Additional details about the resource related to a finding.
19660
22707
  # @return [Types::ResourceDetails]
@@ -19668,6 +22715,7 @@ module Aws::SecurityHub
19668
22715
  :region,
19669
22716
  :resource_role,
19670
22717
  :tags,
22718
+ :data_classification,
19671
22719
  :details)
19672
22720
  SENSITIVE = []
19673
22721
  include Aws::Structure
@@ -19817,6 +22865,19 @@ module Aws::SecurityHub
19817
22865
  # },
19818
22866
  # ],
19819
22867
  # source_dest_check: false,
22868
+ # ip_v6_addresses: [
22869
+ # {
22870
+ # ip_v6_address: "NonEmptyString",
22871
+ # },
22872
+ # ],
22873
+ # private_ip_addresses: [
22874
+ # {
22875
+ # private_ip_address: "NonEmptyString",
22876
+ # private_dns_name: "NonEmptyString",
22877
+ # },
22878
+ # ],
22879
+ # public_dns_name: "NonEmptyString",
22880
+ # public_ip: "NonEmptyString",
19820
22881
  # },
19821
22882
  # aws_ec2_security_group: {
19822
22883
  # group_name: "NonEmptyString",
@@ -19995,6 +23056,18 @@ module Aws::SecurityHub
19995
23056
  # },
19996
23057
  # ],
19997
23058
  # },
23059
+ # public_access_block_configuration: {
23060
+ # block_public_acls: false,
23061
+ # block_public_policy: false,
23062
+ # ignore_public_acls: false,
23063
+ # restrict_public_buckets: false,
23064
+ # },
23065
+ # },
23066
+ # aws_s3_account_public_access_block: {
23067
+ # block_public_acls: false,
23068
+ # block_public_policy: false,
23069
+ # ignore_public_acls: false,
23070
+ # restrict_public_buckets: false,
19998
23071
  # },
19999
23072
  # aws_s3_object: {
20000
23073
  # last_modified: "NonEmptyString",
@@ -20317,6 +23390,30 @@ module Aws::SecurityHub
20317
23390
  # sns_topic_name: "NonEmptyString",
20318
23391
  # trail_arn: "NonEmptyString",
20319
23392
  # },
23393
+ # aws_ssm_patch_compliance: {
23394
+ # patch: {
23395
+ # compliance_summary: {
23396
+ # status: "NonEmptyString",
23397
+ # compliant_critical_count: 1,
23398
+ # compliant_high_count: 1,
23399
+ # compliant_medium_count: 1,
23400
+ # execution_type: "NonEmptyString",
23401
+ # non_compliant_critical_count: 1,
23402
+ # compliant_informational_count: 1,
23403
+ # non_compliant_informational_count: 1,
23404
+ # compliant_unspecified_count: 1,
23405
+ # non_compliant_low_count: 1,
23406
+ # non_compliant_high_count: 1,
23407
+ # compliant_low_count: 1,
23408
+ # compliance_type: "NonEmptyString",
23409
+ # patch_baseline_id: "NonEmptyString",
23410
+ # overall_severity: "NonEmptyString",
23411
+ # non_compliant_medium_count: 1,
23412
+ # non_compliant_unspecified_count: 1,
23413
+ # patch_group: "NonEmptyString",
23414
+ # },
23415
+ # },
23416
+ # },
20320
23417
  # aws_certificate_manager_certificate: {
20321
23418
  # certificate_authority_arn: "NonEmptyString",
20322
23419
  # created_at: "NonEmptyString",
@@ -21070,6 +24167,11 @@ module Aws::SecurityHub
21070
24167
  # Details about an Amazon S3 bucket related to a finding.
21071
24168
  # @return [Types::AwsS3BucketDetails]
21072
24169
  #
24170
+ # @!attribute [rw] aws_s3_account_public_access_block
24171
+ # Details about the Amazon S3 Public Access Block configuration for an
24172
+ # account.
24173
+ # @return [Types::AwsS3AccountPublicAccessBlockDetails]
24174
+ #
21073
24175
  # @!attribute [rw] aws_s3_object
21074
24176
  # Details about an Amazon S3 object related to a finding.
21075
24177
  # @return [Types::AwsS3ObjectDetails]
@@ -21091,9 +24193,11 @@ module Aws::SecurityHub
21091
24193
  # @return [Types::AwsIamPolicyDetails]
21092
24194
  #
21093
24195
  # @!attribute [rw] aws_api_gateway_v2_stage
24196
+ # Provides information about a version 2 stage for Amazon API Gateway.
21094
24197
  # @return [Types::AwsApiGatewayV2StageDetails]
21095
24198
  #
21096
24199
  # @!attribute [rw] aws_api_gateway_v2_api
24200
+ # Provides information about a version 2 API in Amazon API Gateway.
