aws-sdk-securityhub 1.77.0 → 1.79.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 42097a9ea879fbbaca78b14e116697b2232e7647e217b098fbc12d4a10949c88
-  data.tar.gz: e65c14100c5d78c093c59f712e8810b68d9b2c79b3c3d6efe2a6769fd50b5dd3
+  metadata.gz: d5ede1dc39dfee50b462b22cad2a90d8966fbbcba0c36b7de3b1ce3f5cd5f68b
+  data.tar.gz: 743c7efa8ff35fc2a7e88e433eea045d872f331023f0a1c473c475fb0f480724
 SHA512:
-  metadata.gz: f1263bfd760eb829b2281aa32da750834d60e4f34451c1688e2cfb7eedd6d9942bf920a7cc8ca2eeba4b985e29aca99826e0309afaed47c3244e506119ec249a
-  data.tar.gz: 88d7596b018cb3db89655b0443a667064679407bb7878165478227911263e5e6607830719985ee71f60537140b50169b3817ffc3c8198c4e36f065820dcad57d
+  metadata.gz: c47a83f5f235e56b12e7fc10e5cd0024fa3b7671dc53eaf4b6da3b146cdeddcf44a286bc0be472ef048b26ace1830d4d51d73a741177fb11c94252c21a214502
+  data.tar.gz: 0e84c05d02ee3c5bc91e17d00117037215764b5d87ee71b22d485bb74b49777c2eb197ddc17949d224c662be1a2fcc9b30cbffd9567bcce6c8bea7b983c5ab2d

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.79.0 (2023-03-27)
+------------------
+
+* Feature - Added new resource detail objects to ASFF, including resources for AwsEksCluster, AWSS3Bucket, AwsEc2RouteTable and AwsEC2Instance.
+
+1.78.0 (2023-02-24)
+------------------
+
+* Feature - New Security Hub APIs and updates to existing APIs that help you consolidate control findings and enable and disable controls across all supported standards
+
 1.77.0 (2023-02-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.77.0
+1.79.0

data/lib/aws-sdk-securityhub/client.rb

@@ -542,6 +542,106 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Provides details about a batch of security controls for the current
+    # Amazon Web Services account and Amazon Web Services Region.
+    #
+    # @option params [required, Array<String>] :security_control_ids
+    #   A list of security controls (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters). The security
+    #   control ID or Amazon Resource Name (ARN) is the same across standards.
+    #
+    # @return [Types::BatchGetSecurityControlsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetSecurityControlsResponse#security_controls #security_controls} => Array&lt;Types::SecurityControl&gt;
+    #   * {Types::BatchGetSecurityControlsResponse#unprocessed_ids #unprocessed_ids} => Array&lt;Types::UnprocessedSecurityControl&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_security_controls({
+    #     security_control_ids: ["NonEmptyString"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_controls #=> Array
+    #   resp.security_controls[0].security_control_id #=> String
+    #   resp.security_controls[0].security_control_arn #=> String
+    #   resp.security_controls[0].title #=> String
+    #   resp.security_controls[0].description #=> String
+    #   resp.security_controls[0].remediation_url #=> String
+    #   resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
+    #   resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED"
+    #   resp.unprocessed_ids #=> Array
+    #   resp.unprocessed_ids[0].security_control_id #=> String
+    #   resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
+    #   resp.unprocessed_ids[0].error_reason #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControls AWS API Documentation
+    #
+    # @overload batch_get_security_controls(params = {})
+    # @param [Hash] params ({})
+    def batch_get_security_controls(params = {}, options = {})
+      req = build_request(:batch_get_security_controls, params)
+      req.send_request(options)
+    end
+
+    # For a batch of security controls and standards, identifies whether
+    # each control is currently enabled or disabled in a standard.
+    #
+    # @option params [required, Array<Types::StandardsControlAssociationId>] :standards_control_association_ids
+    #   An array with one or more objects that includes a security control
+    #   (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
+    #   of both parameters) and the Amazon Resource Name (ARN) of a standard.
+    #   This field is used to query the enablement status of a control in a
+    #   specified standard. The security control ID or ARN is the same across
+    #   standards.
