aws-sdk-securityhub 1.75.0 → 1.77.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aaa6faff45a268abc6ecf0c90d8bdba1fbe4a8a1bee44fbb7e19b55608ed1660
-  data.tar.gz: df8b33938c1c0c5413a558b900737d70c24ce9ebaccb2d3e7fbc1fa20233d7cd
+  metadata.gz: 42097a9ea879fbbaca78b14e116697b2232e7647e217b098fbc12d4a10949c88
+  data.tar.gz: e65c14100c5d78c093c59f712e8810b68d9b2c79b3c3d6efe2a6769fd50b5dd3
 SHA512:
-  metadata.gz: f280edf6cdc102e0fa7775e79022cbb06227662187732de522eef8dced53cdaf04b2cb9682bab6b733b0b542eed6aa4d157fb66a2b995381ce5e79d90c7fe667
-  data.tar.gz: e461604a34deed87ccdc2c89d5073fc4024f0a059414d96295a19548c2a70bd34c36b8908d86fb0f275adffcaec46793140c6b5ff1c3edd71736b29aa621d12e
+  metadata.gz: f1263bfd760eb829b2281aa32da750834d60e4f34451c1688e2cfb7eedd6d9942bf920a7cc8ca2eeba4b985e29aca99826e0309afaed47c3244e506119ec249a
+  data.tar.gz: 88d7596b018cb3db89655b0443a667064679407bb7878165478227911263e5e6607830719985ee71f60537140b50169b3817ffc3c8198c4e36f065820dcad57d

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.77.0 (2023-02-21)
+------------------
+
+* Feature - Documentation updates for AWS Security Hub
+
+1.76.0 (2023-01-31)
+------------------
+
+* Feature - New fields have been added to the AWS Security Finding Format. Compliance.SecurityControlId is a unique identifier for a security control across standards. Compliance.AssociatedStandards contains all enabled standards in which a security control is enabled.
+
 1.75.0 (2023-01-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.75.0
+1.77.0

data/lib/aws-sdk-securityhub/client.rb

@@ -1566,6 +1566,18 @@ module Aws::SecurityHub
     #           value: false,
     #         },
     #       ],
+    #       compliance_security_control_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
+    #       compliance_associated_standards_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
     #     },
     #     group_by_attribute: "NonEmptyString", # required
     #   })
@@ -2356,16 +2368,16 @@ module Aws::SecurityHub
     # integrated with Security Hub.
     #
     # When you use the `EnableSecurityHub` operation to enable Security Hub,
-    # you also automatically enable the following standards.
+    # you also automatically enable the following standards:
     #
-    # * CIS Amazon Web Services Foundations
+    # * Center for Internet Security (CIS) Amazon Web Services Foundations
+    #   Benchmark v1.2.0
     #
     # * Amazon Web Services Foundational Security Best Practices
     #
-    # You do not enable the Payment Card Industry Data Security Standard
-    # (PCI DSS) standard.
+    # Other standards are not automatically enabled.
     #
-    # To not enable the automatically enabled standards, set
+    # To opt out of automatically enabled standards, set
     # `EnableDefaultStandards` to `false`.
     #
     # After you enable Security Hub, to enable a standard, use the
@@ -3186,6 +3198,18 @@ module Aws::SecurityHub
     #           value: false,
     #         },
     #       ],
+    #       compliance_security_control_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
+    #       compliance_associated_standards_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
     #     },
     #     sort_criteria: [
     #       {
@@ -3590,6 +3614,12 @@ module Aws::SecurityHub
     #   resp.insights[0].filters.finding_provider_fields_types[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS"
     #   resp.insights[0].filters.sample #=> Array
     #   resp.insights[0].filters.sample[0].value #=> Boolean
+    #   resp.insights[0].filters.compliance_security_control_id #=> Array
+    #   resp.insights[0].filters.compliance_security_control_id[0].value #=> String
+    #   resp.insights[0].filters.compliance_security_control_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS"
+    #   resp.insights[0].filters.compliance_associated_standards_id #=> Array
+    #   resp.insights[0].filters.compliance_associated_standards_id[0].value #=> String
+    #   resp.insights[0].filters.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS"
     #   resp.insights[0].group_by_attribute #=> String
     #   resp.next_token #=> String
     #
@@ -4832,6 +4862,18 @@ module Aws::SecurityHub
     #           value: false,
     #         },
     #       ],
+    #       compliance_security_control_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
+    #       compliance_associated_standards_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
     #     },
     #     note: {
     #       text: "NonEmptyString", # required
@@ -5492,6 +5534,18 @@ module Aws::SecurityHub
     #           value: false,
     #         },
     #       ],
+    #       compliance_security_control_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
+    #       compliance_associated_standards_id: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS
+    #         },
+    #       ],
     #     },
     #     group_by_attribute: "NonEmptyString",
     #   })
@@ -5623,7 +5677,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.75.0'
+      context[:gem_version] = '1.77.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -36,6 +36,8 @@ module Aws::SecurityHub
     AdminStatus = Shapes::StringShape.new(name: 'AdminStatus')
     AdminsMaxResults = Shapes::IntegerShape.new(name: 'AdminsMaxResults')
     ArnList = Shapes::ListShape.new(name: 'ArnList')
+    AssociatedStandard = Shapes::StructureShape.new(name: 'AssociatedStandard')
+    AssociatedStandardsList = Shapes::ListShape.new(name: 'AssociatedStandardsList')
     AutoEnableStandards = Shapes::StringShape.new(name: 'AutoEnableStandards')
     AvailabilityZone = Shapes::StructureShape.new(name: 'AvailabilityZone')
     AvailabilityZones = Shapes::ListShape.new(name: 'AvailabilityZones')
@@ -1009,6 +1011,11 @@ module Aws::SecurityHub
 
