aws-sdk-securityhub 1.77.0 → 1.79.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +306 -9
- data/lib/aws-sdk-securityhub/client_api.rb +309 -0
- data/lib/aws-sdk-securityhub/endpoints.rb +70 -0
- data/lib/aws-sdk-securityhub/plugins/endpoints.rb +10 -0
- data/lib/aws-sdk-securityhub/types.rb +1030 -27
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -329,6 +329,68 @@ module Aws::SecurityHub
|
|
329
329
|
include Aws::Structure
|
330
330
|
end
|
331
331
|
|
332
|
+
# The associations between a route table and one or more subnets or a
|
333
|
+
# gateway.
|
334
|
+
#
|
335
|
+
# @!attribute [rw] association_state
|
336
|
+
# The state of the association between a route table and a subnet or
|
337
|
+
# gateway.
|
338
|
+
# @return [Types::AssociationStateDetails]
|
339
|
+
#
|
340
|
+
# @!attribute [rw] gateway_id
|
341
|
+
# The ID of the internet gateway or virtual private gateway.
|
342
|
+
# @return [String]
|
343
|
+
#
|
344
|
+
# @!attribute [rw] main
|
345
|
+
# Indicates whether this is the main route table.
|
346
|
+
# @return [Boolean]
|
347
|
+
#
|
348
|
+
# @!attribute [rw] route_table_association_id
|
349
|
+
# The ID of the association.
|
350
|
+
# @return [String]
|
351
|
+
#
|
352
|
+
# @!attribute [rw] route_table_id
|
353
|
+
# The ID of the route table.
|
354
|
+
# @return [String]
|
355
|
+
#
|
356
|
+
# @!attribute [rw] subnet_id
|
357
|
+
# The ID of the subnet. A subnet ID is not returned for an implicit
|
358
|
+
# association.
|
359
|
+
# @return [String]
|
360
|
+
#
|
361
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationSetDetails AWS API Documentation
|
362
|
+
#
|
363
|
+
class AssociationSetDetails < Struct.new(
|
364
|
+
:association_state,
|
365
|
+
:gateway_id,
|
366
|
+
:main,
|
367
|
+
:route_table_association_id,
|
368
|
+
:route_table_id,
|
369
|
+
:subnet_id)
|
370
|
+
SENSITIVE = []
|
371
|
+
include Aws::Structure
|
372
|
+
end
|
373
|
+
|
374
|
+
# Describes the state of an association between a route table and a
|
375
|
+
# subnet or gateway.
|
376
|
+
#
|
377
|
+
# @!attribute [rw] state
|
378
|
+
# The state of the association.
|
379
|
+
# @return [String]
|
380
|
+
#
|
381
|
+
# @!attribute [rw] status_message
|
382
|
+
# The status message, if applicable.
|
383
|
+
# @return [String]
|
384
|
+
#
|
385
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationStateDetails AWS API Documentation
|
386
|
+
#
|
387
|
+
class AssociationStateDetails < Struct.new(
|
388
|
+
:state,
|
389
|
+
:status_message)
|
390
|
+
SENSITIVE = []
|
391
|
+
include Aws::Structure
|
392
|
+
end
|
393
|
+
|
332
394
|
# Information about an Availability Zone.
|
333
395
|
#
|
334
396
|
# @!attribute [rw] zone_name
|
@@ -1838,8 +1900,8 @@ module Aws::SecurityHub
|
|
1838
1900
|
# @return [Array<String>]
|
1839
1901
|
#
|
1840
1902
|
# @!attribute [rw] sns_topic_arn
|
1841
|
-
#
|
1842
|
-
# vault
|
1903
|
+
# The Amazon Resource Name (ARN) that uniquely identifies the Amazon
|
1904
|
+
# SNS topic for a backup vault's events.
|
1843
1905
|
# @return [String]
|
1844
1906
|
#
|
1845
1907
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupVaultNotificationsDetails AWS API Documentation
|
@@ -4459,6 +4521,10 @@ module Aws::SecurityHub
|
|
4459
4521
|
# Details about the metadata options for the Amazon EC2 instance.
|
4460
4522
|
# @return [Types::AwsEc2InstanceMetadataOptions]
|
4461
4523
|
#
|
4524
|
+
# @!attribute [rw] monitoring
|
4525
|
+
# Describes the type of monitoring that’s turned on for an instance.
|
4526
|
+
# @return [Types::AwsEc2InstanceMonitoringDetails]
|
4527
|
+
#
|
4462
4528
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
|
4463
4529
|
#
|
4464
4530
|
class AwsEc2InstanceDetails < Struct.new(
|
@@ -4473,7 +4539,8 @@ module Aws::SecurityHub
|
|
4473
4539
|
:launched_at,
|
4474
4540
|
:network_interfaces,
|
4475
4541
|
:virtualization_type,
|
4476
|
-
:metadata_options
|
4542
|
+
:metadata_options,
|
4543
|
+
:monitoring)
|
4477
4544
|
SENSITIVE = []
|
4478
4545
|
include Aws::Structure
|
4479
4546
|
end
|
@@ -4517,6 +4584,21 @@ module Aws::SecurityHub
|
|
4517
4584
|
include Aws::Structure
|
4518
4585
|
end
|
4519
4586
|
|
4587
|
+
# The type of monitoring that’s turned on for an Amazon EC2 instance.
|
4588
|
+
#
|
4589
|
+
# @!attribute [rw] state
|
4590
|
+
# Indicates whether detailed monitoring is turned on. Otherwise, basic
|
4591
|
+
# monitoring is turned on.
|
4592
|
+
# @return [String]
|
4593
|
+
#
|
4594
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceMonitoringDetails AWS API Documentation
|
4595
|
+
#
|
4596
|
+
class AwsEc2InstanceMonitoringDetails < Struct.new(
|
4597
|
+
:state)
|
4598
|
+
SENSITIVE = []
