aws-sdk-securityhub 1.77.0 → 1.79.0

data/lib/aws-sdk-securityhub/types.rb

@@ -329,6 +329,68 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The associations between a route table and one or more subnets or a
+    # gateway.
+    #
+    # @!attribute [rw] association_state
+    #   The state of the association between a route table and a subnet or
+    #   gateway.
+    #   @return [Types::AssociationStateDetails]
+    #
+    # @!attribute [rw] gateway_id
+    #   The ID of the internet gateway or virtual private gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] main
+    #   Indicates whether this is the main route table.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] route_table_association_id
+    #   The ID of the association.
+    #   @return [String]
+    #
+    # @!attribute [rw] route_table_id
+    #   The ID of the route table.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_id
+    #   The ID of the subnet. A subnet ID is not returned for an implicit
+    #   association.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationSetDetails AWS API Documentation
+    #
+    class AssociationSetDetails < Struct.new(
+      :association_state,
+      :gateway_id,
+      :main,
+      :route_table_association_id,
+      :route_table_id,
+      :subnet_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the state of an association between a route table and a
+    # subnet or gateway.
+    #
+    # @!attribute [rw] state
+    #   The state of the association.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   The status message, if applicable.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationStateDetails AWS API Documentation
+    #
+    class AssociationStateDetails < Struct.new(
+      :state,
+      :status_message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about an Availability Zone.
     #
     # @!attribute [rw] zone_name
@@ -1838,8 +1900,8 @@ module Aws::SecurityHub
     #   @return [Array<String>]
     #
     # @!attribute [rw] sns_topic_arn
-    #   An ARN that uniquely identifies the Amazon SNS topic for a backup
-    #   vault’s events.
+    #   The Amazon Resource Name (ARN) that uniquely identifies the Amazon
+    #   SNS topic for a backup vault's events.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupVaultNotificationsDetails AWS API Documentation
@@ -4459,6 +4521,10 @@ module Aws::SecurityHub
     #   Details about the metadata options for the Amazon EC2 instance.
     #   @return [Types::AwsEc2InstanceMetadataOptions]
     #
+    # @!attribute [rw] monitoring
+    #   Describes the type of monitoring that’s turned on for an instance.
+    #   @return [Types::AwsEc2InstanceMonitoringDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
     #
     class AwsEc2InstanceDetails < Struct.new(
@@ -4473,7 +4539,8 @@ module Aws::SecurityHub
       :launched_at,
       :network_interfaces,
       :virtualization_type,
-      :metadata_options)
+      :metadata_options,
+      :monitoring)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4517,6 +4584,21 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The type of monitoring that’s turned on for an Amazon EC2 instance.
+    #
+    # @!attribute [rw] state
+    #   Indicates whether detailed monitoring is turned on. Otherwise, basic
+    #   monitoring is turned on.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceMonitoringDetails AWS API Documentation
+    #
+    class AwsEc2InstanceMonitoringDetails < Struct.new(
+      :state)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Identifies a network interface for the Amazon EC2 instance.
     #
     # @!attribute [rw] network_interface_id
@@ -5216,7 +5298,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] on_demand_max_price_percentage_over_lowest_price
     #   The price protection threshold for On-Demand Instances. This is the
-    #   maximum you’ll pay for an On-Demand Instance, expressed as a
+    #   maximum you'll pay for an On-Demand Instance, expressed as a
     #   percentage above the least expensive current generation M, C, or R
     #   instance type with your specified attributes. When Amazon EC2
     #   selects instance types with your attributes, it excludes instance
@@ -5235,7 +5317,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] spot_max_price_percentage_over_lowest_price
     #   The price protection threshold for Spot Instances. This is the
-    #   maximum you’ll pay for a Spot Instance, expressed as a percentage
+    #   maximum you'll pay for a Spot Instance, expressed as a percentage
     #   above the least expensive current generation M, C, or R instance
     #   type with your specified attributes. When Amazon EC2 selects
     #   instance types with your attributes, it excludes instance types
@@ -5418,7 +5500,7 @@ module Aws::SecurityHub
     # @!attribute [rw] http_endpoint
     #   Enables or disables the HTTP metadata endpoint on your instances. If
     #   the parameter is not specified, the default state is enabled, and
-    #   you won’t be able to access your instance metadata.
+    #   you won't be able to access your instance metadata.
