aws-sdk-securityhub 1.78.0 → 1.80.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +1277 -9
- data/lib/aws-sdk-securityhub/client_api.rb +78 -0
- data/lib/aws-sdk-securityhub/types.rb +332 -16
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -388,6 +388,18 @@ module Aws::SecurityHub
|
|
388
388
|
#
|
389
389
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
390
390
|
#
|
391
|
+
#
|
392
|
+
# @example Example: To accept an invitation be a member account
|
393
|
+
#
|
394
|
+
# # The following example demonstrates how an account can accept an invitation from the Security Hub administrator account
|
395
|
+
# # to be a member account. This operation is applicable only to member accounts that are not added through AWS
|
396
|
+
# # Organizations.
|
397
|
+
#
|
398
|
+
# resp = client.accept_administrator_invitation({
|
399
|
+
# administrator_id: "123456789012",
|
400
|
+
# invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb",
|
401
|
+
# })
|
402
|
+
#
|
391
403
|
# @example Request syntax with placeholder values
|
392
404
|
#
|
393
405
|
# resp = client.accept_administrator_invitation({
|
@@ -468,6 +480,30 @@ module Aws::SecurityHub
|
|
468
480
|
#
|
469
481
|
# * {Types::BatchDisableStandardsResponse#standards_subscriptions #standards_subscriptions} => Array<Types::StandardsSubscription>
|
470
482
|
#
|
483
|
+
#
|
484
|
+
# @example Example: To disable one or more security standards
|
485
|
+
#
|
486
|
+
# # The following example disables a security standard in Security Hub.
|
487
|
+
#
|
488
|
+
# resp = client.batch_disable_standards({
|
489
|
+
# standards_subscription_arns: [
|
490
|
+
# "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
|
491
|
+
# ],
|
492
|
+
# })
|
493
|
+
#
|
494
|
+
# resp.to_h outputs the following:
|
495
|
+
# {
|
496
|
+
# standards_subscriptions: [
|
497
|
+
# {
|
498
|
+
# standards_arn: "arn:aws:securityhub:eu-central-1::standards/pci-dss/v/3.2.1",
|
499
|
+
# standards_input: {
|
500
|
+
# },
|
501
|
+
# standards_status: "DELETING",
|
502
|
+
# standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
|
503
|
+
# },
|
504
|
+
# ],
|
505
|
+
# }
|
506
|
+
#
|
471
507
|
# @example Request syntax with placeholder values
|
472
508
|
#
|
473
509
|
# resp = client.batch_disable_standards({
|
@@ -510,6 +546,32 @@ module Aws::SecurityHub
|
|
510
546
|
#
|
511
547
|
# * {Types::BatchEnableStandardsResponse#standards_subscriptions #standards_subscriptions} => Array<Types::StandardsSubscription>
|
512
548
|
#
|
549
|
+
#
|
550
|
+
# @example Example: To import security findings from a third party provider to Security Hub
|
551
|
+
#
|
552
|
+
# # The following example imports findings from a third party provider to Security Hub.
|
553
|
+
#
|
554
|
+
# resp = client.batch_enable_standards({
|
555
|
+
# standards_subscription_requests: [
|
556
|
+
# {
|
557
|
+
# standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
|
558
|
+
# },
|
559
|
+
# ],
|
560
|
+
# })
|
561
|
+
#
|
562
|
+
# resp.to_h outputs the following:
|
563
|
+
# {
|
564
|
+
# standards_subscriptions: [
|
565
|
+
# {
|
566
|
+
# standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
|
567
|
+
# standards_input: {
|
568
|
+
# },
|
569
|
+
# standards_status: "PENDING",
|
570
|
+
# standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
|
571
|
+
# },
|
572
|
+
# ],
|
573
|
+
# }
|
574
|
+
#
|
513
575
|
# @example Request syntax with placeholder values
|
514
576
|
#
|
515
577
|
# resp = client.batch_enable_standards({
|
@@ -710,6 +772,52 @@ module Aws::SecurityHub
|
|
710
772
|
# * {Types::BatchImportFindingsResponse#success_count #success_count} => Integer
|
711
773
|
# * {Types::BatchImportFindingsResponse#failed_findings #failed_findings} => Array<Types::ImportFindingsError>
|
712
774
|
#
|
775
|
+
#
|
776
|
+
# @example Example: To import security findings from a third party provider to Security Hub
|
777
|
+
#
|
778
|
+
# # The following example imports findings from a third party provider to Security Hub.
|
779
|
+
#
|
780
|
+
# resp = client.batch_import_findings({
|
781
|
+
# findings: [
|
782
|
+
# {
|
783
|
+
# aws_account_id: "123456789012",
|
784
|
+
# created_at: "2020-05-27T17:05:54.832Z",
|
785
|
+
# description: "Vulnerability in a CloudTrail trail",
|
786
|
+
# finding_provider_fields: {
|
787
|
+
# severity: {
|
788
|
+
# label: "LOW",
|
789
|
+
# original: "10",
|
790
|
+
# },
|
791
|
+
# types: [
|
792
|
+
# "Software and Configuration Checks/Vulnerabilities/CVE",
|
793
|
+
# ],
|
794
|
+
# },
|
795
|
+
# generator_id: "TestGeneratorId",
|
796
|
+
# id: "Id1",
|
797
|
+
# product_arn: "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default",
|
798
|
+
# resources: [
|
799
|
+
# {
|
800
|
+
# id: "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName",
|
801
|
+
# partition: "aws",
|
802
|
+
# region: "us-west-1",
|
803
|
+
# type: "AwsCloudTrailTrail",
|
804
|
+
# },
|
805
|
+
# ],
|
806
|
+
# schema_version: "2018-10-08",
|
807
|
+
# title: "CloudTrail trail vulnerability",
|
808
|
+
# updated_at: "2020-06-02T16:05:54.832Z",
|
809
|
+
# },
|
810
|
+
# ],
|
811
|
+
# })
|
812
|
+
#
|
813
|
+
# resp.to_h outputs the following:
|
814
|
+
# {
|
815
|
+
# failed_count: 123,
|
816
|
+
# failed_findings: [
|
817
|
+
# ],
|
818
|
+
# success_count: 123,
|
819
|
+
# }
|
820
|
+
#
|
713
821
|
# @example Response structure
|
714
822
|
#
|
715
823
|
# resp.failed_count #=> Integer
|
@@ -844,6 +952,66 @@ module Aws::SecurityHub
|
|
844
952
|
# * {Types::BatchUpdateFindingsResponse#processed_findings #processed_findings} => Array<Types::AwsSecurityFindingIdentifier>
|
845
953
|
# * {Types::BatchUpdateFindingsResponse#unprocessed_findings #unprocessed_findings} => Array<Types::BatchUpdateFindingsUnprocessedFinding>