|
4599
|
+
include Aws::Structure
|
4600
|
+
end
|
4601
|
+
|
4520
4602
|
# Identifies a network interface for the Amazon EC2 instance.
|
4521
4603
|
#
|
4522
4604
|
# @!attribute [rw] network_interface_id
|
@@ -5216,7 +5298,7 @@ module Aws::SecurityHub
|
|
5216
5298
|
#
|
5217
5299
|
# @!attribute [rw] on_demand_max_price_percentage_over_lowest_price
|
5218
5300
|
# The price protection threshold for On-Demand Instances. This is the
|
5219
|
-
# maximum you
|
5301
|
+
# maximum you'll pay for an On-Demand Instance, expressed as a
|
5220
5302
|
# percentage above the least expensive current generation M, C, or R
|
5221
5303
|
# instance type with your specified attributes. When Amazon EC2
|
5222
5304
|
# selects instance types with your attributes, it excludes instance
|
@@ -5235,7 +5317,7 @@ module Aws::SecurityHub
|
|
5235
5317
|
#
|
5236
5318
|
# @!attribute [rw] spot_max_price_percentage_over_lowest_price
|
5237
5319
|
# The price protection threshold for Spot Instances. This is the
|
5238
|
-
# maximum you
|
5320
|
+
# maximum you'll pay for a Spot Instance, expressed as a percentage
|
5239
5321
|
# above the least expensive current generation M, C, or R instance
|
5240
5322
|
# type with your specified attributes. When Amazon EC2 selects
|
5241
5323
|
# instance types with your attributes, it excludes instance types
|
@@ -5418,7 +5500,7 @@ module Aws::SecurityHub
|
|
5418
5500
|
# @!attribute [rw] http_endpoint
|
5419
5501
|
# Enables or disables the HTTP metadata endpoint on your instances. If
|
5420
5502
|
# the parameter is not specified, the default state is enabled, and
|
5421
|
-
# you won
|
5503
|
+
# you won't be able to access your instance metadata.
|
5422
5504
|
# @return [String]
|
5423
5505
|
#
|
5424
5506
|
# @!attribute [rw] http_protocol_ipv_6
|
@@ -6075,6 +6157,46 @@ module Aws::SecurityHub
|
|
6075
6157
|
include Aws::Structure
|
6076
6158
|
end
|
6077
6159
|
|
6160
|
+
# Provides details about a route table for the specified VPC.
|
6161
|
+
#
|
6162
|
+
# @!attribute [rw] association_set
|
6163
|
+
# The associations between a route table and one or more subnets or a
|
6164
|
+
# gateway.
|
6165
|
+
# @return [Array<Types::AssociationSetDetails>]
|
6166
|
+
#
|
6167
|
+
# @!attribute [rw] owner_id
|
6168
|
+
# The ID of the Amazon Web Services account that owns the route table.
|
6169
|
+
# @return [String]
|
6170
|
+
#
|
6171
|
+
# @!attribute [rw] propagating_vgw_set
|
6172
|
+
# Describes a virtual private gateway propagating route.
|
6173
|
+
# @return [Array<Types::PropagatingVgwSetDetails>]
|
6174
|
+
#
|
6175
|
+
# @!attribute [rw] route_table_id
|
6176
|
+
# The ID of the route table.
|
6177
|
+
# @return [String]
|
6178
|
+
#
|
6179
|
+
# @!attribute [rw] route_set
|
6180
|
+
# The routes in the route table.
|
6181
|
+
# @return [Array<Types::RouteSetDetails>]
|
6182
|
+
#
|
6183
|
+
# @!attribute [rw] vpc_id
|
6184
|
+
# The ID of the virtual private cloud (VPC).
|
6185
|
+
# @return [String]
|
6186
|
+
#
|
6187
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2RouteTableDetails AWS API Documentation
|
6188
|
+
#
|
6189
|
+
class AwsEc2RouteTableDetails < Struct.new(
|
6190
|
+
:association_set,
|
6191
|
+
:owner_id,
|
6192
|
+
:propagating_vgw_set,
|
6193
|
+
:route_table_id,
|
6194
|
+
:route_set,
|
6195
|
+
:vpc_id)
|
6196
|
+
SENSITIVE = []
|
6197
|
+
include Aws::Structure
|
6198
|
+
end
|
6199
|
+
|
6078
6200
|
# Details about an Amazon EC2 security group.
|
6079
6201
|
#
|
6080
6202
|
# @!attribute [rw] group_name
|
@@ -8091,15 +8213,15 @@ module Aws::SecurityHub
|
|
8091
8213
|
#
|
8092
8214
|
# * ` user `
|
8093
8215
|
#
|
8094
|
-
# * ` user
|
8216
|
+
# * ` user `:` group `
|
8095
8217
|
#
|
8096
8218
|
# * ` uid `
|
8097
8219
|
#
|
8098
|
-
# * ` uid
|
8220
|
+
# * ` uid `:` gid `
|
8099
8221
|
#
|
8100
|
-
# * ` user
|
8222
|
+
# * ` user `:` gid `
|
8101
8223
|
#
|
8102
|
-
# * ` uid
|
8224
|
+
# * ` uid `:` group `
|
8103
8225
|
# @return [String]
|
8104
8226
|
#
|
8105
8227
|
# @!attribute [rw] volumes_from
|
@@ -9426,11 +9548,19 @@ module Aws::SecurityHub
|
|
9426
9548
|
# The subnets that are associated with the cluster.
|
9427
9549
|
# @return [Array<String>]
|
9428
9550
|
#
|
9551
|
+
# @!attribute [rw] endpoint_public_access
|
9552
|
+
# Indicates whether the Amazon EKS public API server endpoint is
|
9553
|
+
# turned on. If the Amazon EKS public API server endpoint is turned
|
9554
|
+
# off, your cluster's Kubernetes API server can only receive requests
|
9555
|
+
# that originate from within the cluster VPC.
|
9556
|
+
# @return [Boolean]
|
9557
|
+
#
|
9429
9558
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterResourcesVpcConfigDetails AWS API Documentation
|
9430
9559
|
#
|
9431
9560
|
class AwsEksClusterResourcesVpcConfigDetails < Struct.new(
|
9432
9561
|
:security_group_ids,
|
9433
|
-
:subnet_ids
|
9562
|
+
:subnet_ids,
|
9563
|
+
:endpoint_public_access)
|
9434
9564
|
SENSITIVE = []
|
9435
9565
|
include Aws::Structure
|
9436
9566
|
end
|
@@ -13970,7 +14100,9 @@ module Aws::SecurityHub
|
|
13970
14100
|
include Aws::Structure
|
13971
14101
|
end
|
13972
14102
|
|
13973
|
-
#
|
14103
|
+
# You can configure Amazon Redshift to copy snapshots for a cluster to
|
14104
|
+
# another Amazon Web Services Region. This parameter provides
|
14105
|
+
# information about a cross-Region snapshot copy.
|
13974
14106
|
#
|
13975
14107
|
# @!attribute [rw] destination_region
|
13976
14108
|
# The destination Region that snapshots are automatically copied to
|
@@ -13979,7 +14111,7 @@ module Aws::SecurityHub
|
|
13979
14111
|
#
|
13980
14112
|
# @!attribute [rw] manual_snapshot_retention_period
|
13981
14113
|
# The number of days that manual snapshots are retained in the
|
13982
|
-
# destination
|
14114
|
+
# destination Region after they are copied from a source Region.
|
13983
14115
|
#
|
13984
14116
|
# If the value is `-1`, then the manual snapshot is retained
|
13985
14117
|
# indefinitely.
|
@@ -15106,6 +15238,11 @@ module Aws::SecurityHub
|
|
15106
15238
|
# The versioning state of an S3 bucket.
|
15107
15239
|
# @return [Types::AwsS3BucketBucketVersioningConfiguration]
|
15108
15240
|
#
|
15241
|
+
# @!attribute [rw] object_lock_configuration
|
15242
|
+
# Specifies which rule Amazon S3 applies by default to every new
|
15243
|
+
# object placed in the specified bucket.
|
15244
|
+
# @return [Types::AwsS3BucketObjectLockConfiguration]
|
15245
|
+
#
|
15109
15246
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
|
15110
15247
|
#
|
15111
15248
|
class AwsS3BucketDetails < Struct.new(
|
@@ -15120,7 +15257,8 @@ module Aws::SecurityHub
|
|
15120
15257
|
:bucket_logging_configuration,
|
15121
15258
|
:bucket_website_configuration,
|
15122
15259
|
:bucket_notification_configuration,
|
15123
|
-
:bucket_versioning_configuration
|
15260
|
+
:bucket_versioning_configuration,
|
15261
|
+
:object_lock_configuration)
|
15124
15262
|
SENSITIVE = []
|
15125
15263
|
include Aws::Structure
|
15126
15264
|
end
|
@@ -15246,6 +15384,73 @@ module Aws::SecurityHub
|
|
15246
15384
|
include Aws::Structure
|
15247
15385
|
end
|
15248
15386
|
|
15387
|
+
# The container element for S3 Object Lock configuration parameters. In
|
15388
|
+
# Amazon S3, Object Lock can help prevent objects from being deleted or
|
15389
|
+
# overwritten for a fixed amount of time or indefinitely.
|
15390
|
+
#
|
15391
|
+
# @!attribute [rw] object_lock_enabled
|
15392
|
+
# Indicates whether the bucket has an Object Lock configuration
|
15393
|
+
# enabled.
|
15394
|
+
# @return [String]
|
15395
|
+
#
|
15396
|
+
# @!attribute [rw] rule
|
15397
|
+
# Specifies the Object Lock rule for the specified object.
|
15398
|
+
# @return [Types::AwsS3BucketObjectLockConfigurationRuleDetails]
|
15399
|
+
#
|
15400
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfiguration AWS API Documentation
|
15401
|
+
#
|
15402
|
+
class AwsS3BucketObjectLockConfiguration < Struct.new(
|
15403
|
+
:object_lock_enabled,
|
15404
|
+
:rule)
|
15405
|
+
SENSITIVE = []