     #   @return [String]
     #
     # @!attribute [rw] http_protocol_ipv_6
@@ -6075,6 +6157,46 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides details about a route table for the specified VPC.
+    #
+    # @!attribute [rw] association_set
+    #   The associations between a route table and one or more subnets or a
+    #   gateway.
+    #   @return [Array<Types::AssociationSetDetails>]
+    #
+    # @!attribute [rw] owner_id
+    #   The ID of the Amazon Web Services account that owns the route table.
+    #   @return [String]
+    #
+    # @!attribute [rw] propagating_vgw_set
+    #   Describes a virtual private gateway propagating route.
+    #   @return [Array<Types::PropagatingVgwSetDetails>]
+    #
+    # @!attribute [rw] route_table_id
+    #   The ID of the route table.
+    #   @return [String]
+    #
+    # @!attribute [rw] route_set
+    #   The routes in the route table.
+    #   @return [Array<Types::RouteSetDetails>]
+    #
+    # @!attribute [rw] vpc_id
+    #   The ID of the virtual private cloud (VPC).
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2RouteTableDetails AWS API Documentation
+    #
+    class AwsEc2RouteTableDetails < Struct.new(
+      :association_set,
+      :owner_id,
+      :propagating_vgw_set,
+      :route_table_id,
+      :route_set,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about an Amazon EC2 security group.
     #
     # @!attribute [rw] group_name
@@ -8091,15 +8213,15 @@ module Aws::SecurityHub
     #
     #   * ` user `
     #
-    #   * ` user `\:` group `
+    #   * ` user `:` group `
     #
     #   * ` uid `
     #
-    #   * ` uid `\:` gid `
+    #   * ` uid `:` gid `
     #
-    #   * ` user `\:` gid `
+    #   * ` user `:` gid `
     #
-    #   * ` uid `\:` group `
+    #   * ` uid `:` group `
     #   @return [String]
     #
     # @!attribute [rw] volumes_from
@@ -9426,11 +9548,19 @@ module Aws::SecurityHub
     #   The subnets that are associated with the cluster.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] endpoint_public_access
+    #   Indicates whether the Amazon EKS public API server endpoint is
+    #   turned on. If the Amazon EKS public API server endpoint is turned
+    #   off, your cluster's Kubernetes API server can only receive requests
+    #   that originate from within the cluster VPC.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterResourcesVpcConfigDetails AWS API Documentation
     #
     class AwsEksClusterResourcesVpcConfigDetails < Struct.new(
       :security_group_ids,
-      :subnet_ids)
+      :subnet_ids,
+      :endpoint_public_access)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -13970,7 +14100,9 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # Information about a cross-Region snapshot copy.
+    # You can configure Amazon Redshift to copy snapshots for a cluster to
+    # another Amazon Web Services Region. This parameter provides
+    # information about a cross-Region snapshot copy.
     #
     # @!attribute [rw] destination_region
     #   The destination Region that snapshots are automatically copied to
@@ -13979,7 +14111,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] manual_snapshot_retention_period
     #   The number of days that manual snapshots are retained in the
-    #   destination region after they are copied from a source region.
+    #   destination Region after they are copied from a source Region.
     #
     #   If the value is `-1`, then the manual snapshot is retained
     #   indefinitely.
@@ -15106,6 +15238,11 @@ module Aws::SecurityHub
     #   The versioning state of an S3 bucket.
     #   @return [Types::AwsS3BucketBucketVersioningConfiguration]
     #
+    # @!attribute [rw] object_lock_configuration
+    #   Specifies which rule Amazon S3 applies by default to every new
+    #   object placed in the specified bucket.
+    #   @return [Types::AwsS3BucketObjectLockConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
     #
     class AwsS3BucketDetails < Struct.new(
@@ -15120,7 +15257,8 @@ module Aws::SecurityHub
       :bucket_logging_configuration,
       :bucket_website_configuration,
       :bucket_notification_configuration,
-      :bucket_versioning_configuration)
+      :bucket_versioning_configuration,
+      :object_lock_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -15246,6 +15384,73 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The container element for S3 Object Lock configuration parameters. In
+    # Amazon S3, Object Lock can help prevent objects from being deleted or
+    # overwritten for a fixed amount of time or indefinitely.
+    #
+    # @!attribute [rw] object_lock_enabled
+    #   Indicates whether the bucket has an Object Lock configuration
+    #   enabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] rule
+    #   Specifies the Object Lock rule for the specified object.
