aws-sdk-securityhub 1.40.0 → 1.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,13 +3,44 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
10
  module Aws::SecurityHub
11
11
  module Types
12
12
 
13
+ # @note When making an API call, you may pass AcceptAdministratorInvitationRequest
14
+ # data as a hash:
15
+ #
16
+ # {
17
+ # administrator_id: "NonEmptyString", # required
18
+ # invitation_id: "NonEmptyString", # required
19
+ # }
20
+ #
21
+ # @!attribute [rw] administrator_id
22
+ # The account ID of the Security Hub administrator account that sent
23
+ # the invitation.
24
+ # @return [String]
25
+ #
26
+ # @!attribute [rw] invitation_id
27
+ # The identifier of the invitation sent from the Security Hub
28
+ # administrator account.
29
+ # @return [String]
30
+ #
31
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptAdministratorInvitationRequest AWS API Documentation
32
+ #
33
+ class AcceptAdministratorInvitationRequest < Struct.new(
34
+ :administrator_id,
35
+ :invitation_id)
36
+ SENSITIVE = []
37
+ include Aws::Structure
38
+ end
39
+
40
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptAdministratorInvitationResponse AWS API Documentation
41
+ #
42
+ class AcceptAdministratorInvitationResponse < Aws::EmptyStructure; end
43
+
13
44
  # @note When making an API call, you may pass AcceptInvitationRequest
14
45
  # data as a hash:
15
46
  #
@@ -19,12 +50,13 @@ module Aws::SecurityHub
19
50
  # }
20
51
  #
21
52
  # @!attribute [rw] master_id
22
- # The account ID of the Security Hub master account that sent the
23
- # invitation.
53
+ # The account ID of the Security Hub administrator account that sent
54
+ # the invitation.
24
55
  # @return [String]
25
56
  #
26
57
  # @!attribute [rw] invitation_id
27
- # The ID of the invitation sent from the Security Hub master account.
58
+ # The identifier of the invitation sent from the Security Hub
59
+ # administrator account.
28
60
  # @return [String]
29
61
  #
30
62
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptInvitationRequest AWS API Documentation
@@ -798,7 +830,7 @@ module Aws::SecurityHub
798
830
  include Aws::Structure
799
831
  end
800
832
 
801
- # contains information about a REST API in version 1 of Amazon API
833
+ # Contains information about a REST API in version 1 of Amazon API
802
834
  # Gateway.
803
835
  #
804
836
  # @note When making an API call, you may pass AwsApiGatewayRestApiDetails
@@ -3817,6 +3849,189 @@ module Aws::SecurityHub
3817
3849
  include Aws::Structure
3818
3850
  end
3819
3851
 
3852
+ # An association between the network ACL and a subnet.
3853
+ #
3854
+ # @note When making an API call, you may pass AwsEc2NetworkAclAssociation
3855
+ # data as a hash:
3856
+ #
3857
+ # {
3858
+ # network_acl_association_id: "NonEmptyString",
3859
+ # network_acl_id: "NonEmptyString",
3860
+ # subnet_id: "NonEmptyString",
3861
+ # }
3862
+ #
3863
+ # @!attribute [rw] network_acl_association_id
3864
+ # The identifier of the association between the network ACL and the
3865
+ # subnet.
3866
+ # @return [String]
3867
+ #
3868
+ # @!attribute [rw] network_acl_id
3869
+ # The identifier of the network ACL.
3870
+ # @return [String]
3871
+ #
3872
+ # @!attribute [rw] subnet_id
3873
+ # The identifier of the subnet that is associated with the network
3874
+ # ACL.
3875
+ # @return [String]
3876
+ #
3877
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkAclAssociation AWS API Documentation
3878
+ #
3879
+ class AwsEc2NetworkAclAssociation < Struct.new(
3880
+ :network_acl_association_id,
3881
+ :network_acl_id,
3882
+ :subnet_id)
3883
+ SENSITIVE = []
3884
+ include Aws::Structure
3885
+ end
3886
+
3887
+ # Contains details about an EC2 network access control list (ACL).
3888
+ #
3889
+ # @note When making an API call, you may pass AwsEc2NetworkAclDetails
3890
+ # data as a hash:
3891
+ #
3892
+ # {
3893
+ # is_default: false,
3894
+ # network_acl_id: "NonEmptyString",
3895
+ # owner_id: "NonEmptyString",
3896
+ # vpc_id: "NonEmptyString",
3897
+ # associations: [
3898
+ # {
3899
+ # network_acl_association_id: "NonEmptyString",
3900
+ # network_acl_id: "NonEmptyString",
3901
+ # subnet_id: "NonEmptyString",
3902
+ # },
3903
+ # ],
3904
+ # entries: [
3905
+ # {
3906
+ # cidr_block: "NonEmptyString",
3907
+ # egress: false,
3908
+ # icmp_type_code: {
3909
+ # code: 1,
3910
+ # type: 1,
3911
+ # },
3912
+ # ipv_6_cidr_block: "NonEmptyString",
3913
+ # port_range: {
3914
+ # from: 1,
3915
+ # to: 1,
3916
+ # },
3917
+ # protocol: "NonEmptyString",
3918
+ # rule_action: "NonEmptyString",
3919
+ # rule_number: 1,
3920
+ # },
3921
+ # ],
3922
+ # }
3923
+ #
3924
+ # @!attribute [rw] is_default
3925
+ # Whether this is the default network ACL for the VPC.
3926
+ # @return [Boolean]
3927
+ #
3928
+ # @!attribute [rw] network_acl_id
3929
+ # The identifier of the network ACL.
3930
+ # @return [String]
3931
+ #
3932
+ # @!attribute [rw] owner_id
3933
+ # The identifier of the AWS account that owns the network ACL.
3934
+ # @return [String]
3935
+ #
3936
+ # @!attribute [rw] vpc_id
3937
+ # The identifier of the VPC for the network ACL.
3938
+ # @return [String]
3939
+ #
3940
+ # @!attribute [rw] associations
3941
+ # Associations between the network ACL and subnets.
3942
+ # @return [Array<Types::AwsEc2NetworkAclAssociation>]
3943
+ #
3944
+ # @!attribute [rw] entries
3945
+ # The set of rules in the network ACL.
3946
+ # @return [Array<Types::AwsEc2NetworkAclEntry>]
3947
+ #
3948
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkAclDetails AWS API Documentation
3949
+ #
3950
+ class AwsEc2NetworkAclDetails < Struct.new(
3951
+ :is_default,
3952
+ :network_acl_id,
3953
+ :owner_id,
3954
+ :vpc_id,
3955
+ :associations,
3956
+ :entries)
3957
+ SENSITIVE = []
3958
+ include Aws::Structure
3959
+ end
3960
+
3961
+ # A rule for the network ACL. Each rule allows or denies access based on
3962
+ # the IP address, traffic direction, port, and protocol.
3963
+ #
3964
+ # @note When making an API call, you may pass AwsEc2NetworkAclEntry
3965
+ # data as a hash:
3966
+ #
3967
+ # {
3968
+ # cidr_block: "NonEmptyString",
3969
+ # egress: false,
3970
+ # icmp_type_code: {
3971
+ # code: 1,
3972
+ # type: 1,
3973
+ # },
3974
+ # ipv_6_cidr_block: "NonEmptyString",
3975
+ # port_range: {
3976
+ # from: 1,
3977
+ # to: 1,
3978
+ # },
3979
+ # protocol: "NonEmptyString",
3980
+ # rule_action: "NonEmptyString",
3981
+ # rule_number: 1,
3982
+ # }
3983
+ #
3984
+ # @!attribute [rw] cidr_block
3985
+ # The IPV4 network range for which to deny or allow access.
3986
+ # @return [String]
3987
+ #
3988
+ # @!attribute [rw] egress
3989
+ # Whether the rule is an egress rule. An egress rule is a rule that
3990
+ # applies to traffic that leaves the subnet.
3991
+ # @return [Boolean]
3992
+ #
3993
+ # @!attribute [rw] icmp_type_code
3994
+ # The Internet Control Message Protocol (ICMP) type and code for which
3995
+ # to deny or allow access.
3996
+ # @return [Types::IcmpTypeCode]
3997
+ #
3998
+ # @!attribute [rw] ipv_6_cidr_block
3999
+ # The IPV6 network range for which to deny or allow access.
4000
+ # @return [String]
4001
+ #
4002
+ # @!attribute [rw] port_range
4003
+ # For TCP or UDP protocols, the range of ports that the rule applies
4004
+ # to.
4005
+ # @return [Types::PortRangeFromTo]
4006
+ #
4007
+ # @!attribute [rw] protocol
4008
+ # The protocol that the rule applies to. To deny or allow access to
4009
+ # all protocols, use the value -1.
4010
+ # @return [String]
4011
+ #
4012
+ # @!attribute [rw] rule_action
4013
+ # Whether the rule is used to allow access or deny access.
4014
+ # @return [String]
4015
+ #
4016
+ # @!attribute [rw] rule_number
4017
+ # The rule number. The rules are processed in order by their number.
4018
+ # @return [Integer]
4019
+ #
4020
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkAclEntry AWS API Documentation
4021
+ #
4022
+ class AwsEc2NetworkAclEntry < Struct.new(
4023
+ :cidr_block,
4024
+ :egress,
4025
+ :icmp_type_code,
4026
+ :ipv_6_cidr_block,
4027
+ :port_range,
4028
+ :protocol,
4029
+ :rule_action,
4030
+ :rule_number)
4031
+ SENSITIVE = []
4032
+ include Aws::Structure
4033
+ end
4034
+
3820
4035
  # Information about the network interface attachment.
3821
4036
  #
3822
4037
  # @note When making an API call, you may pass AwsEc2NetworkInterfaceAttachment
@@ -4386,6 +4601,107 @@ module Aws::SecurityHub
4386
4601
  include Aws::Structure
4387
4602
  end
4388
4603
 
4604
+ # Contains information about a subnet in EC2.
4605
+ #
4606
+ # @note When making an API call, you may pass AwsEc2SubnetDetails
4607
+ # data as a hash:
4608
+ #
4609
+ # {
4610
+ # assign_ipv_6_address_on_creation: false,
4611
+ # availability_zone: "NonEmptyString",
4612
+ # availability_zone_id: "NonEmptyString",
4613
+ # available_ip_address_count: 1,
4614
+ # cidr_block: "NonEmptyString",
4615
+ # default_for_az: false,
4616
+ # map_public_ip_on_launch: false,
4617
+ # owner_id: "NonEmptyString",
4618
+ # state: "NonEmptyString",
4619
+ # subnet_arn: "NonEmptyString",
4620
+ # subnet_id: "NonEmptyString",
4621
+ # vpc_id: "NonEmptyString",
4622
+ # ipv_6_cidr_block_association_set: [
4623
+ # {
4624
+ # association_id: "NonEmptyString",
4625
+ # ipv_6_cidr_block: "NonEmptyString",
4626
+ # cidr_block_state: "NonEmptyString",
4627
+ # },
4628
+ # ],
4629
+ # }
4630
+ #
4631
+ # @!attribute [rw] assign_ipv_6_address_on_creation
4632
+ # Whether to assign an IPV6 address to a network interface that is
4633
+ # created in this subnet.
4634
+ # @return [Boolean]
4635
+ #
4636
+ # @!attribute [rw] availability_zone
4637
+ # The Availability Zone for the subnet.
4638
+ # @return [String]
4639
+ #
4640
+ # @!attribute [rw] availability_zone_id
4641
+ # The identifier of the Availability Zone for the subnet.
4642
+ # @return [String]
4643
+ #
4644
+ # @!attribute [rw] available_ip_address_count
4645
+ # The number of available IPV4 addresses in the subnet. Does not
4646
+ # include addresses for stopped instances.
4647
+ # @return [Integer]
4648
+ #
4649
+ # @!attribute [rw] cidr_block
4650
+ # The IPV4 CIDR block that is assigned to the subnet.
4651
+ # @return [String]
4652
+ #
4653
+ # @!attribute [rw] default_for_az
4654
+ # Whether this subnet is the default subnet for the Availability Zone.
4655
+ # @return [Boolean]
4656
+ #
4657
+ # @!attribute [rw] map_public_ip_on_launch
4658
+ # Whether instances in this subnet receive a public IP address.
4659
+ # @return [Boolean]
4660
+ #
4661
+ # @!attribute [rw] owner_id
4662
+ # The identifier of the AWS account that owns the subnet.
4663
+ # @return [String]
4664
+ #
4665
+ # @!attribute [rw] state
4666
+ # The current state of the subnet.
4667
+ # @return [String]
4668
+ #
4669
+ # @!attribute [rw] subnet_arn
4670
+ # The ARN of the subnet.
4671
+ # @return [String]
4672
+ #
4673
+ # @!attribute [rw] subnet_id
4674
+ # The identifier of the subnet.
4675
+ # @return [String]
4676
+ #
4677
+ # @!attribute [rw] vpc_id
4678
+ # The identifier of the VPC that contains the subnet.
4679
+ # @return [String]
4680
+ #
4681
+ # @!attribute [rw] ipv_6_cidr_block_association_set
4682
+ # The IPV6 CIDR blocks that are associated with the subnet.
4683
+ # @return [Array<Types::Ipv6CidrBlockAssociation>]
4684
+ #
4685
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SubnetDetails AWS API Documentation
4686
+ #
4687
+ class AwsEc2SubnetDetails < Struct.new(
4688
+ :assign_ipv_6_address_on_creation,
4689
+ :availability_zone,
4690
+ :availability_zone_id,
4691
+ :available_ip_address_count,
4692
+ :cidr_block,
4693
+ :default_for_az,
4694
+ :map_public_ip_on_launch,
4695
+ :owner_id,
4696
+ :state,
4697
+ :subnet_arn,
4698
+ :subnet_id,
4699
+ :vpc_id,
4700
+ :ipv_6_cidr_block_association_set)
4701
+ SENSITIVE = []
4702
+ include Aws::Structure
4703
+ end
4704
+
4389
4705
  # An attachment to an AWS EC2 volume.
4390
4706
  #
4391
4707
  # @note When making an API call, you may pass AwsEc2VolumeAttachment
@@ -4553,85 +4869,316 @@ module Aws::SecurityHub
4553
4869
  include Aws::Structure
4554
4870
  end
4555
4871
 