|
846
954
|
#
|
955
|
+
#
|
956
|
+
# @example Example: To update Security Hub findings
|
957
|
+
#
|
958
|
+
# # The following example updates Security Hub findings. The finding identifier parameter specifies which findings to
|
959
|
+
# # update. Only specific finding fields can be updated with this operation.
|
960
|
+
#
|
961
|
+
# resp = client.batch_update_findings({
|
962
|
+
# confidence: 80,
|
963
|
+
# criticality: 80,
|
964
|
+
# finding_identifiers: [
|
965
|
+
# {
|
966
|
+
# id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
967
|
+
# product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub",
|
968
|
+
# },
|
969
|
+
# {
|
970
|
+
# id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
|
971
|
+
# product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub",
|
972
|
+
# },
|
973
|
+
# ],
|
974
|
+
# note: {
|
975
|
+
# text: "Known issue that is not a risk.",
|
976
|
+
# updated_by: "user1",
|
977
|
+
# },
|
978
|
+
# related_findings: [
|
979
|
+
# {
|
980
|
+
# id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
|
981
|
+
# product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub",
|
982
|
+
# },
|
983
|
+
# ],
|
984
|
+
# severity: {
|
985
|
+
# label: "LOW",
|
986
|
+
# },
|
987
|
+
# types: [
|
988
|
+
# "Software and Configuration Checks/Vulnerabilities/CVE",
|
989
|
+
# ],
|
990
|
+
# user_defined_fields: {
|
991
|
+
# "reviewedByCio" => "true",
|
992
|
+
# },
|
993
|
+
# verification_state: "TRUE_POSITIVE",
|
994
|
+
# workflow: {
|
995
|
+
# status: "RESOLVED",
|
996
|
+
# },
|
997
|
+
# })
|
998
|
+
#
|
999
|
+
# resp.to_h outputs the following:
|
1000
|
+
# {
|
1001
|
+
# processed_findings: [
|
1002
|
+
# {
|
1003
|
+
# id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
1004
|
+
# product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub",
|
1005
|
+
# },
|
1006
|
+
# {
|
1007
|
+
# id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
|
1008
|
+
# product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub",
|
1009
|
+
# },
|
1010
|
+
# ],
|
1011
|
+
# unprocessed_findings: [
|
1012
|
+
# ],
|
1013
|
+
# }
|
1014
|
+
#
|
847
1015
|
# @example Request syntax with placeholder values
|
848
1016
|
#
|
849
1017
|
# resp = client.batch_update_findings({
|
@@ -962,6 +1130,23 @@ module Aws::SecurityHub
|
|
962
1130
|
#
|
963
1131
|
# * {Types::CreateActionTargetResponse#action_target_arn #action_target_arn} => String
|
964
1132
|
#
|
1133
|
+
#
|
1134
|
+
# @example Example: To create a custom action target
|
1135
|
+
#
|
1136
|
+
# # The following example creates a custom action target in Security Hub. Custom actions on findings and insights
|
1137
|
+
# # automatically trigger actions in Amazon CloudWatch Events.
|
1138
|
+
#
|
1139
|
+
# resp = client.create_action_target({
|
1140
|
+
# description: "Action to send the finding for remediation tracking",
|
1141
|
+
# id: "Remediation",
|
1142
|
+
# name: "Send to remediation",
|
1143
|
+
# })
|
1144
|
+
#
|
1145
|
+
# resp.to_h outputs the following:
|
1146
|
+
# {
|
1147
|
+
# action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
|
1148
|
+
# }
|
1149
|
+
#
|
965
1150
|
# @example Request syntax with placeholder values
|
966
1151
|
#
|
967
1152
|
# resp = client.create_action_target({
|
@@ -1035,6 +1220,30 @@ module Aws::SecurityHub
|
|
1035
1220
|
# * {Types::CreateFindingAggregatorResponse#region_linking_mode #region_linking_mode} => String
|
1036
1221
|
# * {Types::CreateFindingAggregatorResponse#regions #regions} => Array<String>
|
1037
1222
|
#
|
1223
|
+
#
|
1224
|
+
# @example Example: To enable cross-Region aggregation
|
1225
|
+
#
|
1226
|
+
# # The following example creates a finding aggregator. This is required to enable cross-Region aggregation.
|
1227
|
+
#
|
1228
|
+
# resp = client.create_finding_aggregator({
|
1229
|
+
# region_linking_mode: "SPECIFIED_REGIONS",
|
1230
|
+
# regions: [
|
1231
|
+
# "us-west-1",
|
1232
|
+
# "us-west-2",
|
1233
|
+
# ],
|
1234
|
+
# })
|
1235
|
+
#
|
1236
|
+
# resp.to_h outputs the following:
|
1237
|
+
# {
|
1238
|
+
# finding_aggregation_region: "us-east-1",
|
1239
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
1240
|
+
# region_linking_mode: "SPECIFIED_REGIONS",
|
1241
|
+
# regions: [
|
1242
|
+
# "us-west-1",
|
1243
|
+
# "us-west-2",
|
1244
|
+
# ],
|
1245
|
+
# }
|
1246
|
+
#
|
1038
1247
|
# @example Request syntax with placeholder values
|
1039
1248
|
#
|
1040
1249
|
# resp = client.create_finding_aggregator({
|
@@ -1084,6 +1293,36 @@ module Aws::SecurityHub
|
|
1084
1293
|
#
|
1085
1294
|
# * {Types::CreateInsightResponse#insight_arn #insight_arn} => String
|
1086
1295
|
#
|
1296
|
+
#
|
1297
|
+
# @example Example: To create a custom insight
|
1298
|
+
#
|
1299
|
+
# # The following example creates a custom insight in Security Hub. An insight is a collection of findings that relate to a
|
1300
|
+
# # security issue.
|
1301
|
+
#
|
1302
|
+
# resp = client.create_insight({
|
1303
|
+
# filters: {
|
1304
|
+
# resource_type: [
|
1305
|
+
# {
|
1306
|
+
# comparison: "EQUALS",
|
1307
|
+
# value: "AwsIamRole",
|
1308
|
+
# },
|
1309
|
+
# ],
|
1310
|
+
# severity_label: [
|
1311
|
+
# {
|
1312
|
+
# comparison: "EQUALS",
|
1313
|
+
# value: "CRITICAL",
|
1314
|
+
# },
|
1315
|
+
# ],
|
1316
|
+
# },
|
1317
|
+
# group_by_attribute: "ResourceId",
|
1318
|
+
# name: "Critical role findings",
|
1319
|
+
# })
|
1320
|
+
#
|
1321
|
+
# resp.to_h outputs the following:
|
1322
|
+
# {
|
1323
|
+
# insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
1324
|
+
# }
|
1325
|
+
#
|
1087
1326
|
# @example Request syntax with placeholder values
|
1088
1327
|
#
|
1089
1328
|
# resp = client.create_insight({
|
@@ -1796,6 +2035,29 @@ module Aws::SecurityHub
|
|
1796
2035
|
#
|
1797
2036
|
# * {Types::CreateMembersResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::Result>
|
1798
2037
|
#
|
2038
|
+
#
|
2039
|
+
# @example Example: To add a member account
|
2040
|
+
#
|
2041
|
+
# # The following example creates a member association between the specified accounts and the administrator account (the
|
2042
|
+
# # account that makes the request). This operation is used to add accounts that aren't part of an organization.
|
2043
|
+
#
|
2044
|
+
# resp = client.create_members({
|
2045
|
+
# account_details: [
|
2046
|
+
# {
|
2047
|
+
# account_id: "123456789012",
|
2048
|
+
# },
|
2049
|
+
# {
|
2050
|
+
# account_id: "111122223333",
|
2051
|
+
# },
|
2052
|
+
# ],
|
2053
|
+
# })
|
2054
|
+
#
|
2055
|
+
# resp.to_h outputs the following:
|
2056
|
+
# {
|
2057
|
+
# unprocessed_accounts: [
|
2058
|
+
# ],
|
2059
|
+
# }
|
2060
|
+
#
|
1799
2061
|
# @example Request syntax with placeholder values
|
1800
2062
|
#
|
1801
2063
|
# resp = client.create_members({
|
@@ -1824,17 +2086,39 @@ module Aws::SecurityHub
|
|
1824
2086
|
|
1825
2087
|
# Declines invitations to become a member account.
|
1826
2088
|
#
|
1827
|
-
#
|
1828
|
-
#
|
2089
|
+
# A prospective member account uses this operation to decline an
|
2090
|
+
# invitation to become a member.
|
2091
|
+
#
|
2092
|
+
# This operation is only called by member accounts that aren't part of
|
2093
|
+
# an organization. Organization accounts don't receive invitations.
|
1829
2094
|
#
|
1830
2095
|
# @option params [required, Array<String>] :account_ids
|
1831
|
-
# The list of account IDs for
|
1832
|
-
#
|
2096
|
+
# The list of prospective member account IDs for which to decline an
|
2097
|
+
# invitation.
|
1833
2098
|
#
|
1834
2099
|
# @return [Types::DeclineInvitationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1835
2100
|
#
|
1836
2101
|
# * {Types::DeclineInvitationsResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::Result>
|
1837
2102
|
#
|
2103
|
+
#
|
2104
|
+
# @example Example: To decline invitation to become a member account
|
2105
|
+
#
|
2106
|
+
# # The following example declines an invitation from the Security Hub administrator account to become a member account. The
|
2107
|
+
# # invited account makes the request.
|
2108
|
+
#
|
2109
|
+
# resp = client.decline_invitations({
|
2110
|
+
# account_ids: [
|
2111
|
+
# "123456789012",
|
2112
|
+
# "111122223333",
|
2113
|
+
# ],
|
2114
|
+
# })
|
2115
|
+
#
|
2116
|
+
# resp.to_h outputs the following:
|
2117
|
+
# {
|
2118
|
+
# unprocessed_accounts: [
|
2119
|
+
# ],
|
2120
|
+
# }
|
2121
|
+
#
|
1838
2122
|
# @example Request syntax with placeholder values
|
1839
2123
|
#
|
1840
2124
|
# resp = client.decline_invitations({
|
@@ -1869,6 +2153,22 @@ module Aws::SecurityHub
|
|
1869
2153
|
#
|
1870
2154
|
# * {Types::DeleteActionTargetResponse#action_target_arn #action_target_arn} => String
|
1871
2155
|
#
|
2156
|
+
#
|
2157
|
+
# @example Example: To delete a custom action target
|
2158
|
+
#
|
2159
|
+
# # The following example deletes a custom action target that triggers target actions in Amazon CloudWatch Events. Deleting
|
2160
|
+
# # a custom action target doesn't affect findings or insights that were already sent to CloudWatch Events based on the
|
2161
|
+
# # custom action.
|
2162
|
+
#
|
2163
|
+
# resp = client.delete_action_target({
|
2164
|
+
# action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
|
2165
|
+
# })
|
2166
|
+
#
|
2167
|
+
# resp.to_h outputs the following:
|
2168
|
+
# {
|
2169
|
+
# action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
|
2170
|
+
# }
|
2171
|
+
#
|
1872
2172
|
# @example Request syntax with placeholder values
|
1873
2173
|
#
|
1874
2174
|
# resp = client.delete_action_target({
|
@@ -1902,6 +2202,16 @@ module Aws::SecurityHub
|
|
1902
2202
|
#
|
1903
2203
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1904
2204
|
#
|
2205
|
+
#
|
2206
|
+
# @example Example: To delete a finding aggregator
|
2207
|
+
#
|
2208
|
+
# # The following example deletes a finding aggregator in Security Hub. Deleting the finding aggregator stops cross-Region