+    #   @return [Types::AwsS3BucketObjectLockConfigurationRuleDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfiguration AWS API Documentation
+    #
+    class AwsS3BucketObjectLockConfiguration < Struct.new(
+      :object_lock_enabled,
+      :rule)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The default S3 Object Lock retention mode and period that you want to
+    # apply to new objects placed in the specified Amazon S3 bucket.
+    #
+    # @!attribute [rw] days
+    #   The number of days that you want to specify for the default
+    #   retention period.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] mode
+    #   The default Object Lock retention mode you want to apply to new
+    #   objects placed in the specified bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] years
+    #   The number of years that you want to specify for the default
+    #   retention period.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails AWS API Documentation
+    #
+    class AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails < Struct.new(
+      :days,
+      :mode,
+      :years)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the S3 Object Lock rule for the specified object. In Amazon
+    # S3, Object Lock can help prevent objects from being deleted or
+    # overwritten for a fixed amount of time or indefinitely.
+    #
+    # @!attribute [rw] default_retention
+    #   The default Object Lock retention mode and period that you want to
+    #   apply to new objects placed in the specified bucket.
+    #   @return [Types::AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketObjectLockConfigurationRuleDetails AWS API Documentation
+    #
+    class AwsS3BucketObjectLockConfigurationRuleDetails < Struct.new(
+      :default_retention)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the default server-side encryption to apply to new objects
     # in the bucket.
     #
@@ -16294,7 +16499,8 @@ module Aws::SecurityHub
     #   @return [Array<Types::NumberFilter>]
     #
     # @!attribute [rw] process_parent_pid
-    #   The parent process ID.
+    #   The parent process ID. This field accepts positive integers between
+    #   `O` and `2147483647`.
     #   @return [Array<Types::NumberFilter>]
     #
     # @!attribute [rw] process_launched_at
@@ -16503,7 +16709,7 @@ module Aws::SecurityHub
     #     owner.
     #
     #     If one of the following occurs, the workflow status is changed
-    #     automatically from `NOTIFIED` to `NEW`\:
+    #     automatically from `NOTIFIED` to `NEW`:
     #
     #     * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
     #
@@ -18234,6 +18440,81 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @!attribute [rw] security_control_ids
+    #   A list of security controls (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters). The security
+    #   control ID or Amazon Resource Name (ARN) is the same across
+    #   standards.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControlsRequest AWS API Documentation
+    #
+    class BatchGetSecurityControlsRequest < Struct.new(
+      :security_control_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] security_controls
+    #   An array that returns the identifier, Amazon Resource Name (ARN),
+    #   and other details about a security control. The same information is
+    #   returned whether the request includes `SecurityControlId` or
+    #   `SecurityControlArn`.
+    #   @return [Array<Types::SecurityControl>]
+    #
+    # @!attribute [rw] unprocessed_ids
+    #   A security control (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) for which details
+    #   cannot be returned.
+    #   @return [Array<Types::UnprocessedSecurityControl>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControlsResponse AWS API Documentation
+    #
+    class BatchGetSecurityControlsResponse < Struct.new(
+      :security_controls,
+      :unprocessed_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] standards_control_association_ids
+    #   An array with one or more objects that includes a security control
+    #   (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
+    #   of both parameters) and the Amazon Resource Name (ARN) of a
+    #   standard. This field is used to query the enablement status of a
+    #   control in a specified standard. The security control ID or ARN is
+    #   the same across standards.
+    #   @return [Array<Types::StandardsControlAssociationId>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociationsRequest AWS API Documentation
+    #
+    class BatchGetStandardsControlAssociationsRequest < Struct.new(
+      :standards_control_association_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] standards_control_association_details
+    #   Provides the enablement status of a security control in a specified
+    #   standard and other details for the control in relation to the
+    #   specified standard.
+    #   @return [Array<Types::StandardsControlAssociationDetail>]
+    #
+    # @!attribute [rw] unprocessed_associations
+    #   A security control (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) whose enablement
+    #   status in a specified standard cannot be returned.
+    #   @return [Array<Types::UnprocessedStandardsControlAssociation>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociationsResponse AWS API Documentation
+    #
+    class BatchGetStandardsControlAssociationsResponse < Struct.new(
+      :standards_control_association_details,
+      :unprocessed_associations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] findings
     #   A list of findings to import. To successfully import a finding, it
     #   must follow the [Amazon Web Services Security Finding Format][1].
@@ -18455,6 +18736,33 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @!attribute [rw] standards_control_association_updates
+    #   Updates the enablement status of a security control in a specified
+    #   standard.