4556
- # Information about an Elasticsearch domain.
4872
+ # Contains details about an Elastic Beanstalk environment.
4557
4873
  #
4558
- # @note When making an API call, you may pass AwsElasticsearchDomainDetails
4874
+ # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentDetails
4559
4875
  # data as a hash:
4560
4876
  #
4561
4877
  # {
4562
- # access_policies: "NonEmptyString",
4563
- # domain_endpoint_options: {
4564
- # enforce_https: false,
4565
- # tls_security_policy: "NonEmptyString",
4566
- # },
4567
- # domain_id: "NonEmptyString",
4568
- # domain_name: "NonEmptyString",
4569
- # endpoint: "NonEmptyString",
4570
- # endpoints: {
4571
- # "NonEmptyString" => "NonEmptyString",
4572
- # },
4573
- # elasticsearch_version: "NonEmptyString",
4574
- # encryption_at_rest_options: {
4575
- # enabled: false,
4576
- # kms_key_id: "NonEmptyString",
4577
- # },
4578
- # node_to_node_encryption_options: {
4579
- # enabled: false,
4580
- # },
4581
- # vpc_options: {
4582
- # availability_zones: ["NonEmptyString"],
4583
- # security_group_ids: ["NonEmptyString"],
4584
- # subnet_ids: ["NonEmptyString"],
4585
- # vpc_id: "NonEmptyString",
4878
+ # application_name: "NonEmptyString",
4879
+ # cname: "NonEmptyString",
4880
+ # date_created: "NonEmptyString",
4881
+ # date_updated: "NonEmptyString",
4882
+ # description: "NonEmptyString",
4883
+ # endpoint_url: "NonEmptyString",
4884
+ # environment_arn: "NonEmptyString",
4885
+ # environment_id: "NonEmptyString",
4886
+ # environment_links: [
4887
+ # {
4888
+ # environment_name: "NonEmptyString",
4889
+ # link_name: "NonEmptyString",
4890
+ # },
4891
+ # ],
4892
+ # environment_name: "NonEmptyString",
4893
+ # option_settings: [
4894
+ # {
4895
+ # namespace: "NonEmptyString",
4896
+ # option_name: "NonEmptyString",
4897
+ # resource_name: "NonEmptyString",
4898
+ # value: "NonEmptyString",
4899
+ # },
4900
+ # ],
4901
+ # platform_arn: "NonEmptyString",
4902
+ # solution_stack_name: "NonEmptyString",
4903
+ # status: "NonEmptyString",
4904
+ # tier: {
4905
+ # name: "NonEmptyString",
4906
+ # type: "NonEmptyString",
4907
+ # version: "NonEmptyString",
4586
4908
  # },
4909
+ # version_label: "NonEmptyString",
4587
4910
  # }
4588
4911
  #
4589
- # @!attribute [rw] access_policies
4590
- # IAM policy document specifying the access policies for the new
4591
- # Amazon ES domain.
4912
+ # @!attribute [rw] application_name
4913
+ # The name of the application that is associated with the environment.
4592
4914
  # @return [String]
4593
4915
  #
4594
- # @!attribute [rw] domain_endpoint_options
4595
- # Additional options for the domain endpoint.
4596
- # @return [Types::AwsElasticsearchDomainDomainEndpointOptions]
4916
+ # @!attribute [rw] cname
4917
+ # The URL to the CNAME for this environment.
4918
+ # @return [String]
4597
4919
  #
4598
- # @!attribute [rw] domain_id
4599
- # Unique identifier for an Amazon ES domain.
4920
+ # @!attribute [rw] date_created
4921
+ # The creation date for this environment.
4600
4922
  # @return [String]
4601
4923
  #
4602
- # @!attribute [rw] domain_name
4603
- # Name of an Amazon ES domain.
4924
+ # @!attribute [rw] date_updated
4925
+ # The date when this environment was last modified.
4926
+ # @return [String]
4604
4927
  #
4605
- # Domain names are unique across all domains owned by the same account
4606
- # within an AWS Region.
4928
+ # @!attribute [rw] description
4929
+ # A description of the environment.
4930
+ # @return [String]
4607
4931
  #
4608
- # Domain names must start with a lowercase letter and must be between
4609
- # 3 and 28 characters.
4932
+ # @!attribute [rw] endpoint_url
4933
+ # For load-balanced, autoscaling environments, the URL to the load
4934
+ # balancer. For single-instance environments, the IP address of the
4935
+ # instance.
4936
+ # @return [String]
4610
4937
  #
4611
- # Valid characters are a-z (lowercase only), 0-9, and – (hyphen).
4938
+ # @!attribute [rw] environment_arn
4939
+ # The ARN of the environment.
4612
4940
  # @return [String]
4613
4941
  #
4614
- # @!attribute [rw] endpoint
4615
- # Domain-specific endpoint used to submit index, search, and data
4616
- # upload requests to an Amazon ES domain.
4942
+ # @!attribute [rw] environment_id
4943
+ # The identifier of the environment.
4944
+ # @return [String]
4617
4945
  #
4618
- # The endpoint is a service URL.
4946
+ # @!attribute [rw] environment_links
4947
+ # Links to other environments in the same group.
4948
+ # @return [Array<Types::AwsElasticBeanstalkEnvironmentEnvironmentLink>]
4949
+ #
4950
+ # @!attribute [rw] environment_name
4951
+ # The name of the environment.
4619
4952
  # @return [String]
4620
4953
  #
4621
- # @!attribute [rw] endpoints
4622
- # The key-value pair that exists if the Amazon ES domain uses VPC
4623
- # endpoints.
4624
- # @return [Hash<String,String>]
4954
+ # @!attribute [rw] option_settings
4955
+ # The configuration setting for the environment.
4956
+ # @return [Array<Types::AwsElasticBeanstalkEnvironmentOptionSetting>]
4625
4957
  #
4626
- # @!attribute [rw] elasticsearch_version
4627
- # Elasticsearch version.
4958
+ # @!attribute [rw] platform_arn
4959
+ # The ARN of the platform version for the environment.
4628
4960
  # @return [String]
4629
4961
  #
4630
- # @!attribute [rw] encryption_at_rest_options
4631
- # Details about the configuration for encryption at rest.
4632
- # @return [Types::AwsElasticsearchDomainEncryptionAtRestOptions]
4962
+ # @!attribute [rw] solution_stack_name
4963
+ # The name of the solution stack that is deployed with the
4964
+ # environment.
4965
+ # @return [String]
4633
4966
  #
4634
- # @!attribute [rw] node_to_node_encryption_options
4967
+ # @!attribute [rw] status
4968
+ # The current operational status of the environment.
4969
+ # @return [String]
4970
+ #
4971
+ # @!attribute [rw] tier
4972
+ # The tier of the environment.
4973
+ # @return [Types::AwsElasticBeanstalkEnvironmentTier]
4974
+ #
4975
+ # @!attribute [rw] version_label
4976
+ # The application version of the environment.
4977
+ # @return [String]
4978
+ #
4979
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentDetails AWS API Documentation
4980
+ #
4981
+ class AwsElasticBeanstalkEnvironmentDetails < Struct.new(
4982
+ :application_name,
4983
+ :cname,
4984
+ :date_created,
4985
+ :date_updated,
4986
+ :description,
4987
+ :endpoint_url,
4988
+ :environment_arn,
4989
+ :environment_id,
4990
+ :environment_links,
4991
+ :environment_name,
4992
+ :option_settings,
4993
+ :platform_arn,
4994
+ :solution_stack_name,
4995
+ :status,
4996
+ :tier,
4997
+ :version_label)
4998
+ SENSITIVE = []
4999
+ include Aws::Structure
5000
+ end
5001
+
5002
+ # Contains information about a link to another environment that is in
5003
+ # the same group.
5004
+ #
5005
+ # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentEnvironmentLink
5006
+ # data as a hash:
5007
+ #
5008
+ # {
5009
+ # environment_name: "NonEmptyString",
5010
+ # link_name: "NonEmptyString",
5011
+ # }
5012
+ #
5013
+ # @!attribute [rw] environment_name
5014
+ # The name of the linked environment.
5015
+ # @return [String]
5016
+ #
5017
+ # @!attribute [rw] link_name
5018
+ # The name of the environment link.
5019
+ # @return [String]
5020
+ #
5021
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentEnvironmentLink AWS API Documentation
5022
+ #
5023
+ class AwsElasticBeanstalkEnvironmentEnvironmentLink < Struct.new(
5024
+ :environment_name,
5025
+ :link_name)
5026
+ SENSITIVE = []
5027
+ include Aws::Structure
5028
+ end
5029
+
5030
+ # A configuration option setting for the environment.
5031
+ #
5032
+ # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentOptionSetting
5033
+ # data as a hash:
5034
+ #
5035
+ # {
5036
+ # namespace: "NonEmptyString",
5037
+ # option_name: "NonEmptyString",
5038
+ # resource_name: "NonEmptyString",
5039
+ # value: "NonEmptyString",
5040
+ # }
5041
+ #
5042
+ # @!attribute [rw] namespace
5043
+ # The type of resource that the configuration option is associated
5044
+ # with.
5045
+ # @return [String]
5046
+ #
5047
+ # @!attribute [rw] option_name
5048
+ # The name of the option.
5049
+ # @return [String]
5050
+ #
5051
+ # @!attribute [rw] resource_name
5052
+ # The name of the resource.
5053
+ # @return [String]
5054
+ #
5055
+ # @!attribute [rw] value
5056
+ # The value of the configuration setting.
5057
+ # @return [String]
5058
+ #
5059
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentOptionSetting AWS API Documentation
5060
+ #
5061
+ class AwsElasticBeanstalkEnvironmentOptionSetting < Struct.new(
5062
+ :namespace,
5063
+ :option_name,
5064
+ :resource_name,
5065
+ :value)
5066
+ SENSITIVE = []
5067
+ include Aws::Structure
5068
+ end
5069
+
5070
+ # Contains information about the tier of the environment.
5071
+ #
5072
+ # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentTier
5073
+ # data as a hash:
5074
+ #
5075
+ # {
5076
+ # name: "NonEmptyString",
5077
+ # type: "NonEmptyString",
5078
+ # version: "NonEmptyString",
5079
+ # }
5080
+ #
5081
+ # @!attribute [rw] name
5082
+ # The name of the environment tier.
5083
+ # @return [String]
5084
+ #
5085
+ # @!attribute [rw] type
5086
+ # The type of environment tier.
5087
+ # @return [String]
5088
+ #
5089
+ # @!attribute [rw] version
5090
+ # The version of the environment tier.
5091
+ # @return [String]
5092
+ #
5093
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentTier AWS API Documentation
5094
+ #
5095
+ class AwsElasticBeanstalkEnvironmentTier < Struct.new(
5096
+ :name,
5097
+ :type,
5098
+ :version)
5099
+ SENSITIVE = []
5100
+ include Aws::Structure
5101
+ end
5102
+
5103
+ # Information about an Elasticsearch domain.
5104
+ #
5105
+ # @note When making an API call, you may pass AwsElasticsearchDomainDetails
5106
+ # data as a hash:
5107
+ #
5108
+ # {
5109
+ # access_policies: "NonEmptyString",
5110
+ # domain_endpoint_options: {
5111
+ # enforce_https: false,
5112
+ # tls_security_policy: "NonEmptyString",
5113
+ # },
5114
+ # domain_id: "NonEmptyString",
5115
+ # domain_name: "NonEmptyString",
5116
+ # endpoint: "NonEmptyString",
5117
+ # endpoints: {
5118
+ # "NonEmptyString" => "NonEmptyString",
5119
+ # },
5120
+ # elasticsearch_version: "NonEmptyString",
5121
+ # encryption_at_rest_options: {
5122
+ # enabled: false,
5123
+ # kms_key_id: "NonEmptyString",
5124
+ # },
5125
+ # node_to_node_encryption_options: {
5126
+ # enabled: false,
5127
+ # },
5128
+ # vpc_options: {
5129
+ # availability_zones: ["NonEmptyString"],
5130
+ # security_group_ids: ["NonEmptyString"],
5131
+ # subnet_ids: ["NonEmptyString"],
5132
+ # vpc_id: "NonEmptyString",
5133
+ # },
5134
+ # }
5135
+ #
5136
+ # @!attribute [rw] access_policies
5137
+ # IAM policy document specifying the access policies for the new
5138
+ # Amazon ES domain.
5139
+ # @return [String]
5140
+ #
5141
+ # @!attribute [rw] domain_endpoint_options
5142
+ # Additional options for the domain endpoint.
5143
+ # @return [Types::AwsElasticsearchDomainDomainEndpointOptions]
5144
+ #
5145
+ # @!attribute [rw] domain_id
5146
+ # Unique identifier for an Amazon ES domain.
5147
+ # @return [String]
5148
+ #
5149
+ # @!attribute [rw] domain_name
5150
+ # Name of an Amazon ES domain.
5151
+ #
5152
+ # Domain names are unique across all domains owned by the same account
5153
+ # within an AWS Region.
5154
+ #
5155
+ # Domain names must start with a lowercase letter and must be between
5156
+ # 3 and 28 characters.
5157
+ #
5158
+ # Valid characters are a-z (lowercase only), 0-9, and – (hyphen).
5159
+ # @return [String]
5160
+ #
5161
+ # @!attribute [rw] endpoint
5162
+ # Domain-specific endpoint used to submit index, search, and data
5163
+ # upload requests to an Amazon ES domain.
5164
+ #
5165
+ # The endpoint is a service URL.
5166
+ # @return [String]
5167
+ #
5168
+ # @!attribute [rw] endpoints
5169
+ # The key-value pair that exists if the Amazon ES domain uses VPC
5170
+ # endpoints.
5171
+ # @return [Hash<String,String>]
5172
+ #
5173
+ # @!attribute [rw] elasticsearch_version
5174
+ # Elasticsearch version.
5175
+ # @return [String]
5176
+ #
5177
+ # @!attribute [rw] encryption_at_rest_options
5178
+ # Details about the configuration for encryption at rest.
5179
+ # @return [Types::AwsElasticsearchDomainEncryptionAtRestOptions]
5180
+ #
5181
+ # @!attribute [rw] node_to_node_encryption_options
4635
5182
  # Details about the configuration for node-to-node encryption.
4636
5183
  # @return [Types::AwsElasticsearchDomainNodeToNodeEncryptionOptions]
4637
5184
  #
@@ -9765,6 +10312,51 @@ module Aws::SecurityHub
9765
10312
  include Aws::Structure
9766
10313
  end
9767
10314
 