     ArnList.member = Shapes::ShapeRef.new(shape: NonEmptyString)
 
+    AssociatedStandard.add_member(:standards_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "StandardsId"))
+    AssociatedStandard.struct_class = Types::AssociatedStandard
+
+    AssociatedStandardsList.member = Shapes::ShapeRef.new(shape: AssociatedStandard)
+
     AvailabilityZone.add_member(:zone_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ZoneName"))
     AvailabilityZone.add_member(:subnet_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SubnetId"))
     AvailabilityZone.struct_class = Types::AvailabilityZone
@@ -3980,6 +3987,8 @@ module Aws::SecurityHub
     AwsSecurityFindingFilters.add_member(:finding_provider_fields_severity_original, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "FindingProviderFieldsSeverityOriginal"))
     AwsSecurityFindingFilters.add_member(:finding_provider_fields_types, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "FindingProviderFieldsTypes"))
     AwsSecurityFindingFilters.add_member(:sample, Shapes::ShapeRef.new(shape: BooleanFilterList, location_name: "Sample"))
+    AwsSecurityFindingFilters.add_member(:compliance_security_control_id, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ComplianceSecurityControlId"))
+    AwsSecurityFindingFilters.add_member(:compliance_associated_standards_id, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ComplianceAssociatedStandardsId"))
     AwsSecurityFindingFilters.struct_class = Types::AwsSecurityFindingFilters
 
     AwsSecurityFindingIdentifier.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
@@ -4337,6 +4346,8 @@ module Aws::SecurityHub
     Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
     Compliance.add_member(:related_requirements, Shapes::ShapeRef.new(shape: RelatedRequirementsList, location_name: "RelatedRequirements"))
     Compliance.add_member(:status_reasons, Shapes::ShapeRef.new(shape: StatusReasonsList, location_name: "StatusReasons"))
+    Compliance.add_member(:security_control_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SecurityControlId"))
+    Compliance.add_member(:associated_standards, Shapes::ShapeRef.new(shape: AssociatedStandardsList, location_name: "AssociatedStandards"))
     Compliance.struct_class = Types::Compliance
 
     ContainerDetails.add_member(:container_runtime, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ContainerRuntime"))

data/lib/aws-sdk-securityhub/endpoint_parameters.rb

@@ -50,9 +50,6 @@ module Aws::SecurityHub
 
     def initialize(options = {})
       self[:region] = options[:region]
-      if self[:region].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :region"
-      end
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
       if self[:use_dual_stack].nil?

data/lib/aws-sdk-securityhub/endpoint_provider.rb

@@ -14,36 +14,39 @@ module Aws::SecurityHub
       use_dual_stack = parameters.use_dual_stack
       use_fips = parameters.use_fips
       endpoint = parameters.endpoint
-      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.set?(endpoint)
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
-          end
-          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://securityhub-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-        end
+      if Aws::Endpoints::Matchers.set?(endpoint)
         if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            return Aws::Endpoints::Endpoint.new(url: "https://securityhub-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
         if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://securityhub.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://securityhub-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+              return Aws::Endpoints::Endpoint.new(url: "https://securityhub-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://securityhub.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+          return Aws::Endpoints::Endpoint.new(url: "https://securityhub.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://securityhub.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
       raise ArgumentError, 'No endpoint could be resolved'
 
     end