+    #   @return [Array<Types::StandardsControlAssociationUpdate>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociationsRequest AWS API Documentation
+    #
+    class BatchUpdateStandardsControlAssociationsRequest < Struct.new(
+      :standards_control_association_updates)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] unprocessed_association_updates
+    #   A security control (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) whose enablement
+    #   status in a specified standard couldn't be updated.
+    #   @return [Array<Types::UnprocessedStandardsControlAssociationUpdate>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociationsResponse AWS API Documentation
+    #
+    class BatchUpdateStandardsControlAssociationsResponse < Struct.new(
+      :unprocessed_association_updates)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Boolean filter for querying findings.
     #
     # @!attribute [rw] value
@@ -18769,7 +19077,7 @@ module Aws::SecurityHub
     end
 
     # @!attribute [rw] action_target_arn
-    #   The ARN for the custom action target.
+    #   The Amazon Resource Name (ARN) for the custom action target.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateActionTargetResponse AWS API Documentation
@@ -19091,8 +19399,8 @@ module Aws::SecurityHub
     end
 
     # @!attribute [rw] account_ids
-    #   The list of account IDs for the accounts from which to decline the
-    #   invitations to Security Hub.
+    #   The list of prospective member account IDs for which to decline an
+    #   invitation.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeclineInvitationsRequest AWS API Documentation
@@ -19118,7 +19426,8 @@ module Aws::SecurityHub
     end
 
     # @!attribute [rw] action_target_arn
-    #   The ARN of the custom action target to delete.
+    #   The Amazon Resource Name (ARN) of the custom action target to
+    #   delete.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteActionTargetRequest AWS API Documentation
@@ -19183,7 +19492,8 @@ module Aws::SecurityHub
     end
 
     # @!attribute [rw] account_ids
-    #   The list of the account IDs that sent the invitations to delete.
+    #   The list of member account IDs that received the invitations you
+    #   want to delete.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInvitationsRequest AWS API Documentation
@@ -19311,12 +19621,30 @@ module Aws::SecurityHub
     #   enabled.
     #   @return [Boolean]
     #
+    # @!attribute [rw] control_finding_generator
+    #   Specifies whether the calling account has consolidated control
+    #   findings turned on. If the value for this field is set to
+    #   `SECURITY_CONTROL`, Security Hub generates a single finding for a
+    #   control check even when the check applies to multiple enabled
+    #   standards.
+    #
+    #   If the value for this field is set to `STANDARD_CONTROL`, Security
+    #   Hub generates separate findings for a control check when the check
+    #   applies to multiple enabled standards.
+    #
+    #   The value for this field in a member account matches the value in
+    #   the administrator account. For accounts that aren't part of an
+    #   organization, the default value of this field is `SECURITY_CONTROL`
+    #   if you enabled Security Hub on or after February 23, 2023.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHubResponse AWS API Documentation
     #
     class DescribeHubResponse < Struct.new(
       :hub_arn,
       :subscribed_at,
-      :auto_enable_controls)
+      :auto_enable_controls,
+      :control_finding_generator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -19657,11 +19985,29 @@ module Aws::SecurityHub
     #   `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] control_finding_generator
+    #   This field, used when enabling Security Hub, specifies whether the
+    #   calling account has consolidated control findings turned on. If the
+    #   value for this field is set to `SECURITY_CONTROL`, Security Hub
+    #   generates a single finding for a control check even when the check
+    #   applies to multiple enabled standards.
+    #
+    #   If the value for this field is set to `STANDARD_CONTROL`, Security
+    #   Hub generates separate findings for a control check when the check
+    #   applies to multiple enabled standards.
