aws-sdk-securityhub 1.77.0 → 1.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -329,6 +329,68 @@ module Aws::SecurityHub
329
329
  include Aws::Structure
330
330
  end
331
331
 
332
+ # The associations between a route table and one or more subnets or a
333
+ # gateway.
334
+ #
335
+ # @!attribute [rw] association_state
336
+ # The state of the association between a route table and a subnet or
337
+ # gateway.
338
+ # @return [Types::AssociationStateDetails]
339
+ #
340
+ # @!attribute [rw] gateway_id
341
+ # The ID of the internet gateway or virtual private gateway.
342
+ # @return [String]
343
+ #
344
+ # @!attribute [rw] main
345
+ # Indicates whether this is the main route table.
346
+ # @return [Boolean]
347
+ #
348
+ # @!attribute [rw] route_table_association_id
349
+ # The ID of the association.
350
+ # @return [String]
351
+ #
352
+ # @!attribute [rw] route_table_id
353
+ # The ID of the route table.
354
+ # @return [String]
355
+ #
356
+ # @!attribute [rw] subnet_id
357
+ # The ID of the subnet. A subnet ID is not returned for an implicit
358
+ # association.
359
+ # @return [String]
360
+ #
361
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationSetDetails AWS API Documentation
362
+ #
363
+ class AssociationSetDetails < Struct.new(
364
+ :association_state,
365
+ :gateway_id,
366
+ :main,
367
+ :route_table_association_id,
368
+ :route_table_id,
369
+ :subnet_id)
370
+ SENSITIVE = []
371
+ include Aws::Structure
372
+ end
373
+
374
+ # Describes the state of an association between a route table and a
375
+ # subnet or gateway.
376
+ #
377
+ # @!attribute [rw] state
378
+ # The state of the association.
379
+ # @return [String]
380
+ #
381
+ # @!attribute [rw] status_message
382
+ # The status message, if applicable.
383
+ # @return [String]
384
+ #
385
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationStateDetails AWS API Documentation
386
+ #
387
+ class AssociationStateDetails < Struct.new(
388
+ :state,
389
+ :status_message)
390
+ SENSITIVE = []
391
+ include Aws::Structure
392
+ end
393
+
332
394
  # Information about an Availability Zone.
333
395
  #
334
396
  # @!attribute [rw] zone_name
@@ -1838,8 +1900,8 @@ module Aws::SecurityHub
1838
1900
  # @return [Array<String>]
1839
1901
  #
1840
1902
  # @!attribute [rw] sns_topic_arn
1841
- # An ARN that uniquely identifies the Amazon SNS topic for a backup
1842
- # vaults events.
1903
+ # The Amazon Resource Name (ARN) that uniquely identifies the Amazon
1904
+ # SNS topic for a backup vault's events.
1843
1905
  # @return [String]
1844
1906
  #
1845
1907
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupVaultNotificationsDetails AWS API Documentation
@@ -4459,6 +4521,10 @@ module Aws::SecurityHub
4459
4521
  # Details about the metadata options for the Amazon EC2 instance.
4460
4522
  # @return [Types::AwsEc2InstanceMetadataOptions]
4461
4523
  #
4524
+ # @!attribute [rw] monitoring
4525
+ # Describes the type of monitoring that’s turned on for an instance.
4526
+ # @return [Types::AwsEc2InstanceMonitoringDetails]
4527
+ #
4462
4528
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
4463
4529
  #
4464
4530
  class AwsEc2InstanceDetails < Struct.new(
@@ -4473,7 +4539,8 @@ module Aws::SecurityHub
4473
4539
  :launched_at,
4474
4540
  :network_interfaces,
4475
4541
  :virtualization_type,
4476
- :metadata_options)
4542
+ :metadata_options,
4543
+ :monitoring)
4477
4544
  SENSITIVE = []
4478
4545
  include Aws::Structure
4479
4546
  end
@@ -4517,6 +4584,21 @@ module Aws::SecurityHub
4517
4584
  include Aws::Structure
4518
4585
  end
4519
4586
 
4587
+ # The type of monitoring that’s turned on for an Amazon EC2 instance.
4588
+ #
4589
+ # @!attribute [rw] state
4590
+ # Indicates whether detailed monitoring is turned on. Otherwise, basic
4591
+ # monitoring is turned on.
4592
+ # @return [String]
4593
+ #
4594
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceMonitoringDetails AWS API Documentation
4595
+ #
4596
+ class AwsEc2InstanceMonitoringDetails < Struct.new(
4597
+ :state)
4598
+ SENSITIVE = []
4599
+ include Aws::Structure
4600
+ end
4601
+
4520
4602
  # Identifies a network interface for the Amazon EC2 instance.
4521
4603
  #
4522
4604
  # @!attribute [rw] network_interface_id
@@ -5216,7 +5298,7 @@ module Aws::SecurityHub
5216
5298
  #
5217
5299
  # @!attribute [rw] on_demand_max_price_percentage_over_lowest_price
5218
5300
  # The price protection threshold for On-Demand Instances. This is the
5219
- # maximum youll pay for an On-Demand Instance, expressed as a
5301
+ # maximum you'll pay for an On-Demand Instance, expressed as a
5220
5302
  # percentage above the least expensive current generation M, C, or R
5221
5303
  # instance type with your specified attributes. When Amazon EC2
5222
5304
  # selects instance types with your attributes, it excludes instance
@@ -5235,7 +5317,7 @@ module Aws::SecurityHub
5235
5317
  #
5236
5318
  # @!attribute [rw] spot_max_price_percentage_over_lowest_price
5237
5319
  # The price protection threshold for Spot Instances. This is the
5238
- # maximum youll pay for a Spot Instance, expressed as a percentage
5320
+ # maximum you'll pay for a Spot Instance, expressed as a percentage
5239
5321
  # above the least expensive current generation M, C, or R instance
5240
5322
  # type with your specified attributes. When Amazon EC2 selects
5241
5323
  # instance types with your attributes, it excludes instance types
@@ -5418,7 +5500,7 @@ module Aws::SecurityHub
5418
5500
  # @!attribute [rw] http_endpoint
5419
5501
  # Enables or disables the HTTP metadata endpoint on your instances. If
5420
5502
  # the parameter is not specified, the default state is enabled, and
5421
- # you wont be able to access your instance metadata.
5503
+ # you won't be able to access your instance metadata.
5422
5504
  # @return [String]
5423
5505
  #
5424
5506
  # @!attribute [rw] http_protocol_ipv_6
@@ -6075,6 +6157,46 @@ module Aws::SecurityHub
6075
6157
  include Aws::Structure
6076
6158
  end
6077
6159
 