|
2209
|
+
# # aggregation. This operation produces no output.
|
2210
|
+
#
|
2211
|
+
# resp = client.delete_finding_aggregator({
|
2212
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
2213
|
+
# })
|
2214
|
+
#
|
1905
2215
|
# @example Request syntax with placeholder values
|
1906
2216
|
#
|
1907
2217
|
# resp = client.delete_finding_aggregator({
|
@@ -1926,6 +2236,20 @@ module Aws::SecurityHub
|
|
1926
2236
|
#
|
1927
2237
|
# * {Types::DeleteInsightResponse#insight_arn #insight_arn} => String
|
1928
2238
|
#
|
2239
|
+
#
|
2240
|
+
# @example Example: To delete a custom insight
|
2241
|
+
#
|
2242
|
+
# # The following example deletes a custom insight in Security Hub.
|
2243
|
+
#
|
2244
|
+
# resp = client.delete_insight({
|
2245
|
+
# insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
2246
|
+
# })
|
2247
|
+
#
|
2248
|
+
# resp.to_h outputs the following:
|
2249
|
+
# {
|
2250
|
+
# insight_arn: "arn:aws:securityhub:eu-central-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
2251
|
+
# }
|
2252
|
+
#
|
1929
2253
|
# @example Request syntax with placeholder values
|
1930
2254
|
#
|
1931
2255
|
# resp = client.delete_insight({
|
@@ -1948,16 +2272,40 @@ module Aws::SecurityHub
|
|
1948
2272
|
# Deletes invitations received by the Amazon Web Services account to
|
1949
2273
|
# become a member account.
|
1950
2274
|
#
|
1951
|
-
#
|
1952
|
-
#
|
2275
|
+
# A Security Hub administrator account can use this operation to delete
|
2276
|
+
# invitations sent to one or more member accounts.
|
2277
|
+
#
|
2278
|
+
# This operation is only used to delete invitations that are sent to
|
2279
|
+
# member accounts that aren't part of an organization. Organization
|
2280
|
+
# accounts don't receive invitations.
|
1953
2281
|
#
|
1954
2282
|
# @option params [required, Array<String>] :account_ids
|
1955
|
-
# The list of
|
2283
|
+
# The list of member account IDs that received the invitations you want
|
2284
|
+
# to delete.
|
1956
2285
|
#
|
1957
2286
|
# @return [Types::DeleteInvitationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1958
2287
|
#
|
1959
2288
|
# * {Types::DeleteInvitationsResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::Result>
|
1960
2289
|
#
|
2290
|
+
#
|
2291
|
+
# @example Example: To delete a custom insight
|
2292
|
+
#
|
2293
|
+
# # The following example deletes an invitation sent by the Security Hub administrator account to a prospective member
|
2294
|
+
# # account. This operation is used only for invitations sent to accounts that aren't part of an organization. Organization
|
2295
|
+
# # accounts don't receive invitations.
|
2296
|
+
#
|
2297
|
+
# resp = client.delete_invitations({
|
2298
|
+
# account_ids: [
|
2299
|
+
# "123456789012",
|
2300
|
+
# ],
|
2301
|
+
# })
|
2302
|
+
#
|
2303
|
+
# resp.to_h outputs the following:
|
2304
|
+
# {
|
2305
|
+
# unprocessed_accounts: [
|
2306
|
+
# ],
|
2307
|
+
# }
|
2308
|
+
#
|
1961
2309
|
# @example Request syntax with placeholder values
|
1962
2310
|
#
|
1963
2311
|
# resp = client.delete_invitations({
|
@@ -1991,6 +2339,25 @@ module Aws::SecurityHub
|
|
1991
2339
|
#
|
1992
2340
|
# * {Types::DeleteMembersResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::Result>
|
1993
2341
|
#
|
2342
|
+
#
|
2343
|
+
# @example Example: To delete a member account
|
2344
|
+
#
|
2345
|
+
# # The following example deletes the specified member account from Security Hub. This operation can be used to delete
|
2346
|
+
# # member accounts that are part of an organization or that were invited manually.
|
2347
|
+
#
|
2348
|
+
# resp = client.delete_members({
|
2349
|
+
# account_ids: [
|
2350
|
+
# "123456789111",
|
2351
|
+
# "123456789222",
|
2352
|
+
# ],
|
2353
|
+
# })
|
2354
|
+
#
|
2355
|
+
# resp.to_h outputs the following:
|
2356
|
+
# {
|
2357
|
+
# unprocessed_accounts: [
|
2358
|
+
# ],
|
2359
|
+
# }
|
2360
|
+
#
|
1994
2361
|
# @example Request syntax with placeholder values
|
1995
2362
|
#
|
1996
2363
|
# resp = client.delete_members({
|
@@ -2038,6 +2405,29 @@ module Aws::SecurityHub
|
|
2038
2405
|
#
|
2039
2406
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2040
2407
|
#
|
2408
|
+
#
|
2409
|
+
# @example Example: To return custom action targets
|
2410
|
+
#
|
2411
|
+
# # The following example returns a list of custom action targets. You use custom actions on findings and insights in
|
2412
|
+
# # Security Hub to trigger target actions in Amazon CloudWatch Events.
|
2413
|
+
#
|
2414
|
+
# resp = client.describe_action_targets({
|
2415
|
+
# action_target_arns: [
|
2416
|
+
# "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
|
2417
|
+
# ],
|
2418
|
+
# })
|
2419
|
+
#
|
2420
|
+
# resp.to_h outputs the following:
|
2421
|
+
# {
|
2422
|
+
# action_targets: [
|
2423
|
+
# {
|
2424
|
+
# action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
|
2425
|
+
# description: "Action to send the finding for remediation tracking",
|
2426
|
+
# name: "Send to remediation",
|
2427
|
+
# },
|
2428
|
+
# ],
|
2429
|
+
# }
|
2430
|
+
#
|
2041
2431
|
# @example Request syntax with placeholder values
|
2042
2432
|
#
|
2043
2433
|
# resp = client.describe_action_targets({
|
@@ -2076,6 +2466,24 @@ module Aws::SecurityHub
|
|
2076
2466
|
# * {Types::DescribeHubResponse#auto_enable_controls #auto_enable_controls} => Boolean
|
2077
2467
|
# * {Types::DescribeHubResponse#control_finding_generator #control_finding_generator} => String
|
2078
2468
|
#
|
2469
|
+
#
|
2470
|
+
# @example Example: To return details about Hub resource
|
2471
|
+
#
|
2472
|
+
# # The following example returns details about the Hub resource in the calling account. The Hub resource represents the
|
2473
|
+
# # implementation of the AWS Security Hub service in the calling account.
|
2474
|
+
#
|
2475
|
+
# resp = client.describe_hub({
|
2476
|
+
# hub_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default",
|
2477
|
+
# })
|
2478
|
+
#
|
2479
|
+
# resp.to_h outputs the following:
|
2480
|
+
# {
|
2481
|
+
# auto_enable_controls: true,
|
2482
|
+
# control_finding_generator: "SECURITY_CONTROL",
|
2483
|
+
# hub_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default",
|
2484
|
+
# subscribed_at: "2019-11-19T23:15:10.046Z",
|
2485
|
+
# }
|
2486
|
+
#
|
2079
2487
|
# @example Request syntax with placeholder values
|
2080
2488
|
#
|
2081
2489
|
# resp = client.describe_hub({
|
@@ -2107,6 +2515,22 @@ module Aws::SecurityHub
|
|
2107
2515
|
# * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
|
2108
2516
|
# * {Types::DescribeOrganizationConfigurationResponse#auto_enable_standards #auto_enable_standards} => String
|
2109
2517
|
#
|
2518
|
+
#
|
2519
|
+
# @example Example: To get information about Organizations configuration
|
2520
|
+
#
|
2521
|
+
# # The following example returns details about the way in which AWS Organizations is configured for a Security Hub account