+    #
+    #   The value for this field in a member account matches the value in
+    #   the administrator account. For accounts that aren't part of an
+    #   organization, the default value of this field is `SECURITY_CONTROL`
+    #   if you enabled Security Hub on or after February 23, 2023.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation
     #
     class EnableSecurityHubRequest < Struct.new(
       :tags,
-      :enable_default_standards)
+      :enable_default_standards,
+      :control_finding_generator)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -20776,6 +21122,104 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @!attribute [rw] standards_arn
+    #   The Amazon Resource Name (ARN) of the standard that you want to view
+    #   controls for.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   Optional pagination parameter.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   An optional parameter that limits the total results of the API
+    #   response to the specified number. If this parameter isn't provided
+    #   in the request, the results include the first 25 security controls
+    #   that apply to the specified standard. The results also include a
+    #   `NextToken` parameter that you can use in a subsequent API call to
+    #   get the next 25 controls. This repeats until all controls for the
+    #   standard are returned.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitionsRequest AWS API Documentation
+    #
+    class ListSecurityControlDefinitionsRequest < Struct.new(
+      :standards_arn,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] security_control_definitions
+    #   An array of controls that apply to the specified standard.
+    #   @return [Array<Types::SecurityControlDefinition>]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination parameter that's included in the response only if it
+    #   was included in the request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitionsResponse AWS API Documentation
+    #
+    class ListSecurityControlDefinitionsResponse < Struct.new(
+      :security_control_definitions,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] security_control_id
+    #   The identifier of the control (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) that you want to
+    #   determine the enablement status of in each enabled standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   Optional pagination parameter.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   An optional parameter that limits the total results of the API
+    #   response to the specified number. If this parameter isn't provided
+    #   in the request, the results include the first 25 standard and
+    #   control associations. The results also include a `NextToken`
+    #   parameter that you can use in a subsequent API call to get the next
+    #   25 associations. This repeats until all associations for the
+    #   specified control are returned. The number of results is limited by
+    #   the number of supported Security Hub standards that you've enabled
+    #   in the calling account.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociationsRequest AWS API Documentation
+    #
+    class ListStandardsControlAssociationsRequest < Struct.new(
+      :security_control_id,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] standards_control_association_summaries
+    #   An array that provides the enablement status and other details for
+    #   each security control that applies to each enabled standard.
+    #   @return [Array<Types::StandardsControlAssociationSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination parameter that's included in the response only if it
+    #   was included in the request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociationsResponse AWS API Documentation
+    #
+    class ListStandardsControlAssociationsResponse < Struct.new(
+      :standards_control_association_summaries,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   The ARN of the resource to retrieve tags for.
     #   @return [String]
@@ -21514,7 +21958,8 @@ module Aws::SecurityHub
     #   @return [Integer]
     #
     # @!attribute [rw] parent_pid
-    #   The parent process ID.
+    #   The parent process ID. This field accepts positive integers between
+    #   `O` and `2147483647`.
     #   @return [Integer]
     #
     # @!attribute [rw] launched_at
@@ -21627,6 +22072,20 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Describes a virtual private gateway propagating route.
+    #
+    # @!attribute [rw] gateway_id
+    #   The ID of the virtual private gateway.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PropagatingVgwSetDetails AWS API Documentation
+    #
+    class PropagatingVgwSetDetails < Struct.new(
+      :gateway_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Identifies where the sensitive data begins and ends.
     #
     # @!attribute [rw] start
@@ -22186,6 +22645,12 @@ module Aws::SecurityHub
     #   Details about an WAFv2 rule group.
     #   @return [Types::AwsWafv2RuleGroupDetails]
     #
+    # @!attribute [rw] aws_ec2_route_table
+    #   Provides details about a route table. A route table contains a set
+    #   of rules, called routes, that determine where to direct network
+    #   traffic from your subnet or gateway.
+    #   @return [Types::AwsEc2RouteTableDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
     #
     class ResourceDetails < Struct.new(
@@ -22271,7 +22736,8 @@ module Aws::SecurityHub
       :aws_ec2_launch_template,
       :aws_sage_maker_notebook_instance,
       :aws_wafv_2_web_acl,
-      :aws_wafv_2_rule_group)
+      :aws_wafv_2_rule_group,
+      :aws_ec2_route_table)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -22314,6 +22780,95 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides details about the routes in the route table.
+    #
+    # @!attribute [rw] carrier_gateway_id
+    #   The ID of the carrier gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] core_network_arn
+    #   The Amazon Resource Name (ARN) of the core network.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_cidr_block
+    #   The IPv4 CIDR block used for the destination match.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_ipv_6_cidr_block
+    #   The IPv6 CIDR block used for the destination match.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_prefix_list_id
+    #   The prefix of the destination Amazon Web Service.
