aws-sdk-securityhub 1.76.0 → 1.78.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4551566a066756c3813881b2ed679d93205cb6b959a93ce2ad318acdf74ba6c2
4
- data.tar.gz: d2c25b9091800722ed0b1e030b51b8c7d9889a6c68982f3a26f2867eb511209a
3
+ metadata.gz: 6829baf0bb94d305e9ce5ccc5fdab0a544a83dd04ea8a3c5885659bb3f22cf2a
4
+ data.tar.gz: b7c20716e8c7c3f74ef1bfd9bb183f14fbe9e0d5b439c5647386e07553045628
5
5
  SHA512:
6
- metadata.gz: 9c307e08e1229c092c1b88abc7bb11df62e99d88fcb09a2e2010f3beeebc811f407a986d1648f059253fc505705f71e8e667c18ce3ebb34255a1b584951f548e
7
- data.tar.gz: a1f468b67e4c962edddadd00229428f6b06056bf7b82276e216ed9f3f834d8e78bf23c3ee69988fa1efc68eff06973593af0d064877db59a6fe5ee563b50b9ea
6
+ metadata.gz: ab96c7ecf1c909f510cebf766d6736c0cf1dfbbad2fe47584bff858d57564b45aaab7f871079dce2ed944a524803f1bf9aed0a7468fd55839005c07138d37081
7
+ data.tar.gz: 72a9cdf0acba52eb14159138a085b10a4cd247fdf65eacf9018e5f43695b2dfd219a5a5f41a2e52acfbad189fe0e88ec01c07272319291552817fd6a9d36f427
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.78.0 (2023-02-24)
5
+ ------------------
6
+
7
+ * Feature - New Security Hub APIs and updates to existing APIs that help you consolidate control findings and enable and disable controls across all supported standards
8
+
9
+ 1.77.0 (2023-02-21)
10
+ ------------------
11
+
12
+ * Feature - Documentation updates for AWS Security Hub
13
+
4
14
  1.76.0 (2023-01-31)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.76.0
1
+ 1.78.0
@@ -542,6 +542,106 @@ module Aws::SecurityHub
542
542
  req.send_request(options)
543
543
  end
544
544
 
545
+ # Provides details about a batch of security controls for the current
546
+ # Amazon Web Services account and Amazon Web Services Region.
547
+ #
548
+ # @option params [required, Array<String>] :security_control_ids
549
+ # A list of security controls (identified with `SecurityControlId`,
550
+ # `SecurityControlArn`, or a mix of both parameters). The security
551
+ # control ID or Amazon Resource Name (ARN) is the same across standards.
552
+ #
553
+ # @return [Types::BatchGetSecurityControlsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
554
+ #
555
+ # * {Types::BatchGetSecurityControlsResponse#security_controls #security_controls} => Array&lt;Types::SecurityControl&gt;
556
+ # * {Types::BatchGetSecurityControlsResponse#unprocessed_ids #unprocessed_ids} => Array&lt;Types::UnprocessedSecurityControl&gt;
557
+ #
558
+ # @example Request syntax with placeholder values
559
+ #
560
+ # resp = client.batch_get_security_controls({
561
+ # security_control_ids: ["NonEmptyString"], # required
562
+ # })
563
+ #
564
+ # @example Response structure
565
+ #
566
+ # resp.security_controls #=> Array
567
+ # resp.security_controls[0].security_control_id #=> String
568
+ # resp.security_controls[0].security_control_arn #=> String
569
+ # resp.security_controls[0].title #=> String
570
+ # resp.security_controls[0].description #=> String
571
+ # resp.security_controls[0].remediation_url #=> String
572
+ # resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
573
+ # resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED"
574
+ # resp.unprocessed_ids #=> Array
575
+ # resp.unprocessed_ids[0].security_control_id #=> String
576
+ # resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
577
+ # resp.unprocessed_ids[0].error_reason #=> String
578
+ #
579
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControls AWS API Documentation
580
+ #
581
+ # @overload batch_get_security_controls(params = {})
582
+ # @param [Hash] params ({})
583
+ def batch_get_security_controls(params = {}, options = {})
584
+ req = build_request(:batch_get_security_controls, params)
585
+ req.send_request(options)
586
+ end
587
+
588
+ # For a batch of security controls and standards, identifies whether
589
+ # each control is currently enabled or disabled in a standard.