21097
24201
  # @return [Types::AwsApiGatewayV2ApiDetails]
21098
24202
  #
21099
24203
  # @!attribute [rw] aws_dynamo_db_table
@@ -21101,24 +24205,37 @@ module Aws::SecurityHub
21101
24205
  # @return [Types::AwsDynamoDbTableDetails]
21102
24206
  #
21103
24207
  # @!attribute [rw] aws_api_gateway_stage
24208
+ # Provides information about a version 1 Amazon API Gateway stage.
21104
24209
  # @return [Types::AwsApiGatewayStageDetails]
21105
24210
  #
21106
24211
  # @!attribute [rw] aws_api_gateway_rest_api
24212
+ # Provides information about a REST API in version 1 of Amazon API
24213
+ # Gateway.
21107
24214
  # @return [Types::AwsApiGatewayRestApiDetails]
21108
24215
  #
21109
24216
  # @!attribute [rw] aws_cloud_trail_trail
24217
+ # Provides details about a CloudTrail trail.
21110
24218
  # @return [Types::AwsCloudTrailTrailDetails]
21111
24219
  #
24220
+ # @!attribute [rw] aws_ssm_patch_compliance
24221
+ # Provides information about the state of a patch on an instance based
24222
+ # on the patch baseline that was used to patch the instance.
24223
+ # @return [Types::AwsSsmPatchComplianceDetails]
24224
+ #
21112
24225
  # @!attribute [rw] aws_certificate_manager_certificate
24226
+ # Provides details about an AWS Certificate Manager (ACM) certificate.
21113
24227
  # @return [Types::AwsCertificateManagerCertificateDetails]
21114
24228
  #
21115
24229
  # @!attribute [rw] aws_redshift_cluster
24230
+ # Contains details about an Amazon Redshift cluster.
21116
24231
  # @return [Types::AwsRedshiftClusterDetails]
21117
24232
  #
21118
24233
  # @!attribute [rw] aws_elb_load_balancer
24234
+ # contains details about a Classic Load Balancer.
21119
24235
  # @return [Types::AwsElbLoadBalancerDetails]
21120
24236
  #
21121
24237
  # @!attribute [rw] aws_iam_group
24238
+ # Contains details about an IAM group.
21122
24239
  # @return [Types::AwsIamGroupDetails]
21123
24240
  #
21124
24241
  # @!attribute [rw] aws_iam_role
@@ -21198,6 +24315,7 @@ module Aws::SecurityHub
21198
24315
  :aws_elbv_2_load_balancer,
21199
24316
  :aws_elasticsearch_domain,
21200
24317
  :aws_s3_bucket,
24318
+ :aws_s3_account_public_access_block,
21201
24319
  :aws_s3_object,
21202
24320
  :aws_secrets_manager_secret,
21203
24321
  :aws_iam_access_key,
@@ -21209,6 +24327,7 @@ module Aws::SecurityHub
21209
24327
  :aws_api_gateway_stage,
21210
24328
  :aws_api_gateway_rest_api,
21211
24329
  :aws_cloud_trail_trail,
24330
+ :aws_ssm_patch_compliance,
21212
24331
  :aws_certificate_manager_certificate,
21213
24332
  :aws_redshift_cluster,
21214
24333
  :aws_elb_load_balancer,
@@ -21267,6 +24386,171 @@ module Aws::SecurityHub
21267
24386
  include Aws::Structure
21268
24387
  end
21269
24388
 
24389
+ # The list of detected instances of sensitive data.
24390
+ #
24391
+ # @note When making an API call, you may pass SensitiveDataDetections
24392
+ # data as a hash:
24393
+ #
24394
+ # {
24395
+ # count: 1,
24396
+ # type: "NonEmptyString",
24397
+ # occurrences: {
24398
+ # line_ranges: [
24399
+ # {
24400
+ # start: 1,
24401
+ # end: 1,
24402
+ # start_column: 1,
24403
+ # },
24404
+ # ],
24405
+ # offset_ranges: [
24406
+ # {
24407
+ # start: 1,
24408
+ # end: 1,
24409
+ # start_column: 1,
24410
+ # },
24411
+ # ],
24412
+ # pages: [
24413
+ # {
24414
+ # page_number: 1,
24415
+ # line_range: {
24416
+ # start: 1,
24417
+ # end: 1,
24418
+ # start_column: 1,
24419
+ # },
24420
+ # offset_range: {
24421
+ # start: 1,
24422
+ # end: 1,
24423
+ # start_column: 1,
24424
+ # },
24425
+ # },
24426
+ # ],
24427
+ # records: [
24428
+ # {
24429
+ # json_path: "NonEmptyString",
24430
+ # record_index: 1,
24431
+ # },
24432
+ # ],
24433
+ # cells: [
24434
+ # {
24435
+ # column: 1,
24436
+ # row: 1,
24437
+ # column_name: "NonEmptyString",
24438
+ # cell_reference: "NonEmptyString",
24439
+ # },
24440
+ # ],
24441
+ # },
24442
+ # }
24443
+ #
24444
+ # @!attribute [rw] count
24445
+ # The total number of occurrences of sensitive data that were
24446
+ # detected.