+    #   @return [String]
+    #
+    # @!attribute [rw] egress_only_internet_gateway_id
+    #   The ID of the egress-only internet gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] gateway_id
+    #   The ID of a gateway attached to your VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_id
+    #   The ID of a NAT instance in your VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_owner_id
+    #   The ID of the Amazon Web Services account that owns the instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] local_gateway_id
+    #   The ID of the local gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] nat_gateway_id
+    #   The ID of a NAT gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] network_interface_id
+    #   The ID of the network interface.
+    #   @return [String]
+    #
+    # @!attribute [rw] origin
+    #   Describes how the route was created.
+    #   @return [String]
+    #
+    # @!attribute [rw] state
+    #   The state of the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] transit_gateway_id
+    #   The ID of a transit gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_peering_connection_id
+    #   The ID of a VPC peering connection.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RouteSetDetails AWS API Documentation
+    #
+    class RouteSetDetails < Struct.new(
+      :carrier_gateway_id,
+      :core_network_arn,
+      :destination_cidr_block,
+      :destination_ipv_6_cidr_block,
+      :destination_prefix_list_id,
+      :egress_only_internet_gateway_id,
+      :gateway_id,
+      :instance_id,
+      :instance_owner_id,
+      :local_gateway_id,
+      :nat_gateway_id,
+      :network_interface_id,
+      :origin,
+      :state,
+      :transit_gateway_id,
+      :vpc_peering_connection_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about the rule group.
     #
     # @!attribute [rw] rule_variables
@@ -22754,6 +23309,132 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # A security control in Security Hub describes a security best practice
+    # related to a specific resource.
+    #
+    # @!attribute [rw] security_control_id
+    #   The unique identifier of a security control across standards. Values
+    #   for this field typically consist of an Amazon Web Service name and a
+    #   number, such as APIGateway.3.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_arn
+    #   The Amazon Resource Name (ARN) for a security control across
+    #   standards, such as
+    #   `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
+    #   This parameter doesn't mention a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] title
+    #   The title of a security control.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of a security control across standards. This
+    #   typically summarizes how Security Hub evaluates the control and the
+    #   conditions under which it produces a failed finding. This parameter
+    #   doesn't reference a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] remediation_url
+    #   A link to Security Hub documentation that explains how to remediate
+    #   a failed finding for a security control.
+    #   @return [String]
+    #
+    # @!attribute [rw] severity_rating
+    #   The severity of a security control. For more information about how
+    #   Security Hub determines control severity, see [Assigning severity to
+    #   control findings][1] in the *Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_status
+    #   The status of a security control based on the compliance status of
+    #   its findings. For more information about how control status is
+    #   determined, see [Determining the overall status of a control from
+    #   its findings][1] in the *Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
+    #
+    class SecurityControl < Struct.new(
+      :security_control_id,
+      :security_control_arn,
+      :title,
+      :description,
+      :remediation_url,
+      :severity_rating,
+      :security_control_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides metadata for a security control, including its unique
+    # standard-agnostic identifier, title, description, severity,
+    # availability in Amazon Web Services Regions, and a link to remediation
+    # steps.
+    #
+    # @!attribute [rw] security_control_id
+    #   The unique identifier of a security control across standards. Values
+    #   for this field typically consist of an Amazon Web Service name and a
+    #   number (for example, APIGateway.3). This parameter differs from
+    #   `SecurityControlArn`, which is a unique Amazon Resource Name (ARN)
+    #   assigned to a control. The ARN references the security control ID
+    #   (for example,
+    #   arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
+    #   @return [String]
+    #
+    # @!attribute [rw] title
+    #   The title of a security control.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of a security control across standards. This
+    #   typically summarizes how Security Hub evaluates the control and the
+    #   conditions under which it produces a failed finding. This parameter
+    #   doesn't reference a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] remediation_url
+    #   A link to Security Hub documentation that explains how to remediate
+    #   a failed finding for a security control.
+    #   @return [String]
+    #
+    # @!attribute [rw] severity_rating
+    #   The severity of a security control. For more information about how
+    #   Security Hub determines control severity, see [Assigning severity to
+    #   control findings][1] in the *Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity
+    #   @return [String]
+    #
+    # @!attribute [rw] current_region_availability
+    #   Specifies whether a security control is available in the current
+    #   Amazon Web Services Region.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
+    #
+    class SecurityControlDefinition < Struct.new(
+      :security_control_id,
+      :title,
+      :description,
+      :remediation_url,
+      :severity_rating,
+      :current_region_availability)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The list of detected instances of sensitive data.