|
15406
|
+
include Aws::Structure
|
15407
|
+
end
|
15408
|
+
|
15409
|
+
# The default S3 Object Lock retention mode and period that you want to
|
15410
|
+
# apply to new objects placed in the specified Amazon S3 bucket.
|
15411
|
+
#
|
15412
|
+
# @!attribute [rw] days
|
15413
|
+
# The number of days that you want to specify for the default
|
15414
|
+
# retention period.
|
15415
|
+
# @return [Integer]
|
15416
|
+
#
|
15417
|
+
# @!attribute [rw] mode
|
15418
|
+
# The default Object Lock retention mode you want to apply to new
|
15419
|
+
# objects placed in the specified bucket.
|
15420
|
+
# @return [String]
|
15421
|
+
#
|
15422
|
+
# @!attribute [rw] years
|
15423
|
+
# The number of years that you want to specify for the default
|
15424
|
+
# retention period.
|
15425
|
+
# @return [Integer]
|
15426
|
+
#
|
15427
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails AWS API Documentation
|
15428
|
+
#
|
15429
|
+
class AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails < Struct.new(
|
15430
|
+
:days,
|
15431
|
+
:mode,
|
15432
|
+
:years)
|
15433
|
+
SENSITIVE = []
|
15434
|
+
include Aws::Structure
|
15435
|
+
end
|
15436
|
+
|
15437
|
+
# Specifies the S3 Object Lock rule for the specified object. In Amazon
|
15438
|
+
# S3, Object Lock can help prevent objects from being deleted or
|
15439
|
+
# overwritten for a fixed amount of time or indefinitely.
|
15440
|
+
#
|
15441
|
+
# @!attribute [rw] default_retention
|
15442
|
+
# The default Object Lock retention mode and period that you want to
|
15443
|
+
# apply to new objects placed in the specified bucket.
|
15444
|
+
# @return [Types::AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails]
|
15445
|
+
#
|
15446
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfigurationRuleDetails AWS API Documentation
|
15447
|
+
#
|
15448
|
+
class AwsS3BucketObjectLockConfigurationRuleDetails < Struct.new(
|
15449
|
+
:default_retention)
|
15450
|
+
SENSITIVE = []
|
15451
|
+
include Aws::Structure
|
15452
|
+
end
|
15453
|
+
|
15249
15454
|
# Specifies the default server-side encryption to apply to new objects
|
15250
15455
|
# in the bucket.
|
15251
15456
|
#
|
@@ -16294,7 +16499,8 @@ module Aws::SecurityHub
|
|
16294
16499
|
# @return [Array<Types::NumberFilter>]
|
16295
16500
|
#
|
16296
16501
|
# @!attribute [rw] process_parent_pid
|
16297
|
-
# The parent process ID.
|
16502
|
+
# The parent process ID. This field accepts positive integers between
|
16503
|
+
# `O` and `2147483647`.
|
16298
16504
|
# @return [Array<Types::NumberFilter>]
|
16299
16505
|
#
|
16300
16506
|
# @!attribute [rw] process_launched_at
|
@@ -16503,7 +16709,7 @@ module Aws::SecurityHub
|
|
16503
16709
|
# owner.
|
16504
16710
|
#
|
16505
16711
|
# If one of the following occurs, the workflow status is changed
|
16506
|
-
# automatically from `NOTIFIED` to `NEW
|
16712
|
+
# automatically from `NOTIFIED` to `NEW`:
|
16507
16713
|
#
|
16508
16714
|
# * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
|
16509
16715
|
#
|
@@ -18234,6 +18440,81 @@ module Aws::SecurityHub
|
|
18234
18440
|
include Aws::Structure
|
18235
18441
|
end
|
18236
18442
|
|
18443
|
+
# @!attribute [rw] security_control_ids
|
18444
|
+
# A list of security controls (identified with `SecurityControlId`,
|
18445
|
+
# `SecurityControlArn`, or a mix of both parameters). The security
|
18446
|
+
# control ID or Amazon Resource Name (ARN) is the same across
|
18447
|
+
# standards.
|
18448
|
+
# @return [Array<String>]
|
18449
|
+
#
|
18450
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControlsRequest AWS API Documentation
|
18451
|
+
#
|
18452
|
+
class BatchGetSecurityControlsRequest < Struct.new(
|
18453
|
+
:security_control_ids)
|
18454
|
+
SENSITIVE = []
|
18455
|
+
include Aws::Structure
|
18456
|
+
end
|
18457
|
+
|
18458
|
+
# @!attribute [rw] security_controls
|
18459
|
+
# An array that returns the identifier, Amazon Resource Name (ARN),
|
18460
|
+
# and other details about a security control. The same information is
|
18461
|
+
# returned whether the request includes `SecurityControlId` or
|
18462
|
+
# `SecurityControlArn`.
|
18463
|
+
# @return [Array<Types::SecurityControl>]
|
18464
|
+
#
|
18465
|
+
# @!attribute [rw] unprocessed_ids
|
18466
|
+
# A security control (identified with `SecurityControlId`,
|
18467
|
+
# `SecurityControlArn`, or a mix of both parameters) for which details
|
18468
|
+
# cannot be returned.
|
18469
|
+
# @return [Array<Types::UnprocessedSecurityControl>]
|
18470
|
+
#
|
18471
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControlsResponse AWS API Documentation
|
18472
|
+
#
|
18473
|
+
class BatchGetSecurityControlsResponse < Struct.new(
|
18474
|
+
:security_controls,
|
18475
|
+
:unprocessed_ids)
|
18476
|
+
SENSITIVE = []
|
18477
|
+
include Aws::Structure
|
18478
|
+
end
|
18479
|
+
|
18480
|
+
# @!attribute [rw] standards_control_association_ids
|
18481
|
+
# An array with one or more objects that includes a security control
|
18482
|
+
# (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
|
18483
|
+
# of both parameters) and the Amazon Resource Name (ARN) of a
|
18484
|
+
# standard. This field is used to query the enablement status of a
|
18485
|
+
# control in a specified standard. The security control ID or ARN is
|
18486
|
+
# the same across standards.
|
18487
|
+
# @return [Array<Types::StandardsControlAssociationId>]
|
18488
|
+
#
|
18489
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociationsRequest AWS API Documentation
|
18490
|
+
#
|
18491
|
+
class BatchGetStandardsControlAssociationsRequest < Struct.new(
|
18492
|
+
:standards_control_association_ids)
|
18493
|
+
SENSITIVE = []
|
18494
|
+
include Aws::Structure
|
18495
|
+
end
|
18496
|
+
|
18497
|
+
# @!attribute [rw] standards_control_association_details
|
18498
|
+
# Provides the enablement status of a security control in a specified
|
18499
|
+
# standard and other details for the control in relation to the
|
18500
|
+
# specified standard.
|
18501
|
+
# @return [Array<Types::StandardsControlAssociationDetail>]
|
18502
|
+
#
|
18503
|
+
# @!attribute [rw] unprocessed_associations
|
18504
|
+
# A security control (identified with `SecurityControlId`,
|
18505
|
+
# `SecurityControlArn`, or a mix of both parameters) whose enablement
|
18506
|
+
# status in a specified standard cannot be returned.
|
18507
|
+
# @return [Array<Types::UnprocessedStandardsControlAssociation>]
|
18508
|
+
#
|
18509
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociationsResponse AWS API Documentation
|
18510
|
+
#
|
18511
|
+
class BatchGetStandardsControlAssociationsResponse < Struct.new(
|
18512
|
+
:standards_control_association_details,
|
18513
|
+
:unprocessed_associations)
|
18514
|
+
SENSITIVE = []
|
18515
|
+
include Aws::Structure
|
18516
|
+
end
|
18517
|
+
|
18237
18518
|
# @!attribute [rw] findings
|
18238
18519
|
# A list of findings to import. To successfully import a finding, it
|
18239
18520
|
# must follow the [Amazon Web Services Security Finding Format][1].
|
@@ -18455,6 +18736,33 @@ module Aws::SecurityHub
|
|
18455
18736
|
include Aws::Structure
|
18456
18737
|
end
|
18457
18738
|
|
18739
|
+
# @!attribute [rw] standards_control_association_updates
|
18740
|
+
# Updates the enablement status of a security control in a specified
|
18741
|
+
# standard.
|
18742
|
+
# @return [Array<Types::StandardsControlAssociationUpdate>]
|
18743
|
+
#
|
18744
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociationsRequest AWS API Documentation
|
18745
|
+
#
|
18746
|
+
class BatchUpdateStandardsControlAssociationsRequest < Struct.new(
|
18747
|
+
:standards_control_association_updates)
|
18748
|
+
SENSITIVE = []
|
18749
|
+
include Aws::Structure
|
18750
|
+
end
|
18751
|
+
|
18752
|
+
# @!attribute [rw] unprocessed_association_updates
|
18753
|
+
# A security control (identified with `SecurityControlId`,
|
18754
|
+
# `SecurityControlArn`, or a mix of both parameters) whose enablement
|
18755
|
+
# status in a specified standard couldn't be updated.
|
18756
|
+
# @return [Array<Types::UnprocessedStandardsControlAssociationUpdate>]
|
18757
|
+
#
|
18758
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociationsResponse AWS API Documentation
|
18759
|
+
#
|
18760
|
+
class BatchUpdateStandardsControlAssociationsResponse < Struct.new(
|
18761
|
+
:unprocessed_association_updates)
|
18762
|
+
SENSITIVE = []