24447
+ # @return [Integer]
24448
+ #
24449
+ # @!attribute [rw] type
24450
+ # The type of sensitive data that was detected. For example, the type
24451
+ # might indicate that the data is an email address.
24452
+ # @return [String]
24453
+ #
24454
+ # @!attribute [rw] occurrences
24455
+ # Details about the sensitive data that was detected.
24456
+ # @return [Types::Occurrences]
24457
+ #
24458
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataDetections AWS API Documentation
24459
+ #
24460
+ class SensitiveDataDetections < Struct.new(
24461
+ :count,
24462
+ :type,
24463
+ :occurrences)
24464
+ SENSITIVE = []
24465
+ include Aws::Structure
24466
+ end
24467
+
24468
+ # Contains a detected instance of sensitive data that are based on
24469
+ # built-in identifiers.
24470
+ #
24471
+ # @note When making an API call, you may pass SensitiveDataResult
24472
+ # data as a hash:
24473
+ #
24474
+ # {
24475
+ # category: "NonEmptyString",
24476
+ # detections: [
24477
+ # {
24478
+ # count: 1,
24479
+ # type: "NonEmptyString",
24480
+ # occurrences: {
24481
+ # line_ranges: [
24482
+ # {
24483
+ # start: 1,
24484
+ # end: 1,
24485
+ # start_column: 1,
24486
+ # },
24487
+ # ],
24488
+ # offset_ranges: [
24489
+ # {
24490
+ # start: 1,
24491
+ # end: 1,
24492
+ # start_column: 1,
24493
+ # },
24494
+ # ],
24495
+ # pages: [
24496
+ # {
24497
+ # page_number: 1,
24498
+ # line_range: {
24499
+ # start: 1,
24500
+ # end: 1,
24501
+ # start_column: 1,
24502
+ # },
24503
+ # offset_range: {
24504
+ # start: 1,
24505
+ # end: 1,
24506
+ # start_column: 1,
24507
+ # },
24508
+ # },
24509
+ # ],
24510
+ # records: [
24511
+ # {
24512
+ # json_path: "NonEmptyString",
24513
+ # record_index: 1,
24514
+ # },
24515
+ # ],
24516
+ # cells: [
24517
+ # {
24518
+ # column: 1,
24519
+ # row: 1,
24520
+ # column_name: "NonEmptyString",
24521
+ # cell_reference: "NonEmptyString",
24522
+ # },
24523
+ # ],
24524
+ # },
24525
+ # },
24526
+ # ],
24527
+ # total_count: 1,
24528
+ # }
24529
+ #
24530
+ # @!attribute [rw] category
24531
+ # The category of sensitive data that was detected. For example, the
24532
+ # category can indicate that the sensitive data involved credentials,
24533
+ # financial information, or personal information.
24534
+ # @return [String]
24535
+ #
24536
+ # @!attribute [rw] detections
24537
+ # The list of detected instances of sensitive data.
24538
+ # @return [Array<Types::SensitiveDataDetections>]
24539
+ #
24540
+ # @!attribute [rw] total_count
24541
+ # The total number of occurrences of sensitive data.
24542
+ # @return [Integer]
24543
+ #
24544
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataResult AWS API Documentation
24545
+ #
24546
+ class SensitiveDataResult < Struct.new(
24547
+ :category,
24548
+ :detections,
24549
+ :total_count)
24550
+ SENSITIVE = []
24551
+ include Aws::Structure
24552
+ end
24553
+
21270
24554
  # The severity of the finding.
21271
24555
  #
21272
24556
  # The finding provider can provide the initial severity. The finding
@@ -21613,7 +24897,20 @@ module Aws::SecurityHub
21613
24897
  # @return [Hash<String,String>]
21614
24898
  #
21615
24899
  # @!attribute [rw] standards_status
21616
- # The status of the standards subscription.
24900
+ # The status of the standard subscription.
24901
+ #
24902
+ # The status values are as follows:
24903
+ #
24904
+ # * `PENDING` - Standard is in the process of being enabled.
24905
+ #
24906
+ # * `READY` - Standard is enabled.
24907
+ #
24908
+ # * `INCOMPLETE` - Standard could not be enabled completely. Some
24909
+ # controls may not be available.
24910
+ #
24911
+ # * `DELETING` - Standard is in the process of being disabled.
24912
+ #
24913
+ # * `FAILED` - Standard could not be disabled.