     #
     # @!attribute [rw] count
@@ -22810,7 +23491,7 @@ module Aws::SecurityHub
     # The severity of the finding.
     #
     # The finding provider can provide the initial severity. The finding
-    # provider can only update the severity if it has not been updated using
+    # provider can only update the severity if it hasn't been updated using
     # `BatchUpdateFindings`.
     #
     # The finding must have either `Label` or `Normalized` populated. If
@@ -23137,6 +23818,207 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides details about a control's enablement status in a specified
+    # standard.
+    #
+    # @!attribute [rw] standards_arn
+    #   The Amazon Resource Name (ARN) of a security standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_id
+    #   The unique identifier of a security control across standards. Values
+    #   for this field typically consist of an Amazon Web Service name and a
+    #   number, such as APIGateway.3.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_arn
+    #   The ARN of a security control across standards, such as
+    #   `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
+    #   This parameter doesn't mention a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] association_status
+    #   Specifies whether a control is enabled or disabled in a specified
+    #   standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] related_requirements
+    #   The requirement that underlies a control in the compliance framework
+    #   related to the standard.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] updated_at
+    #   The time at which the enablement status of the control in the
+    #   specified standard was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_reason
+    #   The reason for updating the enablement status of a control in a
+    #   specified standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] standards_control_title
+    #   The title of a control. This field may reference a specific
+    #   standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] standards_control_description
+    #   The description of a control. This typically summarizes how Security
+    #   Hub evaluates the control and the conditions under which it produces
+    #   a failed finding. This parameter may reference a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] standards_control_arns
+    #   Provides the input parameter that Security Hub uses to call the
+    #   [UpdateStandardsControl][1] API. This API can be used to enable or
+    #   disable a control in a specified standard.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationDetail AWS API Documentation
+    #
+    class StandardsControlAssociationDetail < Struct.new(
+      :standards_arn,
+      :security_control_id,
+      :security_control_arn,
+      :association_status,
+      :related_requirements,
+      :updated_at,
+      :updated_reason,
+      :standards_control_title,
+      :standards_control_description,
+      :standards_control_arns)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An array with one or more objects that includes a security control
+    # (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
+    # of both parameters) and the Amazon Resource Name (ARN) of a standard.
+    # The security control ID or ARN is the same across standards.
+    #
+    # @!attribute [rw] security_control_id
+    #   The unique identifier (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) of a security
+    #   control across standards.
+    #   @return [String]
+    #
+    # @!attribute [rw] standards_arn
+    #   The ARN of a standard.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationId AWS API Documentation
+    #
+    class StandardsControlAssociationId < Struct.new(
+      :security_control_id,
+      :standards_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An array that provides the enablement status and other details for
+    # each control that applies to each enabled standard.
+    #
+    # @!attribute [rw] standards_arn
+    #   The Amazon Resource Name (ARN) of a standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_id
+    #   A unique standard-agnostic identifier for a control. Values for this
+    #   field typically consist of an Amazon Web Service and a number, such
+    #   as APIGateway.5. This field doesn't reference a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_arn
+    #   The ARN of a control, such as
+    #   `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`.
+    #   This parameter doesn't mention a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] association_status
+    #   The enablement status of a control in a specific standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] related_requirements
+    #   The requirement that underlies this control in the compliance
+    #   framework related to the standard.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] updated_at
+    #   The last time that a control's enablement status in a specified
+    #   standard was updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_reason
+    #   The reason for updating the control's enablement status in a
+    #   specified standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] standards_control_title
+    #   The title of a control.
+    #   @return [String]
+    #
+    # @!attribute [rw] standards_control_description
+    #   The description of a control. This typically summarizes how Security
+    #   Hub evaluates the control and the conditions under which it produces
+    #   a failed finding. The parameter may reference a specific standard.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationSummary AWS API Documentation
+    #
+    class StandardsControlAssociationSummary < Struct.new(
+      :standards_arn,
+      :security_control_id,
+      :security_control_arn,
+      :association_status,
+      :related_requirements,
+      :updated_at,
+      :updated_reason,
+      :standards_control_title,
+      :standards_control_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An array of requested updates to the enablement status of controls in
+    # specified standards. The objects in the array include a security
+    # control ID, the Amazon Resource Name (ARN) of the standard, the
+    # requested enablement status, and the reason for updating the
+    # enablement status.