10315
+ # provides information about the Amazon S3 Public Access Block
10316
+ # configuration for accounts.
10317
+ #
10318
+ # @note When making an API call, you may pass AwsS3AccountPublicAccessBlockDetails
10319
+ # data as a hash:
10320
+ #
10321
+ # {
10322
+ # block_public_acls: false,
10323
+ # block_public_policy: false,
10324
+ # ignore_public_acls: false,
10325
+ # restrict_public_buckets: false,
10326
+ # }
10327
+ #
10328
+ # @!attribute [rw] block_public_acls
10329
+ # Indicates whether to reject calls to update an S3 bucket if the
10330
+ # calls include a public access control list (ACL).
10331
+ # @return [Boolean]
10332
+ #
10333
+ # @!attribute [rw] block_public_policy
10334
+ # Indicates whether to reject calls to update the access policy for an
10335
+ # S3 bucket or access point if the policy allows public access.
10336
+ # @return [Boolean]
10337
+ #
10338
+ # @!attribute [rw] ignore_public_acls
10339
+ # Indicates whether Amazon S3 ignores public ACLs that are associated
10340
+ # with an S3 bucket.
10341
+ # @return [Boolean]
10342
+ #
10343
+ # @!attribute [rw] restrict_public_buckets
10344
+ # Indicates whether to restrict access to an access point or S3 bucket
10345
+ # that has a public policy to only AWS service principals and
10346
+ # authorized users within the S3 bucket owner's account.
10347
+ # @return [Boolean]
10348
+ #
10349
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3AccountPublicAccessBlockDetails AWS API Documentation
10350
+ #
10351
+ class AwsS3AccountPublicAccessBlockDetails < Struct.new(
10352
+ :block_public_acls,
10353
+ :block_public_policy,
10354
+ :ignore_public_acls,
10355
+ :restrict_public_buckets)
10356
+ SENSITIVE = []
10357
+ include Aws::Structure
10358
+ end
10359
+
9768
10360
  # The details of an Amazon S3 bucket.
9769
10361
  #
9770
10362
  # @note When making an API call, you may pass AwsS3BucketDetails
@@ -9784,6 +10376,12 @@ module Aws::SecurityHub
9784
10376
  # },
9785
10377
  # ],
9786
10378
  # },
10379
+ # public_access_block_configuration: {
10380
+ # block_public_acls: false,
10381
+ # block_public_policy: false,
10382
+ # ignore_public_acls: false,
10383
+ # restrict_public_buckets: false,
10384
+ # },
9787
10385
  # }
9788
10386
  #
9789
10387
  # @!attribute [rw] owner_id
@@ -9810,13 +10408,19 @@ module Aws::SecurityHub
9810
10408
  # The encryption rules that are applied to the S3 bucket.
9811
10409
  # @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
9812
10410
  #
10411
+ # @!attribute [rw] public_access_block_configuration
10412
+ # Provides information about the Amazon S3 Public Access Block
10413
+ # configuration for the S3 bucket.
10414
+ # @return [Types::AwsS3AccountPublicAccessBlockDetails]
10415
+ #
9813
10416
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
9814
10417
  #
9815
10418
  class AwsS3BucketDetails < Struct.new(
9816
10419
  :owner_id,
9817
10420
  :owner_name,
9818
10421
  :created_at,
9819
- :server_side_encryption_configuration)
10422
+ :server_side_encryption_configuration,
10423
+ :public_access_block_configuration)
9820
10424
  SENSITIVE = []
9821
10425
  include Aws::Structure
9822
10426
  end
@@ -10077,12 +10681,12 @@ module Aws::SecurityHub
10077
10681
  # product_arn: "NonEmptyString", # required
10078
10682
  # generator_id: "NonEmptyString", # required
10079
10683
  # aws_account_id: "NonEmptyString", # required
10080
- # types: ["NonEmptyString"], # required
10684
+ # types: ["NonEmptyString"],
10081
10685
  # first_observed_at: "NonEmptyString",
10082
10686
  # last_observed_at: "NonEmptyString",
10083
10687
  # created_at: "NonEmptyString", # required
10084
10688
  # updated_at: "NonEmptyString", # required
10085
- # severity: { # required
10689
+ # severity: {
10086
10690
  # product: 1.0,
10087
10691
  # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
10088
10692
  # normalized: 1,
@@ -10206,6 +10810,130 @@ module Aws::SecurityHub
10206
10810
  # tags: {
10207
10811
  # "NonEmptyString" => "NonEmptyString",
10208
10812
  # },
10813
+ # data_classification: {
10814
+ # detailed_results_location: "NonEmptyString",
10815
+ # result: {
10816
+ # mime_type: "NonEmptyString",
10817
+ # size_classified: 1,
10818
+ # additional_occurrences: false,
10819
+ # status: {
10820
+ # code: "NonEmptyString",
10821
+ # reason: "NonEmptyString",
10822
+ # },
10823
+ # sensitive_data: [
10824
+ # {
10825
+ # category: "NonEmptyString",
10826
+ # detections: [
10827
+ # {
10828
+ # count: 1,
10829
+ # type: "NonEmptyString",
10830
+ # occurrences: {
10831
+ # line_ranges: [
10832
+ # {
10833
+ # start: 1,
10834
+ # end: 1,
10835
+ # start_column: 1,
10836
+ # },
10837
+ # ],
10838
+ # offset_ranges: [
10839
+ # {
10840
+ # start: 1,
10841
+ # end: 1,
10842
+ # start_column: 1,
10843
+ # },
10844
+ # ],
10845
+ # pages: [
10846
+ # {
10847
+ # page_number: 1,
10848
+ # line_range: {
10849
+ # start: 1,
10850
+ # end: 1,
10851
+ # start_column: 1,
10852
+ # },
10853
+ # offset_range: {
10854
+ # start: 1,
10855
+ # end: 1,
10856
+ # start_column: 1,
10857
+ # },
10858
+ # },
10859
+ # ],
10860
+ # records: [
10861
+ # {
10862
+ # json_path: "NonEmptyString",
10863
+ # record_index: 1,
10864
+ # },
10865
+ # ],
10866
+ # cells: [
10867
+ # {
10868
+ # column: 1,
10869
+ # row: 1,
10870
+ # column_name: "NonEmptyString",
10871
+ # cell_reference: "NonEmptyString",
10872
+ # },
10873
+ # ],
10874
+ # },
10875
+ # },
10876
+ # ],
10877
+ # total_count: 1,
10878
+ # },
10879
+ # ],
10880
+ # custom_data_identifiers: {
10881
+ # detections: [
10882
+ # {
10883
+ # count: 1,
10884
+ # arn: "NonEmptyString",
10885
+ # name: "NonEmptyString",
10886
+ # occurrences: {
10887
+ # line_ranges: [
10888
+ # {
10889
+ # start: 1,
10890
+ # end: 1,
10891
+ # start_column: 1,
10892
+ # },
10893
+ # ],
10894
+ # offset_ranges: [
10895
+ # {
10896
+ # start: 1,
10897
+ # end: 1,
10898
+ # start_column: 1,
10899
+ # },
10900
+ # ],
10901
+ # pages: [
10902
+ # {
10903
+ # page_number: 1,
10904
+ # line_range: {
10905
+ # start: 1,
10906
+ # end: 1,
10907
+ # start_column: 1,
10908
+ # },
10909
+ # offset_range: {
10910
+ # start: 1,
10911
+ # end: 1,
10912
+ # start_column: 1,
10913
+ # },
10914
+ # },
10915
+ # ],
10916
+ # records: [
10917
+ # {
10918
+ # json_path: "NonEmptyString",
10919
+ # record_index: 1,
10920
+ # },
10921
+ # ],
10922
+ # cells: [
10923
+ # {
10924
+ # column: 1,
10925
+ # row: 1,
10926
+ # column_name: "NonEmptyString",
10927
+ # cell_reference: "NonEmptyString",
10928
+ # },
10929
+ # ],
10930
+ # },
10931
+ # },
10932
+ # ],
10933
+ # total_count: 1,
10934
+ # },
10935
+ # },
10936
+ # },
10209
10937
  # details: {
10210
10938
  # aws_auto_scaling_auto_scaling_group: {
10211
10939
  # launch_configuration_name: "NonEmptyString",
@@ -10446,6 +11174,58 @@ module Aws::SecurityHub
10446
11174
  # network_interface_owner_id: "NonEmptyString",
10447
11175
  # private_ip_address: "NonEmptyString",
10448
11176
  # },
11177
+ # aws_ec2_subnet: {
11178
+ # assign_ipv_6_address_on_creation: false,
11179
+ # availability_zone: "NonEmptyString",
11180
+ # availability_zone_id: "NonEmptyString",
11181
+ # available_ip_address_count: 1,
11182
+ # cidr_block: "NonEmptyString",
11183
+ # default_for_az: false,
11184
+ # map_public_ip_on_launch: false,
11185
+ # owner_id: "NonEmptyString",
11186
+ # state: "NonEmptyString",
11187
+ # subnet_arn: "NonEmptyString",
11188
+ # subnet_id: "NonEmptyString",
11189
+ # vpc_id: "NonEmptyString",
11190
+ # ipv_6_cidr_block_association_set: [
11191
+ # {
11192
+ # association_id: "NonEmptyString",
11193
+ # ipv_6_cidr_block: "NonEmptyString",
11194
+ # cidr_block_state: "NonEmptyString",
11195
+ # },
11196
+ # ],
11197
+ # },
11198
+ # aws_ec2_network_acl: {
11199
+ # is_default: false,
11200
+ # network_acl_id: "NonEmptyString",
11201
+ # owner_id: "NonEmptyString",
11202
+ # vpc_id: "NonEmptyString",
11203
+ # associations: [
11204
+ # {
11205
+ # network_acl_association_id: "NonEmptyString",
11206
+ # network_acl_id: "NonEmptyString",
11207
+ # subnet_id: "NonEmptyString",
11208
+ # },
11209
+ # ],
11210
+ # entries: [
11211
+ # {
11212
+ # cidr_block: "NonEmptyString",
11213
+ # egress: false,
11214
+ # icmp_type_code: {
11215
+ # code: 1,
11216
+ # type: 1,
11217
+ # },
11218
+ # ipv_6_cidr_block: "NonEmptyString",
11219
+ # port_range: {
11220
+ # from: 1,
11221
+ # to: 1,
11222
+ # },
11223
+ # protocol: "NonEmptyString",
11224
+ # rule_action: "NonEmptyString",
11225
+ # rule_number: 1,
11226
+ # },
11227
+ # ],
11228
+ # },
10449
11229
  # aws_elbv_2_load_balancer: {
10450
11230
  # availability_zones: [
10451
11231
  # {
@@ -10466,12 +11246,46 @@ module Aws::SecurityHub
10466
11246
  # type: "NonEmptyString",
10467
11247
  # vpc_id: "NonEmptyString",
10468
11248
  # },
10469
- # aws_elasticsearch_domain: {
10470
- # access_policies: "NonEmptyString",
10471
- # domain_endpoint_options: {
10472
- # enforce_https: false,
10473
- # tls_security_policy: "NonEmptyString",
10474
- # },
11249
+ # aws_elastic_beanstalk_environment: {
11250
+ # application_name: "NonEmptyString",
11251
+ # cname: "NonEmptyString",
11252
+ # date_created: "NonEmptyString",
11253
+ # date_updated: "NonEmptyString",
11254
+ # description: "NonEmptyString",
11255
+ # endpoint_url: "NonEmptyString",
11256
+ # environment_arn: "NonEmptyString",
11257
+ # environment_id: "NonEmptyString",
11258
+ # environment_links: [
11259
+ # {
11260
+ # environment_name: "NonEmptyString",
11261
+ # link_name: "NonEmptyString",
11262
+ # },
11263
+ # ],
11264
+ # environment_name: "NonEmptyString",
11265
+ # option_settings: [
11266
+ # {
11267
+ # namespace: "NonEmptyString",
11268
+ # option_name: "NonEmptyString",
11269
+ # resource_name: "NonEmptyString",
11270
+ # value: "NonEmptyString",
11271
+ # },
11272
+ # ],
11273
+ # platform_arn: "NonEmptyString",
11274
+ # solution_stack_name: "NonEmptyString",
11275
+ # status: "NonEmptyString",
11276
+ # tier: {
11277
+ # name: "NonEmptyString",
11278
+ # type: "NonEmptyString",
11279
+ # version: "NonEmptyString",
11280
+ # },
11281
+ # version_label: "NonEmptyString",
11282
+ # },
11283
+ # aws_elasticsearch_domain: {
11284
+ # access_policies: "NonEmptyString",
11285
+ # domain_endpoint_options: {
11286
+ # enforce_https: false,
11287
+ # tls_security_policy: "NonEmptyString",
11288
+ # },
10475
11289
  # domain_id: "NonEmptyString",
10476
11290
  # domain_name: "NonEmptyString",
10477
11291
  # endpoint: "NonEmptyString",
@@ -10507,6 +11321,18 @@ module Aws::SecurityHub
10507
11321
  # },
10508
11322
  # ],
10509
11323
  # },
11324
+ # public_access_block_configuration: {
11325
+ # block_public_acls: false,
11326
+ # block_public_policy: false,
11327
+ # ignore_public_acls: false,
11328
+ # restrict_public_buckets: false,
11329
+ # },
11330
+ # },
11331
+ # aws_s3_account_public_access_block: {
11332
+ # block_public_acls: false,
11333
+ # block_public_policy: false,
11334
+ # ignore_public_acls: false,
11335
+ # restrict_public_buckets: false,
10510
11336
  # },
10511
11337
  # aws_s3_object: {
10512
11338
  # last_modified: "NonEmptyString",
@@ -11737,6 +12563,21 @@ module Aws::SecurityHub
11737
12563
  # blocked: false,
11738
12564
  # },
11739
12565
  # },
12566
+ # finding_provider_fields: {
12567
+ # confidence: 1,
12568
+ # criticality: 1,
12569
+ # related_findings: [
12570
+ # {
12571
+ # product_arn: "NonEmptyString", # required
12572
+ # id: "NonEmptyString", # required
12573
+ # },
12574
+ # ],
12575
+ # severity: {
12576
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
12577
+ # original: "NonEmptyString",
12578
+ # },
12579
+ # types: ["NonEmptyString"],
12580
+ # },
11740
12581
  # }
11741
12582
  #
11742
12583
  # @!attribute [rw] schema_version
@@ -11957,6 +12798,12 @@ module Aws::SecurityHub
11957
12798
  # resource.
11958
12799
  # @return [Types::Action]
11959
12800
  #
12801
+ # @!attribute [rw] finding_provider_fields
12802
+ # In a `BatchImportFindings` request, finding providers use
12803
+ # `FindingProviderFields` to provide and update their own values for
12804
+ # confidence, criticality, related findings, severity, and types.
12805
+ # @return [Types::FindingProviderFields]
12806
+ #
11960
12807
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
11961
12808
  #
11962
12809
  class AwsSecurityFinding < Struct.new(
@@ -11994,7 +12841,8 @@ module Aws::SecurityHub
11994
12841
  :note,
11995
12842
  :vulnerabilities,
11996
12843
  :patch_summary,
11997
- :action)
12844
+ :action,
12845
+ :finding_provider_fields)
11998
12846
  SENSITIVE = []
11999
12847
  include Aws::Structure
12000
12848
  end
@@ -12563,6 +13411,50 @@ module Aws::SecurityHub
12563
13411
  # value: "NonEmptyString",
12564
13412
  # },
12565
13413
  # ],
13414
+ # finding_provider_fields_confidence: [
13415
+ # {
13416
+ # gte: 1.0,
13417
+ # lte: 1.0,
13418
+ # eq: 1.0,
13419
+ # },
13420
+ # ],
13421
+ # finding_provider_fields_criticality: [
13422
+ # {
13423
+ # gte: 1.0,
13424
+ # lte: 1.0,
13425
+ # eq: 1.0,
13426
+ # },
13427
+ # ],
13428
+ # finding_provider_fields_related_findings_id: [
13429
+ # {
13430
+ # value: "NonEmptyString",
13431
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
13432
+ # },
13433
+ # ],
13434
+ # finding_provider_fields_related_findings_product_arn: [
13435
+ # {
13436
+ # value: "NonEmptyString",
13437
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
13438
+ # },
13439
+ # ],
13440
+ # finding_provider_fields_severity_label: [
13441
+ # {
13442
+ # value: "NonEmptyString",
13443
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
13444
+ # },
13445
+ # ],
13446
+ # finding_provider_fields_severity_original: [
13447
+ # {
13448
+ # value: "NonEmptyString",
13449
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
13450
+ # },
13451
+ # ],
13452
+ # finding_provider_fields_types: [
13453
+ # {
13454
+ # value: "NonEmptyString",
13455
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
13456
+ # },
13457
+ # ],
12566
13458
  # }
12567
13459
  #
12568
13460
  # @!attribute [rw] product_arn
@@ -12970,6 +13862,52 @@ module Aws::SecurityHub
12970
13862
  # A keyword for a finding.
12971
13863
  # @return [Array<Types::KeywordFilter>]
12972
13864
  #
13865
+ # @!attribute [rw] finding_provider_fields_confidence
13866
+ # The finding provider value for the finding confidence. Confidence is
13867
+ # defined as the likelihood that a finding accurately identifies the
13868
+ # behavior or issue that it was intended to identify.
13869
+ #
13870
+ # Confidence is scored on a 0-100 basis using a ratio scale, where 0
13871
+ # means zero percent confidence and 100 means 100 percent confidence.
13872
+ # @return [Array<Types::NumberFilter>]
13873
+ #
13874
+ # @!attribute [rw] finding_provider_fields_criticality
13875
+ # The finding provider value for the level of importance assigned to
13876
+ # the resources associated with the findings.
13877
+ #
13878
+ # A score of 0 means that the underlying resources have no
13879
+ # criticality, and a score of 100 is reserved for the most critical
13880
+ # resources.
13881
+ # @return [Array<Types::NumberFilter>]
13882
+ #
13883
+ # @!attribute [rw] finding_provider_fields_related_findings_id
13884
+ # The finding identifier of a related finding that is identified by
13885
+ # the finding provider.
13886
+ # @return [Array<Types::StringFilter>]
13887
+ #
13888
+ # @!attribute [rw] finding_provider_fields_related_findings_product_arn
13889
+ # The ARN of the solution that generated a related finding that is
13890
+ # identified by the finding provider.
13891
+ # @return [Array<Types::StringFilter>]
13892
+ #
13893
+ # @!attribute [rw] finding_provider_fields_severity_label
13894
+ # The finding provider value for the severity label.
13895
+ # @return [Array<Types::StringFilter>]
13896
+ #
13897
+ # @!attribute [rw] finding_provider_fields_severity_original
13898
+ # The finding provider's original value for the severity.
13899
+ # @return [Array<Types::StringFilter>]
13900
+ #
13901
+ # @!attribute [rw] finding_provider_fields_types
13902
+ # One or more finding types that the finding provider assigned to the
13903
+ # finding. Uses the format of `namespace/category/classifier` that
13904
+ # classify a finding.
13905
+ #
13906
+ # Valid namespace values are: Software and Configuration Checks \|
13907
+ # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
13908
+ # Identifications
13909
+ # @return [Array<Types::StringFilter>]
13910
+ #
12973
13911
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
12974
13912
  #
12975
13913
  class AwsSecurityFindingFilters < Struct.new(
@@ -13056,7 +13994,14 @@ module Aws::SecurityHub
13056
13994
  :note_text,
13057
13995
  :note_updated_at,
13058
13996
  :note_updated_by,
13059
- :keyword)
13997
+ :keyword,
13998
+ :finding_provider_fields_confidence,
13999
+ :finding_provider_fields_criticality,
14000
+ :finding_provider_fields_related_findings_id,
14001
+ :finding_provider_fields_related_findings_product_arn,
14002
+ :finding_provider_fields_severity_label,
14003
+ :finding_provider_fields_severity_original,
14004
+ :finding_provider_fields_types)
13060
14005
  SENSITIVE = []
13061
14006
  include Aws::Structure
13062
14007
  end
@@ -13662,12 +14607,12 @@ module Aws::SecurityHub
13662
14607
  # product_arn: "NonEmptyString", # required
13663
14608
  # generator_id: "NonEmptyString", # required
13664
14609
  # aws_account_id: "NonEmptyString", # required
13665
- # types: ["NonEmptyString"], # required
14610
+ # types: ["NonEmptyString"],
13666
14611
  # first_observed_at: "NonEmptyString",
13667
14612
  # last_observed_at: "NonEmptyString",
13668
14613
  # created_at: "NonEmptyString", # required
13669
14614
  # updated_at: "NonEmptyString", # required
13670
- # severity: { # required
14615
+ # severity: {
13671
14616
  # product: 1.0,
13672
14617
  # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
13673
14618
  # normalized: 1,
@@ -13791,6 +14736,130 @@ module Aws::SecurityHub
13791
14736
  # tags: {
13792
14737
  # "NonEmptyString" => "NonEmptyString",
13793
14738
  # },
14739
+ # data_classification: {
14740
+ # detailed_results_location: "NonEmptyString",
14741
+ # result: {
14742
+ # mime_type: "NonEmptyString",
14743
+ # size_classified: 1,
14744
+ # additional_occurrences: false,
14745
+ # status: {
14746
+ # code: "NonEmptyString",
14747
+ # reason: "NonEmptyString",
14748
+ # },
14749
+ # sensitive_data: [
14750
+ # {
14751
+ # category: "NonEmptyString",
14752
+ # detections: [
14753
+ # {
14754
+ # count: 1,
14755
+ # type: "NonEmptyString",
14756
+ # occurrences: {
14757
+ # line_ranges: [
14758
+ # {
14759
+ # start: 1,
14760
+ # end: 1,
14761
+ # start_column: 1,
14762
+ # },
14763
+ # ],
14764
+ # offset_ranges: [
14765
+ # {
14766
+ # start: 1,
14767
+ # end: 1,
14768
+ # start_column: 1,
14769
+ # },
14770
+ # ],
14771
+ # pages: [
14772
+ # {
14773
+ # page_number: 1,
14774
+ # line_range: {
14775
+ # start: 1,
14776
+ # end: 1,
14777
+ # start_column: 1,
14778
+ # },
14779
+ # offset_range: {
14780
+ # start: 1,
14781
+ # end: 1,
14782
+ # start_column: 1,
14783
+ # },
14784
+ # },
14785
+ # ],
14786
+ # records: [
14787
+ # {
14788
+ # json_path: "NonEmptyString",
14789
+ # record_index: 1,
14790
+ # },
14791
+ # ],
14792
+ # cells: [
14793
+ # {
14794
+ # column: 1,
14795
+ # row: 1,
14796
+ # column_name: "NonEmptyString",
14797
+ # cell_reference: "NonEmptyString",
14798
+ # },
14799
+ # ],
14800
+ # },
14801
+ # },
14802
+ # ],
14803
+ # total_count: 1,
14804
+ # },
14805
+ # ],
14806
+ # custom_data_identifiers: {
14807
+ # detections: [
14808
+ # {
14809
+ # count: 1,
14810
+ # arn: "NonEmptyString",
14811
+ # name: "NonEmptyString",
14812
+ # occurrences: {
14813
+ # line_ranges: [
14814
+ # {
14815
+ # start: 1,
14816
+ # end: 1,
14817
+ # start_column: 1,
14818
+ # },
14819
+ # ],
14820
+ # offset_ranges: [
14821
+ # {
14822
+ # start: 1,
14823
+ # end: 1,
14824
+ # start_column: 1,
14825
+ # },
14826
+ # ],
14827
+ # pages: [
14828
+ # {
14829
+ # page_number: 1,
14830
+ # line_range: {
14831
+ # start: 1,
14832
+ # end: 1,
14833
+ # start_column: 1,
14834
+ # },
14835
+ # offset_range: {
14836
+ # start: 1,
14837
+ # end: 1,
14838
+ # start_column: 1,
14839
+ # },
14840
+ # },
14841
+ # ],
14842
+ # records: [
14843
+ # {
14844
+ # json_path: "NonEmptyString",
14845
+ # record_index: 1,
14846
+ # },
14847
+ # ],
14848
+ # cells: [
14849
+ # {
14850
+ # column: 1,
14851
+ # row: 1,
14852
+ # column_name: "NonEmptyString",
14853
+ # cell_reference: "NonEmptyString",
14854
+ # },
14855
+ # ],
14856
+ # },
14857
+ # },
14858
+ # ],
14859
+ # total_count: 1,
14860
+ # },
14861
+ # },
14862
+ # },
13794
14863
  # details: {
13795
14864
  # aws_auto_scaling_auto_scaling_group: {
13796
14865
  # launch_configuration_name: "NonEmptyString",
@@ -14031,6 +15100,58 @@ module Aws::SecurityHub
14031
15100
  # network_interface_owner_id: "NonEmptyString",
14032
15101
  # private_ip_address: "NonEmptyString",
14033
15102
  # },
15103
+ # aws_ec2_subnet: {
15104
+ # assign_ipv_6_address_on_creation: false,
15105
+ # availability_zone: "NonEmptyString",
15106
+ # availability_zone_id: "NonEmptyString",
15107
+ # available_ip_address_count: 1,
15108
+ # cidr_block: "NonEmptyString",
15109
+ # default_for_az: false,
15110
+ # map_public_ip_on_launch: false,
15111
+ # owner_id: "NonEmptyString",
15112
+ # state: "NonEmptyString",
15113
+ # subnet_arn: "NonEmptyString",
15114
+ # subnet_id: "NonEmptyString",
15115
+ # vpc_id: "NonEmptyString",
15116
+ # ipv_6_cidr_block_association_set: [
15117
+ # {
15118
+ # association_id: "NonEmptyString",
15119
+ # ipv_6_cidr_block: "NonEmptyString",
15120
+ # cidr_block_state: "NonEmptyString",
15121
+ # },
15122
+ # ],
15123
+ # },
15124
+ # aws_ec2_network_acl: {
15125
+ # is_default: false,
15126
+ # network_acl_id: "NonEmptyString",
15127
+ # owner_id: "NonEmptyString",
15128
+ # vpc_id: "NonEmptyString",
15129
+ # associations: [
15130
+ # {
15131
+ # network_acl_association_id: "NonEmptyString",
15132
+ # network_acl_id: "NonEmptyString",
15133
+ # subnet_id: "NonEmptyString",
15134
+ # },
15135
+ # ],
15136
+ # entries: [
15137
+ # {
15138
+ # cidr_block: "NonEmptyString",
15139
+ # egress: false,
15140
+ # icmp_type_code: {
15141
+ # code: 1,
15142
+ # type: 1,
15143
+ # },
15144
+ # ipv_6_cidr_block: "NonEmptyString",
15145
+ # port_range: {
15146
+ # from: 1,
15147
+ # to: 1,
15148
+ # },
15149
+ # protocol: "NonEmptyString",
15150
+ # rule_action: "NonEmptyString",
15151
+ # rule_number: 1,
15152
+ # },
15153
+ # ],
15154
+ # },
14034
15155
  # aws_elbv_2_load_balancer: {
14035
15156
  # availability_zones: [
14036
15157
  # {
@@ -14051,6 +15172,40 @@ module Aws::SecurityHub
14051
15172
  # type: "NonEmptyString",
14052
15173
  # vpc_id: "NonEmptyString",
14053
15174
  # },
15175
+ # aws_elastic_beanstalk_environment: {
15176
+ # application_name: "NonEmptyString",
15177
+ # cname: "NonEmptyString",
15178
+ # date_created: "NonEmptyString",
15179
+ # date_updated: "NonEmptyString",
15180
+ # description: "NonEmptyString",
15181
+ # endpoint_url: "NonEmptyString",
15182
+ # environment_arn: "NonEmptyString",
15183
+ # environment_id: "NonEmptyString",
15184
+ # environment_links: [
15185
+ # {
15186
+ # environment_name: "NonEmptyString",
15187
+ # link_name: "NonEmptyString",
15188
+ # },
15189
+ # ],
15190
+ # environment_name: "NonEmptyString",
15191
+ # option_settings: [
15192
+ # {
15193
+ # namespace: "NonEmptyString",
15194
+ # option_name: "NonEmptyString",
15195
+ # resource_name: "NonEmptyString",
15196
+ # value: "NonEmptyString",
15197
+ # },
15198
+ # ],
15199
+ # platform_arn: "NonEmptyString",
15200
+ # solution_stack_name: "NonEmptyString",
15201
+ # status: "NonEmptyString",
15202
+ # tier: {
15203
+ # name: "NonEmptyString",
15204
+ # type: "NonEmptyString",
15205
+ # version: "NonEmptyString",
15206
+ # },
15207
+ # version_label: "NonEmptyString",
15208
+ # },
14054
15209
  # aws_elasticsearch_domain: {
14055
15210
  # access_policies: "NonEmptyString",
14056
15211
  # domain_endpoint_options: {
@@ -14092,6 +15247,18 @@ module Aws::SecurityHub
14092
15247
  # },
14093
15248
  # ],
14094
15249
  # },
15250
+ # public_access_block_configuration: {
15251
+ # block_public_acls: false,
15252
+ # block_public_policy: false,
15253
+ # ignore_public_acls: false,
15254
+ # restrict_public_buckets: false,
15255
+ # },
15256
+ # },
15257
+ # aws_s3_account_public_access_block: {
15258
+ # block_public_acls: false,
15259
+ # block_public_policy: false,
15260
+ # ignore_public_acls: false,
15261
+ # restrict_public_buckets: false,
14095
15262
  # },
14096
15263
  # aws_s3_object: {
14097
15264
  # last_modified: "NonEmptyString",
@@ -15322,6 +16489,21 @@ module Aws::SecurityHub
15322
16489
  # blocked: false,
15323
16490
  # },
15324
16491
  # },
16492
+ # finding_provider_fields: {
16493
+ # confidence: 1,
16494
+ # criticality: 1,
16495
+ # related_findings: [
16496
+ # {
16497
+ # product_arn: "NonEmptyString", # required
16498
+ # id: "NonEmptyString", # required
16499
+ # },
16500
+ # ],
16501
+ # severity: {
16502
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
16503
+ # original: "NonEmptyString",
16504
+ # },
16505
+ # types: ["NonEmptyString"],
16506
+ # },
15325
16507
  # },
15326
16508
  # ],
15327
16509
  # }
@@ -15545,6 +16727,52 @@ module Aws::SecurityHub
15545
16727
  include Aws::Structure
15546
16728
  end
15547
16729
 