|
2522
|
+
# # that belongs to an organization. Only a Security Hub administrator account can call this operation.
|
2523
|
+
#
|
2524
|
+
# resp = client.describe_organization_configuration({
|
2525
|
+
# })
|
2526
|
+
#
|
2527
|
+
# resp.to_h outputs the following:
|
2528
|
+
# {
|
2529
|
+
# auto_enable: true,
|
2530
|
+
# auto_enable_standards: "DEFAULT",
|
2531
|
+
# member_account_limit_reached: true,
|
2532
|
+
# }
|
2533
|
+
#
|
2110
2534
|
# @example Response structure
|
2111
2535
|
#
|
2112
2536
|
# resp.auto_enable #=> Boolean
|
@@ -2152,6 +2576,43 @@ module Aws::SecurityHub
|
|
2152
2576
|
#
|
2153
2577
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2154
2578
|
#
|
2579
|
+
#
|
2580
|
+
# @example Example: To get information about Security Hub integrations
|
2581
|
+
#
|
2582
|
+
# # The following example returns details about AWS services and third-party products that Security Hub integrates with.
|
2583
|
+
#
|
2584
|
+
# resp = client.describe_products({
|
2585
|
+
# max_results: 1,
|
2586
|
+
# next_token: "NULL",
|
2587
|
+
# product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon",
|
2588
|
+
# })
|
2589
|
+
#
|
2590
|
+
# resp.to_h outputs the following:
|
2591
|
+
# {
|
2592
|
+
# next_token: "U2FsdGVkX18vvPlOqb7RDrWRWVFBJI46MOIAb+nZmRJmR15NoRi2gm13sdQEn3O/pq/78dGs+bKpgA+7HMPHO0qX33/zoRI+uIG/F9yLNhcOrOWzFUdy36JcXLQji3Rpnn/cD1SVkGA98qI3zPOSDg==",
|
2593
|
+
# products: [
|
2594
|
+
# {
|
2595
|
+
# activation_url: "https://falcon.crowdstrike.com/support/documentation",
|
2596
|
+
# categories: [
|
2597
|
+
# "Endpoint Detection and Response (EDR)",
|
2598
|
+
# "AV Scanning and Sandboxing",
|
2599
|
+
# "Threat Intelligence Feeds and Reports",
|
2600
|
+
# "Endpoint Forensics",
|
2601
|
+
# "Network Forensics",
|
2602
|
+
# ],
|
2603
|
+
# company_name: "CrowdStrike",
|
2604
|
+
# description: "CrowdStrike Falcon's single lightweight sensor unifies next-gen antivirus, endpoint detection and response, and 24/7 managed hunting, via the cloud.",
|
2605
|
+
# integration_types: [
|
2606
|
+
# "SEND_FINDINGS_TO_SECURITY_HUB",
|
2607
|
+
# ],
|
2608
|
+
# marketplace_url: "https://aws.amazon.com/marketplace/seller-profile?id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
2609
|
+
# product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon",
|
2610
|
+
# product_name: "CrowdStrike Falcon",
|
2611
|
+
# product_subscription_resource_policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789333\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789012\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789333:product/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}}]}",
|
2612
|
+
# },
|
2613
|
+
# ],
|
2614
|
+
# }
|
2615
|
+
#
|
2155
2616
|
# @example Request syntax with placeholder values
|
2156
2617
|
#
|
2157
2618
|
# resp = client.describe_products({
|
@@ -2209,6 +2670,44 @@ module Aws::SecurityHub
|
|
2209
2670
|
#
|
2210
2671
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2211
2672
|
#
|
2673
|
+
#
|
2674
|
+
# @example Example: To get available Security Hub standards
|
2675
|
+
#
|
2676
|
+
# # The following example returns a list of available security standards in Security Hub.
|
2677
|
+
#
|
2678
|
+
# resp = client.describe_standards({
|
2679
|
+
# })
|
2680
|
+
#
|
2681
|
+
# resp.to_h outputs the following:
|
2682
|
+
# {
|
2683
|
+
# standards: [
|
2684
|
+
# {
|
2685
|
+
# description: "The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS's most popular and foundational services.",
|
2686
|
+
# enabled_by_default: true,
|
2687
|
+
# name: "AWS Foundational Security Best Practices v1.0.0",
|
2688
|
+
# standards_arn: "arn:aws:securityhub:us-west-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
2689
|
+
# },
|
2690
|
+
# {
|
2691
|
+
# description: "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.",
|
2692
|
+
# enabled_by_default: true,
|
2693
|
+
# name: "CIS AWS Foundations Benchmark v1.2.0",
|
2694
|
+
# standards_arn: "arn:aws:securityhub:us-west-1::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
2695
|
+
# },
|
2696
|
+
# {
|
2697
|
+
# description: "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.",
|
2698
|
+
# enabled_by_default: false,
|
2699
|
+
# name: "CIS AWS Foundations Benchmark v1.4.0",
|
2700
|
+
# standards_arn: "arn:aws::securityhub:us-west-1::standards/cis-aws-foundations-benchmark/v/1.4.0",
|
2701
|
+
# },
|
2702
|
+
# {
|
2703
|
+
# description: "The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data. This Security Hub standard automatically checks for your compliance readiness against a subset of PCI DSS requirements.",
|
2704
|
+
# enabled_by_default: false,
|
2705
|
+
# name: "PCI DSS v3.2.1",
|
2706
|
+
# standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
|
2707
|
+
# },
|
2708
|
+
# ],
|
2709
|
+
# }
|
2710
|
+
#
|
2212
2711
|
# @example Request syntax with placeholder values
|
2213
2712
|
#
|
2214
2713
|
# resp = client.describe_standards({
|
@@ -2266,6 +2765,51 @@ module Aws::SecurityHub
|
|
2266
2765
|
#
|
2267
2766
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2268
2767
|
#
|
2768
|
+
#
|
2769
|
+
# @example Example: To get a list of controls for a security standard
|
2770
|
+
#
|
2771
|
+
# # The following example returns a list of security controls and control details that apply to a specified security
|
2772
|
+
# # standard. The list includes controls that are enabled and disabled in the standard.
|
2773
|
+
#
|
2774
|
+
# resp = client.describe_standards_controls({
|
2775
|
+
# max_results: 2,
|
2776
|
+
# next_token: "NULL",
|
2777
|
+
# standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
|
2778
|
+
# })
|
2779
|
+
#
|
2780
|
+
# resp.to_h outputs the following:
|
2781
|
+
# {
|
2782
|
+
# controls: [
|
2783
|
+
# {
|
2784
|
+
# control_id: "PCI.AutoScaling.1",
|
2785
|
+
# control_status: "ENABLED",
|
2786
|
+
# control_status_updated_at: Time.parse("2020-05-15T18:49:04.473000+00:00"),
|
2787
|
+
# description: "This AWS control checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.",
|
2788
|
+
# related_requirements: [
|
2789
|
+
# "PCI DSS 2.2",
|
2790
|
+
# ],
|
2791
|
+
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/PCI.AutoScaling.1/remediation",
|
2792
|
+
# severity_rating: "LOW",
|
2793
|
+
# standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1",
|
2794
|
+
# title: "Auto scaling groups associated with a load balancer should use health checks",
|
2795
|
+
# },
|
2796
|
+
# {
|
2797
|
+
# control_id: "PCI.CW.1",
|
2798
|
+
# control_status: "ENABLED",
|
2799
|
+
# control_status_updated_at: Time.parse("2020-05-15T18:49:04.498000+00:00"),
|
2800
|
+
# description: "This control checks for the CloudWatch metric filters using the following pattern { $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" } It checks that the log group name is configured for use with active multi-region CloudTrail, that there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All, and that there is at least one active subscriber to an SNS topic associated with the alarm.",
|
2801
|
+
# related_requirements: [
|
2802
|
+
# "PCI DSS 7.2.1",
|
2803
|
+
# ],
|
2804
|
+
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/PCI.CW.1/remediation",
|
2805
|
+
# severity_rating: "MEDIUM",
|
2806
|
+
# standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.CW.1",
|
2807
|
+
# title: "A log metric filter and alarm should exist for usage of the \"root\" user",
|
2808
|
+
# },
|
2809
|
+
# ],
|
2810
|
+
# next_token: "U2FsdGVkX1+eNkPoZHVl11ip5HUYQPWSWZGmftcmJiHL8JoKEsCDuaKayiPDyLK+LiTkShveoOdvfxXCkOBaGhohIXhsIedN+LSjQV/l7kfCfJcq4PziNC1N9xe9aq2pjlLVZnznTfSImrodT5bRNHe4fELCQq/z+5ka+5Lzmc11axcwTd5lKgQyQqmUVoeriHZhyIiBgWKf7oNYdBVG8OEortVWvSkoUTt+B2ThcnC7l43kI0UNxlkZ6sc64AsW",
|
2811
|
+
# }
|
2812
|
+
#
|
2269
2813
|
# @example Request syntax with placeholder values
|
2270
2814
|
#
|
2271
2815
|
# resp = client.describe_standards_controls({
|
@@ -2308,6 +2852,16 @@ module Aws::SecurityHub
|
|
2308
2852
|
#
|
2309
2853
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2310
2854
|
#
|
2855
|
+
#
|
2856
|
+
# @example Example: To end a Security Hub integration
|
2857
|
+
#
|
2858
|
+
# # The following example ends an integration between Security Hub and the specified product that sends findings to Security
|
2859
|
+
# # Hub. After the integration ends, the product no longer sends findings to Security Hub.
|
2860
|
+
#
|
2861
|
+
# resp = client.disable_import_findings_for_product({
|
2862
|
+
# product_subscription_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon",
|
2863
|
+
# })
|
2864
|
+
#
|
2311
2865
|
# @example Request syntax with placeholder values
|
2312
2866
|
#
|
2313
2867
|
# resp = client.disable_import_findings_for_product({
|
@@ -2332,6 +2886,16 @@ module Aws::SecurityHub
|
|
2332
2886
|
#
|
2333
2887
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2334
2888
|
#
|
2889
|
+
#
|
2890
|
+
# @example Example: To remove a Security Hub administrator account
|
2891
|
+
#
|
2892
|
+
# # The following example removes the Security Hub administrator account in the Region from which the operation was
|
2893
|
+
# # executed. This operation doesn't remove the delegated administrator account in AWS Organizations.
|
2894
|
+
#
|
2895
|
+
# resp = client.disable_organization_admin_account({
|
2896
|
+
# admin_account_id: "123456789012",
|
2897
|
+
# })
|
2898
|
+
#
|
2335
2899
|
# @example Request syntax with placeholder values
|
2336
2900
|
#
|
2337
2901
|
# resp = client.disable_organization_admin_account({
|
@@ -2364,6 +2928,14 @@ module Aws::SecurityHub
|
|
2364
2928
|
#
|
2365
2929
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2366
2930
|
#
|
2931
|
+
#
|
2932
|
+
# @example Example: To deactivate Security Hub
|
2933
|
+
#
|
2934
|
+
# # The following example deactivates Security Hub for the current account and Region.
|
2935
|
+
#
|
2936
|
+
# resp = client.disable_security_hub({
|
2937
|
+
# })
|
2938
|
+
#
|
2367
2939
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableSecurityHub AWS API Documentation