+    #
+    # @return [Types::BatchGetStandardsControlAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetStandardsControlAssociationsResponse#standards_control_association_details #standards_control_association_details} => Array&lt;Types::StandardsControlAssociationDetail&gt;
+    #   * {Types::BatchGetStandardsControlAssociationsResponse#unprocessed_associations #unprocessed_associations} => Array&lt;Types::UnprocessedStandardsControlAssociation&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_standards_control_associations({
+    #     standards_control_association_ids: [ # required
+    #       {
+    #         security_control_id: "NonEmptyString", # required
+    #         standards_arn: "NonEmptyString", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.standards_control_association_details #=> Array
+    #   resp.standards_control_association_details[0].standards_arn #=> String
+    #   resp.standards_control_association_details[0].security_control_id #=> String
+    #   resp.standards_control_association_details[0].security_control_arn #=> String
+    #   resp.standards_control_association_details[0].association_status #=> String, one of "ENABLED", "DISABLED"
+    #   resp.standards_control_association_details[0].related_requirements #=> Array
+    #   resp.standards_control_association_details[0].related_requirements[0] #=> String
+    #   resp.standards_control_association_details[0].updated_at #=> Time
+    #   resp.standards_control_association_details[0].updated_reason #=> String
+    #   resp.standards_control_association_details[0].standards_control_title #=> String
+    #   resp.standards_control_association_details[0].standards_control_description #=> String
+    #   resp.standards_control_association_details[0].standards_control_arns #=> Array
+    #   resp.standards_control_association_details[0].standards_control_arns[0] #=> String
+    #   resp.unprocessed_associations #=> Array
+    #   resp.unprocessed_associations[0].standards_control_association_id.security_control_id #=> String
+    #   resp.unprocessed_associations[0].standards_control_association_id.standards_arn #=> String
+    #   resp.unprocessed_associations[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
+    #   resp.unprocessed_associations[0].error_reason #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociations AWS API Documentation
+    #
+    # @overload batch_get_standards_control_associations(params = {})
+    # @param [Hash] params ({})
+    def batch_get_standards_control_associations(params = {}, options = {})
+      req = build_request(:batch_get_standards_control_associations, params)
+      req.send_request(options)
+    end
+
     # Imports security findings generated by a finding provider into
     # Security Hub. This action is requested by the finding provider to
     # import its findings into Security Hub.
@@ -800,6 +900,49 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # For a batch of security controls and standards, this operation updates
+    # the enablement status of a control in a standard.
+    #
+    # @option params [required, Array<Types::StandardsControlAssociationUpdate>] :standards_control_association_updates
+    #   Updates the enablement status of a security control in a specified
+    #   standard.
+    #
+    # @return [Types::BatchUpdateStandardsControlAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchUpdateStandardsControlAssociationsResponse#unprocessed_association_updates #unprocessed_association_updates} => Array&lt;Types::UnprocessedStandardsControlAssociationUpdate&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_update_standards_control_associations({
+    #     standards_control_association_updates: [ # required
+    #       {
+    #         standards_arn: "NonEmptyString", # required
+    #         security_control_id: "NonEmptyString", # required
+    #         association_status: "ENABLED", # required, accepts ENABLED, DISABLED
+    #         updated_reason: "NonEmptyString",
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.unprocessed_association_updates #=> Array
+    #   resp.unprocessed_association_updates[0].standards_control_association_update.standards_arn #=> String
+    #   resp.unprocessed_association_updates[0].standards_control_association_update.security_control_id #=> String
+    #   resp.unprocessed_association_updates[0].standards_control_association_update.association_status #=> String, one of "ENABLED", "DISABLED"
+    #   resp.unprocessed_association_updates[0].standards_control_association_update.updated_reason #=> String
+    #   resp.unprocessed_association_updates[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
+    #   resp.unprocessed_association_updates[0].error_reason #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociations AWS API Documentation
+    #
+    # @overload batch_update_standards_control_associations(params = {})
+    # @param [Hash] params ({})
+    def batch_update_standards_control_associations(params = {}, options = {})
+      req = build_request(:batch_update_standards_control_associations, params)
+      req.send_request(options)
+    end
+
     # Creates a custom action target in Security Hub.
     #
     # You can use custom actions on findings and insights in Security Hub to
@@ -1681,12 +1824,15 @@ module Aws::SecurityHub
 
     # Declines invitations to become a member account.
     #
-    # This operation is only used by accounts that are not part of an
-    # organization. Organization accounts do not receive invitations.