16730
+ # An occurrence of sensitive data detected in a Microsoft Excel
16731
+ # workbook, comma-separated value (CSV) file, or tab-separated value
16732
+ # (TSV) file.
16733
+ #
16734
+ # @note When making an API call, you may pass Cell
16735
+ # data as a hash:
16736
+ #
16737
+ # {
16738
+ # column: 1,
16739
+ # row: 1,
16740
+ # column_name: "NonEmptyString",
16741
+ # cell_reference: "NonEmptyString",
16742
+ # }
16743
+ #
16744
+ # @!attribute [rw] column
16745
+ # The column number of the column that contains the data. For a
16746
+ # Microsoft Excel workbook, the column number corresponds to the
16747
+ # alphabetical column identifiers. For example, a value of 1 for
16748
+ # Column corresponds to the A column in the workbook.
16749
+ # @return [Integer]
16750
+ #
16751
+ # @!attribute [rw] row
16752
+ # The row number of the row that contains the data.
16753
+ # @return [Integer]
16754
+ #
16755
+ # @!attribute [rw] column_name
16756
+ # The name of the column that contains the data.
16757
+ # @return [String]
16758
+ #
16759
+ # @!attribute [rw] cell_reference
16760
+ # For a Microsoft Excel workbook, provides the location of the cell,
16761
+ # as an absolute cell reference, that contains the data. For example,
16762
+ # Sheet2!C5 for cell C5 on Sheet2.
16763
+ # @return [String]
16764
+ #
16765
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Cell AWS API Documentation
16766
+ #
16767
+ class Cell < Struct.new(
16768
+ :column,
16769
+ :row,
16770
+ :column_name,
16771
+ :cell_reference)
16772
+ SENSITIVE = []
16773
+ include Aws::Structure
16774
+ end
16775
+
15548
16776
  # An IPv4 CIDR block association.
15549
16777
  #
15550
16778
  # @note When making an API call, you may pass CidrBlockAssociation
@@ -15599,38 +16827,235 @@ module Aws::SecurityHub
15599
16827
  include Aws::Structure
15600
16828
  end
15601
16829
 