6160
+ # Provides details about a route table for the specified VPC.
6161
+ #
6162
+ # @!attribute [rw] association_set
6163
+ # The associations between a route table and one or more subnets or a
6164
+ # gateway.
6165
+ # @return [Array<Types::AssociationSetDetails>]
6166
+ #
6167
+ # @!attribute [rw] owner_id
6168
+ # The ID of the Amazon Web Services account that owns the route table.
6169
+ # @return [String]
6170
+ #
6171
+ # @!attribute [rw] propagating_vgw_set
6172
+ # Describes a virtual private gateway propagating route.
6173
+ # @return [Array<Types::PropagatingVgwSetDetails>]
6174
+ #
6175
+ # @!attribute [rw] route_table_id
6176
+ # The ID of the route table.
6177
+ # @return [String]
6178
+ #
6179
+ # @!attribute [rw] route_set
6180
+ # The routes in the route table.
6181
+ # @return [Array<Types::RouteSetDetails>]
6182
+ #
6183
+ # @!attribute [rw] vpc_id
6184
+ # The ID of the virtual private cloud (VPC).
6185
+ # @return [String]
6186
+ #
6187
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2RouteTableDetails AWS API Documentation
6188
+ #
6189
+ class AwsEc2RouteTableDetails < Struct.new(
6190
+ :association_set,
6191
+ :owner_id,
6192
+ :propagating_vgw_set,
6193
+ :route_table_id,
6194
+ :route_set,
6195
+ :vpc_id)
6196
+ SENSITIVE = []
6197
+ include Aws::Structure
6198
+ end
6199
+
6078
6200
  # Details about an Amazon EC2 security group.
6079
6201
  #
6080
6202
  # @!attribute [rw] group_name
@@ -8091,15 +8213,15 @@ module Aws::SecurityHub
8091
8213
  #
8092
8214
  # * ` user `
8093
8215
  #
8094
- # * ` user `\:` group `
8216
+ # * ` user `:` group `
8095
8217
  #
8096
8218
  # * ` uid `
8097
8219
  #
8098
- # * ` uid `\:` gid `
8220
+ # * ` uid `:` gid `
8099
8221
  #
8100
- # * ` user `\:` gid `
8222
+ # * ` user `:` gid `
8101
8223
  #
8102
- # * ` uid `\:` group `
8224
+ # * ` uid `:` group `
8103
8225
  # @return [String]
8104
8226
  #
8105
8227
  # @!attribute [rw] volumes_from
@@ -9426,11 +9548,19 @@ module Aws::SecurityHub
9426
9548
  # The subnets that are associated with the cluster.
9427
9549
  # @return [Array<String>]
9428
9550
  #
9551
+ # @!attribute [rw] endpoint_public_access
9552
+ # Indicates whether the Amazon EKS public API server endpoint is
9553
+ # turned on. If the Amazon EKS public API server endpoint is turned
9554
+ # off, your cluster's Kubernetes API server can only receive requests
9555
+ # that originate from within the cluster VPC.
9556
+ # @return [Boolean]
9557
+ #
9429
9558
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterResourcesVpcConfigDetails AWS API Documentation
9430
9559
  #
9431
9560
  class AwsEksClusterResourcesVpcConfigDetails < Struct.new(
9432
9561
  :security_group_ids,
9433
- :subnet_ids)
9562
+ :subnet_ids,
9563
+ :endpoint_public_access)
9434
9564
  SENSITIVE = []
9435
9565
  include Aws::Structure
9436
9566
  end
@@ -13970,7 +14100,9 @@ module Aws::SecurityHub
13970
14100
  include Aws::Structure
13971
14101
  end
13972
14102
 
13973
- # Information about a cross-Region snapshot copy.
14103
+ # You can configure Amazon Redshift to copy snapshots for a cluster to
14104
+ # another Amazon Web Services Region. This parameter provides
14105
+ # information about a cross-Region snapshot copy.
13974
14106
  #
13975
14107
  # @!attribute [rw] destination_region
13976
14108
  # The destination Region that snapshots are automatically copied to
@@ -13979,7 +14111,7 @@ module Aws::SecurityHub
13979
14111
  #
13980
14112
  # @!attribute [rw] manual_snapshot_retention_period
13981
14113
  # The number of days that manual snapshots are retained in the
13982
- # destination region after they are copied from a source region.
14114
+ # destination Region after they are copied from a source Region.
13983
14115
  #
13984
14116
  # If the value is `-1`, then the manual snapshot is retained
13985
14117
  # indefinitely.
@@ -15106,6 +15238,11 @@ module Aws::SecurityHub
15106
15238
  # The versioning state of an S3 bucket.
15107
15239
  # @return [Types::AwsS3BucketBucketVersioningConfiguration]
15108
15240
  #
15241
+ # @!attribute [rw] object_lock_configuration
15242
+ # Specifies which rule Amazon S3 applies by default to every new
15243
+ # object placed in the specified bucket.
15244
+ # @return [Types::AwsS3BucketObjectLockConfiguration]
15245
+ #
15109
15246
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
15110
15247
  #
15111
15248
  class AwsS3BucketDetails < Struct.new(
@@ -15120,7 +15257,8 @@ module Aws::SecurityHub
15120
15257
  :bucket_logging_configuration,
15121
15258
  :bucket_website_configuration,
15122
15259
  :bucket_notification_configuration,
15123
- :bucket_versioning_configuration)
15260
+ :bucket_versioning_configuration,
15261
+ :object_lock_configuration)
15124
15262
  SENSITIVE = []
15125
15263
  include Aws::Structure
15126
15264
  end
@@ -15246,6 +15384,73 @@ module Aws::SecurityHub
15246
15384
  include Aws::Structure
15247
15385
  end
15248
15386
 