590
+ #
591
+ # @option params [required, Array<Types::StandardsControlAssociationId>] :standards_control_association_ids
592
+ # An array with one or more objects that includes a security control
593
+ # (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
594
+ # of both parameters) and the Amazon Resource Name (ARN) of a standard.
595
+ # This field is used to query the enablement status of a control in a
596
+ # specified standard. The security control ID or ARN is the same across
597
+ # standards.
598
+ #
599
+ # @return [Types::BatchGetStandardsControlAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
600
+ #
601
+ # * {Types::BatchGetStandardsControlAssociationsResponse#standards_control_association_details #standards_control_association_details} => Array&lt;Types::StandardsControlAssociationDetail&gt;
602
+ # * {Types::BatchGetStandardsControlAssociationsResponse#unprocessed_associations #unprocessed_associations} => Array&lt;Types::UnprocessedStandardsControlAssociation&gt;
603
+ #
604
+ # @example Request syntax with placeholder values
605
+ #
606
+ # resp = client.batch_get_standards_control_associations({
607
+ # standards_control_association_ids: [ # required
608
+ # {
609
+ # security_control_id: "NonEmptyString", # required
610
+ # standards_arn: "NonEmptyString", # required
611
+ # },
612
+ # ],
613
+ # })
614
+ #
615
+ # @example Response structure
616
+ #
617
+ # resp.standards_control_association_details #=> Array
618
+ # resp.standards_control_association_details[0].standards_arn #=> String
619
+ # resp.standards_control_association_details[0].security_control_id #=> String
620
+ # resp.standards_control_association_details[0].security_control_arn #=> String
621
+ # resp.standards_control_association_details[0].association_status #=> String, one of "ENABLED", "DISABLED"
622
+ # resp.standards_control_association_details[0].related_requirements #=> Array
623
+ # resp.standards_control_association_details[0].related_requirements[0] #=> String
624
+ # resp.standards_control_association_details[0].updated_at #=> Time
625
+ # resp.standards_control_association_details[0].updated_reason #=> String
626
+ # resp.standards_control_association_details[0].standards_control_title #=> String
627
+ # resp.standards_control_association_details[0].standards_control_description #=> String
628
+ # resp.standards_control_association_details[0].standards_control_arns #=> Array
629
+ # resp.standards_control_association_details[0].standards_control_arns[0] #=> String
630
+ # resp.unprocessed_associations #=> Array
631
+ # resp.unprocessed_associations[0].standards_control_association_id.security_control_id #=> String
632
+ # resp.unprocessed_associations[0].standards_control_association_id.standards_arn #=> String
633
+ # resp.unprocessed_associations[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
634
+ # resp.unprocessed_associations[0].error_reason #=> String
635
+ #
636
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociations AWS API Documentation
637
+ #
638
+ # @overload batch_get_standards_control_associations(params = {})
639
+ # @param [Hash] params ({})
640
+ def batch_get_standards_control_associations(params = {}, options = {})
641
+ req = build_request(:batch_get_standards_control_associations, params)
642
+ req.send_request(options)
643
+ end
644
+
545
645
  # Imports security findings generated by a finding provider into
546
646
  # Security Hub. This action is requested by the finding provider to
547
647
  # import its findings into Security Hub.
@@ -800,6 +900,49 @@ module Aws::SecurityHub
800
900
  req.send_request(options)
801
901
  end
802
902
 
903
+ # For a batch of security controls and standards, this operation updates
904
+ # the enablement status of a control in a standard.
905
+ #
906
+ # @option params [required, Array<Types::StandardsControlAssociationUpdate>] :standards_control_association_updates
907
+ # Updates the enablement status of a security control in a specified
908
+ # standard.