+    # A prospective member account uses this operation to decline an
+    # invitation to become a member.
+    #
+    # This operation is only called by member accounts that aren't part of
+    # an organization. Organization accounts don't receive invitations.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of account IDs for the accounts from which to decline the
-    #   invitations to Security Hub.
+    #   The list of prospective member account IDs for which to decline an
+    #   invitation.
     #
     # @return [Types::DeclineInvitationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1720,7 +1866,7 @@ module Aws::SecurityHub
     # custom action.
     #
     # @option params [required, String] :action_target_arn
-    #   The ARN of the custom action target to delete.
+    #   The Amazon Resource Name (ARN) of the custom action target to delete.
     #
     # @return [Types::DeleteActionTargetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1805,11 +1951,16 @@ module Aws::SecurityHub
     # Deletes invitations received by the Amazon Web Services account to
     # become a member account.
     #
-    # This operation is only used by accounts that are not part of an
-    # organization. Organization accounts do not receive invitations.
+    # A Security Hub administrator account can use this operation to delete
+    # invitations sent to one or more member accounts.
+    #
+    # This operation is only used to delete invitations that are sent to
+    # member accounts that aren't part of an organization. Organization
+    # accounts don't receive invitations.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of the account IDs that sent the invitations to delete.
+    #   The list of member account IDs that received the invitations you want
+    #   to delete.
     #
     # @return [Types::DeleteInvitationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1931,6 +2082,7 @@ module Aws::SecurityHub
     #   * {Types::DescribeHubResponse#hub_arn #hub_arn} => String
     #   * {Types::DescribeHubResponse#subscribed_at #subscribed_at} => String
     #   * {Types::DescribeHubResponse#auto_enable_controls #auto_enable_controls} => Boolean
+    #   * {Types::DescribeHubResponse#control_finding_generator #control_finding_generator} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -1943,6 +2095,7 @@ module Aws::SecurityHub
     #   resp.hub_arn #=> String
     #   resp.subscribed_at #=> String
     #   resp.auto_enable_controls #=> Boolean
+    #   resp.control_finding_generator #=> String, one of "STANDARD_CONTROL", "SECURITY_CONTROL"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHub AWS API Documentation
     #
@@ -2401,6 +2554,22 @@ module Aws::SecurityHub
     #   automatically enabled standards, set `EnableDefaultStandards` to
     #   `false`.
     #
+    # @option params [String] :control_finding_generator
+    #   This field, used when enabling Security Hub, specifies whether the
+    #   calling account has consolidated control findings turned on. If the
+    #   value for this field is set to `SECURITY_CONTROL`, Security Hub
+    #   generates a single finding for a control check even when the check
+    #   applies to multiple enabled standards.
+    #
+    #   If the value for this field is set to `STANDARD_CONTROL`, Security Hub
+    #   generates separate findings for a control check when the check applies
+    #   to multiple enabled standards.
+    #
+    #   The value for this field in a member account matches the value in the
+    #   administrator account. For accounts that aren't part of an
+    #   organization, the default value of this field is `SECURITY_CONTROL` if
+    #   you enabled Security Hub on or after February 23, 2023.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2410,6 +2579,7 @@ module Aws::SecurityHub
     #       "TagKey" => "TagValue",
     #     },
     #     enable_default_standards: false,
+    #     control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHub AWS API Documentation
@@ -4024,6 +4194,119 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Lists all of the security controls that apply to a specified standard.
+    #
+    # @option params [String] :standards_arn
+    #   The Amazon Resource Name (ARN) of the standard that you want to view
+    #   controls for.
+    #
+    # @option params [String] :next_token
+    #   Optional pagination parameter.
+    #
+    # @option params [Integer] :max_results
+    #   An optional parameter that limits the total results of the API
+    #   response to the specified number. If this parameter isn't provided in
+    #   the request, the results include the first 25 security controls that
+    #   apply to the specified standard. The results also include a
+    #   `NextToken` parameter that you can use in a subsequent API call to get
+    #   the next 25 controls. This repeats until all controls for the standard
+    #   are returned.