15602
- # Contains finding details that are specific to control-based findings.
15603
- # Only returned for findings generated from controls.
16830
+ # Details about the sensitive data that was detected on the resource.
15604
16831
  #
15605
- # @note When making an API call, you may pass Compliance
16832
+ # @note When making an API call, you may pass ClassificationResult
15606
16833
  # data as a hash:
15607
16834
  #
15608
16835
  # {
15609
- # status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
15610
- # related_requirements: ["NonEmptyString"],
15611
- # status_reasons: [
16836
+ # mime_type: "NonEmptyString",
16837
+ # size_classified: 1,
16838
+ # additional_occurrences: false,
16839
+ # status: {
16840
+ # code: "NonEmptyString",
16841
+ # reason: "NonEmptyString",
16842
+ # },
16843
+ # sensitive_data: [
15612
16844
  # {
15613
- # reason_code: "NonEmptyString", # required
15614
- # description: "NonEmptyString",
16845
+ # category: "NonEmptyString",
16846
+ # detections: [
16847
+ # {
16848
+ # count: 1,
16849
+ # type: "NonEmptyString",
16850
+ # occurrences: {
16851
+ # line_ranges: [
16852
+ # {
16853
+ # start: 1,
16854
+ # end: 1,
16855
+ # start_column: 1,
16856
+ # },
16857
+ # ],
16858
+ # offset_ranges: [
16859
+ # {
16860
+ # start: 1,
16861
+ # end: 1,
16862
+ # start_column: 1,
16863
+ # },
16864
+ # ],
16865
+ # pages: [
16866
+ # {
16867
+ # page_number: 1,
16868
+ # line_range: {
16869
+ # start: 1,
16870
+ # end: 1,
16871
+ # start_column: 1,
16872
+ # },
16873
+ # offset_range: {
16874
+ # start: 1,
16875
+ # end: 1,
16876
+ # start_column: 1,
16877
+ # },
16878
+ # },
16879
+ # ],
16880
+ # records: [
16881
+ # {
16882
+ # json_path: "NonEmptyString",
16883
+ # record_index: 1,
16884
+ # },
16885
+ # ],
16886
+ # cells: [
16887
+ # {
16888
+ # column: 1,
16889
+ # row: 1,
16890
+ # column_name: "NonEmptyString",
16891
+ # cell_reference: "NonEmptyString",
16892
+ # },
16893
+ # ],
16894
+ # },
16895
+ # },
16896
+ # ],
16897
+ # total_count: 1,
15615
16898
  # },
15616
16899
  # ],
16900
+ # custom_data_identifiers: {
16901
+ # detections: [
16902
+ # {
16903
+ # count: 1,
16904
+ # arn: "NonEmptyString",
16905
+ # name: "NonEmptyString",
16906
+ # occurrences: {
16907
+ # line_ranges: [
16908
+ # {
16909
+ # start: 1,
16910
+ # end: 1,
16911
+ # start_column: 1,
16912
+ # },
16913
+ # ],
16914
+ # offset_ranges: [
16915
+ # {
16916
+ # start: 1,
16917
+ # end: 1,
16918
+ # start_column: 1,
16919
+ # },
16920
+ # ],
16921
+ # pages: [
16922
+ # {
16923
+ # page_number: 1,
16924
+ # line_range: {
16925
+ # start: 1,
16926
+ # end: 1,
16927
+ # start_column: 1,
16928
+ # },
16929
+ # offset_range: {
16930
+ # start: 1,
16931
+ # end: 1,
16932
+ # start_column: 1,
16933
+ # },
16934
+ # },
16935
+ # ],
16936
+ # records: [
16937
+ # {
16938
+ # json_path: "NonEmptyString",
16939
+ # record_index: 1,
16940
+ # },
16941
+ # ],
16942
+ # cells: [
16943
+ # {
16944
+ # column: 1,
16945
+ # row: 1,
16946
+ # column_name: "NonEmptyString",
16947
+ # cell_reference: "NonEmptyString",
16948
+ # },
16949
+ # ],
16950
+ # },
16951
+ # },
16952
+ # ],
16953
+ # total_count: 1,
16954
+ # },
15617
16955
  # }
15618
16956
  #
15619
- # @!attribute [rw] status
15620
- # The result of a standards check.
16957
+ # @!attribute [rw] mime_type
16958
+ # The type of content that the finding applies to.
16959
+ # @return [String]
15621
16960
  #
15622
- # The valid values for `Status` are as follows.
16961
+ # @!attribute [rw] size_classified
16962
+ # The total size in bytes of the affected data.
16963
+ # @return [Integer]
15623
16964
  #
15624
- # * * `PASSED` - Standards check passed for all evaluated resources.
16965
+ # @!attribute [rw] additional_occurrences
16966
+ # Indicates whether there are additional occurrences of sensitive data
16967
+ # that are not included in the finding. This occurs when the number of
16968
+ # occurrences exceeds the maximum that can be included.
16969
+ # @return [Boolean]
15625
16970
  #
15626
- # * `WARNING` - Some information is missing or this check is not
15627
- # supported for your configuration.
16971
+ # @!attribute [rw] status
16972
+ # The current status of the sensitive data detection.
16973
+ # @return [Types::ClassificationStatus]
15628
16974
  #
15629
- # * `FAILED` - Standards check failed for at least one evaluated
15630
- # resource.
16975
+ # @!attribute [rw] sensitive_data
16976
+ # Provides details about sensitive data that was identified based on
16977
+ # built-in configuration.
16978
+ # @return [Array<Types::SensitiveDataResult>]
15631
16979
  #
15632
- # * `NOT_AVAILABLE` - Check could not be performed due to a service
15633
- # outage, API error, or because the result of the AWS Config
16980
+ # @!attribute [rw] custom_data_identifiers
16981
+ # Provides details about sensitive data that was identified based on
16982
+ # customer-defined configuration.
16983
+ # @return [Types::CustomDataIdentifiersResult]
16984
+ #
16985
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationResult AWS API Documentation
16986
+ #
16987
+ class ClassificationResult < Struct.new(
16988
+ :mime_type,
16989
+ :size_classified,
16990
+ :additional_occurrences,
16991
+ :status,
16992
+ :sensitive_data,
16993
+ :custom_data_identifiers)
16994
+ SENSITIVE = []
16995
+ include Aws::Structure
16996
+ end
16997
+
16998
+ # Provides details about the current status of the sensitive data
16999
+ # detection.
17000
+ #
17001
+ # @note When making an API call, you may pass ClassificationStatus
17002
+ # data as a hash:
17003
+ #
17004
+ # {
17005
+ # code: "NonEmptyString",
17006
+ # reason: "NonEmptyString",
17007
+ # }
17008
+ #
17009
+ # @!attribute [rw] code
17010
+ # The code that represents the status of the sensitive data detection.
17011
+ # @return [String]
17012
+ #
17013
+ # @!attribute [rw] reason
17014
+ # A longer description of the current status of the sensitive data
17015
+ # detection.
17016
+ # @return [String]
17017
+ #
17018
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationStatus AWS API Documentation
17019
+ #
17020
+ class ClassificationStatus < Struct.new(
17021
+ :code,
17022
+ :reason)
17023
+ SENSITIVE = []
17024
+ include Aws::Structure
17025
+ end
17026
+
17027
+ # Contains finding details that are specific to control-based findings.
17028
+ # Only returned for findings generated from controls.
17029
+ #
17030
+ # @note When making an API call, you may pass Compliance
17031
+ # data as a hash:
17032
+ #
17033
+ # {
17034
+ # status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
17035
+ # related_requirements: ["NonEmptyString"],
17036
+ # status_reasons: [
17037
+ # {
17038
+ # reason_code: "NonEmptyString", # required
17039
+ # description: "NonEmptyString",
17040
+ # },
17041
+ # ],
17042
+ # }
17043
+ #
17044
+ # @!attribute [rw] status
17045
+ # The result of a standards check.
17046
+ #
17047
+ # The valid values for `Status` are as follows.
17048
+ #
17049
+ # * * `PASSED` - Standards check passed for all evaluated resources.
17050
+ #
17051
+ # * `WARNING` - Some information is missing or this check is not
17052
+ # supported for your configuration.
17053
+ #
17054
+ # * `FAILED` - Standards check failed for at least one evaluated
17055
+ # resource.
17056
+ #
17057
+ # * `NOT_AVAILABLE` - Check could not be performed due to a service
17058
+ # outage, API error, or because the result of the AWS Config
15634
17059
  # evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
15635
17060
  # result was `NOT_APPLICABLE`, then after 3 days, Security Hub
15636
17061
  # automatically archives the finding.
@@ -16339,6 +17764,50 @@ module Aws::SecurityHub
16339
17764
  # value: "NonEmptyString",
16340
17765
  # },
16341
17766
  # ],
17767
+ # finding_provider_fields_confidence: [
17768
+ # {
17769
+ # gte: 1.0,
17770
+ # lte: 1.0,
17771
+ # eq: 1.0,
17772
+ # },
17773
+ # ],
17774
+ # finding_provider_fields_criticality: [
17775
+ # {
17776
+ # gte: 1.0,
17777
+ # lte: 1.0,
17778
+ # eq: 1.0,
17779
+ # },
17780
+ # ],
17781
+ # finding_provider_fields_related_findings_id: [
17782
+ # {
17783
+ # value: "NonEmptyString",
17784
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17785
+ # },
17786
+ # ],
17787
+ # finding_provider_fields_related_findings_product_arn: [
17788
+ # {
17789
+ # value: "NonEmptyString",
17790
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17791
+ # },
17792
+ # ],
17793
+ # finding_provider_fields_severity_label: [
17794
+ # {
17795
+ # value: "NonEmptyString",
17796
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17797
+ # },
17798
+ # ],
17799
+ # finding_provider_fields_severity_original: [
17800
+ # {
17801
+ # value: "NonEmptyString",
17802
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17803
+ # },
17804
+ # ],
17805
+ # finding_provider_fields_types: [
17806
+ # {
17807
+ # value: "NonEmptyString",
17808
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
17809
+ # },
17810
+ # ],
16342
17811
  # },
16343
17812
  # group_by_attribute: "NonEmptyString", # required
16344
17813
  # }
@@ -16396,9 +17865,9 @@ module Aws::SecurityHub
16396
17865
  # }
16397
17866
  #
16398
17867
  # @!attribute [rw] account_details
16399
- # The list of accounts to associate with the Security Hub master
16400
- # account. For each account, the list includes the account ID and
16401
- # optionally the email address.
17868
+ # The list of accounts to associate with the Security Hub
17869
+ # administrator account. For each account, the list includes the
17870
+ # account ID and optionally the email address.
16402
17871
  # @return [Array<Types::AccountDetails>]
16403
17872
  #
16404
17873
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateMembersRequest AWS API Documentation
@@ -16422,6 +17891,170 @@ module Aws::SecurityHub
16422
17891
  include Aws::Structure
16423
17892
  end
16424
17893
 
17894
+ # The list of detected instances of sensitive data.
17895
+ #
17896
+ # @note When making an API call, you may pass CustomDataIdentifiersDetections
17897
+ # data as a hash:
17898
+ #
17899
+ # {
17900
+ # count: 1,
17901
+ # arn: "NonEmptyString",
17902
+ # name: "NonEmptyString",
17903
+ # occurrences: {
17904
+ # line_ranges: [
17905
+ # {
17906
+ # start: 1,
17907
+ # end: 1,
17908
+ # start_column: 1,
17909
+ # },
17910
+ # ],
17911
+ # offset_ranges: [
17912
+ # {
17913
+ # start: 1,
17914
+ # end: 1,
17915
+ # start_column: 1,
17916
+ # },
17917
+ # ],
17918
+ # pages: [
17919
+ # {
17920
+ # page_number: 1,
17921
+ # line_range: {
17922
+ # start: 1,
17923
+ # end: 1,
17924
+ # start_column: 1,
17925
+ # },
17926
+ # offset_range: {
17927
+ # start: 1,
17928
+ # end: 1,
17929
+ # start_column: 1,
17930
+ # },
17931
+ # },
17932
+ # ],
17933
+ # records: [
17934
+ # {
17935
+ # json_path: "NonEmptyString",
17936
+ # record_index: 1,
17937
+ # },
17938
+ # ],
17939
+ # cells: [
17940
+ # {
17941
+ # column: 1,
17942
+ # row: 1,
17943
+ # column_name: "NonEmptyString",
17944
+ # cell_reference: "NonEmptyString",
17945
+ # },
17946
+ # ],
17947
+ # },
17948
+ # }
17949
+ #
17950
+ # @!attribute [rw] count
17951
+ # The total number of occurrences of sensitive data that were
17952
+ # detected.
17953
+ # @return [Integer]
17954
+ #
17955
+ # @!attribute [rw] arn
17956
+ # The ARN of the custom identifier that was used to detect the
17957
+ # sensitive data.
17958
+ # @return [String]
17959
+ #
17960
+ # @!attribute [rw] name
17961
+ # he name of the custom identifier that detected the sensitive data.
17962
+ # @return [String]
17963
+ #
17964
+ # @!attribute [rw] occurrences
17965
+ # Details about the sensitive data that was detected.
17966
+ # @return [Types::Occurrences]
17967
+ #
17968
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersDetections AWS API Documentation
17969
+ #
17970
+ class CustomDataIdentifiersDetections < Struct.new(
17971
+ :count,
17972
+ :arn,
17973
+ :name,
17974
+ :occurrences)
17975
+ SENSITIVE = []
17976
+ include Aws::Structure
17977
+ end
17978
+
17979
+ # Contains an instance of sensitive data that was detected by a
17980
+ # customer-defined identifier.
17981
+ #
17982
+ # @note When making an API call, you may pass CustomDataIdentifiersResult
17983
+ # data as a hash:
17984
+ #
17985
+ # {
17986
+ # detections: [
17987
+ # {
17988
+ # count: 1,
17989
+ # arn: "NonEmptyString",
17990
+ # name: "NonEmptyString",
17991
+ # occurrences: {
17992
+ # line_ranges: [
17993
+ # {
17994
+ # start: 1,
17995
+ # end: 1,
17996
+ # start_column: 1,
17997
+ # },
17998
+ # ],
17999
+ # offset_ranges: [
18000
+ # {
18001
+ # start: 1,
18002
+ # end: 1,
18003
+ # start_column: 1,
18004
+ # },
18005
+ # ],
18006
+ # pages: [
18007
+ # {
18008
+ # page_number: 1,
18009
+ # line_range: {
18010
+ # start: 1,
18011
+ # end: 1,
18012
+ # start_column: 1,
18013
+ # },
18014
+ # offset_range: {
18015
+ # start: 1,
18016
+ # end: 1,
18017
+ # start_column: 1,
18018
+ # },
18019
+ # },
18020
+ # ],
18021
+ # records: [
18022
+ # {
18023
+ # json_path: "NonEmptyString",
18024
+ # record_index: 1,
18025
+ # },
18026
+ # ],
18027
+ # cells: [
18028
+ # {
18029
+ # column: 1,
18030
+ # row: 1,
18031
+ # column_name: "NonEmptyString",
18032
+ # cell_reference: "NonEmptyString",
18033
+ # },
18034
+ # ],
18035
+ # },
18036
+ # },
18037
+ # ],
18038
+ # total_count: 1,
18039
+ # }
18040
+ #
18041
+ # @!attribute [rw] detections
18042
+ # The list of detected instances of sensitive data.
18043
+ # @return [Array<Types::CustomDataIdentifiersDetections>]
18044
+ #
18045
+ # @!attribute [rw] total_count
18046
+ # The total number of occurrences of sensitive data.
18047
+ # @return [Integer]
18048
+ #
18049
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersResult AWS API Documentation
18050
+ #
18051
+ class CustomDataIdentifiersResult < Struct.new(
18052
+ :detections,
18053
+ :total_count)
18054
+ SENSITIVE = []
18055
+ include Aws::Structure
18056
+ end
18057
+
16425
18058
  # CVSS scores from the advisory related to the vulnerability.
16426
18059
  #
16427
18060
  # @note When making an API call, you may pass Cvss
@@ -16455,6 +18088,154 @@ module Aws::SecurityHub
16455
18088
  include Aws::Structure
16456
18089
  end
16457
18090
 
18091
+ # Provides details about sensitive data that was detected on a resource.
18092
+ #
18093
+ # @note When making an API call, you may pass DataClassificationDetails
18094
+ # data as a hash:
18095
+ #
18096
+ # {
18097
+ # detailed_results_location: "NonEmptyString",
18098
+ # result: {
18099
+ # mime_type: "NonEmptyString",
18100
+ # size_classified: 1,
18101
+ # additional_occurrences: false,
18102
+ # status: {
18103
+ # code: "NonEmptyString",
18104
+ # reason: "NonEmptyString",
18105
+ # },
18106
+ # sensitive_data: [
18107
+ # {
18108
+ # category: "NonEmptyString",
18109
+ # detections: [
18110
+ # {
18111
+ # count: 1,
18112
+ # type: "NonEmptyString",
18113
+ # occurrences: {
18114
+ # line_ranges: [
18115
+ # {
18116
+ # start: 1,
18117
+ # end: 1,
18118
+ # start_column: 1,
18119
+ # },
18120
+ # ],
18121
+ # offset_ranges: [
18122
+ # {
18123
+ # start: 1,
18124
+ # end: 1,
18125
+ # start_column: 1,
18126
+ # },
18127
+ # ],
18128
+ # pages: [
18129
+ # {
18130
+ # page_number: 1,
18131
+ # line_range: {
18132
+ # start: 1,
18133
+ # end: 1,
18134
+ # start_column: 1,
18135
+ # },
18136
+ # offset_range: {
18137
+ # start: 1,
18138
+ # end: 1,
18139
+ # start_column: 1,
18140
+ # },
18141
+ # },
18142
+ # ],
18143
+ # records: [
18144
+ # {
18145
+ # json_path: "NonEmptyString",
18146
+ # record_index: 1,
18147
+ # },
18148
+ # ],
18149
+ # cells: [
18150
+ # {
18151
+ # column: 1,
18152
+ # row: 1,
18153
+ # column_name: "NonEmptyString",
18154
+ # cell_reference: "NonEmptyString",
18155
+ # },
18156
+ # ],
18157
+ # },
18158
+ # },
18159
+ # ],
18160
+ # total_count: 1,
18161
+ # },
18162
+ # ],
18163
+ # custom_data_identifiers: {
18164
+ # detections: [
18165
+ # {
18166
+ # count: 1,
18167
+ # arn: "NonEmptyString",
18168
+ # name: "NonEmptyString",
18169
+ # occurrences: {
18170
+ # line_ranges: [
18171
+ # {
18172
+ # start: 1,
18173
+ # end: 1,
18174
+ # start_column: 1,
18175
+ # },
18176
+ # ],
18177
+ # offset_ranges: [
18178
+ # {
18179
+ # start: 1,
18180
+ # end: 1,
18181
+ # start_column: 1,
18182
+ # },
18183
+ # ],
18184
+ # pages: [
18185
+ # {
18186
+ # page_number: 1,
18187
+ # line_range: {
18188
+ # start: 1,
18189
+ # end: 1,
18190
+ # start_column: 1,
18191
+ # },
18192
+ # offset_range: {
18193
+ # start: 1,
18194
+ # end: 1,
18195
+ # start_column: 1,
18196
+ # },
18197
+ # },
18198
+ # ],
18199
+ # records: [
18200
+ # {
18201
+ # json_path: "NonEmptyString",
18202
+ # record_index: 1,
18203
+ # },
18204
+ # ],
18205
+ # cells: [
18206
+ # {
18207
+ # column: 1,
18208
+ # row: 1,
18209
+ # column_name: "NonEmptyString",
18210
+ # cell_reference: "NonEmptyString",
18211
+ # },
18212
+ # ],
18213
+ # },
18214
+ # },
18215
+ # ],
18216
+ # total_count: 1,
18217
+ # },
18218
+ # },
18219
+ # }
18220
+ #
18221
+ # @!attribute [rw] detailed_results_location
18222
+ # The path to the folder or file that contains the sensitive data.
18223
+ # @return [String]
18224
+ #
18225
+ # @!attribute [rw] result
18226
+ # The details about the sensitive data that was detected on the
18227
+ # resource.
18228
+ # @return [Types::ClassificationResult]
18229
+ #
18230
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DataClassificationDetails AWS API Documentation
18231
+ #
18232
+ class DataClassificationDetails < Struct.new(
18233
+ :detailed_results_location,
18234
+ :result)
18235
+ SENSITIVE = []
18236
+ include Aws::Structure
18237
+ end
18238
+
16458
18239
  # A date filter for querying findings.
16459
18240
  #
16460
18241
  # @note When making an API call, you may pass DateFilter
@@ -17024,6 +18805,16 @@ module Aws::SecurityHub
17024
18805
  #
17025
18806
  class DisableSecurityHubResponse < Aws::EmptyStructure; end
17026
18807
 