|
18763
|
+
include Aws::Structure
|
18764
|
+
end
|
18765
|
+
|
18458
18766
|
# Boolean filter for querying findings.
|
18459
18767
|
#
|
18460
18768
|
# @!attribute [rw] value
|
@@ -18769,7 +19077,7 @@ module Aws::SecurityHub
|
|
18769
19077
|
end
|
18770
19078
|
|
18771
19079
|
# @!attribute [rw] action_target_arn
|
18772
|
-
# The ARN for the custom action target.
|
19080
|
+
# The Amazon Resource Name (ARN) for the custom action target.
|
18773
19081
|
# @return [String]
|
18774
19082
|
#
|
18775
19083
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateActionTargetResponse AWS API Documentation
|
@@ -19091,8 +19399,8 @@ module Aws::SecurityHub
|
|
19091
19399
|
end
|
19092
19400
|
|
19093
19401
|
# @!attribute [rw] account_ids
|
19094
|
-
# The list of account IDs for
|
19095
|
-
#
|
19402
|
+
# The list of prospective member account IDs for which to decline an
|
19403
|
+
# invitation.
|
19096
19404
|
# @return [Array<String>]
|
19097
19405
|
#
|
19098
19406
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeclineInvitationsRequest AWS API Documentation
|
@@ -19118,7 +19426,8 @@ module Aws::SecurityHub
|
|
19118
19426
|
end
|
19119
19427
|
|
19120
19428
|
# @!attribute [rw] action_target_arn
|
19121
|
-
# The ARN of the custom action target to
|
19429
|
+
# The Amazon Resource Name (ARN) of the custom action target to
|
19430
|
+
# delete.
|
19122
19431
|
# @return [String]
|
19123
19432
|
#
|
19124
19433
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteActionTargetRequest AWS API Documentation
|
@@ -19183,7 +19492,8 @@ module Aws::SecurityHub
|
|
19183
19492
|
end
|
19184
19493
|
|
19185
19494
|
# @!attribute [rw] account_ids
|
19186
|
-
# The list of
|
19495
|
+
# The list of member account IDs that received the invitations you
|
19496
|
+
# want to delete.
|
19187
19497
|
# @return [Array<String>]
|
19188
19498
|
#
|
19189
19499
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInvitationsRequest AWS API Documentation
|
@@ -19311,12 +19621,30 @@ module Aws::SecurityHub
|
|
19311
19621
|
# enabled.
|
19312
19622
|
# @return [Boolean]
|
19313
19623
|
#
|
19624
|
+
# @!attribute [rw] control_finding_generator
|
19625
|
+
# Specifies whether the calling account has consolidated control
|
19626
|
+
# findings turned on. If the value for this field is set to
|
19627
|
+
# `SECURITY_CONTROL`, Security Hub generates a single finding for a
|
19628
|
+
# control check even when the check applies to multiple enabled
|
19629
|
+
# standards.
|
19630
|
+
#
|
19631
|
+
# If the value for this field is set to `STANDARD_CONTROL`, Security
|
19632
|
+
# Hub generates separate findings for a control check when the check
|
19633
|
+
# applies to multiple enabled standards.
|
19634
|
+
#
|
19635
|
+
# The value for this field in a member account matches the value in
|
19636
|
+
# the administrator account. For accounts that aren't part of an
|
19637
|
+
# organization, the default value of this field is `SECURITY_CONTROL`
|
19638
|
+
# if you enabled Security Hub on or after February 23, 2023.
|
19639
|
+
# @return [String]
|
19640
|
+
#
|
19314
19641
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHubResponse AWS API Documentation
|
19315
19642
|
#
|
19316
19643
|
class DescribeHubResponse < Struct.new(
|
19317
19644
|
:hub_arn,
|
19318
19645
|
:subscribed_at,
|
19319
|
-
:auto_enable_controls
|
19646
|
+
:auto_enable_controls,
|
19647
|
+
:control_finding_generator)
|
19320
19648
|
SENSITIVE = []
|
19321
19649
|
include Aws::Structure
|
19322
19650
|
end
|
@@ -19657,11 +19985,29 @@ module Aws::SecurityHub
|
|
19657
19985
|
# `false`.
|
19658
19986
|
# @return [Boolean]
|
19659
19987
|
#
|
19988
|
+
# @!attribute [rw] control_finding_generator
|
19989
|
+
# This field, used when enabling Security Hub, specifies whether the
|
19990
|
+
# calling account has consolidated control findings turned on. If the
|
19991
|
+
# value for this field is set to `SECURITY_CONTROL`, Security Hub
|
19992
|
+
# generates a single finding for a control check even when the check
|
19993
|
+
# applies to multiple enabled standards.
|
19994
|
+
#
|
19995
|
+
# If the value for this field is set to `STANDARD_CONTROL`, Security
|
19996
|
+
# Hub generates separate findings for a control check when the check
|
19997
|
+
# applies to multiple enabled standards.
|
19998
|
+
#
|
19999
|
+
# The value for this field in a member account matches the value in
|
20000
|
+
# the administrator account. For accounts that aren't part of an
|
20001
|
+
# organization, the default value of this field is `SECURITY_CONTROL`
|
20002
|
+
# if you enabled Security Hub on or after February 23, 2023.
|
20003
|
+
# @return [String]
|
20004
|
+
#
|
19660
20005
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
|
19661
20006
|
#
|
19662
20007
|
class EnableSecurityHubRequest < Struct.new(
|
19663
20008
|
:tags,
|
19664
|
-
:enable_default_standards
|
20009
|
+
:enable_default_standards,
|
20010
|
+
:control_finding_generator)
|
19665
20011
|
SENSITIVE = []
|
19666
20012
|
include Aws::Structure
|
19667
20013
|
end
|
@@ -20776,6 +21122,104 @@ module Aws::SecurityHub
|
|
20776
21122
|
include Aws::Structure
|
20777
21123
|
end
|
20778
21124
|
|
21125
|
+
# @!attribute [rw] standards_arn
|
21126
|
+
# The Amazon Resource Name (ARN) of the standard that you want to view
|
21127
|
+
# controls for.
|
21128
|
+
# @return [String]
|
21129
|
+
#
|
21130
|
+
# @!attribute [rw] next_token
|
21131
|
+
# Optional pagination parameter.
|
21132
|
+
# @return [String]
|
21133
|
+
#
|
21134
|
+
# @!attribute [rw] max_results
|
21135
|
+
# An optional parameter that limits the total results of the API
|
21136
|
+
# response to the specified number. If this parameter isn't provided
|
21137
|
+
# in the request, the results include the first 25 security controls
|
21138
|
+
# that apply to the specified standard. The results also include a
|
21139
|
+
# `NextToken` parameter that you can use in a subsequent API call to
|
21140
|
+
# get the next 25 controls. This repeats until all controls for the
|
21141
|
+
# standard are returned.
|
21142
|
+
# @return [Integer]
|
21143
|
+
#
|
21144
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitionsRequest AWS API Documentation
|
21145
|
+
#
|
21146
|
+
class ListSecurityControlDefinitionsRequest < Struct.new(
|
21147
|
+
:standards_arn,
|
21148
|
+
:next_token,
|
21149
|
+
:max_results)
|
21150
|
+
SENSITIVE = []
|
21151
|
+
include Aws::Structure
|
21152
|
+
end
|
21153
|
+
|
21154
|
+
# @!attribute [rw] security_control_definitions
|
21155
|
+
# An array of controls that apply to the specified standard.
|
21156
|
+
# @return [Array<Types::SecurityControlDefinition>]
|
21157
|
+
#
|
21158
|
+
# @!attribute [rw] next_token
|
21159
|
+
# A pagination parameter that's included in the response only if it
|
21160
|
+
# was included in the request.
|
21161
|
+
# @return [String]
|
21162
|
+
#
|
21163
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitionsResponse AWS API Documentation
|
21164
|
+
#
|
21165
|
+
class ListSecurityControlDefinitionsResponse < Struct.new(
|
21166
|
+
:security_control_definitions,
|
21167
|
+
:next_token)
|
21168
|
+
SENSITIVE = []