15387
+ # The container element for S3 Object Lock configuration parameters. In
15388
+ # Amazon S3, Object Lock can help prevent objects from being deleted or
15389
+ # overwritten for a fixed amount of time or indefinitely.
15390
+ #
15391
+ # @!attribute [rw] object_lock_enabled
15392
+ # Indicates whether the bucket has an Object Lock configuration
15393
+ # enabled.
15394
+ # @return [String]
15395
+ #
15396
+ # @!attribute [rw] rule
15397
+ # Specifies the Object Lock rule for the specified object.
15398
+ # @return [Types::AwsS3BucketObjectLockConfigurationRuleDetails]
15399
+ #
15400
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfiguration AWS API Documentation
15401
+ #
15402
+ class AwsS3BucketObjectLockConfiguration < Struct.new(
15403
+ :object_lock_enabled,
15404
+ :rule)
15405
+ SENSITIVE = []
15406
+ include Aws::Structure
15407
+ end
15408
+
15409
+ # The default S3 Object Lock retention mode and period that you want to
15410
+ # apply to new objects placed in the specified Amazon S3 bucket.
15411
+ #
15412
+ # @!attribute [rw] days
15413
+ # The number of days that you want to specify for the default
15414
+ # retention period.
15415
+ # @return [Integer]
15416
+ #
15417
+ # @!attribute [rw] mode
15418
+ # The default Object Lock retention mode you want to apply to new
15419
+ # objects placed in the specified bucket.
15420
+ # @return [String]
15421
+ #
15422
+ # @!attribute [rw] years
15423
+ # The number of years that you want to specify for the default
15424
+ # retention period.
15425
+ # @return [Integer]
15426
+ #
15427
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails AWS API Documentation
15428
+ #
15429
+ class AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails < Struct.new(
15430
+ :days,
15431
+ :mode,
15432
+ :years)
15433
+ SENSITIVE = []
15434
+ include Aws::Structure
15435
+ end
15436
+
15437
+ # Specifies the S3 Object Lock rule for the specified object. In Amazon
15438
+ # S3, Object Lock can help prevent objects from being deleted or
15439
+ # overwritten for a fixed amount of time or indefinitely.
15440
+ #
15441
+ # @!attribute [rw] default_retention
15442
+ # The default Object Lock retention mode and period that you want to
15443
+ # apply to new objects placed in the specified bucket.
15444
+ # @return [Types::AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails]
15445
+ #
15446
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfigurationRuleDetails AWS API Documentation
15447
+ #
15448
+ class AwsS3BucketObjectLockConfigurationRuleDetails < Struct.new(
15449
+ :default_retention)
15450
+ SENSITIVE = []
15451
+ include Aws::Structure
15452
+ end
15453
+
15249
15454
  # Specifies the default server-side encryption to apply to new objects
15250
15455
  # in the bucket.
15251
15456
  #
@@ -16294,7 +16499,8 @@ module Aws::SecurityHub
16294
16499
  # @return [Array<Types::NumberFilter>]
16295
16500
  #
16296
16501
  # @!attribute [rw] process_parent_pid
16297
- # The parent process ID.
16502
+ # The parent process ID. This field accepts positive integers between
16503
+ # `O` and `2147483647`.
16298
16504
  # @return [Array<Types::NumberFilter>]
16299
16505
  #
16300
16506
  # @!attribute [rw] process_launched_at
@@ -16503,7 +16709,7 @@ module Aws::SecurityHub
16503
16709
  # owner.
16504
16710
  #
16505
16711
  # If one of the following occurs, the workflow status is changed
16506
- # automatically from `NOTIFIED` to `NEW`\:
16712
+ # automatically from `NOTIFIED` to `NEW`:
16507
16713
  #
16508
16714
  # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
16509
16715
  #
@@ -18234,6 +18440,81 @@ module Aws::SecurityHub
18234
18440
  include Aws::Structure
18235
18441
  end
18236
18442
 
18443
+ # @!attribute [rw] security_control_ids
18444
+ # A list of security controls (identified with `SecurityControlId`,
18445
+ # `SecurityControlArn`, or a mix of both parameters). The security
18446
+ # control ID or Amazon Resource Name (ARN) is the same across
18447
+ # standards.
18448
+ # @return [Array<String>]
18449
+ #
18450
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControlsRequest AWS API Documentation
18451
+ #
18452
+ class BatchGetSecurityControlsRequest < Struct.new(
18453
+ :security_control_ids)
18454
+ SENSITIVE = []
18455
+ include Aws::Structure
18456
+ end
18457
+
18458
+ # @!attribute [rw] security_controls
18459
+ # An array that returns the identifier, Amazon Resource Name (ARN),
18460
+ # and other details about a security control. The same information is
18461
+ # returned whether the request includes `SecurityControlId` or
18462
+ # `SecurityControlArn`.
18463
+ # @return [Array<Types::SecurityControl>]
18464
+ #
18465
+ # @!attribute [rw] unprocessed_ids
18466
+ # A security control (identified with `SecurityControlId`,
18467
+ # `SecurityControlArn`, or a mix of both parameters) for which details
18468
+ # cannot be returned.
18469
+ # @return [Array<Types::UnprocessedSecurityControl>]
18470
+ #
18471
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControlsResponse AWS API Documentation
18472
+ #
18473
+ class BatchGetSecurityControlsResponse < Struct.new(
18474
+ :security_controls,
18475
+ :unprocessed_ids)
18476
+ SENSITIVE = []
18477
+ include Aws::Structure
18478
+ end
18479
+
18480
+ # @!attribute [rw] standards_control_association_ids
18481
+ # An array with one or more objects that includes a security control
18482
+ # (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
18483
+ # of both parameters) and the Amazon Resource Name (ARN) of a
18484
+ # standard. This field is used to query the enablement status of a
18485
+ # control in a specified standard. The security control ID or ARN is
18486
+ # the same across standards.
18487
+ # @return [Array<Types::StandardsControlAssociationId>]
18488
+ #
18489
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociationsRequest AWS API Documentation
18490
+ #
18491
+ class BatchGetStandardsControlAssociationsRequest < Struct.new(
18492
+ :standards_control_association_ids)
18493
+ SENSITIVE = []
18494
+ include Aws::Structure
18495
+ end
18496
+
18497
+ # @!attribute [rw] standards_control_association_details
18498
+ # Provides the enablement status of a security control in a specified
18499
+ # standard and other details for the control in relation to the
18500
+ # specified standard.
18501
+ # @return [Array<Types::StandardsControlAssociationDetail>]
18502
+ #
18503
+ # @!attribute [rw] unprocessed_associations
18504
+ # A security control (identified with `SecurityControlId`,
18505
+ # `SecurityControlArn`, or a mix of both parameters) whose enablement
18506
+ # status in a specified standard cannot be returned.
18507
+ # @return [Array<Types::UnprocessedStandardsControlAssociation>]
18508
+ #
18509
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociationsResponse AWS API Documentation
18510
+ #
18511
+ class BatchGetStandardsControlAssociationsResponse < Struct.new(
18512
+ :standards_control_association_details,
18513
+ :unprocessed_associations)
18514
+ SENSITIVE = []
18515
+ include Aws::Structure
18516
+ end
18517
+
18237
18518
  # @!attribute [rw] findings
18238
18519
  # A list of findings to import. To successfully import a finding, it
18239
18520
  # must follow the [Amazon Web Services Security Finding Format][1].
@@ -18455,6 +18736,33 @@ module Aws::SecurityHub
18455
18736
  include Aws::Structure
18456
18737
  end
18457
18738
 
18739
+ # @!attribute [rw] standards_control_association_updates
18740
+ # Updates the enablement status of a security control in a specified
18741
+ # standard.
18742
+ # @return [Array<Types::StandardsControlAssociationUpdate>]
18743
+ #
18744
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociationsRequest AWS API Documentation
18745
+ #
18746
+ class BatchUpdateStandardsControlAssociationsRequest < Struct.new(
18747
+ :standards_control_association_updates)
18748
+ SENSITIVE = []
18749
+ include Aws::Structure
18750
+ end
18751
+
18752
+ # @!attribute [rw] unprocessed_association_updates
18753
+ # A security control (identified with `SecurityControlId`,
18754
+ # `SecurityControlArn`, or a mix of both parameters) whose enablement
18755
+ # status in a specified standard couldn't be updated.
18756
+ # @return [Array<Types::UnprocessedStandardsControlAssociationUpdate>]
18757
+ #
18758
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociationsResponse AWS API Documentation
18759
+ #
18760
+ class BatchUpdateStandardsControlAssociationsResponse < Struct.new(
18761
+ :unprocessed_association_updates)
18762
+ SENSITIVE = []
18763
+ include Aws::Structure
18764
+ end
18765
+
18458
18766
  # Boolean filter for querying findings.
18459
18767
  #
18460
18768
  # @!attribute [rw] value
@@ -18769,7 +19077,7 @@ module Aws::SecurityHub
18769
19077
  end
18770
19078
 