18808
+ # @api private
18809
+ #
18810
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccountRequest AWS API Documentation
18811
+ #
18812
+ class DisassociateFromAdministratorAccountRequest < Aws::EmptyStructure; end
18813
+
18814
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccountResponse AWS API Documentation
18815
+ #
18816
+ class DisassociateFromAdministratorAccountResponse < Aws::EmptyStructure; end
18817
+
17027
18818
  # @api private
17028
18819
  #
17029
18820
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccountRequest AWS API Documentation
@@ -17043,7 +18834,7 @@ module Aws::SecurityHub
17043
18834
  #
17044
18835
  # @!attribute [rw] account_ids
17045
18836
  # The account IDs of the member accounts to disassociate from the
17046
- # master account.
18837
+ # administrator account.
17047
18838
  # @return [Array<String>]
17048
18839
  #
17049
18840
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembersRequest AWS API Documentation
@@ -17170,19 +18961,116 @@ module Aws::SecurityHub
17170
18961
  # `false`.
17171
18962
  # @return [Boolean]
17172
18963
  #
17173
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
18964
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
18965
+ #
18966
+ class EnableSecurityHubRequest < Struct.new(
18967
+ :tags,
18968
+ :enable_default_standards)
18969
+ SENSITIVE = []
18970
+ include Aws::Structure
18971
+ end
18972
+
18973
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation
18974
+ #
18975
+ class EnableSecurityHubResponse < Aws::EmptyStructure; end
18976
+
18977
+ # In a `BatchImportFindings` request, finding providers use
18978
+ # `FindingProviderFields` to provide and update values for confidence,
18979
+ # criticality, related findings, severity, and types.
18980
+ #
18981
+ # @note When making an API call, you may pass FindingProviderFields
18982
+ # data as a hash:
18983
+ #
18984
+ # {
18985
+ # confidence: 1,
18986
+ # criticality: 1,
18987
+ # related_findings: [
18988
+ # {
18989
+ # product_arn: "NonEmptyString", # required
18990
+ # id: "NonEmptyString", # required
18991
+ # },
18992
+ # ],
18993
+ # severity: {
18994
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
18995
+ # original: "NonEmptyString",
18996
+ # },
18997
+ # types: ["NonEmptyString"],
18998
+ # }
18999
+ #
19000
+ # @!attribute [rw] confidence
19001
+ # A finding's confidence. Confidence is defined as the likelihood
19002
+ # that a finding accurately identifies the behavior or issue that it
19003
+ # was intended to identify.
19004
+ #
19005
+ # Confidence is scored on a 0-100 basis using a ratio scale, where 0
19006
+ # means zero percent confidence and 100 means 100 percent confidence.
19007
+ # @return [Integer]
19008
+ #
19009
+ # @!attribute [rw] criticality
19010
+ # The level of importance assigned to the resources associated with
19011
+ # the finding.
19012
+ #
19013
+ # A score of 0 means that the underlying resources have no
19014
+ # criticality, and a score of 100 is reserved for the most critical
19015
+ # resources.
19016
+ # @return [Integer]
19017
+ #
19018
+ # @!attribute [rw] related_findings
19019
+ # A list of findings that are related to the current finding.
19020
+ # @return [Array<Types::RelatedFinding>]
19021
+ #
19022
+ # @!attribute [rw] severity
19023
+ # The severity of a finding.
19024
+ # @return [Types::FindingProviderSeverity]
19025
+ #
19026
+ # @!attribute [rw] types
19027
+ # One or more finding types in the format of
19028
+ # `namespace/category/classifier` that classify a finding.
19029
+ #
19030
+ # Valid namespace values are: Software and Configuration Checks \|
19031
+ # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data
19032
+ # Identifications
19033
+ # @return [Array<String>]
19034
+ #
19035
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderFields AWS API Documentation
19036
+ #
19037
+ class FindingProviderFields < Struct.new(
19038
+ :confidence,
19039
+ :criticality,
19040
+ :related_findings,
19041
+ :severity,
19042
+ :types)
19043
+ SENSITIVE = []
19044
+ include Aws::Structure
19045
+ end
19046
+
19047
+ # The severity assigned to the finding by the finding provider.
19048
+ #
19049
+ # @note When making an API call, you may pass FindingProviderSeverity
19050
+ # data as a hash:
19051
+ #
19052
+ # {
19053
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
19054
+ # original: "NonEmptyString",
19055
+ # }
19056
+ #
19057
+ # @!attribute [rw] label
19058
+ # The severity label assigned to the finding by the finding provider.
19059
+ # @return [String]
17174
19060
  #
17175
- class EnableSecurityHubRequest < Struct.new(
17176
- :tags,
17177
- :enable_default_standards)
19061
+ # @!attribute [rw] original
19062
+ # The finding provider's original value for the severity.
19063
+ # @return [String]
19064
+ #
19065
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderSeverity AWS API Documentation
19066
+ #
19067
+ class FindingProviderSeverity < Struct.new(
19068
+ :label,
19069
+ :original)
17178
19070
  SENSITIVE = []
17179
19071
  include Aws::Structure
17180
19072
  end
17181
19073
 
17182
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation
17183
- #
17184
- class EnableSecurityHubResponse < Aws::EmptyStructure; end
17185
-
17186
19074
  # Provides the latitude and longitude coordinates of a location.
17187
19075
  #
17188
19076
  # @note When making an API call, you may pass GeoLocation
@@ -17210,6 +19098,24 @@ module Aws::SecurityHub
17210
19098
  include Aws::Structure
17211
19099
  end
17212
19100
 
19101
+ # @api private
19102
+ #
19103
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetAdministratorAccountRequest AWS API Documentation
19104
+ #
19105
+ class GetAdministratorAccountRequest < Aws::EmptyStructure; end
19106
+
19107
+ # @!attribute [rw] administrator
19108
+ # Details about an invitation.
19109
+ # @return [Types::Invitation]
19110
+ #
19111
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetAdministratorAccountResponse AWS API Documentation
19112
+ #
19113
+ class GetAdministratorAccountResponse < Struct.new(
19114
+ :administrator)
19115
+ SENSITIVE = []
19116
+ include Aws::Structure
19117
+ end
19118
+
17213
19119
  # @note When making an API call, you may pass GetEnabledStandardsRequest
17214
19120
  # data as a hash:
17215
19121
  #
@@ -17824,6 +19730,50 @@ module Aws::SecurityHub
17824
19730
  # value: "NonEmptyString",
17825
19731
  # },
17826
19732
  # ],
19733
+ # finding_provider_fields_confidence: [
19734
+ # {
19735
+ # gte: 1.0,
19736
+ # lte: 1.0,
19737
+ # eq: 1.0,
19738
+ # },
19739
+ # ],
19740
+ # finding_provider_fields_criticality: [
19741
+ # {
19742
+ # gte: 1.0,
19743
+ # lte: 1.0,
19744
+ # eq: 1.0,
19745
+ # },
19746
+ # ],
19747
+ # finding_provider_fields_related_findings_id: [
19748
+ # {
19749
+ # value: "NonEmptyString",
19750
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19751
+ # },
19752
+ # ],
19753
+ # finding_provider_fields_related_findings_product_arn: [
19754
+ # {
19755
+ # value: "NonEmptyString",
19756
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19757
+ # },
19758
+ # ],
19759
+ # finding_provider_fields_severity_label: [
19760
+ # {
19761
+ # value: "NonEmptyString",
19762
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19763
+ # },
19764
+ # ],
19765
+ # finding_provider_fields_severity_original: [
19766
+ # {
19767
+ # value: "NonEmptyString",
19768
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19769
+ # },
19770
+ # ],
19771
+ # finding_provider_fields_types: [
19772
+ # {
19773
+ # value: "NonEmptyString",
19774
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
19775
+ # },
19776
+ # ],
17827
19777
  # },
17828
19778
  # sort_criteria: [
17829
19779
  # {
@@ -18004,8 +19954,8 @@ module Aws::SecurityHub
18004
19954
  class GetMasterAccountRequest < Aws::EmptyStructure; end
18005
19955
 
18006
19956
  # @!attribute [rw] master
18007
- # A list of details about the Security Hub master account for the
18008
- # current member account.
19957
+ # A list of details about the Security Hub administrator account for
19958
+ # the current member account.
18009
19959
  # @return [Types::Invitation]
18010
19960
  #
18011
19961
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccountResponse AWS API Documentation
@@ -18054,6 +20004,35 @@ module Aws::SecurityHub
18054
20004
  include Aws::Structure
18055
20005
  end
18056
20006
 
20007
+ # An Internet Control Message Protocol (ICMP) type and code.
20008
+ #
20009
+ # @note When making an API call, you may pass IcmpTypeCode
20010
+ # data as a hash:
20011
+ #
20012
+ # {
20013
+ # code: 1,
20014
+ # type: 1,
20015
+ # }
20016
+ #
20017
+ # @!attribute [rw] code
20018
+ # The ICMP code for which to deny or allow access. To deny or allow
20019
+ # all codes, use the value -1.
20020
+ # @return [Integer]
20021
+ #
20022
+ # @!attribute [rw] type
20023
+ # The ICMP type for which to deny or allow access. To deny or allow
20024
+ # all types, use the value -1.
20025
+ # @return [Integer]
20026
+ #
20027
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IcmpTypeCode AWS API Documentation
20028
+ #
20029
+ class IcmpTypeCode < Struct.new(
20030
+ :code,
20031
+ :type)
20032
+ SENSITIVE = []
20033
+ include Aws::Structure
20034
+ end
20035
+
18057
20036
  # The list of the findings that cannot be imported. For each finding,
18058
20037
  # the list provides the error.
18059
20038
  #
@@ -18222,7 +20201,7 @@ module Aws::SecurityHub
18222
20201
  # Details about an invitation.
18223
20202
  #
18224
20203
  # @!attribute [rw] account_id
18225
- # The account ID of the Security Hub master account that the
20204
+ # The account ID of the Security Hub administrator account that the
18226
20205
  # invitation was sent from.
18227
20206
  # @return [String]
18228
20207
  #
@@ -18235,8 +20214,8 @@ module Aws::SecurityHub
18235
20214
  # @return [Time]
18236
20215
  #
18237
20216
  # @!attribute [rw] member_status
18238
- # The current status of the association between the member and master
18239
- # accounts.
20217
+ # The current status of the association between the member and
20218
+ # administrator accounts.
18240
20219
  # @return [String]
18241
20220
  #
18242
20221
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Invitation AWS API Documentation
@@ -18524,12 +20503,12 @@ module Aws::SecurityHub
18524
20503
  #
18525
20504
  # @!attribute [rw] only_associated
18526
20505
  # Specifies which member accounts to include in the response based on
18527
- # their relationship status with the master account. The default value
18528
- # is `TRUE`.
20506
+ # their relationship status with the administrator account. The
20507
+ # default value is `TRUE`.
18529
20508
  #
18530
20509
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
18531
- # accounts whose relationship status with the master is set to
18532
- # `ENABLED`.
20510
+ # accounts whose relationship status with the administrator account is
20511
+ # set to `ENABLED`.
18533
20512
  #
18534
20513
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
18535
20514
  # existing member accounts.
@@ -18794,35 +20773,42 @@ module Aws::SecurityHub
18794
20773
  # @return [String]
18795
20774
  #
18796
20775
  # @!attribute [rw] master_id
18797
- # The AWS account ID of the Security Hub master account associated
18798
- # with this member account.
20776
+ # This is replaced by `AdministratorID`.
20777
+ #
20778
+ # The AWS account ID of the Security Hub administrator account
20779
+ # associated with this member account.
20780
+ # @return [String]
20781
+ #
20782
+ # @!attribute [rw] administrator_id
20783
+ # The AWS account ID of the Security Hub administrator account
20784
+ # associated with this member account.
18799
20785
  # @return [String]
18800
20786
  #
18801
20787
  # @!attribute [rw] member_status
18802
20788
  # The status of the relationship between the member account and its
18803
- # master account.
20789
+ # administrator account.
18804
20790
  #
18805
20791
  # The status can have one of the following values:
18806
20792
  #
18807
- # * `CREATED` - Indicates that the master account added the member
18808
- # account, but has not yet invited the member account.
20793
+ # * `CREATED` - Indicates that the administrator account added the
20794
+ # member account, but has not yet invited the member account.
18809
20795
  #
18810
- # * `INVITED` - Indicates that the master account invited the member
18811
- # account. The member account has not yet responded to the
20796
+ # * `INVITED` - Indicates that the administrator account invited the
20797
+ # member account. The member account has not yet responded to the
18812
20798
  # invitation.
18813
20799
  #
18814
20800
  # * `ENABLED` - Indicates that the member account is currently active.
18815
20801
  # For manually invited member accounts, indicates that the member
18816
20802
  # account accepted the invitation.
18817
20803
  #
18818
- # * `REMOVED` - Indicates that the master account disassociated the
18819
- # member account.
20804
+ # * `REMOVED` - Indicates that the administrator account disassociated
20805
+ # the member account.
18820
20806
  #
18821
20807
  # * `RESIGNED` - Indicates that the member account disassociated
18822
- # themselves from the master account.
20808
+ # themselves from the administrator account.
18823
20809
  #
18824
- # * `DELETED` - Indicates that the master account deleted the member
18825
- # account.
20810
+ # * `DELETED` - Indicates that the administrator account deleted the
20811
+ # member account.
18826
20812
  # @return [String]
18827
20813
  #
18828
20814
  # @!attribute [rw] invited_at
@@ -18841,6 +20827,7 @@ module Aws::SecurityHub
18841
20827
  :account_id,
18842
20828
  :email,
18843
20829
  :master_id,
20830
+ :administrator_id,
18844
20831
  :member_status,
18845
20832
  :invited_at,
18846
20833
  :updated_at)
@@ -19290,6 +21277,139 @@ module Aws::SecurityHub
19290
21277
  include Aws::Structure
19291
21278
  end
19292
21279
 
21280
+ # The detected occurrences of sensitive data.
21281
+ #
21282
+ # @note When making an API call, you may pass Occurrences
21283
+ # data as a hash:
21284
+ #
21285
+ # {
21286
+ # line_ranges: [
21287
+ # {
21288
+ # start: 1,
21289
+ # end: 1,
21290
+ # start_column: 1,
21291
+ # },
21292
+ # ],
21293
+ # offset_ranges: [
21294
+ # {
21295
+ # start: 1,
21296
+ # end: 1,
21297
+ # start_column: 1,
21298
+ # },
21299
+ # ],
21300
+ # pages: [
21301
+ # {
21302
+ # page_number: 1,
21303
+ # line_range: {
21304
+ # start: 1,
21305
+ # end: 1,
21306
+ # start_column: 1,
21307
+ # },
21308
+ # offset_range: {
21309
+ # start: 1,
21310
+ # end: 1,
21311
+ # start_column: 1,
21312
+ # },
21313
+ # },
21314
+ # ],
21315
+ # records: [
21316
+ # {
21317
+ # json_path: "NonEmptyString",
21318
+ # record_index: 1,
21319
+ # },
21320
+ # ],
21321
+ # cells: [
21322
+ # {
21323
+ # column: 1,
21324
+ # row: 1,
21325
+ # column_name: "NonEmptyString",
21326
+ # cell_reference: "NonEmptyString",
21327
+ # },
21328
+ # ],
21329
+ # }
21330
+ #
21331
+ # @!attribute [rw] line_ranges
21332
+ # Occurrences of sensitive data detected in a non-binary text file or
21333
+ # a Microsoft Word file. Non-binary text files include files such as
21334
+ # HTML, XML, JSON, and TXT files.
21335
+ # @return [Array<Types::Range>]
21336
+ #
21337
+ # @!attribute [rw] offset_ranges
21338
+ # Occurrences of sensitive data detected in a binary text file.
21339
+ # @return [Array<Types::Range>]
21340
+ #
21341
+ # @!attribute [rw] pages
21342
+ # Occurrences of sensitive data in an Adobe Portable Document Format
21343
+ # (PDF) file.
21344
+ # @return [Array<Types::Page>]
21345
+ #
21346
+ # @!attribute [rw] records
21347
+ # Occurrences of sensitive data in an Apache Avro object container or
21348
+ # an Apache Parquet file.
21349
+ # @return [Array<Types::Record>]
21350
+ #
21351
+ # @!attribute [rw] cells
21352
+ # Occurrences of sensitive data detected in Microsoft Excel workbooks,
21353
+ # comma-separated value (CSV) files, or tab-separated value (TSV)
21354
+ # files.
21355
+ # @return [Array<Types::Cell>]
21356
+ #
21357
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Occurrences AWS API Documentation
21358
+ #
21359
+ class Occurrences < Struct.new(
21360
+ :line_ranges,
21361
+ :offset_ranges,
21362
+ :pages,
21363
+ :records,
21364
+ :cells)
21365
+ SENSITIVE = []
21366
+ include Aws::Structure
21367
+ end
21368
+
21369
+ # An occurrence of sensitive data in an Adobe Portable Document Format
21370
+ # (PDF) file.
21371
+ #
21372
+ # @note When making an API call, you may pass Page
21373
+ # data as a hash:
21374
+ #
21375
+ # {
21376
+ # page_number: 1,
21377
+ # line_range: {
21378
+ # start: 1,
21379
+ # end: 1,
21380
+ # start_column: 1,
21381
+ # },
21382
+ # offset_range: {
21383
+ # start: 1,
21384
+ # end: 1,
21385
+ # start_column: 1,
21386
+ # },
21387
+ # }
21388
+ #
21389
+ # @!attribute [rw] page_number
21390
+ # The page number of the page that contains the sensitive data.
21391
+ # @return [Integer]
21392
+ #
21393
+ # @!attribute [rw] line_range
21394
+ # An occurrence of sensitive data detected in a non-binary text file
21395
+ # or a Microsoft Word file. Non-binary text files include files such
21396
+ # as HTML, XML, JSON, and TXT files.
21397
+ # @return [Types::Range]
21398
+ #
21399
+ # @!attribute [rw] offset_range
21400
+ # An occurrence of sensitive data detected in a binary text file.
21401
+ # @return [Types::Range]
21402
+ #
21403
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Page AWS API Documentation
21404
+ #
21405
+ class Page < Struct.new(
21406
+ :page_number,
21407
+ :line_range,
21408
+ :offset_range)
21409
+ SENSITIVE = []
21410
+ include Aws::Structure
21411
+ end
21412
+
19293
21413
  # Provides an overview of the patch compliance status for an instance
19294
21414
  # against a selected compliance standard.
19295
21415
  #
@@ -19544,6 +21664,33 @@ module Aws::SecurityHub
19544
21664
  include Aws::Structure
19545
21665
  end
19546
21666
 