|
21169
|
+
include Aws::Structure
|
21170
|
+
end
|
21171
|
+
|
21172
|
+
# @!attribute [rw] security_control_id
|
21173
|
+
# The identifier of the control (identified with `SecurityControlId`,
|
21174
|
+
# `SecurityControlArn`, or a mix of both parameters) that you want to
|
21175
|
+
# determine the enablement status of in each enabled standard.
|
21176
|
+
# @return [String]
|
21177
|
+
#
|
21178
|
+
# @!attribute [rw] next_token
|
21179
|
+
# Optional pagination parameter.
|
21180
|
+
# @return [String]
|
21181
|
+
#
|
21182
|
+
# @!attribute [rw] max_results
|
21183
|
+
# An optional parameter that limits the total results of the API
|
21184
|
+
# response to the specified number. If this parameter isn't provided
|
21185
|
+
# in the request, the results include the first 25 standard and
|
21186
|
+
# control associations. The results also include a `NextToken`
|
21187
|
+
# parameter that you can use in a subsequent API call to get the next
|
21188
|
+
# 25 associations. This repeats until all associations for the
|
21189
|
+
# specified control are returned. The number of results is limited by
|
21190
|
+
# the number of supported Security Hub standards that you've enabled
|
21191
|
+
# in the calling account.
|
21192
|
+
# @return [Integer]
|
21193
|
+
#
|
21194
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociationsRequest AWS API Documentation
|
21195
|
+
#
|
21196
|
+
class ListStandardsControlAssociationsRequest < Struct.new(
|
21197
|
+
:security_control_id,
|
21198
|
+
:next_token,
|
21199
|
+
:max_results)
|
21200
|
+
SENSITIVE = []
|
21201
|
+
include Aws::Structure
|
21202
|
+
end
|
21203
|
+
|
21204
|
+
# @!attribute [rw] standards_control_association_summaries
|
21205
|
+
# An array that provides the enablement status and other details for
|
21206
|
+
# each security control that applies to each enabled standard.
|
21207
|
+
# @return [Array<Types::StandardsControlAssociationSummary>]
|
21208
|
+
#
|
21209
|
+
# @!attribute [rw] next_token
|
21210
|
+
# A pagination parameter that's included in the response only if it
|
21211
|
+
# was included in the request.
|
21212
|
+
# @return [String]
|
21213
|
+
#
|
21214
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociationsResponse AWS API Documentation
|
21215
|
+
#
|
21216
|
+
class ListStandardsControlAssociationsResponse < Struct.new(
|
21217
|
+
:standards_control_association_summaries,
|
21218
|
+
:next_token)
|
21219
|
+
SENSITIVE = []
|
21220
|
+
include Aws::Structure
|
21221
|
+
end
|
21222
|
+
|
20779
21223
|
# @!attribute [rw] resource_arn
|
20780
21224
|
# The ARN of the resource to retrieve tags for.
|
20781
21225
|
# @return [String]
|
@@ -21514,7 +21958,8 @@ module Aws::SecurityHub
|
|
21514
21958
|
# @return [Integer]
|
21515
21959
|
#
|
21516
21960
|
# @!attribute [rw] parent_pid
|
21517
|
-
# The parent process ID.
|
21961
|
+
# The parent process ID. This field accepts positive integers between
|
21962
|
+
# `O` and `2147483647`.
|
21518
21963
|
# @return [Integer]
|
21519
21964
|
#
|
21520
21965
|
# @!attribute [rw] launched_at
|
@@ -21627,6 +22072,20 @@ module Aws::SecurityHub
|
|
21627
22072
|
include Aws::Structure
|
21628
22073
|
end
|
21629
22074
|
|
22075
|
+
# Describes a virtual private gateway propagating route.
|
22076
|
+
#
|
22077
|
+
# @!attribute [rw] gateway_id
|
22078
|
+
# The ID of the virtual private gateway.
|
22079
|
+
# @return [String]
|
22080
|
+
#
|
22081
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PropagatingVgwSetDetails AWS API Documentation
|
22082
|
+
#
|
22083
|
+
class PropagatingVgwSetDetails < Struct.new(
|
22084
|
+
:gateway_id)
|
22085
|
+
SENSITIVE = []
|
22086
|
+
include Aws::Structure
|
22087
|
+
end
|
22088
|
+
|
21630
22089
|
# Identifies where the sensitive data begins and ends.
|
21631
22090
|
#
|
21632
22091
|
# @!attribute [rw] start
|
@@ -22186,6 +22645,12 @@ module Aws::SecurityHub
|
|
22186
22645
|
# Details about an WAFv2 rule group.
|
22187
22646
|
# @return [Types::AwsWafv2RuleGroupDetails]
|
22188
22647
|
#
|
22648
|
+
# @!attribute [rw] aws_ec2_route_table
|
22649
|
+
# Provides details about a route table. A route table contains a set
|
22650
|
+
# of rules, called routes, that determine where to direct network
|
22651
|
+
# traffic from your subnet or gateway.
|
22652
|
+
# @return [Types::AwsEc2RouteTableDetails]
|
22653
|
+
#
|
22189
22654
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
22190
22655
|
#
|
22191
22656
|
class ResourceDetails < Struct.new(
|
@@ -22271,7 +22736,8 @@ module Aws::SecurityHub
|
|
22271
22736
|
:aws_ec2_launch_template,
|
22272
22737
|
:aws_sage_maker_notebook_instance,
|
22273
22738
|
:aws_wafv_2_web_acl,
|
22274
|
-
:aws_wafv_2_rule_group
|
22739
|
+
:aws_wafv_2_rule_group,
|
22740
|
+
:aws_ec2_route_table)
|
22275
22741
|
SENSITIVE = []