18771
19079
  # @!attribute [rw] action_target_arn
18772
- # The ARN for the custom action target.
19080
+ # The Amazon Resource Name (ARN) for the custom action target.
18773
19081
  # @return [String]
18774
19082
  #
18775
19083
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateActionTargetResponse AWS API Documentation
@@ -19091,8 +19399,8 @@ module Aws::SecurityHub
19091
19399
  end
19092
19400
 
19093
19401
  # @!attribute [rw] account_ids
19094
- # The list of account IDs for the accounts from which to decline the
19095
- # invitations to Security Hub.
19402
+ # The list of prospective member account IDs for which to decline an
19403
+ # invitation.
19096
19404
  # @return [Array<String>]
19097
19405
  #
19098
19406
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeclineInvitationsRequest AWS API Documentation
@@ -19118,7 +19426,8 @@ module Aws::SecurityHub
19118
19426
  end
19119
19427
 
19120
19428
  # @!attribute [rw] action_target_arn
19121
- # The ARN of the custom action target to delete.
19429
+ # The Amazon Resource Name (ARN) of the custom action target to
19430
+ # delete.
19122
19431
  # @return [String]
19123
19432
  #
19124
19433
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteActionTargetRequest AWS API Documentation
@@ -19183,7 +19492,8 @@ module Aws::SecurityHub
19183
19492
  end
19184
19493
 
19185
19494
  # @!attribute [rw] account_ids
19186
- # The list of the account IDs that sent the invitations to delete.
19495
+ # The list of member account IDs that received the invitations you
19496
+ # want to delete.
19187
19497
  # @return [Array<String>]
19188
19498
  #
19189
19499
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInvitationsRequest AWS API Documentation
@@ -19311,12 +19621,30 @@ module Aws::SecurityHub
19311
19621
  # enabled.
19312
19622
  # @return [Boolean]
19313
19623
  #
19624
+ # @!attribute [rw] control_finding_generator
19625
+ # Specifies whether the calling account has consolidated control
19626
+ # findings turned on. If the value for this field is set to
19627
+ # `SECURITY_CONTROL`, Security Hub generates a single finding for a
19628
+ # control check even when the check applies to multiple enabled
19629
+ # standards.
19630
+ #
19631
+ # If the value for this field is set to `STANDARD_CONTROL`, Security
19632
+ # Hub generates separate findings for a control check when the check
19633
+ # applies to multiple enabled standards.
19634
+ #
19635
+ # The value for this field in a member account matches the value in
19636
+ # the administrator account. For accounts that aren't part of an
19637
+ # organization, the default value of this field is `SECURITY_CONTROL`
19638
+ # if you enabled Security Hub on or after February 23, 2023.
19639
+ # @return [String]
19640
+ #
19314
19641
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHubResponse AWS API Documentation
19315
19642
  #
19316
19643
  class DescribeHubResponse < Struct.new(
19317
19644
  :hub_arn,
19318
19645
  :subscribed_at,
19319
- :auto_enable_controls)
19646
+ :auto_enable_controls,
19647
+ :control_finding_generator)
19320
19648
  SENSITIVE = []
19321
19649
  include Aws::Structure
19322
19650
  end
@@ -19657,11 +19985,29 @@ module Aws::SecurityHub
19657
19985
  # `false`.
19658
19986
  # @return [Boolean]
19659
19987
  #
19988
+ # @!attribute [rw] control_finding_generator
19989
+ # This field, used when enabling Security Hub, specifies whether the
19990
+ # calling account has consolidated control findings turned on. If the
19991
+ # value for this field is set to `SECURITY_CONTROL`, Security Hub
19992
+ # generates a single finding for a control check even when the check
19993
+ # applies to multiple enabled standards.
19994
+ #
19995
+ # If the value for this field is set to `STANDARD_CONTROL`, Security
19996
+ # Hub generates separate findings for a control check when the check
19997
+ # applies to multiple enabled standards.
19998
+ #
19999
+ # The value for this field in a member account matches the value in
20000
+ # the administrator account. For accounts that aren't part of an
20001
+ # organization, the default value of this field is `SECURITY_CONTROL`
20002
+ # if you enabled Security Hub on or after February 23, 2023.
20003
+ # @return [String]
20004
+ #
19660
20005
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
19661
20006
  #
19662
20007
  class EnableSecurityHubRequest < Struct.new(
19663
20008
  :tags,
19664
- :enable_default_standards)
20009
+ :enable_default_standards,
20010
+ :control_finding_generator)
19665
20011
  SENSITIVE = []
19666
20012
  include Aws::Structure
19667
20013
  end
@@ -20776,6 +21122,104 @@ module Aws::SecurityHub
20776
21122
  include Aws::Structure
20777
21123
  end
20778
21124
 