21667
+ # A range of ports.
21668
+ #
21669
+ # @note When making an API call, you may pass PortRangeFromTo
21670
+ # data as a hash:
21671
+ #
21672
+ # {
21673
+ # from: 1,
21674
+ # to: 1,
21675
+ # }
21676
+ #
21677
+ # @!attribute [rw] from
21678
+ # The first port in the port range.
21679
+ # @return [Integer]
21680
+ #
21681
+ # @!attribute [rw] to
21682
+ # The last port in the port range.
21683
+ # @return [Integer]
21684
+ #
21685
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortRangeFromTo AWS API Documentation
21686
+ #
21687
+ class PortRangeFromTo < Struct.new(
21688
+ :from,
21689
+ :to)
21690
+ SENSITIVE = []
21691
+ include Aws::Structure
21692
+ end
21693
+
19547
21694
  # The details of process-related information about a finding.
19548
21695
  #
19549
21696
  # @note When making an API call, you may pass ProcessDetails
@@ -19637,20 +21784,29 @@ module Aws::SecurityHub
19637
21784
  # The types of integration that the product supports. Available values
19638
21785
  # are the following.
19639
21786
  #
19640
- # * `SEND_FINDINGS_TO_SECURITY_HUB` - Indicates that the integration
19641
- # sends findings to Security Hub.
21787
+ # * `SEND_FINDINGS_TO_SECURITY_HUB` - The integration sends findings
21788
+ # to Security Hub.
19642
21789
  #
19643
- # * `RECEIVE_FINDINGS_FROM_SECURITY_HUB` - Indicates that the
19644
- # integration receives findings from Security Hub.
21790
+ # * `RECEIVE_FINDINGS_FROM_SECURITY_HUB` - The integration receives
21791
+ # findings from Security Hub.
21792
+ #
21793
+ # * `UPDATE_FINDINGS_IN_SECURITY_HUB` - The integration does not send
21794
+ # new findings to Security Hub, but does make updates to the
21795
+ # findings that it receives from Security Hub.
19645
21796
  # @return [Array<String>]
19646
21797
  #
19647
21798
  # @!attribute [rw] marketplace_url
19648
- # The URL for the page that contains more information about the
19649
- # product.
21799
+ # For integrations with AWS services, the AWS Console URL from which
21800
+ # to activate the service.
21801
+ #
21802
+ # For integrations with third-party products, the AWS Marketplace URL
21803
+ # from which to subscribe to or purchase the product.
19650
21804
  # @return [String]
19651
21805
  #
19652
21806
  # @!attribute [rw] activation_url
19653
- # The URL used to activate the product.
21807
+ # The URL to the service or product documentation about the
21808
+ # integration with Security Hub, including how to activate the
21809
+ # integration.
19654
21810
  # @return [String]
19655
21811
  #
19656
21812
  # @!attribute [rw] product_subscription_resource_policy
@@ -19673,6 +21829,44 @@ module Aws::SecurityHub
19673
21829
  include Aws::Structure
19674
21830
  end
19675
21831
 
21832
+ # Identifies where the sensitive data begins and ends.
21833
+ #
21834
+ # @note When making an API call, you may pass Range
21835
+ # data as a hash:
21836
+ #
21837
+ # {
21838
+ # start: 1,
21839
+ # end: 1,
21840
+ # start_column: 1,
21841
+ # }
21842
+ #
21843
+ # @!attribute [rw] start
21844
+ # The number of lines (for a line range) or characters (for an offset
21845
+ # range) from the beginning of the file to the end of the sensitive
21846
+ # data.
21847
+ # @return [Integer]
21848
+ #
21849
+ # @!attribute [rw] end
21850
+ # The number of lines (for a line range) or characters (for an offset
21851
+ # range) from the beginning of the file to the end of the sensitive
21852
+ # data.
21853
+ # @return [Integer]
21854
+ #
21855
+ # @!attribute [rw] start_column
21856
+ # In the line where the sensitive data starts, the column within the
21857
+ # line where the sensitive data starts.
21858
+ # @return [Integer]
21859
+ #
21860
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Range AWS API Documentation
21861
+ #
21862
+ class Range < Struct.new(
21863
+ :start,
21864
+ :end,
21865
+ :start_column)
21866
+ SENSITIVE = []
21867
+ include Aws::Structure
21868
+ end
21869
+
19676
21870
  # A recommendation on how to remediate the issue identified in a
19677
21871
  # finding.
19678
21872
  #
@@ -19703,6 +21897,38 @@ module Aws::SecurityHub
19703
21897
  include Aws::Structure
19704
21898
  end
19705
21899
 
21900
+ # An occurrence of sensitive data in an Apache Avro object container or
21901
+ # an Apache Parquet file.
21902
+ #
21903
+ # @note When making an API call, you may pass Record
21904
+ # data as a hash:
21905
+ #
21906
+ # {
21907
+ # json_path: "NonEmptyString",
21908
+ # record_index: 1,
21909
+ # }
21910
+ #
21911
+ # @!attribute [rw] json_path
21912
+ # The path, as a JSONPath expression, to the field in the record that
21913
+ # contains the data. If the field name is longer than 20 characters,
21914
+ # it is truncated. If the path is longer than 250 characters, it is
21915
+ # truncated.
21916
+ # @return [String]
21917
+ #
21918
+ # @!attribute [rw] record_index
21919
+ # The record index, starting from 0, for the record that contains the
21920
+ # data.
21921
+ # @return [Integer]
21922
+ #
21923
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Record AWS API Documentation
21924
+ #
21925
+ class Record < Struct.new(
21926
+ :json_path,
21927
+ :record_index)
21928
+ SENSITIVE = []
21929
+ include Aws::Structure
21930
+ end
21931
+
19706
21932
  # Details about a related finding.
19707
21933
  #
19708
21934
  # @note When making an API call, you may pass RelatedFinding
@@ -19769,6 +21995,130 @@ module Aws::SecurityHub
19769
21995
  # tags: {
19770
21996
  # "NonEmptyString" => "NonEmptyString",
19771
21997
  # },
21998
+ # data_classification: {
21999
+ # detailed_results_location: "NonEmptyString",
22000
+ # result: {
22001
+ # mime_type: "NonEmptyString",
22002
+ # size_classified: 1,
22003
+ # additional_occurrences: false,
22004
+ # status: {
22005
+ # code: "NonEmptyString",
22006
+ # reason: "NonEmptyString",
22007
+ # },
22008
+ # sensitive_data: [
22009
+ # {
22010
+ # category: "NonEmptyString",
22011
+ # detections: [
22012
+ # {
22013
+ # count: 1,
22014
+ # type: "NonEmptyString",
22015
+ # occurrences: {
22016
+ # line_ranges: [
22017
+ # {
22018
+ # start: 1,
22019
+ # end: 1,
22020
+ # start_column: 1,
22021
+ # },
22022
+ # ],
22023
+ # offset_ranges: [
22024
+ # {
22025
+ # start: 1,
22026
+ # end: 1,
22027
+ # start_column: 1,
22028
+ # },
22029
+ # ],
22030
+ # pages: [
22031
+ # {
22032
+ # page_number: 1,
22033
+ # line_range: {
22034
+ # start: 1,
22035
+ # end: 1,
22036
+ # start_column: 1,
22037
+ # },
22038
+ # offset_range: {
22039
+ # start: 1,
22040
+ # end: 1,
22041
+ # start_column: 1,
22042
+ # },
22043
+ # },
22044
+ # ],
22045
+ # records: [
22046
+ # {
22047
+ # json_path: "NonEmptyString",
22048
+ # record_index: 1,
22049
+ # },
22050
+ # ],
22051
+ # cells: [
22052
+ # {
22053
+ # column: 1,
22054
+ # row: 1,
22055
+ # column_name: "NonEmptyString",
22056
+ # cell_reference: "NonEmptyString",
22057
+ # },
22058
+ # ],
22059
+ # },
22060
+ # },
22061
+ # ],
22062
+ # total_count: 1,
22063
+ # },
22064
+ # ],
22065
+ # custom_data_identifiers: {
22066
+ # detections: [
22067
+ # {
22068
+ # count: 1,
22069
+ # arn: "NonEmptyString",
22070
+ # name: "NonEmptyString",
22071
+ # occurrences: {
22072
+ # line_ranges: [
22073
+ # {
22074
+ # start: 1,
22075
+ # end: 1,
22076
+ # start_column: 1,
22077
+ # },
22078
+ # ],
22079
+ # offset_ranges: [
22080
+ # {
22081
+ # start: 1,
22082
+ # end: 1,
22083
+ # start_column: 1,
22084
+ # },
22085
+ # ],
22086
+ # pages: [
22087
+ # {
22088
+ # page_number: 1,
22089
+ # line_range: {
22090
+ # start: 1,
22091
+ # end: 1,
22092
+ # start_column: 1,
22093
+ # },
22094
+ # offset_range: {
22095
+ # start: 1,
22096
+ # end: 1,
22097
+ # start_column: 1,
22098
+ # },
22099
+ # },
22100
+ # ],
22101
+ # records: [
22102
+ # {
22103
+ # json_path: "NonEmptyString",
22104
+ # record_index: 1,
22105
+ # },
22106
+ # ],
22107
+ # cells: [
22108
+ # {
22109
+ # column: 1,
22110
+ # row: 1,
22111
+ # column_name: "NonEmptyString",
22112
+ # cell_reference: "NonEmptyString",
22113
+ # },
22114
+ # ],
22115
+ # },
22116
+ # },
22117
+ # ],
22118
+ # total_count: 1,
22119
+ # },
22120
+ # },
22121
+ # },
19772
22122
  # details: {
19773
22123
  # aws_auto_scaling_auto_scaling_group: {
19774
22124
  # launch_configuration_name: "NonEmptyString",
@@ -20009,6 +22359,58 @@ module Aws::SecurityHub
20009
22359
  # network_interface_owner_id: "NonEmptyString",
20010
22360
  # private_ip_address: "NonEmptyString",
20011
22361
  # },
22362
+ # aws_ec2_subnet: {
22363
+ # assign_ipv_6_address_on_creation: false,
22364
+ # availability_zone: "NonEmptyString",
22365
+ # availability_zone_id: "NonEmptyString",
22366
+ # available_ip_address_count: 1,
22367
+ # cidr_block: "NonEmptyString",
22368
+ # default_for_az: false,
22369
+ # map_public_ip_on_launch: false,
22370
+ # owner_id: "NonEmptyString",
22371
+ # state: "NonEmptyString",
22372
+ # subnet_arn: "NonEmptyString",
22373
+ # subnet_id: "NonEmptyString",
22374
+ # vpc_id: "NonEmptyString",
22375
+ # ipv_6_cidr_block_association_set: [
22376
+ # {
22377
+ # association_id: "NonEmptyString",
22378
+ # ipv_6_cidr_block: "NonEmptyString",
22379
+ # cidr_block_state: "NonEmptyString",
22380
+ # },
22381
+ # ],
22382
+ # },
22383
+ # aws_ec2_network_acl: {
22384
+ # is_default: false,
22385
+ # network_acl_id: "NonEmptyString",
22386
+ # owner_id: "NonEmptyString",
22387
+ # vpc_id: "NonEmptyString",
22388
+ # associations: [
22389
+ # {
22390
+ # network_acl_association_id: "NonEmptyString",
22391
+ # network_acl_id: "NonEmptyString",
22392
+ # subnet_id: "NonEmptyString",
22393
+ # },
22394
+ # ],
22395
+ # entries: [
22396
+ # {
22397
+ # cidr_block: "NonEmptyString",
22398
+ # egress: false,
22399
+ # icmp_type_code: {
22400
+ # code: 1,
22401
+ # type: 1,
22402
+ # },
22403
+ # ipv_6_cidr_block: "NonEmptyString",
22404
+ # port_range: {
22405
+ # from: 1,
22406
+ # to: 1,
22407
+ # },
22408
+ # protocol: "NonEmptyString",
22409
+ # rule_action: "NonEmptyString",
22410
+ # rule_number: 1,
22411
+ # },
22412
+ # ],
22413
+ # },
20012
22414
  # aws_elbv_2_load_balancer: {
20013
22415
  # availability_zones: [
20014
22416
  # {
@@ -20029,6 +22431,40 @@ module Aws::SecurityHub
20029
22431
  # type: "NonEmptyString",
20030
22432
  # vpc_id: "NonEmptyString",
20031
22433
  # },
22434
+ # aws_elastic_beanstalk_environment: {
22435
+ # application_name: "NonEmptyString",
22436
+ # cname: "NonEmptyString",
22437
+ # date_created: "NonEmptyString",
22438
+ # date_updated: "NonEmptyString",
22439
+ # description: "NonEmptyString",
22440
+ # endpoint_url: "NonEmptyString",
22441
+ # environment_arn: "NonEmptyString",
22442
+ # environment_id: "NonEmptyString",
22443
+ # environment_links: [
22444
+ # {
22445
+ # environment_name: "NonEmptyString",
22446
+ # link_name: "NonEmptyString",
22447
+ # },
22448
+ # ],
22449
+ # environment_name: "NonEmptyString",
22450
+ # option_settings: [
22451
+ # {
22452
+ # namespace: "NonEmptyString",
22453
+ # option_name: "NonEmptyString",
22454
+ # resource_name: "NonEmptyString",
22455
+ # value: "NonEmptyString",
22456
+ # },
22457
+ # ],
22458
+ # platform_arn: "NonEmptyString",
22459
+ # solution_stack_name: "NonEmptyString",
22460
+ # status: "NonEmptyString",
22461
+ # tier: {
22462
+ # name: "NonEmptyString",
22463
+ # type: "NonEmptyString",
22464
+ # version: "NonEmptyString",
22465
+ # },
22466
+ # version_label: "NonEmptyString",
22467
+ # },
20032
22468
  # aws_elasticsearch_domain: {
20033
22469
  # access_policies: "NonEmptyString",
20034
22470
  # domain_endpoint_options: {
@@ -20070,6 +22506,18 @@ module Aws::SecurityHub
20070
22506
  # },
20071
22507
  # ],
20072
22508
  # },
22509
+ # public_access_block_configuration: {
22510
+ # block_public_acls: false,
22511
+ # block_public_policy: false,
22512
+ # ignore_public_acls: false,
22513
+ # restrict_public_buckets: false,
22514
+ # },
22515
+ # },
22516
+ # aws_s3_account_public_access_block: {
22517
+ # block_public_acls: false,
22518
+ # block_public_policy: false,
22519
+ # ignore_public_acls: false,
22520
+ # restrict_public_buckets: false,
20073
22521
  # },
20074
22522
  # aws_s3_object: {
20075
22523
  # last_modified: "NonEmptyString",
@@ -21155,6 +23603,11 @@ module Aws::SecurityHub
21155
23603
  # finding was processed.
21156
23604
  # @return [Hash<String,String>]
21157
23605
  #
23606
+ # @!attribute [rw] data_classification
23607
+ # Contains information about sensitive data that was detected on the
23608
+ # resource.
23609
+ # @return [Types::DataClassificationDetails]
23610
+ #
21158
23611
  # @!attribute [rw] details
21159
23612
  # Additional details about the resource related to a finding.
21160
23613
  # @return [Types::ResourceDetails]
@@ -21168,6 +23621,7 @@ module Aws::SecurityHub
21168
23621
  :region,
21169
23622
  :resource_role,
21170
23623
  :tags,
23624
+ :data_classification,
21171
23625
  :details)
21172
23626
  SENSITIVE = []
21173
23627
  include Aws::Structure
@@ -21447,6 +23901,58 @@ module Aws::SecurityHub
21447
23901
  # network_interface_owner_id: "NonEmptyString",
21448
23902
  # private_ip_address: "NonEmptyString",
21449
23903
  # },
23904
+ # aws_ec2_subnet: {
23905
+ # assign_ipv_6_address_on_creation: false,
23906
+ # availability_zone: "NonEmptyString",
23907
+ # availability_zone_id: "NonEmptyString",
23908
+ # available_ip_address_count: 1,
23909
+ # cidr_block: "NonEmptyString",
23910
+ # default_for_az: false,
23911
+ # map_public_ip_on_launch: false,
23912
+ # owner_id: "NonEmptyString",
23913
+ # state: "NonEmptyString",
23914
+ # subnet_arn: "NonEmptyString",
23915
+ # subnet_id: "NonEmptyString",
23916
+ # vpc_id: "NonEmptyString",
23917
+ # ipv_6_cidr_block_association_set: [
23918
+ # {
23919
+ # association_id: "NonEmptyString",
23920
+ # ipv_6_cidr_block: "NonEmptyString",
23921
+ # cidr_block_state: "NonEmptyString",
23922
+ # },
23923
+ # ],
23924
+ # },
23925
+ # aws_ec2_network_acl: {
23926
+ # is_default: false,
23927
+ # network_acl_id: "NonEmptyString",
23928
+ # owner_id: "NonEmptyString",
23929
+ # vpc_id: "NonEmptyString",
23930
+ # associations: [
23931
+ # {
23932
+ # network_acl_association_id: "NonEmptyString",
23933
+ # network_acl_id: "NonEmptyString",
23934
+ # subnet_id: "NonEmptyString",
23935
+ # },
23936
+ # ],
23937
+ # entries: [
23938
+ # {
23939
+ # cidr_block: "NonEmptyString",
23940
+ # egress: false,
23941
+ # icmp_type_code: {
23942
+ # code: 1,
23943
+ # type: 1,
23944
+ # },
23945
+ # ipv_6_cidr_block: "NonEmptyString",
23946
+ # port_range: {
23947
+ # from: 1,
23948
+ # to: 1,
23949
+ # },
23950
+ # protocol: "NonEmptyString",
23951
+ # rule_action: "NonEmptyString",
23952
+ # rule_number: 1,
23953
+ # },
23954
+ # ],
23955
+ # },
21450
23956
  # aws_elbv_2_load_balancer: {
21451
23957
  # availability_zones: [
21452
23958
  # {
@@ -21467,6 +23973,40 @@ module Aws::SecurityHub
21467
23973
  # type: "NonEmptyString",
21468
23974
  # vpc_id: "NonEmptyString",
21469
23975
  # },
23976
+ # aws_elastic_beanstalk_environment: {
23977
+ # application_name: "NonEmptyString",
23978
+ # cname: "NonEmptyString",
23979
+ # date_created: "NonEmptyString",
23980
+ # date_updated: "NonEmptyString",
23981
+ # description: "NonEmptyString",
23982
+ # endpoint_url: "NonEmptyString",
23983
+ # environment_arn: "NonEmptyString",
23984
+ # environment_id: "NonEmptyString",
23985
+ # environment_links: [
23986
+ # {
23987
+ # environment_name: "NonEmptyString",
23988
+ # link_name: "NonEmptyString",
23989
+ # },
23990
+ # ],
23991
+ # environment_name: "NonEmptyString",
23992
+ # option_settings: [
23993
+ # {
23994
+ # namespace: "NonEmptyString",
23995
+ # option_name: "NonEmptyString",
23996
+ # resource_name: "NonEmptyString",
23997
+ # value: "NonEmptyString",
23998
+ # },
23999
+ # ],
24000
+ # platform_arn: "NonEmptyString",
24001
+ # solution_stack_name: "NonEmptyString",
24002
+ # status: "NonEmptyString",
24003
+ # tier: {
24004
+ # name: "NonEmptyString",
24005
+ # type: "NonEmptyString",
24006
+ # version: "NonEmptyString",
24007
+ # },
24008
+ # version_label: "NonEmptyString",
24009
+ # },
21470
24010
  # aws_elasticsearch_domain: {
21471
24011
  # access_policies: "NonEmptyString",
21472
24012
  # domain_endpoint_options: {
@@ -21508,6 +24048,18 @@ module Aws::SecurityHub
21508
24048
  # },
21509
24049
  # ],
21510
24050
  # },
24051
+ # public_access_block_configuration: {
24052
+ # block_public_acls: false,
24053
+ # block_public_policy: false,
24054
+ # ignore_public_acls: false,
24055
+ # restrict_public_buckets: false,
24056
+ # },
24057
+ # },
24058
+ # aws_s3_account_public_access_block: {
24059
+ # block_public_acls: false,
24060
+ # block_public_policy: false,
24061
+ # ignore_public_acls: false,
24062
+ # restrict_public_buckets: false,
21511
24063
  # },
21512
24064
  # aws_s3_object: {
21513
24065
  # last_modified: "NonEmptyString",
@@ -22595,10 +25147,22 @@ module Aws::SecurityHub
22595
25147
  # Details about an Elastic IP address.
22596
25148
  # @return [Types::AwsEc2EipDetails]
22597
25149
  #
25150
+ # @!attribute [rw] aws_ec2_subnet
25151
+ # Details about a subnet in EC2.
25152
+ # @return [Types::AwsEc2SubnetDetails]
25153
+ #
25154
+ # @!attribute [rw] aws_ec2_network_acl
25155
+ # Details about an EC2 network access control list (ACL).
25156
+ # @return [Types::AwsEc2NetworkAclDetails]
25157
+ #
22598
25158
  # @!attribute [rw] aws_elbv_2_load_balancer
22599
25159
  # Details about a load balancer.
22600
25160
  # @return [Types::AwsElbv2LoadBalancerDetails]
22601
25161
  #
25162
+ # @!attribute [rw] aws_elastic_beanstalk_environment
25163
+ # Details about an Elastic Beanstalk environment.
25164
+ # @return [Types::AwsElasticBeanstalkEnvironmentDetails]
25165
+ #
22602
25166
  # @!attribute [rw] aws_elasticsearch_domain
22603
25167
  # Details for an Elasticsearch domain.
22604
25168
  # @return [Types::AwsElasticsearchDomainDetails]
@@ -22607,6 +25171,11 @@ module Aws::SecurityHub
22607
25171
  # Details about an Amazon S3 bucket related to a finding.
22608
25172
  # @return [Types::AwsS3BucketDetails]
22609
25173
  #
25174
+ # @!attribute [rw] aws_s3_account_public_access_block
25175
+ # Details about the Amazon S3 Public Access Block configuration for an
25176
+ # account.
25177
+ # @return [Types::AwsS3AccountPublicAccessBlockDetails]
25178
+ #
22610
25179
  # @!attribute [rw] aws_s3_object
22611
25180
  # Details about an Amazon S3 object related to a finding.
22612
25181
  # @return [Types::AwsS3ObjectDetails]
@@ -22747,9 +25316,13 @@ module Aws::SecurityHub
22747
25316
  :aws_ec2_volume,
22748
25317
  :aws_ec2_vpc,
22749
25318
  :aws_ec2_eip,
25319
+ :aws_ec2_subnet,
25320
+ :aws_ec2_network_acl,
22750
25321
  :aws_elbv_2_load_balancer,
25322
+ :aws_elastic_beanstalk_environment,
22751
25323
  :aws_elasticsearch_domain,
22752
25324
  :aws_s3_bucket,
25325
+ :aws_s3_account_public_access_block,
22753
25326
  :aws_s3_object,
22754
25327
  :aws_secrets_manager_secret,
22755
25328
  :aws_iam_access_key,
@@ -22820,6 +25393,171 @@ module Aws::SecurityHub
22820
25393
  include Aws::Structure
22821
25394
  end
22822
25395
 