|
22276
22742
|
include Aws::Structure
|
22277
22743
|
end
|
@@ -22314,6 +22780,95 @@ module Aws::SecurityHub
|
|
22314
22780
|
include Aws::Structure
|
22315
22781
|
end
|
22316
22782
|
|
22783
|
+
# Provides details about the routes in the route table.
|
22784
|
+
#
|
22785
|
+
# @!attribute [rw] carrier_gateway_id
|
22786
|
+
# The ID of the carrier gateway.
|
22787
|
+
# @return [String]
|
22788
|
+
#
|
22789
|
+
# @!attribute [rw] core_network_arn
|
22790
|
+
# The Amazon Resource Name (ARN) of the core network.
|
22791
|
+
# @return [String]
|
22792
|
+
#
|
22793
|
+
# @!attribute [rw] destination_cidr_block
|
22794
|
+
# The IPv4 CIDR block used for the destination match.
|
22795
|
+
# @return [String]
|
22796
|
+
#
|
22797
|
+
# @!attribute [rw] destination_ipv_6_cidr_block
|
22798
|
+
# The IPv6 CIDR block used for the destination match.
|
22799
|
+
# @return [String]
|
22800
|
+
#
|
22801
|
+
# @!attribute [rw] destination_prefix_list_id
|
22802
|
+
# The prefix of the destination Amazon Web Service.
|
22803
|
+
# @return [String]
|
22804
|
+
#
|
22805
|
+
# @!attribute [rw] egress_only_internet_gateway_id
|
22806
|
+
# The ID of the egress-only internet gateway.
|
22807
|
+
# @return [String]
|
22808
|
+
#
|
22809
|
+
# @!attribute [rw] gateway_id
|
22810
|
+
# The ID of a gateway attached to your VPC.
|
22811
|
+
# @return [String]
|
22812
|
+
#
|
22813
|
+
# @!attribute [rw] instance_id
|
22814
|
+
# The ID of a NAT instance in your VPC.
|
22815
|
+
# @return [String]
|
22816
|
+
#
|
22817
|
+
# @!attribute [rw] instance_owner_id
|
22818
|
+
# The ID of the Amazon Web Services account that owns the instance.
|
22819
|
+
# @return [String]
|
22820
|
+
#
|
22821
|
+
# @!attribute [rw] local_gateway_id
|
22822
|
+
# The ID of the local gateway.
|
22823
|
+
# @return [String]
|
22824
|
+
#
|
22825
|
+
# @!attribute [rw] nat_gateway_id
|
22826
|
+
# The ID of a NAT gateway.
|
22827
|
+
# @return [String]
|
22828
|
+
#
|
22829
|
+
# @!attribute [rw] network_interface_id
|
22830
|
+
# The ID of the network interface.
|
22831
|
+
# @return [String]
|
22832
|
+
#
|
22833
|
+
# @!attribute [rw] origin
|
22834
|
+
# Describes how the route was created.
|
22835
|
+
# @return [String]
|
22836
|
+
#
|
22837
|
+
# @!attribute [rw] state
|
22838
|
+
# The state of the route.
|
22839
|
+
# @return [String]
|
22840
|
+
#
|
22841
|
+
# @!attribute [rw] transit_gateway_id
|
22842
|
+
# The ID of a transit gateway.
|
22843
|
+
# @return [String]
|
22844
|
+
#
|
22845
|
+
# @!attribute [rw] vpc_peering_connection_id
|
22846
|
+
# The ID of a VPC peering connection.
|
22847
|
+
# @return [String]
|
22848
|
+
#
|
22849
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RouteSetDetails AWS API Documentation
|
22850
|
+
#
|
22851
|
+
class RouteSetDetails < Struct.new(
|
22852
|
+
:carrier_gateway_id,
|
22853
|
+
:core_network_arn,
|
22854
|
+
:destination_cidr_block,
|
22855
|
+
:destination_ipv_6_cidr_block,
|
22856
|
+
:destination_prefix_list_id,
|
22857
|
+
:egress_only_internet_gateway_id,
|
22858
|
+
:gateway_id,
|
22859
|
+
:instance_id,
|
22860
|
+
:instance_owner_id,
|
22861
|
+
:local_gateway_id,
|
22862
|
+
:nat_gateway_id,
|
22863
|
+
:network_interface_id,
|
22864
|
+
:origin,
|
22865
|
+
:state,
|
22866
|
+
:transit_gateway_id,
|
22867
|
+
:vpc_peering_connection_id)
|
22868
|
+
SENSITIVE = []
|
22869
|
+
include Aws::Structure
|
22870
|
+
end
|
22871
|
+
|
22317
22872
|
# Details about the rule group.
|
22318
22873
|
#
|
22319
22874
|
# @!attribute [rw] rule_variables
|
@@ -22754,6 +23309,132 @@ module Aws::SecurityHub
|
|
22754
23309
|
include Aws::Structure
|
22755
23310
|
end
|
22756
23311
|
|
23312
|
+
# A security control in Security Hub describes a security best practice
|
23313
|
+
# related to a specific resource.
|
23314
|
+
#
|
23315
|
+
# @!attribute [rw] security_control_id
|
23316
|
+
# The unique identifier of a security control across standards. Values
|
23317
|
+
# for this field typically consist of an Amazon Web Service name and a
|
23318
|
+
# number, such as APIGateway.3.
|
23319
|
+
# @return [String]
|
23320
|
+
#
|
23321
|
+
# @!attribute [rw] security_control_arn
|
23322
|
+
# The Amazon Resource Name (ARN) for a security control across
|
23323
|
+
# standards, such as
|
23324
|
+
# `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
|
23325
|
+
# This parameter doesn't mention a specific standard.
|
23326
|
+
# @return [String]
|
23327
|
+
#
|
23328
|
+
# @!attribute [rw] title
|
23329
|
+
# The title of a security control.
|
23330
|
+
# @return [String]
|
23331
|
+
#
|
23332
|
+
# @!attribute [rw] description
|
23333
|
+
# The description of a security control across standards. This
|
23334
|
+
# typically summarizes how Security Hub evaluates the control and the
|
23335
|
+
# conditions under which it produces a failed finding. This parameter
|
23336
|
+
# doesn't reference a specific standard.
|
23337
|
+
# @return [String]
|
23338
|
+
#
|
23339
|
+
# @!attribute [rw] remediation_url
|
23340
|
+
# A link to Security Hub documentation that explains how to remediate
|
23341
|
+
# a failed finding for a security control.
|
23342
|
+
# @return [String]
|
23343
|
+
#
|
23344
|
+
# @!attribute [rw] severity_rating
|
23345
|
+
# The severity of a security control. For more information about how
|
23346
|
+
# Security Hub determines control severity, see [Assigning severity to
|
23347
|
+
# control findings][1] in the *Security Hub User Guide*.
|
23348
|
+
#
|
23349
|
+
#
|
23350
|
+
#
|
23351
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity
|
23352
|
+
# @return [String]
|
23353
|
+
#
|
23354
|
+
# @!attribute [rw] security_control_status
|
23355
|
+
# The status of a security control based on the compliance status of
|
23356
|
+
# its findings. For more information about how control status is
|
23357
|
+
# determined, see [Determining the overall status of a control from
|
23358
|
+
# its findings][1] in the *Security Hub User Guide*.
|
23359
|
+
#
|
23360
|
+
#
|
23361
|
+
#
|
23362
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html
|
23363
|
+
# @return [String]
|
23364
|
+
#
|
23365
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
|
23366
|
+
#
|
23367
|
+
class SecurityControl < Struct.new(
|
23368
|
+
:security_control_id,
|
23369
|
+
:security_control_arn,
|
23370
|
+
:title,
|
23371
|
+
:description,
|
23372
|
+
:remediation_url,
|
23373
|
+
:severity_rating,
|
23374
|
+
:security_control_status)
|
23375
|
+
SENSITIVE = []
|
23376
|
+
include Aws::Structure
|
23377
|
+
end
|
23378
|
+
|
23379
|
+
# Provides metadata for a security control, including its unique
|
23380
|
+
# standard-agnostic identifier, title, description, severity,
|
23381
|
+
# availability in Amazon Web Services Regions, and a link to remediation
|
23382
|
+
# steps.
|
23383
|
+
#
|
23384
|
+
# @!attribute [rw] security_control_id
|
23385
|
+
# The unique identifier of a security control across standards. Values
|
23386
|
+
# for this field typically consist of an Amazon Web Service name and a
|
23387
|
+
# number (for example, APIGateway.3). This parameter differs from
|
23388
|
+
# `SecurityControlArn`, which is a unique Amazon Resource Name (ARN)
|
23389
|
+
# assigned to a control. The ARN references the security control ID
|
23390
|
+
# (for example,
|
23391
|
+
# arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
|
23392
|
+
# @return [String]
|
23393
|
+
#
|
23394
|
+
# @!attribute [rw] title
|
23395
|
+
# The title of a security control.
|
23396
|
+
# @return [String]
|
23397
|
+
#
|
23398
|
+
# @!attribute [rw] description
|
23399
|
+
# The description of a security control across standards. This
|
23400
|
+
# typically summarizes how Security Hub evaluates the control and the
|
23401
|
+
# conditions under which it produces a failed finding. This parameter
|
23402
|
+
# doesn't reference a specific standard.
|
23403
|
+
# @return [String]
|
23404
|
+
#
|
23405
|
+
# @!attribute [rw] remediation_url
|
23406
|
+
# A link to Security Hub documentation that explains how to remediate
|
23407
|
+
# a failed finding for a security control.
|
23408
|
+
# @return [String]
|
23409
|
+
#
|
23410
|
+
# @!attribute [rw] severity_rating
|
23411
|
+
# The severity of a security control. For more information about how
|
23412
|
+
# Security Hub determines control severity, see [Assigning severity to
|
23413
|
+
# control findings][1] in the *Security Hub User Guide*.
|
23414
|
+
#
|
23415
|
+
#
|
23416
|
+
#
|
23417
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity
|
23418
|
+
# @return [String]
|
23419
|
+
#
|
23420
|
+
# @!attribute [rw] current_region_availability
|
23421
|
+
# Specifies whether a security control is available in the current
|
23422
|
+
# Amazon Web Services Region.
|
23423
|
+
# @return [String]
|
23424
|
+
#
|
23425
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
|
23426
|
+
#
|
23427
|
+
class SecurityControlDefinition < Struct.new(
|
23428
|
+
:security_control_id,
|
23429
|
+
:title,
|
23430
|
+
:description,
|
23431
|
+
:remediation_url,
|
23432
|
+
:severity_rating,
|
23433
|
+
:current_region_availability)
|
23434
|
+
SENSITIVE = []