21125
+ # @!attribute [rw] standards_arn
21126
+ # The Amazon Resource Name (ARN) of the standard that you want to view
21127
+ # controls for.
21128
+ # @return [String]
21129
+ #
21130
+ # @!attribute [rw] next_token
21131
+ # Optional pagination parameter.
21132
+ # @return [String]
21133
+ #
21134
+ # @!attribute [rw] max_results
21135
+ # An optional parameter that limits the total results of the API
21136
+ # response to the specified number. If this parameter isn't provided
21137
+ # in the request, the results include the first 25 security controls
21138
+ # that apply to the specified standard. The results also include a
21139
+ # `NextToken` parameter that you can use in a subsequent API call to
21140
+ # get the next 25 controls. This repeats until all controls for the
21141
+ # standard are returned.
21142
+ # @return [Integer]
21143
+ #
21144
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitionsRequest AWS API Documentation
21145
+ #
21146
+ class ListSecurityControlDefinitionsRequest < Struct.new(
21147
+ :standards_arn,
21148
+ :next_token,
21149
+ :max_results)
21150
+ SENSITIVE = []
21151
+ include Aws::Structure
21152
+ end
21153
+
21154
+ # @!attribute [rw] security_control_definitions
21155
+ # An array of controls that apply to the specified standard.
21156
+ # @return [Array<Types::SecurityControlDefinition>]
21157
+ #
21158
+ # @!attribute [rw] next_token
21159
+ # A pagination parameter that's included in the response only if it
21160
+ # was included in the request.
21161
+ # @return [String]
21162
+ #
21163
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitionsResponse AWS API Documentation
21164
+ #
21165
+ class ListSecurityControlDefinitionsResponse < Struct.new(
21166
+ :security_control_definitions,
21167
+ :next_token)
21168
+ SENSITIVE = []
21169
+ include Aws::Structure
21170
+ end
21171
+
21172
+ # @!attribute [rw] security_control_id
21173
+ # The identifier of the control (identified with `SecurityControlId`,
21174
+ # `SecurityControlArn`, or a mix of both parameters) that you want to
21175
+ # determine the enablement status of in each enabled standard.
21176
+ # @return [String]
21177
+ #
21178
+ # @!attribute [rw] next_token
21179
+ # Optional pagination parameter.
21180
+ # @return [String]
21181
+ #
21182
+ # @!attribute [rw] max_results
21183
+ # An optional parameter that limits the total results of the API
21184
+ # response to the specified number. If this parameter isn't provided
21185
+ # in the request, the results include the first 25 standard and
21186
+ # control associations. The results also include a `NextToken`
21187
+ # parameter that you can use in a subsequent API call to get the next
21188
+ # 25 associations. This repeats until all associations for the
21189
+ # specified control are returned. The number of results is limited by
21190
+ # the number of supported Security Hub standards that you've enabled
21191
+ # in the calling account.
21192
+ # @return [Integer]
21193
+ #
21194
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociationsRequest AWS API Documentation
21195
+ #
21196
+ class ListStandardsControlAssociationsRequest < Struct.new(
21197
+ :security_control_id,
21198
+ :next_token,
21199
+ :max_results)
21200
+ SENSITIVE = []
21201
+ include Aws::Structure
21202
+ end
21203
+
21204
+ # @!attribute [rw] standards_control_association_summaries
21205
+ # An array that provides the enablement status and other details for
21206
+ # each security control that applies to each enabled standard.
21207
+ # @return [Array<Types::StandardsControlAssociationSummary>]
21208
+ #
21209
+ # @!attribute [rw] next_token
21210
+ # A pagination parameter that's included in the response only if it
21211
+ # was included in the request.
21212
+ # @return [String]
21213
+ #
21214
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociationsResponse AWS API Documentation
21215
+ #
21216
+ class ListStandardsControlAssociationsResponse < Struct.new(
21217
+ :standards_control_association_summaries,
21218
+ :next_token)
21219
+ SENSITIVE = []
21220
+ include Aws::Structure
21221
+ end
21222
+
20779
21223
  # @!attribute [rw] resource_arn
20780
21224
  # The ARN of the resource to retrieve tags for.
20781
21225
  # @return [String]
@@ -21514,7 +21958,8 @@ module Aws::SecurityHub
21514
21958
  # @return [Integer]
21515
21959
  #
21516
21960
  # @!attribute [rw] parent_pid
21517
- # The parent process ID.
21961
+ # The parent process ID. This field accepts positive integers between
21962
+ # `O` and `2147483647`.
21518
21963
  # @return [Integer]
21519
21964
  #
21520
21965
  # @!attribute [rw] launched_at
@@ -21627,6 +22072,20 @@ module Aws::SecurityHub
21627
22072
  include Aws::Structure
21628
22073
  end
21629
22074
 
22075
+ # Describes a virtual private gateway propagating route.
22076
+ #
22077
+ # @!attribute [rw] gateway_id
22078
+ # The ID of the virtual private gateway.
22079
+ # @return [String]
22080
+ #
22081
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PropagatingVgwSetDetails AWS API Documentation
22082
+ #
22083
+ class PropagatingVgwSetDetails < Struct.new(
22084
+ :gateway_id)
22085
+ SENSITIVE = []
22086
+ include Aws::Structure
22087
+ end
22088
+
21630
22089
  # Identifies where the sensitive data begins and ends.
21631
22090
  #
21632
22091
  # @!attribute [rw] start
@@ -22186,6 +22645,12 @@ module Aws::SecurityHub
22186
22645
  # Details about an WAFv2 rule group.
22187
22646
  # @return [Types::AwsWafv2RuleGroupDetails]
22188
22647
  #
22648
+ # @!attribute [rw] aws_ec2_route_table
22649
+ # Provides details about a route table. A route table contains a set
22650
+ # of rules, called routes, that determine where to direct network
22651
+ # traffic from your subnet or gateway.
22652
+ # @return [Types::AwsEc2RouteTableDetails]
22653
+ #
22189
22654
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
22190
22655
  #
22191
22656
  class ResourceDetails < Struct.new(
@@ -22271,7 +22736,8 @@ module Aws::SecurityHub
22271
22736
  :aws_ec2_launch_template,
22272
22737
  :aws_sage_maker_notebook_instance,
22273
22738
  :aws_wafv_2_web_acl,
22274
- :aws_wafv_2_rule_group)
22739
+ :aws_wafv_2_rule_group,
22740
+ :aws_ec2_route_table)
22275
22741
  SENSITIVE = []
22276
22742
  include Aws::Structure
22277
22743
  end
@@ -22314,6 +22780,95 @@ module Aws::SecurityHub
22314
22780
  include Aws::Structure
22315
22781
  end
22316
22782
 