21617
24914
  # @return [String]
21618
24915
  #
21619
24916
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
@@ -22502,6 +25799,50 @@ module Aws::SecurityHub
22502
25799
  # value: "NonEmptyString",
22503
25800
  # },
22504
25801
  # ],
25802
+ # finding_provider_fields_confidence: [
25803
+ # {
25804
+ # gte: 1.0,
25805
+ # lte: 1.0,
25806
+ # eq: 1.0,
25807
+ # },
25808
+ # ],
25809
+ # finding_provider_fields_criticality: [
25810
+ # {
25811
+ # gte: 1.0,
25812
+ # lte: 1.0,
25813
+ # eq: 1.0,
25814
+ # },
25815
+ # ],
25816
+ # finding_provider_fields_related_findings_id: [
25817
+ # {
25818
+ # value: "NonEmptyString",
25819
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25820
+ # },
25821
+ # ],
25822
+ # finding_provider_fields_related_findings_product_arn: [
25823
+ # {
25824
+ # value: "NonEmptyString",
25825
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25826
+ # },
25827
+ # ],
25828
+ # finding_provider_fields_severity_label: [
25829
+ # {
25830
+ # value: "NonEmptyString",
25831
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25832
+ # },
25833
+ # ],
25834
+ # finding_provider_fields_severity_original: [
25835
+ # {
25836
+ # value: "NonEmptyString",
25837
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25838
+ # },
25839
+ # ],
25840
+ # finding_provider_fields_types: [
25841
+ # {
25842
+ # value: "NonEmptyString",
25843
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
25844
+ # },
25845
+ # ],
22505
25846
  # },
22506
25847
  # note: {
22507
25848
  # text: "NonEmptyString", # required
@@ -23097,6 +26438,50 @@ module Aws::SecurityHub
23097
26438
  # value: "NonEmptyString",
23098
26439
  # },
23099
26440
  # ],
26441
+ # finding_provider_fields_confidence: [
26442
+ # {
26443
+ # gte: 1.0,
26444
+ # lte: 1.0,
26445
+ # eq: 1.0,
26446
+ # },
26447
+ # ],
26448
+ # finding_provider_fields_criticality: [
26449
+ # {
26450
+ # gte: 1.0,
26451
+ # lte: 1.0,
26452
+ # eq: 1.0,
26453
+ # },
26454
+ # ],
26455
+ # finding_provider_fields_related_findings_id: [
26456
+ # {
26457
+ # value: "NonEmptyString",
26458
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26459
+ # },
26460
+ # ],
26461
+ # finding_provider_fields_related_findings_product_arn: [
26462
+ # {
26463
+ # value: "NonEmptyString",
26464
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26465
+ # },
26466
+ # ],
26467
+ # finding_provider_fields_severity_label: [
26468
+ # {
26469
+ # value: "NonEmptyString",
26470
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26471
+ # },
26472
+ # ],
26473
+ # finding_provider_fields_severity_original: [
26474
+ # {
26475
+ # value: "NonEmptyString",
26476
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26477
+ # },
26478
+ # ],
26479
+ # finding_provider_fields_types: [
26480
+ # {
26481
+ # value: "NonEmptyString",
26482
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26483
+ # },
26484
+ # ],
23100
26485
  # },
23101
26486
  # group_by_attribute: "NonEmptyString",
23102
26487
  # }
@@ -23457,6 +26842,14 @@ module Aws::SecurityHub
23457
26842
  #
23458
26843
  # * `NEW` - The initial state of a finding, before it is reviewed.
23459
26844
  #
26845
+ # Security Hub also resets the workflow status from `NOTIFIED` or
26846
+ # `RESOLVED` to `NEW` in the following cases:
26847
+ #
26848
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
26849
+ #
26850
+ # * `ComplianceStatus` changes from `PASSED` to either `WARNING`,
26851
+ # `FAILED`, or `NOT_AVAILABLE`.
26852
+ #
23460
26853
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23461
26854
  # the security issue. Used when the initial reviewer is not the
23462
26855
  # resource owner, and needs intervention from the resource owner.
@@ -23491,6 +26884,14 @@ module Aws::SecurityHub
23491
26884
  #
23492
26885
  # * `NEW` - The initial state of a finding, before it is reviewed.
23493
26886
  #
26887
+ # Security Hub also resets `WorkFlowStatus` from `NOTIFIED` or
26888
+ # `RESOLVED` to `NEW` in the following cases:
26889
+ #
26890
+ # * The record state changes from `ARCHIVED` to `ACTIVE`.
26891
+ #
26892
+ # * The compliance status changes from `PASSED` to either `WARNING`,
26893
+ # `FAILED`, or `NOT_AVAILABLE`.
26894
+ #
23494
26895
  # * `NOTIFIED` - Indicates that you notified the resource owner about
23495
26896
  # the security issue. Used when the initial reviewer is not the
23496
26897
  # resource owner, and needs intervention from the resource owner.