|
23435
|
+
include Aws::Structure
|
23436
|
+
end
|
23437
|
+
|
22757
23438
|
# The list of detected instances of sensitive data.
|
22758
23439
|
#
|
22759
23440
|
# @!attribute [rw] count
|
@@ -22810,7 +23491,7 @@ module Aws::SecurityHub
|
|
22810
23491
|
# The severity of the finding.
|
22811
23492
|
#
|
22812
23493
|
# The finding provider can provide the initial severity. The finding
|
22813
|
-
# provider can only update the severity if it
|
23494
|
+
# provider can only update the severity if it hasn't been updated using
|
22814
23495
|
# `BatchUpdateFindings`.
|
22815
23496
|
#
|
22816
23497
|
# The finding must have either `Label` or `Normalized` populated. If
|
@@ -23137,6 +23818,207 @@ module Aws::SecurityHub
|
|
23137
23818
|
include Aws::Structure
|
23138
23819
|
end
|
23139
23820
|
|
23821
|
+
# Provides details about a control's enablement status in a specified
|
23822
|
+
# standard.
|
23823
|
+
#
|
23824
|
+
# @!attribute [rw] standards_arn
|
23825
|
+
# The Amazon Resource Name (ARN) of a security standard.
|
23826
|
+
# @return [String]
|
23827
|
+
#
|
23828
|
+
# @!attribute [rw] security_control_id
|
23829
|
+
# The unique identifier of a security control across standards. Values
|
23830
|
+
# for this field typically consist of an Amazon Web Service name and a
|
23831
|
+
# number, such as APIGateway.3.
|
23832
|
+
# @return [String]
|
23833
|
+
#
|
23834
|
+
# @!attribute [rw] security_control_arn
|
23835
|
+
# The ARN of a security control across standards, such as
|
23836
|
+
# `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
|
23837
|
+
# This parameter doesn't mention a specific standard.
|
23838
|
+
# @return [String]
|
23839
|
+
#
|
23840
|
+
# @!attribute [rw] association_status
|
23841
|
+
# Specifies whether a control is enabled or disabled in a specified
|
23842
|
+
# standard.
|
23843
|
+
# @return [String]
|
23844
|
+
#
|
23845
|
+
# @!attribute [rw] related_requirements
|
23846
|
+
# The requirement that underlies a control in the compliance framework
|
23847
|
+
# related to the standard.
|
23848
|
+
# @return [Array<String>]
|
23849
|
+
#
|
23850
|
+
# @!attribute [rw] updated_at
|
23851
|
+
# The time at which the enablement status of the control in the
|
23852
|
+
# specified standard was last updated.
|
23853
|
+
# @return [Time]
|
23854
|
+
#
|
23855
|
+
# @!attribute [rw] updated_reason
|
23856
|
+
# The reason for updating the enablement status of a control in a
|
23857
|
+
# specified standard.
|
23858
|
+
# @return [String]
|
23859
|
+
#
|
23860
|
+
# @!attribute [rw] standards_control_title
|
23861
|
+
# The title of a control. This field may reference a specific
|
23862
|
+
# standard.
|
23863
|
+
# @return [String]
|
23864
|
+
#
|
23865
|
+
# @!attribute [rw] standards_control_description
|
23866
|
+
# The description of a control. This typically summarizes how Security
|
23867
|
+
# Hub evaluates the control and the conditions under which it produces
|
23868
|
+
# a failed finding. This parameter may reference a specific standard.
|
23869
|
+
# @return [String]
|
23870
|
+
#
|
23871
|
+
# @!attribute [rw] standards_control_arns
|
23872
|
+
# Provides the input parameter that Security Hub uses to call the
|
23873
|
+
# [UpdateStandardsControl][1] API. This API can be used to enable or
|
23874
|
+
# disable a control in a specified standard.
|
23875
|
+
#
|
23876
|
+
#
|
23877
|
+
#
|
23878
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html
|
23879
|
+
# @return [Array<String>]
|
23880
|
+
#
|
23881
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationDetail AWS API Documentation
|
23882
|
+
#
|
23883
|
+
class StandardsControlAssociationDetail < Struct.new(
|
23884
|
+
:standards_arn,
|
23885
|
+
:security_control_id,
|
23886
|
+
:security_control_arn,
|
23887
|
+
:association_status,
|
23888
|
+
:related_requirements,
|
23889
|
+
:updated_at,
|
23890
|
+
:updated_reason,
|
23891
|
+
:standards_control_title,
|
23892
|
+
:standards_control_description,
|
23893
|
+
:standards_control_arns)
|
23894
|
+
SENSITIVE = []
|
23895
|
+
include Aws::Structure
|
23896
|
+
end
|
23897
|
+
|
23898
|
+
# An array with one or more objects that includes a security control
|
23899
|
+
# (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
|
23900
|
+
# of both parameters) and the Amazon Resource Name (ARN) of a standard.
|
23901
|
+
# The security control ID or ARN is the same across standards.
|
23902
|
+
#
|
23903
|
+
# @!attribute [rw] security_control_id
|
23904
|
+
# The unique identifier (identified with `SecurityControlId`,
|
23905
|
+
# `SecurityControlArn`, or a mix of both parameters) of a security
|
23906
|
+
# control across standards.
|
23907
|
+
# @return [String]
|
23908
|
+
#
|
23909
|
+
# @!attribute [rw] standards_arn
|
23910
|
+
# The ARN of a standard.
|
23911
|
+
# @return [String]
|
23912
|
+
#
|
23913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationId AWS API Documentation
|
23914
|
+
#
|
23915
|
+
class StandardsControlAssociationId < Struct.new(
|
23916
|
+
:security_control_id,
|
23917
|
+
:standards_arn)
|
23918
|
+
SENSITIVE = []
|
23919
|
+
include Aws::Structure
|
23920
|
+
end
|
23921
|
+
|
23922
|
+
# An array that provides the enablement status and other details for
|
23923
|
+
# each control that applies to each enabled standard.
|
23924
|
+
#
|
23925
|
+
# @!attribute [rw] standards_arn
|
23926
|
+
# The Amazon Resource Name (ARN) of a standard.
|
23927
|
+
# @return [String]
|
23928
|
+
#
|
23929
|
+
# @!attribute [rw] security_control_id
|
23930
|
+
# A unique standard-agnostic identifier for a control. Values for this
|
23931
|
+
# field typically consist of an Amazon Web Service and a number, such
|
23932
|
+
# as APIGateway.5. This field doesn't reference a specific standard.
|
23933
|
+
# @return [String]
|
23934
|
+
#
|
23935
|
+
# @!attribute [rw] security_control_arn
|
23936
|
+
# The ARN of a control, such as
|
23937
|
+
# `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
|
23938
|
+
# This parameter doesn't mention a specific standard.
|
23939
|
+
# @return [String]
|
23940
|
+
#
|
23941
|
+
# @!attribute [rw] association_status
|
23942
|
+
# The enablement status of a control in a specific standard.
|
23943
|
+
# @return [String]
|
23944
|
+
#
|
23945
|
+
# @!attribute [rw] related_requirements
|
23946
|
+
# The requirement that underlies this control in the compliance
|
23947
|
+
# framework related to the standard.
|
23948
|
+
# @return [Array<String>]
|
23949
|
+
#
|
23950
|
+
# @!attribute [rw] updated_at
|
23951
|
+
# The last time that a control's enablement status in a specified
|
23952
|
+
# standard was updated.
|
23953
|
+
# @return [Time]
|
23954
|
+
#
|
23955
|
+
# @!attribute [rw] updated_reason
|
23956
|
+
# The reason for updating the control's enablement status in a
|
23957
|
+
# specified standard.
|
23958
|
+
# @return [String]
|
23959
|
+
#
|
23960
|
+
# @!attribute [rw] standards_control_title
|
23961
|
+
# The title of a control.
|
23962
|
+
# @return [String]
|
23963
|
+
#
|
23964
|
+
# @!attribute [rw] standards_control_description
|
23965
|
+
# The description of a control. This typically summarizes how Security
|
23966
|
+
# Hub evaluates the control and the conditions under which it produces
|
23967
|
+
# a failed finding. The parameter may reference a specific standard.
|
23968
|
+
# @return [String]
|
23969
|
+
#
|
23970
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationSummary AWS API Documentation
|
23971
|
+
#
|
23972
|
+
class StandardsControlAssociationSummary < Struct.new(
|
23973
|
+
:standards_arn,
|
23974
|
+
:security_control_id,
|
23975
|
+
:security_control_arn,
|
23976
|
+
:association_status,
|
23977
|
+
:related_requirements,
|
23978
|
+
:updated_at,
|
23979
|
+
:updated_reason,
|
23980
|
+
:standards_control_title,
|
23981
|
+
:standards_control_description)
|
23982
|
+
SENSITIVE = []