22783
+ # Provides details about the routes in the route table.
22784
+ #
22785
+ # @!attribute [rw] carrier_gateway_id
22786
+ # The ID of the carrier gateway.
22787
+ # @return [String]
22788
+ #
22789
+ # @!attribute [rw] core_network_arn
22790
+ # The Amazon Resource Name (ARN) of the core network.
22791
+ # @return [String]
22792
+ #
22793
+ # @!attribute [rw] destination_cidr_block
22794
+ # The IPv4 CIDR block used for the destination match.
22795
+ # @return [String]
22796
+ #
22797
+ # @!attribute [rw] destination_ipv_6_cidr_block
22798
+ # The IPv6 CIDR block used for the destination match.
22799
+ # @return [String]
22800
+ #
22801
+ # @!attribute [rw] destination_prefix_list_id
22802
+ # The prefix of the destination Amazon Web Service.
22803
+ # @return [String]
22804
+ #
22805
+ # @!attribute [rw] egress_only_internet_gateway_id
22806
+ # The ID of the egress-only internet gateway.
22807
+ # @return [String]
22808
+ #
22809
+ # @!attribute [rw] gateway_id
22810
+ # The ID of a gateway attached to your VPC.
22811
+ # @return [String]
22812
+ #
22813
+ # @!attribute [rw] instance_id
22814
+ # The ID of a NAT instance in your VPC.
22815
+ # @return [String]
22816
+ #
22817
+ # @!attribute [rw] instance_owner_id
22818
+ # The ID of the Amazon Web Services account that owns the instance.
22819
+ # @return [String]
22820
+ #
22821
+ # @!attribute [rw] local_gateway_id
22822
+ # The ID of the local gateway.
22823
+ # @return [String]
22824
+ #
22825
+ # @!attribute [rw] nat_gateway_id
22826
+ # The ID of a NAT gateway.
22827
+ # @return [String]
22828
+ #
22829
+ # @!attribute [rw] network_interface_id
22830
+ # The ID of the network interface.
22831
+ # @return [String]
22832
+ #
22833
+ # @!attribute [rw] origin
22834
+ # Describes how the route was created.
22835
+ # @return [String]
22836
+ #
22837
+ # @!attribute [rw] state
22838
+ # The state of the route.
22839
+ # @return [String]
22840
+ #
22841
+ # @!attribute [rw] transit_gateway_id
22842
+ # The ID of a transit gateway.
22843
+ # @return [String]
22844
+ #
22845
+ # @!attribute [rw] vpc_peering_connection_id
22846
+ # The ID of a VPC peering connection.
22847
+ # @return [String]
22848
+ #
22849
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RouteSetDetails AWS API Documentation
22850
+ #
22851
+ class RouteSetDetails < Struct.new(
22852
+ :carrier_gateway_id,
22853
+ :core_network_arn,
22854
+ :destination_cidr_block,
22855
+ :destination_ipv_6_cidr_block,
22856
+ :destination_prefix_list_id,
22857
+ :egress_only_internet_gateway_id,
22858
+ :gateway_id,
22859
+ :instance_id,
22860
+ :instance_owner_id,
22861
+ :local_gateway_id,
22862
+ :nat_gateway_id,
22863
+ :network_interface_id,
22864
+ :origin,
22865
+ :state,
22866
+ :transit_gateway_id,
22867
+ :vpc_peering_connection_id)
22868
+ SENSITIVE = []
22869
+ include Aws::Structure
22870
+ end
22871
+
22317
22872
  # Details about the rule group.
22318
22873
  #
22319
22874
  # @!attribute [rw] rule_variables
@@ -22754,6 +23309,132 @@ module Aws::SecurityHub
22754
23309
  include Aws::Structure
22755
23310
  end
22756
23311
 
23312
+ # A security control in Security Hub describes a security best practice
23313
+ # related to a specific resource.
23314
+ #
23315
+ # @!attribute [rw] security_control_id
23316
+ # The unique identifier of a security control across standards. Values
23317
+ # for this field typically consist of an Amazon Web Service name and a
23318
+ # number, such as APIGateway.3.
23319
+ # @return [String]
23320
+ #
23321
+ # @!attribute [rw] security_control_arn
23322
+ # The Amazon Resource Name (ARN) for a security control across
23323
+ # standards, such as
23324
+ # `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
23325
+ # This parameter doesn't mention a specific standard.
23326
+ # @return [String]
23327
+ #
23328
+ # @!attribute [rw] title
23329
+ # The title of a security control.
23330
+ # @return [String]
23331
+ #
23332
+ # @!attribute [rw] description
23333
+ # The description of a security control across standards. This
23334
+ # typically summarizes how Security Hub evaluates the control and the
23335
+ # conditions under which it produces a failed finding. This parameter
23336
+ # doesn't reference a specific standard.
23337
+ # @return [String]
23338
+ #
23339
+ # @!attribute [rw] remediation_url
23340
+ # A link to Security Hub documentation that explains how to remediate
23341
+ # a failed finding for a security control.
23342
+ # @return [String]
23343
+ #
23344
+ # @!attribute [rw] severity_rating
23345
+ # The severity of a security control. For more information about how
23346
+ # Security Hub determines control severity, see [Assigning severity to
23347
+ # control findings][1] in the *Security Hub User Guide*.
23348
+ #
23349
+ #
23350
+ #
23351
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity
23352
+ # @return [String]
23353
+ #
23354
+ # @!attribute [rw] security_control_status
23355
+ # The status of a security control based on the compliance status of
23356
+ # its findings. For more information about how control status is
23357
+ # determined, see [Determining the overall status of a control from
23358
+ # its findings][1] in the *Security Hub User Guide*.
23359
+ #
23360
+ #
23361
+ #
23362
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html
23363
+ # @return [String]
23364
+ #
23365
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
23366
+ #
23367
+ class SecurityControl < Struct.new(
23368
+ :security_control_id,
23369
+ :security_control_arn,
23370
+ :title,
23371
+ :description,
23372
+ :remediation_url,
23373
+ :severity_rating,
23374
+ :security_control_status)
23375
+ SENSITIVE = []
23376
+ include Aws::Structure
23377
+ end
23378
+
23379
+ # Provides metadata for a security control, including its unique
23380
+ # standard-agnostic identifier, title, description, severity,
23381
+ # availability in Amazon Web Services Regions, and a link to remediation
23382
+ # steps.
23383
+ #
23384
+ # @!attribute [rw] security_control_id
23385
+ # The unique identifier of a security control across standards. Values
23386
+ # for this field typically consist of an Amazon Web Service name and a
23387
+ # number (for example, APIGateway.3). This parameter differs from
23388
+ # `SecurityControlArn`, which is a unique Amazon Resource Name (ARN)
23389
+ # assigned to a control. The ARN references the security control ID
23390
+ # (for example,
23391
+ # arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
23392
+ # @return [String]
23393
+ #
23394
+ # @!attribute [rw] title
23395
+ # The title of a security control.
23396
+ # @return [String]
23397
+ #
23398
+ # @!attribute [rw] description
23399
+ # The description of a security control across standards. This
23400
+ # typically summarizes how Security Hub evaluates the control and the
23401
+ # conditions under which it produces a failed finding. This parameter
23402
+ # doesn't reference a specific standard.
23403
+ # @return [String]
23404
+ #
23405
+ # @!attribute [rw] remediation_url
23406
+ # A link to Security Hub documentation that explains how to remediate
23407
+ # a failed finding for a security control.
23408
+ # @return [String]
23409
+ #
23410
+ # @!attribute [rw] severity_rating
23411
+ # The severity of a security control. For more information about how
23412
+ # Security Hub determines control severity, see [Assigning severity to
23413
+ # control findings][1] in the *Security Hub User Guide*.
23414
+ #
23415
+ #
23416
+ #
23417
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity
23418
+ # @return [String]
23419
+ #
23420
+ # @!attribute [rw] current_region_availability
23421
+ # Specifies whether a security control is available in the current
23422
+ # Amazon Web Services Region.
23423
+ # @return [String]
23424
+ #
23425
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
23426
+ #
23427
+ class SecurityControlDefinition < Struct.new(
23428
+ :security_control_id,
23429
+ :title,
23430
+ :description,
23431
+ :remediation_url,
23432
+ :severity_rating,
23433
+ :current_region_availability)
23434
+ SENSITIVE = []
23435
+ include Aws::Structure
23436
+ end
23437
+
22757
23438
  # The list of detected instances of sensitive data.
22758
23439
  #
22759
23440
  # @!attribute [rw] count
@@ -22810,7 +23491,7 @@ module Aws::SecurityHub
22810
23491
  # The severity of the finding.
22811
23492
  #
22812
23493
  # The finding provider can provide the initial severity. The finding
22813
- # provider can only update the severity if it has not been updated using
23494
+ # provider can only update the severity if it hasn't been updated using
22814
23495
  # `BatchUpdateFindings`.
22815
23496
  #
22816
23497
  # The finding must have either `Label` or `Normalized` populated. If
@@ -23137,6 +23818,207 @@ module Aws::SecurityHub
23137
23818
  include Aws::Structure
23138
23819
  end
23139
23820
 