|
2368
2940
|
#
|
2369
2941
|
# @overload disable_security_hub(params = {})
|
@@ -2382,6 +2954,14 @@ module Aws::SecurityHub
|
|
2382
2954
|
#
|
2383
2955
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2384
2956
|
#
|
2957
|
+
#
|
2958
|
+
# @example Example: To disassociate requesting account from administrator account
|
2959
|
+
#
|
2960
|
+
# # The following example dissociates the requesting account from its associated administrator account.
|
2961
|
+
#
|
2962
|
+
# resp = client.disassociate_from_administrator_account({
|
2963
|
+
# })
|
2964
|
+
#
|
2385
2965
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccount AWS API Documentation
|
2386
2966
|
#
|
2387
2967
|
# @overload disassociate_from_administrator_account(params = {})
|
@@ -2433,6 +3013,18 @@ module Aws::SecurityHub
|
|
2433
3013
|
#
|
2434
3014
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2435
3015
|
#
|
3016
|
+
#
|
3017
|
+
# @example Example: To disassociate member accounts from administrator account
|
3018
|
+
#
|
3019
|
+
# # The following example dissociates the specified member accounts from the associated administrator account.
|
3020
|
+
#
|
3021
|
+
# resp = client.disassociate_members({
|
3022
|
+
# account_ids: [
|
3023
|
+
# "123456789012",
|
3024
|
+
# "111122223333",
|
3025
|
+
# ],
|
3026
|
+
# })
|
3027
|
+
#
|
2436
3028
|
# @example Request syntax with placeholder values
|
2437
3029
|
#
|
2438
3030
|
# resp = client.disassociate_members({
|
@@ -2462,6 +3054,21 @@ module Aws::SecurityHub
|
|
2462
3054
|
#
|
2463
3055
|
# * {Types::EnableImportFindingsForProductResponse#product_subscription_arn #product_subscription_arn} => String
|
2464
3056
|
#
|
3057
|
+
#
|
3058
|
+
# @example Example: To activate an integration
|
3059
|
+
#
|
3060
|
+
# # The following example activates an integration between Security Hub and a third party partner product that sends
|
3061
|
+
# # findings to Security Hub.
|
3062
|
+
#
|
3063
|
+
# resp = client.enable_import_findings_for_product({
|
3064
|
+
# product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon",
|
3065
|
+
# })
|
3066
|
+
#
|
3067
|
+
# resp.to_h outputs the following:
|
3068
|
+
# {
|
3069
|
+
# product_subscription_arn: "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon",
|
3070
|
+
# }
|
3071
|
+
#
|
2465
3072
|
# @example Request syntax with placeholder values
|
2466
3073
|
#
|
2467
3074
|
# resp = client.enable_import_findings_for_product({
|
@@ -2490,6 +3097,16 @@ module Aws::SecurityHub
|
|
2490
3097
|
#
|
2491
3098
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2492
3099
|
#
|
3100
|
+
#
|
3101
|
+
# @example Example: To designate a Security Hub administrator
|
3102
|
+
#
|
3103
|
+
# # The following example designates the specified account as the Security Hub administrator account. The requesting account
|
3104
|
+
# # must be the organization management account.
|
3105
|
+
#
|
3106
|
+
# resp = client.enable_organization_admin_account({
|
3107
|
+
# admin_account_id: "123456789012",
|
3108
|
+
# })
|
3109
|
+
#
|
2493
3110
|
# @example Request syntax with placeholder values
|
2494
3111
|
#
|
2495
3112
|
# resp = client.enable_organization_admin_account({
|
@@ -2560,10 +3177,25 @@ module Aws::SecurityHub
|
|
2560
3177
|
# The value for this field in a member account matches the value in the
|
2561
3178
|
# administrator account. For accounts that aren't part of an
|
2562
3179
|
# organization, the default value of this field is `SECURITY_CONTROL` if
|
2563
|
-
# you enabled Security Hub on or after February
|
3180
|
+
# you enabled Security Hub on or after February 23, 2023.
|
2564
3181
|
#
|
2565
3182
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2566
3183
|
#
|
3184
|
+
#
|
3185
|
+
# @example Example: To activate Security Hub
|
3186
|
+
#
|
3187
|
+
# # The following example activates the Security Hub service in the requesting AWS account. The service is activated in the
|
3188
|
+
# # current AWS Region or the Region that you specify in the request. Some standards are automatically turned on in your
|
3189
|
+
# # account unless you opt out. To determine which standards are automatically turned on, see the Security Hub
|
3190
|
+
# # documentation.
|
3191
|
+
#
|
3192
|
+
# resp = client.enable_security_hub({
|
3193
|
+
# enable_default_standards: true,
|
3194
|
+
# tags: {
|
3195
|
+
# "Department" => "Security",
|
3196
|
+
# },
|
3197
|
+
# })
|
3198
|
+
#
|
2567
3199
|
# @example Request syntax with placeholder values
|
2568
3200
|
#
|
2569
3201
|
# resp = client.enable_security_hub({
|
@@ -2593,6 +3225,24 @@ module Aws::SecurityHub
|
|
2593
3225
|
#
|
2594
3226
|
# * {Types::GetAdministratorAccountResponse#administrator #administrator} => Types::Invitation
|
2595
3227
|
#
|
3228
|
+
#
|
3229
|
+
# @example Example: To get details about the Security Hub administrator account
|
3230
|
+
#
|
3231
|
+
# # The following example provides details about the Security Hub administrator account for the requesting member account.