|
23983
|
+
include Aws::Structure
|
23984
|
+
end
|
23985
|
+
|
23986
|
+
# An array of requested updates to the enablement status of controls in
|
23987
|
+
# specified standards. The objects in the array include a security
|
23988
|
+
# control ID, the Amazon Resource Name (ARN) of the standard, the
|
23989
|
+
# requested enablement status, and the reason for updating the
|
23990
|
+
# enablement status.
|
23991
|
+
#
|
23992
|
+
# @!attribute [rw] standards_arn
|
23993
|
+
# The Amazon Resource Name (ARN) of the standard in which you want to
|
23994
|
+
# update the control's enablement status.
|
23995
|
+
# @return [String]
|
23996
|
+
#
|
23997
|
+
# @!attribute [rw] security_control_id
|
23998
|
+
# The unique identifier for the security control whose enablement
|
23999
|
+
# status you want to update.
|
24000
|
+
# @return [String]
|
24001
|
+
#
|
24002
|
+
# @!attribute [rw] association_status
|
24003
|
+
# The desired enablement status of the control in the standard.
|
24004
|
+
# @return [String]
|
24005
|
+
#
|
24006
|
+
# @!attribute [rw] updated_reason
|
24007
|
+
# The reason for updating the control's enablement status in the
|
24008
|
+
# standard.
|
24009
|
+
# @return [String]
|
24010
|
+
#
|
24011
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationUpdate AWS API Documentation
|
24012
|
+
#
|
24013
|
+
class StandardsControlAssociationUpdate < Struct.new(
|
24014
|
+
:standards_arn,
|
24015
|
+
:security_control_id,
|
24016
|
+
:association_status,
|
24017
|
+
:updated_reason)
|
24018
|
+
SENSITIVE = []
|
24019
|
+
include Aws::Structure
|
24020
|
+
end
|
24021
|
+
|
23140
24022
|
# Provides details about the management of a security standard.
|
23141
24023
|
#
|
23142
24024
|
# @!attribute [rw] company
|
@@ -23505,6 +24387,111 @@ module Aws::SecurityHub
|
|
23505
24387
|
include Aws::Structure
|
23506
24388
|
end
|
23507
24389
|
|
24390
|
+
# Provides details about a security control for which a response
|
24391
|
+
# couldn't be returned.
|
24392
|
+
#
|
24393
|
+
# @!attribute [rw] security_control_id
|
24394
|
+
# The control (identified with `SecurityControlId`,
|
24395
|
+
# `SecurityControlArn`, or a mix of both parameters) for which a
|
24396
|
+
# response couldn't be returned.
|
24397
|
+
# @return [String]
|
24398
|
+
#
|
24399
|
+
# @!attribute [rw] error_code
|
24400
|
+
# The error code for the unprocessed security control.
|
24401
|
+
# @return [String]
|
24402
|
+
#
|
24403
|
+
# @!attribute [rw] error_reason
|
24404
|
+
# The reason why the security control was unprocessed.
|
24405
|
+
# @return [String]
|
24406
|
+
#
|
24407
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedSecurityControl AWS API Documentation
|
24408
|
+
#
|
24409
|
+
class UnprocessedSecurityControl < Struct.new(
|
24410
|
+
:security_control_id,
|
24411
|
+
:error_code,
|
24412
|
+
:error_reason)
|
24413
|
+
SENSITIVE = []
|
24414
|
+
include Aws::Structure
|
24415
|
+
end
|
24416
|
+
|
24417
|
+
# Provides details about which control's enablement status couldn't be
|
24418
|
+
# retrieved in a specified standard when calling
|
24419
|
+
# [BatchUpdateStandardsControlAssociations][1]. This parameter also
|
24420
|
+
# provides details about why the request was unprocessed.
|
24421
|
+
#
|
24422
|
+
#
|
24423
|
+
#
|
24424
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
|
24425
|
+
#
|
24426
|
+
# @!attribute [rw] standards_control_association_id
|
24427
|
+
# An array with one or more objects that includes a security control
|
24428
|
+
# (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
|
24429
|
+
# of both parameters) and the Amazon Resource Name (ARN) of a
|
24430
|
+
# standard. This parameter shows the specific controls for which the
|
24431
|
+
# enablement status couldn't be retrieved in specified standards when
|
24432
|
+
# calling [BatchUpdateStandardsControlAssociations][1].
|
24433
|
+
#
|
24434
|
+
#
|
24435
|
+
#
|
24436
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
|
24437
|
+
# @return [Types::StandardsControlAssociationId]
|
24438
|
+
#
|
24439
|
+
# @!attribute [rw] error_code
|
24440
|
+
# The error code for the unprocessed standard and control association.
|
24441
|
+
# @return [String]
|
24442
|
+
#
|
24443
|
+
# @!attribute [rw] error_reason
|
24444
|
+
# The reason why the standard and control association was unprocessed.
|
24445
|
+
# @return [String]
|
24446
|
+
#
|
24447
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedStandardsControlAssociation AWS API Documentation
|
24448
|
+
#
|
24449
|
+
class UnprocessedStandardsControlAssociation < Struct.new(
|
24450
|
+
:standards_control_association_id,
|
24451
|
+
:error_code,
|
24452
|
+
:error_reason)
|
24453
|
+
SENSITIVE = []
|
24454
|
+
include Aws::Structure
|
24455
|
+
end
|
24456
|
+
|
24457
|
+
# Provides details about which control's enablement status could not be
|
24458
|
+
# updated in a specified standard when calling the
|
24459
|
+
# [BatchUpdateStandardsControlAssociations][1] API. This parameter also
|
24460
|
+
# provides details about why the request was unprocessed.
|
24461
|
+
#
|
24462
|
+
#
|
24463
|
+
#
|
24464
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
|
24465
|
+
#
|
24466
|
+
# @!attribute [rw] standards_control_association_update
|
24467
|
+
# An array of control and standard associations for which an update
|
24468
|
+
# failed when calling [BatchUpdateStandardsControlAssociations][1].
|
24469
|
+
#
|
24470
|
+
#
|
24471
|
+
#
|
24472
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
|
24473
|
+
# @return [Types::StandardsControlAssociationUpdate]
|
24474
|
+
#
|
24475
|
+
# @!attribute [rw] error_code
|
24476
|
+
# The error code for the unprocessed update of the control's
|
24477
|
+
# enablement status in the specified standard.
|
24478
|
+
# @return [String]
|
24479
|
+
#
|
24480
|
+
# @!attribute [rw] error_reason
|
24481
|
+
# The reason why a control's enablement status in the specified
|
24482
|
+
# standard couldn't be updated.
|
24483
|
+
# @return [String]
|
24484
|
+
#
|
24485
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedStandardsControlAssociationUpdate AWS API Documentation
|
24486
|
+
#
|
24487
|
+
class UnprocessedStandardsControlAssociationUpdate < Struct.new(
|
24488
|
+
:standards_control_association_update,
|
24489
|
+
:error_code,
|
24490
|
+
:error_reason)
|
24491
|
+
SENSITIVE = []
|
24492
|
+
include Aws::Structure
|
24493
|
+
end
|
24494
|
+
|
23508
24495
|
# @!attribute [rw] resource_arn
|
23509
24496
|
# The ARN of the resource to remove the tags from.
|
23510
24497
|
# @return [String]
|
@@ -23741,10 +24728,26 @@ module Aws::SecurityHub
|
|
23741
24728
|
# `false`.
|
23742
24729
|
# @return [Boolean]
|
23743
24730
|
#
|
24731
|
+
# @!attribute [rw] control_finding_generator
|
24732
|
+
# Updates whether the calling account has consolidated control
|
24733
|
+
# findings turned on. If the value for this field is set to
|
24734
|
+
# `SECURITY_CONTROL`, Security Hub generates a single finding for a
|
24735
|
+
# control check even when the check applies to multiple enabled
|
24736
|
+
# standards.
|
24737
|
+
#
|
24738
|
+
# If the value for this field is set to `STANDARD_CONTROL`, Security
|
24739
|
+
# Hub generates separate findings for a control check when the check
|
24740
|
+
# applies to multiple enabled standards.
|
24741
|
+
#
|
24742
|
+
# For accounts that are part of an organization, this value can only
|
24743
|
+
# be updated in the administrator account.
|
24744
|
+
# @return [String]
|
24745
|
+
#
|
23744
24746
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfigurationRequest AWS API Documentation
|
23745
24747
|
#
|
23746
24748
|
class UpdateSecurityHubConfigurationRequest < Struct.new(
|
23747
|
-
:auto_enable_controls
|
24749
|
+
:auto_enable_controls,
|
24750
|
+
:control_finding_generator)
|
23748
24751
|
SENSITIVE = []
|
23749
24752
|
include Aws::Structure
|
23750
24753
|
end
|