25396
+ # The list of detected instances of sensitive data.
25397
+ #
25398
+ # @note When making an API call, you may pass SensitiveDataDetections
25399
+ # data as a hash:
25400
+ #
25401
+ # {
25402
+ # count: 1,
25403
+ # type: "NonEmptyString",
25404
+ # occurrences: {
25405
+ # line_ranges: [
25406
+ # {
25407
+ # start: 1,
25408
+ # end: 1,
25409
+ # start_column: 1,
25410
+ # },
25411
+ # ],
25412
+ # offset_ranges: [
25413
+ # {
25414
+ # start: 1,
25415
+ # end: 1,
25416
+ # start_column: 1,
25417
+ # },
25418
+ # ],
25419
+ # pages: [
25420
+ # {
25421
+ # page_number: 1,
25422
+ # line_range: {
25423
+ # start: 1,
25424
+ # end: 1,
25425
+ # start_column: 1,
25426
+ # },
25427
+ # offset_range: {
25428
+ # start: 1,
25429
+ # end: 1,
25430
+ # start_column: 1,
25431
+ # },
25432
+ # },
25433
+ # ],
25434
+ # records: [
25435
+ # {
25436
+ # json_path: "NonEmptyString",
25437
+ # record_index: 1,
25438
+ # },
25439
+ # ],
25440
+ # cells: [
25441
+ # {
25442
+ # column: 1,
25443
+ # row: 1,
25444
+ # column_name: "NonEmptyString",
25445
+ # cell_reference: "NonEmptyString",
25446
+ # },
25447
+ # ],
25448
+ # },
25449
+ # }
25450
+ #
25451
+ # @!attribute [rw] count
25452
+ # The total number of occurrences of sensitive data that were
25453
+ # detected.
25454
+ # @return [Integer]
25455
+ #
25456
+ # @!attribute [rw] type
25457
+ # The type of sensitive data that was detected. For example, the type
25458
+ # might indicate that the data is an email address.
25459
+ # @return [String]
25460
+ #
25461
+ # @!attribute [rw] occurrences
25462
+ # Details about the sensitive data that was detected.
25463
+ # @return [Types::Occurrences]
25464
+ #
25465
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataDetections AWS API Documentation
25466
+ #
25467
+ class SensitiveDataDetections < Struct.new(
25468
+ :count,
25469
+ :type,
25470
+ :occurrences)
25471
+ SENSITIVE = []
25472
+ include Aws::Structure
25473
+ end
25474
+
25475
+ # Contains a detected instance of sensitive data that are based on
25476
+ # built-in identifiers.
25477
+ #
25478
+ # @note When making an API call, you may pass SensitiveDataResult
25479
+ # data as a hash:
25480
+ #
25481
+ # {
25482
+ # category: "NonEmptyString",
25483
+ # detections: [
25484
+ # {
25485
+ # count: 1,
25486
+ # type: "NonEmptyString",
25487
+ # occurrences: {
25488
+ # line_ranges: [
25489
+ # {
25490
+ # start: 1,
25491
+ # end: 1,
25492
+ # start_column: 1,
25493
+ # },
25494
+ # ],
25495
+ # offset_ranges: [
25496
+ # {
25497
+ # start: 1,
25498
+ # end: 1,
25499
+ # start_column: 1,
25500
+ # },
25501
+ # ],
25502
+ # pages: [
25503
+ # {
25504
+ # page_number: 1,
25505
+ # line_range: {
25506
+ # start: 1,
25507
+ # end: 1,
25508
+ # start_column: 1,
25509
+ # },
25510
+ # offset_range: {
25511
+ # start: 1,
25512
+ # end: 1,
25513
+ # start_column: 1,
25514
+ # },
25515
+ # },
25516
+ # ],
25517
+ # records: [
25518
+ # {
25519
+ # json_path: "NonEmptyString",
25520
+ # record_index: 1,
25521
+ # },
25522
+ # ],
25523
+ # cells: [
25524
+ # {
25525
+ # column: 1,
25526
+ # row: 1,
25527
+ # column_name: "NonEmptyString",
25528
+ # cell_reference: "NonEmptyString",
25529
+ # },
25530
+ # ],
25531
+ # },
25532
+ # },
25533
+ # ],
25534
+ # total_count: 1,
25535
+ # }
25536
+ #
25537
+ # @!attribute [rw] category
25538
+ # The category of sensitive data that was detected. For example, the
25539
+ # category can indicate that the sensitive data involved credentials,
25540
+ # financial information, or personal information.
25541
+ # @return [String]
25542
+ #
25543
+ # @!attribute [rw] detections
25544
+ # The list of detected instances of sensitive data.
25545
+ # @return [Array<Types::SensitiveDataDetections>]
25546
+ #
25547
+ # @!attribute [rw] total_count
25548
+ # The total number of occurrences of sensitive data.
25549
+ # @return [Integer]
25550
+ #
25551
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataResult AWS API Documentation
25552
+ #
25553
+ class SensitiveDataResult < Struct.new(
25554
+ :category,
25555
+ :detections,
25556
+ :total_count)
25557
+ SENSITIVE = []
25558
+ include Aws::Structure
25559
+ end
25560
+
22823
25561
  # The severity of the finding.
22824
25562
  #
22825
25563
  # The finding provider can provide the initial severity. The finding
@@ -23369,7 +26107,9 @@ module Aws::SecurityHub
23369
26107
  # @return [String]
23370
26108
  #
23371
26109
  # @!attribute [rw] tags
23372
- # The tags to add to the resource.
26110
+ # The tags to add to the resource. You can add up to 50 tags at a
26111
+ # time. The tag keys can be no longer than 128 characters. The tag
26112
+ # values can be no longer than 256 characters.
23373
26113
  # @return [Hash<String,String>]
23374
26114
  #
23375
26115
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/TagResourceRequest AWS API Documentation
@@ -23460,6 +26200,7 @@ module Aws::SecurityHub
23460
26200
  #
23461
26201
  # @!attribute [rw] tag_keys
23462
26202
  # The tag keys associated with the tags to remove from the resource.
26203
+ # You can remove up to 50 tags at a time.
23463
26204
  # @return [Array<String>]
23464
26205
  #
23465
26206
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UntagResourceRequest AWS API Documentation
@@ -24068,6 +26809,50 @@ module Aws::SecurityHub
24068
26809
  # value: "NonEmptyString",
24069
26810
  # },
24070
26811
  # ],
26812
+ # finding_provider_fields_confidence: [
26813
+ # {
26814
+ # gte: 1.0,
26815
+ # lte: 1.0,
26816
+ # eq: 1.0,
26817
+ # },
26818
+ # ],
26819
+ # finding_provider_fields_criticality: [
26820
+ # {
26821
+ # gte: 1.0,
26822
+ # lte: 1.0,
26823
+ # eq: 1.0,
26824
+ # },
26825
+ # ],
26826
+ # finding_provider_fields_related_findings_id: [
26827
+ # {
26828
+ # value: "NonEmptyString",
26829
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26830
+ # },
26831
+ # ],
26832
+ # finding_provider_fields_related_findings_product_arn: [
26833
+ # {
26834
+ # value: "NonEmptyString",
26835
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26836
+ # },
26837
+ # ],
26838
+ # finding_provider_fields_severity_label: [
26839
+ # {
26840
+ # value: "NonEmptyString",
26841
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26842
+ # },
26843
+ # ],
26844
+ # finding_provider_fields_severity_original: [
26845
+ # {
26846
+ # value: "NonEmptyString",
26847
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26848
+ # },
26849
+ # ],
26850
+ # finding_provider_fields_types: [
26851
+ # {
26852
+ # value: "NonEmptyString",
26853
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
26854
+ # },
26855
+ # ],
24071
26856
  # },
24072
26857
  # note: {
24073
26858
  # text: "NonEmptyString", # required
@@ -24663,6 +27448,50 @@ module Aws::SecurityHub
24663
27448
  # value: "NonEmptyString",
24664
27449
  # },
24665
27450
  # ],
27451
+ # finding_provider_fields_confidence: [
27452
+ # {
27453
+ # gte: 1.0,
27454
+ # lte: 1.0,
27455
+ # eq: 1.0,
27456
+ # },
27457
+ # ],
27458
+ # finding_provider_fields_criticality: [
27459
+ # {
27460
+ # gte: 1.0,
27461
+ # lte: 1.0,
27462
+ # eq: 1.0,
27463
+ # },
27464
+ # ],
27465
+ # finding_provider_fields_related_findings_id: [
27466
+ # {
27467
+ # value: "NonEmptyString",
27468
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
27469
+ # },
27470
+ # ],
27471
+ # finding_provider_fields_related_findings_product_arn: [
27472
+ # {
27473
+ # value: "NonEmptyString",
27474
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
27475
+ # },
27476
+ # ],
27477
+ # finding_provider_fields_severity_label: [
27478
+ # {
27479
+ # value: "NonEmptyString",
27480
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
27481
+ # },
27482
+ # ],
27483
+ # finding_provider_fields_severity_original: [
27484
+ # {
27485
+ # value: "NonEmptyString",
27486
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
27487
+ # },
27488
+ # ],
27489
+ # finding_provider_fields_types: [
27490
+ # {
27491
+ # value: "NonEmptyString",
27492
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
27493
+ # },
27494
+ # ],
24666
27495
  # },
24667
27496
  # group_by_attribute: "NonEmptyString",
24668
27497
  # }