909
+ #
910
+ # @return [Types::BatchUpdateStandardsControlAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
911
+ #
912
+ # * {Types::BatchUpdateStandardsControlAssociationsResponse#unprocessed_association_updates #unprocessed_association_updates} => Array&lt;Types::UnprocessedStandardsControlAssociationUpdate&gt;
913
+ #
914
+ # @example Request syntax with placeholder values
915
+ #
916
+ # resp = client.batch_update_standards_control_associations({
917
+ # standards_control_association_updates: [ # required
918
+ # {
919
+ # standards_arn: "NonEmptyString", # required
920
+ # security_control_id: "NonEmptyString", # required
921
+ # association_status: "ENABLED", # required, accepts ENABLED, DISABLED
922
+ # updated_reason: "NonEmptyString",
923
+ # },
924
+ # ],
925
+ # })
926
+ #
927
+ # @example Response structure
928
+ #
929
+ # resp.unprocessed_association_updates #=> Array
930
+ # resp.unprocessed_association_updates[0].standards_control_association_update.standards_arn #=> String
931
+ # resp.unprocessed_association_updates[0].standards_control_association_update.security_control_id #=> String
932
+ # resp.unprocessed_association_updates[0].standards_control_association_update.association_status #=> String, one of "ENABLED", "DISABLED"
933
+ # resp.unprocessed_association_updates[0].standards_control_association_update.updated_reason #=> String
934
+ # resp.unprocessed_association_updates[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
935
+ # resp.unprocessed_association_updates[0].error_reason #=> String
936
+ #
937
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociations AWS API Documentation
938
+ #
939
+ # @overload batch_update_standards_control_associations(params = {})
940
+ # @param [Hash] params ({})
941
+ def batch_update_standards_control_associations(params = {}, options = {})
942
+ req = build_request(:batch_update_standards_control_associations, params)
943
+ req.send_request(options)
944
+ end
945
+
803
946
  # Creates a custom action target in Security Hub.
804
947
  #
805
948
  # You can use custom actions on findings and insights in Security Hub to
@@ -1720,7 +1863,7 @@ module Aws::SecurityHub
1720
1863
  # custom action.
1721
1864
  #
1722
1865
  # @option params [required, String] :action_target_arn
1723
- # The ARN of the custom action target to delete.
1866
+ # The Amazon Resource Name (ARN) of the custom action target to delete.
1724
1867
  #
1725
1868
  # @return [Types::DeleteActionTargetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1726
1869
  #
@@ -1931,6 +2074,7 @@ module Aws::SecurityHub
1931
2074
  # * {Types::DescribeHubResponse#hub_arn #hub_arn} => String
1932
2075
  # * {Types::DescribeHubResponse#subscribed_at #subscribed_at} => String
1933
2076
  # * {Types::DescribeHubResponse#auto_enable_controls #auto_enable_controls} => Boolean
2077
+ # * {Types::DescribeHubResponse#control_finding_generator #control_finding_generator} => String
1934
2078
  #
1935
2079
  # @example Request syntax with placeholder values
1936
2080
  #
@@ -1943,6 +2087,7 @@ module Aws::SecurityHub
1943
2087
  # resp.hub_arn #=> String
1944
2088
  # resp.subscribed_at #=> String
1945
2089
  # resp.auto_enable_controls #=> Boolean
2090
+ # resp.control_finding_generator #=> String, one of "STANDARD_CONTROL", "SECURITY_CONTROL"
1946
2091
  #
1947
2092
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHub AWS API Documentation
1948
2093
  #
@@ -2368,16 +2513,16 @@ module Aws::SecurityHub
2368
2513
  # integrated with Security Hub.
2369
2514
  #
2370
2515
  # When you use the `EnableSecurityHub` operation to enable Security Hub,
2371
- # you also automatically enable the following standards.
2516
+ # you also automatically enable the following standards:
2372
2517
  #
2373
- # * CIS Amazon Web Services Foundations
2518
+ # * Center for Internet Security (CIS) Amazon Web Services Foundations
2519
+ # Benchmark v1.2.0
2374
2520
  #
2375
2521
  # * Amazon Web Services Foundational Security Best Practices
2376
2522
  #
2377
- # You do not enable the Payment Card Industry Data Security Standard
2378
- # (PCI DSS) standard.
2523
+ # Other standards are not automatically enabled.
2379
2524
  #
2380
- # To not enable the automatically enabled standards, set
2525
+ # To opt out of automatically enabled standards, set
2381
2526
  # `EnableDefaultStandards` to `false`.
2382
2527
  #
2383
2528
  # After you enable Security Hub, to enable a standard, use the
@@ -2401,6 +2546,22 @@ module Aws::SecurityHub
2401
2546
  # automatically enabled standards, set `EnableDefaultStandards` to
2402
2547
  # `false`.
2403
2548
  #
2549
+ # @option params [String] :control_finding_generator
2550
+ # This field, used when enabling Security Hub, specifies whether the
2551
+ # calling account has consolidated control findings turned on. If the
2552
+ # value for this field is set to `SECURITY_CONTROL`, Security Hub
2553
+ # generates a single finding for a control check even when the check
2554
+ # applies to multiple enabled standards.