|
3232
|
+
#
|
3233
|
+
# resp = client.get_administrator_account({
|
3234
|
+
# })
|
3235
|
+
#
|
3236
|
+
# resp.to_h outputs the following:
|
3237
|
+
# {
|
3238
|
+
# administrator: {
|
3239
|
+
# account_id: "123456789012",
|
3240
|
+
# invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb",
|
3241
|
+
# invited_at: Time.parse("2020-06-01T20:21:18.042000+00:00"),
|
3242
|
+
# member_status: "ASSOCIATED",
|
3243
|
+
# },
|
3244
|
+
# }
|
3245
|
+
#
|
2596
3246
|
# @example Response structure
|
2597
3247
|
#
|
2598
3248
|
# resp.administrator.account_id #=> String
|
@@ -2634,6 +3284,30 @@ module Aws::SecurityHub
|
|
2634
3284
|
#
|
2635
3285
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2636
3286
|
#
|
3287
|
+
#
|
3288
|
+
# @example Example: To return a list of enabled standards
|
3289
|
+
#
|
3290
|
+
# # The following example returns a list of Security Hub standards that are currently enabled in your account.
|
3291
|
+
#
|
3292
|
+
# resp = client.get_enabled_standards({
|
3293
|
+
# standards_subscription_arns: [
|
3294
|
+
# "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
|
3295
|
+
# ],
|
3296
|
+
# })
|
3297
|
+
#
|
3298
|
+
# resp.to_h outputs the following:
|
3299
|
+
# {
|
3300
|
+
# standards_subscriptions: [
|
3301
|
+
# {
|
3302
|
+
# standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
|
3303
|
+
# standards_input: {
|
3304
|
+
# },
|
3305
|
+
# standards_status: "READY",
|
3306
|
+
# standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
|
3307
|
+
# },
|
3308
|
+
# ],
|
3309
|
+
# }
|
3310
|
+
#
|
2637
3311
|
# @example Request syntax with placeholder values
|
2638
3312
|
#
|
2639
3313
|
# resp = client.get_enabled_standards({
|
@@ -2675,6 +3349,26 @@ module Aws::SecurityHub
|
|
2675
3349
|
# * {Types::GetFindingAggregatorResponse#region_linking_mode #region_linking_mode} => String
|
2676
3350
|
# * {Types::GetFindingAggregatorResponse#regions #regions} => Array<String>
|
2677
3351
|
#
|
3352
|
+
#
|
3353
|
+
# @example Example: To get cross-Region aggregation details
|
3354
|
+
#
|
3355
|
+
# # The following example returns cross-Region aggregation details for the requesting account.
|
3356
|
+
#
|
3357
|
+
# resp = client.get_finding_aggregator({
|
3358
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
3359
|
+
# })
|
3360
|
+
#
|
3361
|
+
# resp.to_h outputs the following:
|
3362
|
+
# {
|
3363
|
+
# finding_aggregation_region: "us-east-1",
|
3364
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
3365
|
+
# region_linking_mode: "SPECIFIED_REGIONS",
|
3366
|
+
# regions: [
|
3367
|
+
# "us-west-1",
|
3368
|
+
# "us-west-2",
|
3369
|
+
# ],
|
3370
|
+
# }
|
3371
|
+
#
|
2678
3372
|
# @example Request syntax with placeholder values
|
2679
3373
|
#
|
2680
3374
|
# resp = client.get_finding_aggregator({
|
@@ -2736,6 +3430,115 @@ module Aws::SecurityHub
|
|
2736
3430
|
#
|
2737
3431
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2738
3432
|
#
|
3433
|
+
#
|
3434
|
+
# @example Example: To get a list of findings
|
3435
|
+
#
|
3436
|
+
# # The following example returns a filtered and sorted list of Security Hub findings.
|
3437
|
+
#
|
3438
|
+
# resp = client.get_findings({
|
3439
|
+
# filters: {
|
3440
|
+
# aws_account_id: [
|
3441
|
+
# {
|
3442
|
+
# comparison: "PREFIX",
|
3443
|
+
# value: "123456789012",
|
3444
|
+
# },
|
3445
|
+
# ],
|
3446
|
+
# },
|
3447
|
+
# max_results: 1,
|
3448
|
+
# })
|
3449
|
+
#
|
3450
|
+
# resp.to_h outputs the following:
|
3451
|
+
# {
|
3452
|
+
# findings: [
|
3453
|
+
# {
|
3454
|
+
# aws_account_id: "123456789012",
|
3455
|
+
# company_name: "AWS",
|
3456
|
+
# compliance: {
|
3457
|
+
# associated_standards: [
|
3458
|
+
# {
|
3459
|
+
# standards_id: "standards/aws-foundational-security-best-practices/v/1.0.0",
|
3460
|
+
# },
|
3461
|
+
# {
|
3462
|
+
# standards_id: "standards/pci-dss/v/3.2.1",
|
3463
|
+
# },
|
3464
|
+
# {
|
3465
|
+
# standards_id: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
3466
|
+
# },
|
3467
|
+
# {
|
3468
|
+
# standards_id: "standards/cis-aws-foundations-benchmark/v/1.4.0",
|
3469
|
+
# },
|
3470
|
+
# {
|
3471
|
+
# standards_id: "standards/service-managed-aws-control-tower/v/1.0.0",
|
3472
|
+
# },
|
3473
|
+
# ],
|
3474
|
+
# related_requirements: [
|
3475
|
+
# "PCI DSS v3.2.1/3.4",
|
3476
|
+
# "CIS AWS Foundations Benchmark v1.2.0/2.7",
|
3477
|
+
# "CIS AWS Foundations Benchmark v1.4.0/3.7",
|
3478
|
+
# ],
|
3479
|
+
# security_control_id: "CloudTrail.2",
|
3480
|
+
# status: "FAILED",
|
3481
|
+
# },
|
3482
|
+
# created_at: "2022-10-06T02:18:23.076Z",
|
3483
|
+
# description: "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
|
3484
|
+
# finding_provider_fields: {
|
3485
|
+
# severity: {
|
3486
|
+
# label: "MEDIUM",
|
3487
|
+
# original: "MEDIUM",
|
3488
|
+
# },
|
3489
|
+
# types: [
|
3490
|
+
# "Software and Configuration Checks/Industry and Regulatory Standards",
|
3491
|
+
# ],
|
3492
|
+
# },
|
3493
|
+
# first_observed_at: "2022-10-06T02:18:23.076Z",
|
3494
|
+
# generator_id: "security-control/CloudTrail.2",
|
3495
|
+
# id: "arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
3496
|
+
# last_observed_at: "2022-10-28T16:10:06.956Z",
|
3497
|
+
# product_arn: "arn:aws:securityhub:us-east-2::product/aws/securityhub",
|
3498
|
+
# product_fields: {
|
3499
|
+
# "RelatedAWSResources:0/name" => "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
|
3500
|
+
# "RelatedAWSResources:0/type" => "AWS::Config::ConfigRule",
|
3501
|
+
# "Resources:0/Id" => "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT",
|
3502
|
+
# "aws/securityhub/CompanyName" => "AWS",
|
3503
|
+
# "aws/securityhub/FindingId" => "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
3504
|
+
# "aws/securityhub/ProductName" => "Security Hub",
|
3505
|
+
# },
|
3506
|
+
# product_name: "Security Hub",
|
3507
|
+
# record_state: "ACTIVE",
|
3508
|
+
# region: "us-east-2",
|
3509
|
+
# remediation: {
|
3510
|
+
# recommendation: {
|
3511
|
+
# text: "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.",
|
3512
|
+
# url: "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
|
3513
|
+
# },
|
3514
|
+
# },
|
3515
|
+
# resources: [
|
3516
|
+
# {
|
3517
|
+
# id: "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT",
|
3518
|
+
# partition: "aws",
|
3519
|
+
# region: "us-east-2",
|
3520
|
+
# type: "AwsCloudTrailTrail",
|
3521
|
+
# },
|
3522
|
+
# ],
|
3523
|
+
# schema_version: "2018-10-08",
|
3524
|
+
# severity: {
|
3525
|
+
# label: "MEDIUM",
|
3526
|
+
# normalized: 40,
|
3527
|
+
# original: "MEDIUM",
|
3528
|
+
# },
|
3529
|
+
# title: "CloudTrail should have encryption at-rest enabled",
|
3530
|
+
# types: [
|
3531
|
+
# "Software and Configuration Checks/Industry and Regulatory Standards",
|
3532
|
+
# ],
|
3533
|
+
# updated_at: "2022-10-28T16:10:00.093Z",
|
3534
|
+
# workflow: {
|
3535
|
+
# status: "NEW",
|
3536
|
+
# },
|
3537
|
+
# workflow_state: "NEW",
|
3538
|
+
# },
|
3539
|
+
# ],
|
3540
|
+
# }
|
3541
|
+
#
|
2739
3542
|
# @example Request syntax with placeholder values
|
2740
3543
|
#
|
2741
3544
|
# resp = client.get_findings({
|
@@ -3402,6 +4205,33 @@ module Aws::SecurityHub
|
|
3402
4205
|
#
|
3403
4206
|
# * {Types::GetInsightResultsResponse#insight_results #insight_results} => Types::InsightResults
|
3404
4207
|
#
|
4208
|
+
#
|
4209
|
+
# @example Example: To get the results of a Security Hub insight
|
4210
|
+
#
|
4211
|
+
# # The following example returns the results of the Security Hub insight specified by the insight ARN.
|
4212
|
+
#
|
4213
|
+
# resp = client.get_insight_results({
|
4214
|
+
# insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
4215
|
+
# })
|
4216
|
+
#
|
4217
|
+
# resp.to_h outputs the following:
|
4218
|
+
# {
|
4219
|
+
# insight_results: {
|
4220
|
+
# group_by_attribute: "ResourceId",
|
4221
|
+
# insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
4222
|
+
# result_values: [
|
4223
|
+
# {
|
4224
|
+
# count: 10,
|
4225
|
+
# group_by_attribute_value: "AWS::::Account:111122223333",
|
4226
|
+
# },
|
4227
|
+
# {
|
4228
|
+
# count: 3,
|
4229
|
+
# group_by_attribute_value: "AWS::::Account:444455556666",
|
4230
|
+
# },
|
4231
|
+
# ],
|
4232
|
+
# },
|
4233
|
+
# }
|
4234
|
+
#
|
3405
4235
|
# @example Request syntax with placeholder values
|
3406
4236
|
#
|
3407
4237
|
# resp = client.get_insight_results({
|
@@ -3450,6 +4280,42 @@ module Aws::SecurityHub
|
|
3450
4280
|
#
|
3451
4281
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3452
4282
|
#
|
4283
|
+
#
|
4284
|
+
# @example Example: To get details of a Security Hub insight
|
4285
|
+
#
|
4286
|
+
# # The following example returns details of the Security Hub insight with the specified ARN.
|
4287
|
+
#
|
4288
|
+
# resp = client.get_insights({
|
4289
|
+
# insight_arns: [
|
4290
|
+
# "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
4291
|
+
# ],
|
4292
|
+
# })
|
4293
|
+
#
|
4294
|
+
# resp.to_h outputs the following:
|
4295
|
+
# {
|
4296
|
+
# insights: [
|
4297
|
+
# {
|
4298
|
+
# filters: {
|
4299
|
+
# resource_type: [
|
4300
|
+
# {
|
4301
|
+
# comparison: "EQUALS",
|
4302
|
+
# value: "AwsIamRole",
|
4303
|
+
# },
|
4304
|
+
# ],
|
4305
|
+
# severity_label: [
|
4306
|
+
# {
|
4307
|
+
# comparison: "EQUALS",
|
4308
|
+
# value: "CRITICAL",
|
4309
|
+
# },
|
4310
|
+
# ],
|
4311
|
+
# },
|
4312
|
+
# group_by_attribute: "ResourceId",
|
4313
|
+
# insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
4314
|
+
# name: "Critical role findings",
|
4315
|
+
# },
|
4316
|
+
# ],
|
4317
|
+
# }
|
4318
|
+
#
|
3453
4319
|
# @example Request syntax with placeholder values
|
3454
4320
|
#
|
3455
4321
|
# resp = client.get_insights({
|
@@ -3802,6 +4668,20 @@ module Aws::SecurityHub
|
|
3802
4668
|
#
|
3803
4669
|
# * {Types::GetInvitationsCountResponse#invitations_count #invitations_count} => Integer
|
3804
4670
|
#
|
4671
|
+
#
|
4672
|
+
# @example Example: To get a count of membership invitations
|
4673
|
+
#
|
4674
|
+
# # The following example returns a count of invitations that the Security Hub administrator sent to the current member
|
4675
|
+
# # account, not including the currently accepted invitation.
|
4676
|
+
#
|
4677
|
+
# resp = client.get_invitations_count({
|
4678
|
+
# })
|
4679
|
+
#
|
4680
|
+
# resp.to_h outputs the following:
|
4681
|
+
# {
|
4682
|
+
# invitations_count: 3,
|
4683
|
+
# }
|
4684
|
+
#
|
3805
4685
|
# @example Response structure
|
3806
4686
|
#
|
3807
4687
|
# resp.invitations_count #=> Integer
|
@@ -3869,6 +4749,44 @@ module Aws::SecurityHub
|
|
3869
4749
|
# * {Types::GetMembersResponse#members #members} => Array<Types::Member>
|
3870
4750
|
# * {Types::GetMembersResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::Result>
|
3871
4751
|
#
|
4752
|
+
#
|
4753
|
+
# @example Example: To get member account details
|
4754
|
+
#
|
4755
|
+
# # The following example returns details for the Security Hub member accounts with the specified AWS account IDs. An
|
4756
|
+
# # administrator account may be the delegated Security Hub administrator account for an organization or an administrator