+    #
+    # @return [Types::ListSecurityControlDefinitionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSecurityControlDefinitionsResponse#security_control_definitions #security_control_definitions} => Array&lt;Types::SecurityControlDefinition&gt;
+    #   * {Types::ListSecurityControlDefinitionsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_security_control_definitions({
+    #     standards_arn: "NonEmptyString",
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_control_definitions #=> Array
+    #   resp.security_control_definitions[0].security_control_id #=> String
+    #   resp.security_control_definitions[0].title #=> String
+    #   resp.security_control_definitions[0].description #=> String
+    #   resp.security_control_definitions[0].remediation_url #=> String
+    #   resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
+    #   resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions AWS API Documentation
+    #
+    # @overload list_security_control_definitions(params = {})
+    # @param [Hash] params ({})
+    def list_security_control_definitions(params = {}, options = {})
+      req = build_request(:list_security_control_definitions, params)
+      req.send_request(options)
+    end
+
+    # Specifies whether a control is currently enabled or disabled in each
+    # enabled standard in the calling account.
+    #
+    # @option params [required, String] :security_control_id
+    #   The identifier of the control (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) that you want to
+    #   determine the enablement status of in each enabled standard.
+    #
+    # @option params [String] :next_token
+    #   Optional pagination parameter.
+    #
+    # @option params [Integer] :max_results
+    #   An optional parameter that limits the total results of the API
+    #   response to the specified number. If this parameter isn't provided in
+    #   the request, the results include the first 25 standard and control
+    #   associations. The results also include a `NextToken` parameter that
+    #   you can use in a subsequent API call to get the next 25 associations.
+    #   This repeats until all associations for the specified control are
+    #   returned. The number of results is limited by the number of supported
+    #   Security Hub standards that you've enabled in the calling account.
+    #
+    # @return [Types::ListStandardsControlAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListStandardsControlAssociationsResponse#standards_control_association_summaries #standards_control_association_summaries} => Array&lt;Types::StandardsControlAssociationSummary&gt;
+    #   * {Types::ListStandardsControlAssociationsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_standards_control_associations({
+    #     security_control_id: "NonEmptyString", # required
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.standards_control_association_summaries #=> Array
+    #   resp.standards_control_association_summaries[0].standards_arn #=> String
+    #   resp.standards_control_association_summaries[0].security_control_id #=> String
+    #   resp.standards_control_association_summaries[0].security_control_arn #=> String
+    #   resp.standards_control_association_summaries[0].association_status #=> String, one of "ENABLED", "DISABLED"
+    #   resp.standards_control_association_summaries[0].related_requirements #=> Array
+    #   resp.standards_control_association_summaries[0].related_requirements[0] #=> String
+    #   resp.standards_control_association_summaries[0].updated_at #=> Time
+    #   resp.standards_control_association_summaries[0].updated_reason #=> String
+    #   resp.standards_control_association_summaries[0].standards_control_title #=> String
+    #   resp.standards_control_association_summaries[0].standards_control_description #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociations AWS API Documentation
+    #
+    # @overload list_standards_control_associations(params = {})
+    # @param [Hash] params ({})
+    def list_standards_control_associations(params = {}, options = {})
+      req = build_request(:list_standards_control_associations, params)
+      req.send_request(options)
+    end
+
     # Returns a list of tags associated with a resource.
     #
     # @option params [required, String] :resource_arn
@@ -5615,12 +5898,26 @@ module Aws::SecurityHub
     #   automatically. To not automatically enable new controls, set this to
     #   `false`.
     #
+    # @option params [String] :control_finding_generator
+    #   Updates whether the calling account has consolidated control findings
+    #   turned on. If the value for this field is set to `SECURITY_CONTROL`,
+    #   Security Hub generates a single finding for a control check even when
+    #   the check applies to multiple enabled standards.
+    #
+    #   If the value for this field is set to `STANDARD_CONTROL`, Security Hub
+    #   generates separate findings for a control check when the check applies
+    #   to multiple enabled standards.
+    #
+    #   For accounts that are part of an organization, this value can only be
+    #   updated in the administrator account.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_security_hub_configuration({
     #     auto_enable_controls: false,
+    #     control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfiguration AWS API Documentation
@@ -5677,7 +5974,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.77.0'
+      context[:gem_version] = '1.79.0'
       Seahorse::Client::Request.new(handlers, context)
     end