2555
+ #
2556
+ # If the value for this field is set to `STANDARD_CONTROL`, Security Hub
2557
+ # generates separate findings for a control check when the check applies
2558
+ # to multiple enabled standards.
2559
+ #
2560
+ # The value for this field in a member account matches the value in the
2561
+ # administrator account. For accounts that aren't part of an
2562
+ # organization, the default value of this field is `SECURITY_CONTROL` if
2563
+ # you enabled Security Hub on or after February 9, 2023.
2564
+ #
2404
2565
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2405
2566
  #
2406
2567
  # @example Request syntax with placeholder values
@@ -2410,6 +2571,7 @@ module Aws::SecurityHub
2410
2571
  # "TagKey" => "TagValue",
2411
2572
  # },
2412
2573
  # enable_default_standards: false,
2574
+ # control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
2413
2575
  # })
2414
2576
  #
2415
2577
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHub AWS API Documentation
@@ -4024,6 +4186,119 @@ module Aws::SecurityHub
4024
4186
  req.send_request(options)
4025
4187
  end
4026
4188
 
4189
+ # Lists all of the security controls that apply to a specified standard.
4190
+ #
4191
+ # @option params [String] :standards_arn
4192
+ # The Amazon Resource Name (ARN) of the standard that you want to view
4193
+ # controls for.
4194
+ #
4195
+ # @option params [String] :next_token
4196
+ # Optional pagination parameter.
4197
+ #
4198
+ # @option params [Integer] :max_results
4199
+ # An optional parameter that limits the total results of the API
4200
+ # response to the specified number. If this parameter isn't provided in
4201
+ # the request, the results include the first 25 security controls that
4202
+ # apply to the specified standard. The results also include a
4203
+ # `NextToken` parameter that you can use in a subsequent API call to get
4204
+ # the next 25 controls. This repeats until all controls for the standard
4205
+ # are returned.
4206
+ #
4207
+ # @return [Types::ListSecurityControlDefinitionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4208
+ #
4209
+ # * {Types::ListSecurityControlDefinitionsResponse#security_control_definitions #security_control_definitions} => Array&lt;Types::SecurityControlDefinition&gt;
4210
+ # * {Types::ListSecurityControlDefinitionsResponse#next_token #next_token} => String
4211
+ #
4212
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
4213
+ #
4214
+ # @example Request syntax with placeholder values
4215
+ #
4216
+ # resp = client.list_security_control_definitions({
4217
+ # standards_arn: "NonEmptyString",
4218
+ # next_token: "NextToken",
4219
+ # max_results: 1,
4220
+ # })
4221
+ #
4222
+ # @example Response structure
4223
+ #
4224
+ # resp.security_control_definitions #=> Array
4225
+ # resp.security_control_definitions[0].security_control_id #=> String
4226
+ # resp.security_control_definitions[0].title #=> String
4227
+ # resp.security_control_definitions[0].description #=> String
4228
+ # resp.security_control_definitions[0].remediation_url #=> String
4229
+ # resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
4230
+ # resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
4231
+ # resp.next_token #=> String
4232
+ #
4233
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions AWS API Documentation
4234
+ #
4235
+ # @overload list_security_control_definitions(params = {})
4236
+ # @param [Hash] params ({})
4237
+ def list_security_control_definitions(params = {}, options = {})
4238
+ req = build_request(:list_security_control_definitions, params)
4239
+ req.send_request(options)
4240
+ end
4241
+
4242
+ # Specifies whether a control is currently enabled or disabled in each
4243
+ # enabled standard in the calling account.
4244
+ #
4245
+ # @option params [required, String] :security_control_id
4246
+ # The identifier of the control (identified with `SecurityControlId`,
4247
+ # `SecurityControlArn`, or a mix of both parameters) that you want to
4248
+ # determine the enablement status of in each enabled standard.
4249
+ #
4250
+ # @option params [String] :next_token
4251
+ # Optional pagination parameter.