|
4757
|
+
# # account that enabled Security Hub manually. The Security Hub administrator must call this operation.
|
4758
|
+
#
|
4759
|
+
# resp = client.get_members({
|
4760
|
+
# account_ids: [
|
4761
|
+
# "444455556666",
|
4762
|
+
# "777788889999",
|
4763
|
+
# ],
|
4764
|
+
# })
|
4765
|
+
#
|
4766
|
+
# resp.to_h outputs the following:
|
4767
|
+
# {
|
4768
|
+
# members: [
|
4769
|
+
# {
|
4770
|
+
# account_id: "444455556666",
|
4771
|
+
# administrator_id: "123456789012",
|
4772
|
+
# invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
4773
|
+
# master_id: "123456789012",
|
4774
|
+
# member_status: "ASSOCIATED",
|
4775
|
+
# updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
4776
|
+
# },
|
4777
|
+
# {
|
4778
|
+
# account_id: "777788889999",
|
4779
|
+
# administrator_id: "123456789012",
|
4780
|
+
# invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
4781
|
+
# master_id: "123456789012",
|
4782
|
+
# member_status: "ASSOCIATED",
|
4783
|
+
# updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
4784
|
+
# },
|
4785
|
+
# ],
|
4786
|
+
# unprocessed_accounts: [
|
4787
|
+
# ],
|
4788
|
+
# }
|
4789
|
+
#
|
3872
4790
|
# @example Request syntax with placeholder values
|
3873
4791
|
#
|
3874
4792
|
# resp = client.get_members({
|
@@ -3921,6 +4839,26 @@ module Aws::SecurityHub
|
|
3921
4839
|
#
|
3922
4840
|
# * {Types::InviteMembersResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::Result>
|
3923
4841
|
#
|
4842
|
+
#
|
4843
|
+
# @example Example: To invite accounts to become members
|
4844
|
+
#
|
4845
|
+
# # The following example invites the specified AWS accounts to become member accounts associated with the calling Security
|
4846
|
+
# # Hub administrator account. You only use this operation to invite accounts that don't belong to an AWS Organizations
|
4847
|
+
# # organization.
|
4848
|
+
#
|
4849
|
+
# resp = client.invite_members({
|
4850
|
+
# account_ids: [
|
4851
|
+
# "111122223333",
|
4852
|
+
# "444455556666",
|
4853
|
+
# ],
|
4854
|
+
# })
|
4855
|
+
#
|
4856
|
+
# resp.to_h outputs the following:
|
4857
|
+
# {
|
4858
|
+
# unprocessed_accounts: [
|
4859
|
+
# ],
|
4860
|
+
# }
|
4861
|
+
#
|
3924
4862
|
# @example Request syntax with placeholder values
|
3925
4863
|
#
|
3926
4864
|
# resp = client.invite_members({
|
@@ -3964,6 +4902,23 @@ module Aws::SecurityHub
|
|
3964
4902
|
#
|
3965
4903
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3966
4904
|
#
|
4905
|
+
#
|
4906
|
+
# @example Example: To list ARNs for enabled integrations
|
4907
|
+
#
|
4908
|
+
# # The following example returns a list of subscription Amazon Resource Names (ARNs) for the product integrations that you
|
4909
|
+
# # have currently enabled in Security Hub.
|
4910
|
+
#
|
4911
|
+
# resp = client.list_enabled_products_for_import({
|
4912
|
+
# })
|
4913
|
+
#
|
4914
|
+
# resp.to_h outputs the following:
|
4915
|
+
# {
|
4916
|
+
# product_subscriptions: [
|
4917
|
+
# "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon",
|
4918
|
+
# "arn:aws:securityhub:us-east-1::product/3coresec/3coresec",
|
4919
|
+
# ],
|
4920
|
+
# }
|
4921
|
+
#
|
3967
4922
|
# @example Request syntax with placeholder values
|
3968
4923
|
#
|
3969
4924
|
# resp = client.list_enabled_products_for_import({
|
@@ -4005,6 +4960,23 @@ module Aws::SecurityHub
|
|
4005
4960
|
#
|
4006
4961
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4007
4962
|
#
|
4963
|
+
#
|
4964
|
+
# @example Example: To update the enablement status of a standard control
|
4965
|
+
#
|
4966
|
+
# # The following example disables the specified control in the specified security standard.
|
4967
|
+
#
|
4968
|
+
# resp = client.list_finding_aggregators({
|
4969
|
+
# })
|
4970
|
+
#
|
4971
|
+
# resp.to_h outputs the following:
|
4972
|
+
# {
|
4973
|
+
# finding_aggregators: [
|
4974
|
+
# {
|
4975
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
4976
|
+
# },
|
4977
|
+
# ],
|
4978
|
+
# }
|
4979
|
+
#
|
4008
4980
|
# @example Request syntax with placeholder values
|
4009
4981
|
#
|
4010
4982
|
# resp = client.list_finding_aggregators({
|
@@ -4053,6 +5025,27 @@ module Aws::SecurityHub
|
|
4053
5025
|
#
|
4054
5026
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4055
5027
|
#
|
5028
|
+
#
|
5029
|
+
# @example Example: To list membership invitations to calling account
|
5030
|
+
#
|
5031
|
+
# # The following example returns a list of Security Hub member invitations sent to the calling AWS account. Only accounts
|
5032
|
+
# # that are invited manually use this operation. It's not for use by accounts that are managed through AWS Organizations.