23821
+ # Provides details about a control's enablement status in a specified
23822
+ # standard.
23823
+ #
23824
+ # @!attribute [rw] standards_arn
23825
+ # The Amazon Resource Name (ARN) of a security standard.
23826
+ # @return [String]
23827
+ #
23828
+ # @!attribute [rw] security_control_id
23829
+ # The unique identifier of a security control across standards. Values
23830
+ # for this field typically consist of an Amazon Web Service name and a
23831
+ # number, such as APIGateway.3.
23832
+ # @return [String]
23833
+ #
23834
+ # @!attribute [rw] security_control_arn
23835
+ # The ARN of a security control across standards, such as
23836
+ # `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
23837
+ # This parameter doesn't mention a specific standard.
23838
+ # @return [String]
23839
+ #
23840
+ # @!attribute [rw] association_status
23841
+ # Specifies whether a control is enabled or disabled in a specified
23842
+ # standard.
23843
+ # @return [String]
23844
+ #
23845
+ # @!attribute [rw] related_requirements
23846
+ # The requirement that underlies a control in the compliance framework
23847
+ # related to the standard.
23848
+ # @return [Array<String>]
23849
+ #
23850
+ # @!attribute [rw] updated_at
23851
+ # The time at which the enablement status of the control in the
23852
+ # specified standard was last updated.
23853
+ # @return [Time]
23854
+ #
23855
+ # @!attribute [rw] updated_reason
23856
+ # The reason for updating the enablement status of a control in a
23857
+ # specified standard.
23858
+ # @return [String]
23859
+ #
23860
+ # @!attribute [rw] standards_control_title
23861
+ # The title of a control. This field may reference a specific
23862
+ # standard.
23863
+ # @return [String]
23864
+ #
23865
+ # @!attribute [rw] standards_control_description
23866
+ # The description of a control. This typically summarizes how Security
23867
+ # Hub evaluates the control and the conditions under which it produces
23868
+ # a failed finding. This parameter may reference a specific standard.
23869
+ # @return [String]
23870
+ #
23871
+ # @!attribute [rw] standards_control_arns
23872
+ # Provides the input parameter that Security Hub uses to call the
23873
+ # [UpdateStandardsControl][1] API. This API can be used to enable or
23874
+ # disable a control in a specified standard.
23875
+ #
23876
+ #
23877
+ #
23878
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html
23879
+ # @return [Array<String>]
23880
+ #
23881
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationDetail AWS API Documentation
23882
+ #
23883
+ class StandardsControlAssociationDetail < Struct.new(
23884
+ :standards_arn,
23885
+ :security_control_id,
23886
+ :security_control_arn,
23887
+ :association_status,
23888
+ :related_requirements,
23889
+ :updated_at,
23890
+ :updated_reason,
23891
+ :standards_control_title,
23892
+ :standards_control_description,
23893
+ :standards_control_arns)
23894
+ SENSITIVE = []
23895
+ include Aws::Structure
23896
+ end
23897
+
23898
+ # An array with one or more objects that includes a security control
23899
+ # (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
23900
+ # of both parameters) and the Amazon Resource Name (ARN) of a standard.
23901
+ # The security control ID or ARN is the same across standards.
23902
+ #
23903
+ # @!attribute [rw] security_control_id
23904
+ # The unique identifier (identified with `SecurityControlId`,
23905
+ # `SecurityControlArn`, or a mix of both parameters) of a security
23906
+ # control across standards.
23907
+ # @return [String]
23908
+ #
23909
+ # @!attribute [rw] standards_arn
23910
+ # The ARN of a standard.
23911
+ # @return [String]
23912
+ #
23913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationId AWS API Documentation
23914
+ #
23915
+ class StandardsControlAssociationId < Struct.new(
23916
+ :security_control_id,
23917
+ :standards_arn)
23918
+ SENSITIVE = []
23919
+ include Aws::Structure
23920
+ end
23921
+
23922
+ # An array that provides the enablement status and other details for
23923
+ # each control that applies to each enabled standard.
23924
+ #
23925
+ # @!attribute [rw] standards_arn
23926
+ # The Amazon Resource Name (ARN) of a standard.
23927
+ # @return [String]
23928
+ #
23929
+ # @!attribute [rw] security_control_id
23930
+ # A unique standard-agnostic identifier for a control. Values for this
23931
+ # field typically consist of an Amazon Web Service and a number, such
23932
+ # as APIGateway.5. This field doesn't reference a specific standard.
23933
+ # @return [String]
23934
+ #
23935
+ # @!attribute [rw] security_control_arn
23936
+ # The ARN of a control, such as
23937
+ # `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
23938
+ # This parameter doesn't mention a specific standard.
23939
+ # @return [String]
23940
+ #
23941
+ # @!attribute [rw] association_status
23942
+ # The enablement status of a control in a specific standard.
23943
+ # @return [String]
23944
+ #
23945
+ # @!attribute [rw] related_requirements
23946
+ # The requirement that underlies this control in the compliance
23947
+ # framework related to the standard.
23948
+ # @return [Array<String>]
23949
+ #
23950
+ # @!attribute [rw] updated_at
23951
+ # The last time that a control's enablement status in a specified
23952
+ # standard was updated.
23953
+ # @return [Time]
23954
+ #
23955
+ # @!attribute [rw] updated_reason
23956
+ # The reason for updating the control's enablement status in a
23957
+ # specified standard.
23958
+ # @return [String]
23959
+ #
23960
+ # @!attribute [rw] standards_control_title
23961
+ # The title of a control.
23962
+ # @return [String]
23963
+ #
23964
+ # @!attribute [rw] standards_control_description
23965
+ # The description of a control. This typically summarizes how Security
23966
+ # Hub evaluates the control and the conditions under which it produces
23967
+ # a failed finding. The parameter may reference a specific standard.
23968
+ # @return [String]
23969
+ #
23970
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationSummary AWS API Documentation
23971
+ #
23972
+ class StandardsControlAssociationSummary < Struct.new(
23973
+ :standards_arn,
23974
+ :security_control_id,
23975
+ :security_control_arn,
23976
+ :association_status,
23977
+ :related_requirements,
23978
+ :updated_at,
23979
+ :updated_reason,
23980
+ :standards_control_title,
23981
+ :standards_control_description)
23982
+ SENSITIVE = []
23983
+ include Aws::Structure
23984
+ end
23985
+
23986
+ # An array of requested updates to the enablement status of controls in
23987
+ # specified standards. The objects in the array include a security
23988
+ # control ID, the Amazon Resource Name (ARN) of the standard, the
23989
+ # requested enablement status, and the reason for updating the
23990
+ # enablement status.
23991
+ #
23992
+ # @!attribute [rw] standards_arn
23993
+ # The Amazon Resource Name (ARN) of the standard in which you want to
23994
+ # update the control's enablement status.
23995
+ # @return [String]
23996
+ #
23997
+ # @!attribute [rw] security_control_id
23998
+ # The unique identifier for the security control whose enablement
23999
+ # status you want to update.
24000
+ # @return [String]
24001
+ #
24002
+ # @!attribute [rw] association_status
24003
+ # The desired enablement status of the control in the standard.
24004
+ # @return [String]
24005
+ #
24006
+ # @!attribute [rw] updated_reason
24007
+ # The reason for updating the control's enablement status in the
24008
+ # standard.
24009
+ # @return [String]
24010
+ #
24011
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationUpdate AWS API Documentation
24012
+ #
24013
+ class StandardsControlAssociationUpdate < Struct.new(
24014
+ :standards_arn,
24015
+ :security_control_id,
24016
+ :association_status,
24017
+ :updated_reason)
24018
+ SENSITIVE = []
24019
+ include Aws::Structure
24020
+ end
24021
+
23140
24022
  # Provides details about the management of a security standard.
23141
24023
  #
23142
24024
  # @!attribute [rw] company
@@ -23505,6 +24387,111 @@ module Aws::SecurityHub
23505
24387
  include Aws::Structure
23506
24388
  end
23507
24389
 