4252
+ #
4253
+ # @option params [Integer] :max_results
4254
+ # An optional parameter that limits the total results of the API
4255
+ # response to the specified number. If this parameter isn't provided in
4256
+ # the request, the results include the first 25 standard and control
4257
+ # associations. The results also include a `NextToken` parameter that
4258
+ # you can use in a subsequent API call to get the next 25 associations.
4259
+ # This repeats until all associations for the specified control are
4260
+ # returned. The number of results is limited by the number of supported
4261
+ # Security Hub standards that you've enabled in the calling account.
4262
+ #
4263
+ # @return [Types::ListStandardsControlAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4264
+ #
4265
+ # * {Types::ListStandardsControlAssociationsResponse#standards_control_association_summaries #standards_control_association_summaries} => Array&lt;Types::StandardsControlAssociationSummary&gt;
4266
+ # * {Types::ListStandardsControlAssociationsResponse#next_token #next_token} => String
4267
+ #
4268
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
4269
+ #
4270
+ # @example Request syntax with placeholder values
4271
+ #
4272
+ # resp = client.list_standards_control_associations({
4273
+ # security_control_id: "NonEmptyString", # required
4274
+ # next_token: "NextToken",
4275
+ # max_results: 1,
4276
+ # })
4277
+ #
4278
+ # @example Response structure
4279
+ #
4280
+ # resp.standards_control_association_summaries #=> Array
4281
+ # resp.standards_control_association_summaries[0].standards_arn #=> String
4282
+ # resp.standards_control_association_summaries[0].security_control_id #=> String
4283
+ # resp.standards_control_association_summaries[0].security_control_arn #=> String
4284
+ # resp.standards_control_association_summaries[0].association_status #=> String, one of "ENABLED", "DISABLED"
4285
+ # resp.standards_control_association_summaries[0].related_requirements #=> Array
4286
+ # resp.standards_control_association_summaries[0].related_requirements[0] #=> String
4287
+ # resp.standards_control_association_summaries[0].updated_at #=> Time
4288
+ # resp.standards_control_association_summaries[0].updated_reason #=> String
4289
+ # resp.standards_control_association_summaries[0].standards_control_title #=> String
4290
+ # resp.standards_control_association_summaries[0].standards_control_description #=> String
4291
+ # resp.next_token #=> String
4292
+ #
4293
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociations AWS API Documentation
4294
+ #
4295
+ # @overload list_standards_control_associations(params = {})
4296
+ # @param [Hash] params ({})
4297
+ def list_standards_control_associations(params = {}, options = {})
4298
+ req = build_request(:list_standards_control_associations, params)
4299
+ req.send_request(options)
4300
+ end
4301
+
4027
4302
  # Returns a list of tags associated with a resource.
4028
4303
  #
4029
4304
  # @option params [required, String] :resource_arn
@@ -5615,12 +5890,26 @@ module Aws::SecurityHub
5615
5890
  # automatically. To not automatically enable new controls, set this to
5616
5891
  # `false`.
5617
5892
  #
5893
+ # @option params [String] :control_finding_generator
5894
+ # Updates whether the calling account has consolidated control findings
5895
+ # turned on. If the value for this field is set to `SECURITY_CONTROL`,
5896
+ # Security Hub generates a single finding for a control check even when
5897
+ # the check applies to multiple enabled standards.
5898
+ #
5899
+ # If the value for this field is set to `STANDARD_CONTROL`, Security Hub
5900
+ # generates separate findings for a control check when the check applies
5901
+ # to multiple enabled standards.
5902
+ #
5903
+ # For accounts that are part of an organization, this value can only be
5904
+ # updated in the administrator account.
5905
+ #
5618
5906
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
5619
5907
  #
5620
5908
  # @example Request syntax with placeholder values
5621
5909
  #
5622
5910
  # resp = client.update_security_hub_configuration({
5623
5911
  # auto_enable_controls: false,
5912
+ # control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
5624
5913
  # })
5625
5914
  #
5626
5915
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfiguration AWS API Documentation
@@ -5677,7 +5966,7 @@ module Aws::SecurityHub
5677
5966
  params: params,
5678
5967
  config: config)
5679
5968
  context[:gem_name] = 'aws-sdk-securityhub'
5680
- context[:gem_version] = '1.76.0'
5969
+ context[:gem_version] = '1.78.0'
5681
5970
  Seahorse::Client::Request.new(handlers, context)
5682
5971
  end
5683
5972