+    #
+    # @!attribute [rw] standards_arn
+    #   The Amazon Resource Name (ARN) of the standard in which you want to
+    #   update the control's enablement status.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_control_id
+    #   The unique identifier for the security control whose enablement
+    #   status you want to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] association_status
+    #   The desired enablement status of the control in the standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] updated_reason
+    #   The reason for updating the control's enablement status in the
+    #   standard.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControlAssociationUpdate AWS API Documentation
+    #
+    class StandardsControlAssociationUpdate < Struct.new(
+      :standards_arn,
+      :security_control_id,
+      :association_status,
+      :updated_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides details about the management of a security standard.
     #
     # @!attribute [rw] company
@@ -23505,6 +24387,111 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides details about a security control for which a response
+    # couldn't be returned.
+    #
+    # @!attribute [rw] security_control_id
+    #   The control (identified with `SecurityControlId`,
+    #   `SecurityControlArn`, or a mix of both parameters) for which a
+    #   response couldn't be returned.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_code
+    #   The error code for the unprocessed security control.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_reason
+    #   The reason why the security control was unprocessed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedSecurityControl AWS API Documentation
+    #
+    class UnprocessedSecurityControl < Struct.new(
+      :security_control_id,
+      :error_code,
+      :error_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides details about which control's enablement status couldn't be
+    # retrieved in a specified standard when calling
+    # [BatchUpdateStandardsControlAssociations][1]. This parameter also
+    # provides details about why the request was unprocessed.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
+    #
+    # @!attribute [rw] standards_control_association_id
+    #   An array with one or more objects that includes a security control
+    #   (identified with `SecurityControlId`, `SecurityControlArn`, or a mix
+    #   of both parameters) and the Amazon Resource Name (ARN) of a
+    #   standard. This parameter shows the specific controls for which the
+    #   enablement status couldn't be retrieved in specified standards when
+    #   calling [BatchUpdateStandardsControlAssociations][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
+    #   @return [Types::StandardsControlAssociationId]
+    #
+    # @!attribute [rw] error_code
+    #   The error code for the unprocessed standard and control association.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_reason
+    #   The reason why the standard and control association was unprocessed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedStandardsControlAssociation AWS API Documentation
+    #
+    class UnprocessedStandardsControlAssociation < Struct.new(
+      :standards_control_association_id,
+      :error_code,
+      :error_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides details about which control's enablement status could not be
+    # updated in a specified standard when calling the
+    # [BatchUpdateStandardsControlAssociations][1] API. This parameter also
+    # provides details about why the request was unprocessed.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
+    #
+    # @!attribute [rw] standards_control_association_update
+    #   An array of control and standard associations for which an update
+    #   failed when calling [BatchUpdateStandardsControlAssociations][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
+    #   @return [Types::StandardsControlAssociationUpdate]
+    #
+    # @!attribute [rw] error_code
+    #   The error code for the unprocessed update of the control's
+    #   enablement status in the specified standard.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_reason
+    #   The reason why a control's enablement status in the specified
+    #   standard couldn't be updated.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedStandardsControlAssociationUpdate AWS API Documentation
+    #
+    class UnprocessedStandardsControlAssociationUpdate < Struct.new(
+      :standards_control_association_update,
+      :error_code,
+      :error_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   The ARN of the resource to remove the tags from.
     #   @return [String]
@@ -23741,10 +24728,26 @@ module Aws::SecurityHub
     #   `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] control_finding_generator
+    #   Updates whether the calling account has consolidated control
+    #   findings turned on. If the value for this field is set to
+    #   `SECURITY_CONTROL`, Security Hub generates a single finding for a
+    #   control check even when the check applies to multiple enabled
+    #   standards.
+    #
+    #   If the value for this field is set to `STANDARD_CONTROL`, Security
+    #   Hub generates separate findings for a control check when the check
+    #   applies to multiple enabled standards.
+    #
+    #   For accounts that are part of an organization, this value can only
+    #   be updated in the administrator account.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfigurationRequest AWS API Documentation
     #
     class UpdateSecurityHubConfigurationRequest < Struct.new(
-      :auto_enable_controls)
+      :auto_enable_controls,
+      :control_finding_generator)
       SENSITIVE = []
       include Aws::Structure
     end