24390
+ # Provides details about a security control for which a response
24391
+ # couldn't be returned.
24392
+ #
24393
+ # @!attribute [rw] security_control_id
24394
+ # The control (identified with `SecurityControlId`,
24395
+ # `SecurityControlArn`, or a mix of both parameters) for which a
24396
+ # response couldn't be returned.
24397
+ # @return [String]
24398
+ #
24399
+ # @!attribute [rw] error_code
24400
+ # The error code for the unprocessed security control.
24401
+ # @return [String]
24402
+ #
24403
+ # @!attribute [rw] error_reason
24404
+ # The reason why the security control was unprocessed.
24405
+ # @return [String]
24406
+ #
24407
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedSecurityControl AWS API Documentation
24408
+ #
24409
+ class UnprocessedSecurityControl < Struct.new(
24410
+ :security_control_id,
24411
+ :error_code,
24412
+ :error_reason)
24413
+ SENSITIVE = []
24414
+ include Aws::Structure
24415
+ end
24416
+
24417
+ # Provides details about which control's enablement status couldn't be
24418
+ # retrieved in a specified standard when calling
24419
+ # [BatchUpdateStandardsControlAssociations][1]. This parameter also
24420
+ # provides details about why the request was unprocessed.
24421
+ #
24422
+ #
24423
+ #
24424
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
24425
+ #
24426
+ # @!attribute [rw] standards_control_association_id
24427
+ # An array with one or more objects that includes a security control
24428
+ # (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
24429
+ # of both parameters) and the Amazon Resource Name (ARN) of a
24430
+ # standard. This parameter shows the specific controls for which the
24431
+ # enablement status couldn't be retrieved in specified standards when
24432
+ # calling [BatchUpdateStandardsControlAssociations][1].
24433
+ #
24434
+ #
24435
+ #
24436
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
24437
+ # @return [Types::StandardsControlAssociationId]
24438
+ #
24439
+ # @!attribute [rw] error_code
24440
+ # The error code for the unprocessed standard and control association.
24441
+ # @return [String]
24442
+ #
24443
+ # @!attribute [rw] error_reason
24444
+ # The reason why the standard and control association was unprocessed.
24445
+ # @return [String]
24446
+ #
24447
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedStandardsControlAssociation AWS API Documentation
24448
+ #
24449
+ class UnprocessedStandardsControlAssociation < Struct.new(
24450
+ :standards_control_association_id,
24451
+ :error_code,
24452
+ :error_reason)
24453
+ SENSITIVE = []
24454
+ include Aws::Structure
24455
+ end
24456
+
24457
+ # Provides details about which control's enablement status could not be
24458
+ # updated in a specified standard when calling the
24459
+ # [BatchUpdateStandardsControlAssociations][1] API. This parameter also
24460
+ # provides details about why the request was unprocessed.
24461
+ #
24462
+ #
24463
+ #
24464
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
24465
+ #
24466
+ # @!attribute [rw] standards_control_association_update
24467
+ # An array of control and standard associations for which an update
24468
+ # failed when calling [BatchUpdateStandardsControlAssociations][1].
24469
+ #
24470
+ #
24471
+ #
24472
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
24473
+ # @return [Types::StandardsControlAssociationUpdate]
24474
+ #
24475
+ # @!attribute [rw] error_code
24476
+ # The error code for the unprocessed update of the control's
24477
+ # enablement status in the specified standard.
24478
+ # @return [String]
24479
+ #
24480
+ # @!attribute [rw] error_reason
24481
+ # The reason why a control's enablement status in the specified
24482
+ # standard couldn't be updated.
24483
+ # @return [String]
24484
+ #
24485
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedStandardsControlAssociationUpdate AWS API Documentation
24486
+ #
24487
+ class UnprocessedStandardsControlAssociationUpdate < Struct.new(
24488
+ :standards_control_association_update,
24489
+ :error_code,
24490
+ :error_reason)
24491
+ SENSITIVE = []
24492
+ include Aws::Structure
24493
+ end
24494
+
23508
24495
  # @!attribute [rw] resource_arn
23509
24496
  # The ARN of the resource to remove the tags from.
23510
24497
  # @return [String]
@@ -23741,10 +24728,26 @@ module Aws::SecurityHub
23741
24728
  # `false`.
23742
24729
  # @return [Boolean]
23743
24730
  #
24731
+ # @!attribute [rw] control_finding_generator
24732
+ # Updates whether the calling account has consolidated control
24733
+ # findings turned on. If the value for this field is set to
24734
+ # `SECURITY_CONTROL`, Security Hub generates a single finding for a
24735
+ # control check even when the check applies to multiple enabled
24736
+ # standards.
24737
+ #
24738
+ # If the value for this field is set to `STANDARD_CONTROL`, Security
24739
+ # Hub generates separate findings for a control check when the check
24740
+ # applies to multiple enabled standards.
24741
+ #
24742
+ # For accounts that are part of an organization, this value can only
24743
+ # be updated in the administrator account.
24744
+ # @return [String]
24745
+ #
23744
24746
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfigurationRequest AWS API Documentation
23745
24747
  #
23746
24748
  class UpdateSecurityHubConfigurationRequest < Struct.new(
23747
- :auto_enable_controls)
24749
+ :auto_enable_controls,
24750
+ :control_finding_generator)
23748
24751
  SENSITIVE = []
23749
24752
  include Aws::Structure
23750
24753
  end