|
5033
|
+
#
|
5034
|
+
# resp = client.list_invitations({
|
5035
|
+
# })
|
5036
|
+
#
|
5037
|
+
# resp.to_h outputs the following:
|
5038
|
+
# {
|
5039
|
+
# invitations: [
|
5040
|
+
# {
|
5041
|
+
# account_id: "123456789012",
|
5042
|
+
# invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb",
|
5043
|
+
# invited_at: Time.parse("2020-06-01T20:21:18.042000+00:00"),
|
5044
|
+
# member_status: "ASSOCIATED",
|
5045
|
+
# },
|
5046
|
+
# ],
|
5047
|
+
# }
|
5048
|
+
#
|
4056
5049
|
# @example Request syntax with placeholder values
|
4057
5050
|
#
|
4058
5051
|
# resp = client.list_invitations({
|
@@ -4114,6 +5107,37 @@ module Aws::SecurityHub
|
|
4114
5107
|
#
|
4115
5108
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4116
5109
|
#
|
5110
|
+
#
|
5111
|
+
# @example Example: To list member account details
|
5112
|
+
#
|
5113
|
+
# # The following example returns details about member accounts for the calling Security Hub administrator account. The
|
5114
|
+
# # response includes member accounts that are managed through AWS Organizations and those that were invited manually.
|
5115
|
+
#
|
5116
|
+
# resp = client.list_members({
|
5117
|
+
# })
|
5118
|
+
#
|
5119
|
+
# resp.to_h outputs the following:
|
5120
|
+
# {
|
5121
|
+
# members: [
|
5122
|
+
# {
|
5123
|
+
# account_id: "111122223333",
|
5124
|
+
# administrator_id: "123456789012",
|
5125
|
+
# invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
5126
|
+
# master_id: "123456789012",
|
5127
|
+
# member_status: "ASSOCIATED",
|
5128
|
+
# updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
5129
|
+
# },
|
5130
|
+
# {
|
5131
|
+
# account_id: "444455556666",
|
5132
|
+
# administrator_id: "123456789012",
|
5133
|
+
# invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
5134
|
+
# master_id: "123456789012",
|
5135
|
+
# member_status: "ASSOCIATED",
|
5136
|
+
# updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"),
|
5137
|
+
# },
|
5138
|
+
# ],
|
5139
|
+
# }
|
5140
|
+
#
|
4117
5141
|
# @example Request syntax with placeholder values
|
4118
5142
|
#
|
4119
5143
|
# resp = client.list_members({
|
@@ -4163,6 +5187,27 @@ module Aws::SecurityHub
|
|
4163
5187
|
#
|
4164
5188
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4165
5189
|
#
|
5190
|
+
#
|
5191
|
+
# @example Example: To list administrator acccounts for an organization
|
5192
|
+
#
|
5193
|
+
# # The following example lists the Security Hub administrator accounts for an organization. Only the organization
|
5194
|
+
# # management account can call this operation.
|
5195
|
+
#
|
5196
|
+
# resp = client.list_organization_admin_accounts({
|
5197
|
+
# })
|
5198
|
+
#
|
5199
|
+
# resp.to_h outputs the following:
|
5200
|
+
# {
|
5201
|
+
# admin_accounts: [
|
5202
|
+
# {
|
5203
|
+
# account_id: "777788889999",
|
5204
|
+
# },
|
5205
|
+
# {
|
5206
|
+
# status: "ENABLED",
|
5207
|
+
# },
|
5208
|
+
# ],
|
5209
|
+
# }
|
5210
|
+
#
|
4166
5211
|
# @example Request syntax with placeholder values
|
4167
5212
|
#
|
4168
5213
|
# resp = client.list_organization_admin_accounts({
|
@@ -4211,6 +5256,48 @@ module Aws::SecurityHub
|
|
4211
5256
|
#
|
4212
5257
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4213
5258
|
#
|
5259
|
+
#
|
5260
|
+
# @example Example: To list security controls that apply to a standard
|
5261
|
+
#
|
5262
|
+
# # The following example lists security controls that apply to a specified Security Hub standard.
|
5263
|
+
#
|
5264
|
+
# resp = client.list_security_control_definitions({
|
5265
|
+
# max_results: 3,
|
5266
|
+
# next_token: "NULL",
|
5267
|
+
# standards_arn: "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0",
|
5268
|
+
# })
|
5269
|
+
#
|
5270
|
+
# resp.to_h outputs the following:
|
5271
|
+
# {
|
5272
|
+
# next_token: "U2FsdGVkX1...",
|
5273
|
+
# security_control_definitions: [
|
5274
|
+
# {
|
5275
|
+
# current_region_availability: "AVAILABLE",
|
5276
|
+
# description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
|
5277
|
+
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
|
5278
|
+
# security_control_id: "ACM.1",
|
5279
|
+
# severity_rating: "MEDIUM",
|
5280
|
+
# title: "Imported and ACM-issued certificates should be renewed after a specified time period",
|
5281
|
+
# },
|
5282
|
+
# {
|
5283
|
+
# current_region_availability: "AVAILABLE",
|
5284
|
+
# description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
|
5285
|
+
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
|
5286
|
+
# security_control_id: "APIGateway.1",
|
5287
|
+
# severity_rating: "MEDIUM",
|
5288
|
+
# title: "API Gateway REST and WebSocket API execution logging should be enabled",
|
5289
|
+
# },
|
5290
|
+
# {
|
5291
|
+
# current_region_availability: "AVAILABLE",
|
5292
|
+
# description: "This control checks whether Amazon API Gateway REST API stages have SSL certificates configured that backend systems can use to authenticate that incoming requests are from the API Gateway.",
|
5293
|
+
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.2/remediation",
|
5294
|
+
# security_control_id: "APIGateway.2",
|
5295
|
+
# severity_rating: "MEDIUM",
|
5296
|
+
# title: "API Gateway REST API stages should be configured to use SSL certificates for backend authentication",
|
5297
|
+
# },
|
5298
|
+
# ],
|
5299
|
+
# }
|
5300
|
+
#
|
4214
5301
|
# @example Request syntax with placeholder values
|
4215
5302
|
#
|
4216
5303
|
# resp = client.list_security_control_definitions({
|
@@ -4267,6 +5354,50 @@ module Aws::SecurityHub
|
|
4267
5354
|
#
|
4268
5355
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4269
5356
|
#
|
5357
|
+
#
|
5358
|
+
# @example Example: To say whether standard
|
5359
|
+
#
|
5360
|
+
# # The following example specifies whether a control is currently enabled or disabled in each enabled standard in the
|
5361
|
+
# # calling account. The response also provides other details about the control.
|
5362
|
+
#
|
5363
|
+
# resp = client.list_standards_control_associations({
|
5364
|
+
# security_control_id: "S3.1",
|
5365
|
+
# })
|
5366
|
+
#
|
5367
|
+
# resp.to_h outputs the following:
|
5368
|
+
# {
|
5369
|
+
# standards_control_association_summaries: [
|
5370
|
+
# {
|
5371
|
+
# association_status: "ENABLED",
|
5372
|
+
# related_requirements: [
|
5373
|
+
# "PCI DSS 1.2.1",
|
5374
|
+
# "PCI DSS 1.3.1",
|
5375
|
+
# "PCI DSS 1.3.2",
|
5376
|
+
# "PCI DSS 1.3.4",
|
5377
|
+
# "PCI DSS 1.3.6",
|
5378
|
+
# ],
|
5379
|
+
# security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1",
|
5380
|
+
# security_control_id: "S3.1",
|
5381
|
+
# standards_arn: "arn:aws:securityhub:us-west-2::standards/pci-dss/v/3.2.1",
|
5382
|
+
# standards_control_description: "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.",
|
5383
|
+
# standards_control_title: "S3 Block Public Access setting should be enabled",
|
5384
|
+
# updated_at: Time.parse("2022-01-13T23:03:46.648000+00:00"),
|
5385
|
+
# },
|
5386
|
+
# {
|
5387
|
+
# association_status: "DISABLED",
|
5388
|
+
# related_requirements: [
|
5389
|
+
# ],
|
5390
|
+
# security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1",
|
5391
|
+
# security_control_id: "S3.1",
|
5392
|
+
# standards_arn: "arn:aws:securityhub:us-west-2::standards/aws-foundational-security-best-practices/v/1.0.0",
|
5393
|
+
# standards_control_description: "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.",
|
5394
|
+
# standards_control_title: "S3 Block Public Access setting should be enabled",
|
5395
|
+
# updated_at: Time.parse("2022-08-12T22:59:04.924000+00:00"),
|
5396
|
+
# updated_reason: "Not relevant to environment",
|
5397
|
+
# },
|
5398
|
+
# ],
|
5399
|
+
# }
|
5400
|
+
#
|
4270
5401
|
# @example Request syntax with placeholder values
|
4271
5402
|
#
|
4272
5403
|
# resp = client.list_standards_control_associations({
|
@@ -4308,6 +5439,23 @@ module Aws::SecurityHub
|
|
4308
5439
|
#
|
4309
5440
|
# * {Types::ListTagsForResourceResponse#tags #tags} => Hash<String,String>
|
4310
5441
|
#
|
5442
|
+
#
|
5443
|
+
# @example Example: To get a list of tags for a resource
|
5444
|
+
#
|
5445
|
+
# # The following example returns a list of tags associated with the specified resource.
|
5446
|
+
#
|
5447
|
+
# resp = client.list_tags_for_resource({
|
5448
|
+
# resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default",
|
5449
|
+
# })
|
5450
|
+
#
|
5451
|
+
# resp.to_h outputs the following:
|
5452
|
+
# {
|
5453
|
+
# tags: {
|
5454
|
+
# "Area" => "USMidwest",
|
5455
|
+
# "Department" => "Operations",
|
5456
|
+
# },
|
5457
|
+
# }
|
5458
|
+
#
|
4311
5459
|
# @example Request syntax with placeholder values
|
4312
5460
|
#
|
4313
5461
|
# resp = client.list_tags_for_resource({
|
@@ -4340,6 +5488,19 @@ module Aws::SecurityHub
|
|
4340
5488
|
#
|
4341
5489
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4342
5490
|
#
|
5491
|
+
#
|
5492
|
+
# @example Example: To tag a resource
|
5493
|
+
#
|
5494
|
+
# # The following example adds the 'Department' and 'Area' tags to the specified resource.
|
5495
|
+
#
|
5496
|
+
# resp = client.tag_resource({
|
5497
|
+
# resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default",
|
5498
|
+
# tags: {
|
5499
|
+
# "Area" => "USMidwest",
|
5500
|
+
# "Department" => "Operations",
|
5501
|
+
# },
|
5502
|
+
# })
|
5503
|
+
#
|
4343
5504
|
# @example Request syntax with placeholder values
|
4344
5505
|
#
|
4345
5506
|
# resp = client.tag_resource({
|
@@ -4369,6 +5530,18 @@ module Aws::SecurityHub
|
|
4369
5530
|
#
|
4370
5531
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4371
5532
|
#
|
5533
|
+
#
|
5534
|
+
# @example Example: To remove tags from a resource
|
5535
|
+
#
|
5536
|
+
# # The following example removes the 'Department' tag from the specified resource.
|
5537
|
+
#
|
5538
|
+
# resp = client.untag_resource({
|
5539
|
+
# resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default",
|
5540
|
+
# tag_keys: [
|
5541
|
+
# "Department",
|
5542
|
+
# ],
|
5543
|
+
# })
|
5544
|
+
#
|
4372
5545
|
# @example Request syntax with placeholder values
|
4373
5546
|
#
|
4374
5547
|
# resp = client.untag_resource({
|
@@ -4399,6 +5572,18 @@ module Aws::SecurityHub
|
|
4399
5572
|
#
|
4400
5573
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4401
5574
|
#
|
5575
|
+
#
|
5576
|
+
# @example Example: To update the name and description of a custom action target
|
5577
|
+
#
|
5578
|
+
# # The following example updates the name and description of a custom action target in Security Hub. You can create custom
|
5579
|
+
# # actions to automatically respond to Security Hub findings using Amazon EventBridge.
|
5580
|
+
#
|
5581
|
+
# resp = client.update_action_target({
|
5582
|
+
# action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
|
5583
|
+
# description: "Sends specified findings to customer service chat",
|
5584
|
+
# name: "Chat custom action",
|
5585
|
+
# })
|
5586
|
+
#
|
4402
5587
|
# @example Request syntax with placeholder values
|
4403
5588
|
#
|
4404
5589
|
# resp = client.update_action_target({
|
@@ -4469,6 +5654,33 @@ module Aws::SecurityHub
|
|
4469
5654
|
# * {Types::UpdateFindingAggregatorResponse#region_linking_mode #region_linking_mode} => String
|
4470
5655
|
# * {Types::UpdateFindingAggregatorResponse#regions #regions} => Array<String>
|
4471
5656
|
#
|
5657
|
+
#
|
5658
|
+
# @example Example: To update cross-Region aggregation settings
|
5659
|
+
#
|
5660
|
+
# # The following example updates the cross-Region aggregation configuration. You use this operation to change the list of
|
5661
|
+
# # linked Regions and the treatment of new Regions. However, you cannot use this operation to change the aggregation
|
5662
|
+
# # Region.
|
5663
|
+
#
|
5664
|
+
# resp = client.update_finding_aggregator({
|
5665
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
5666
|
+
# region_linking_mode: "SPECIFIED_REGIONS",
|
5667
|
+
# regions: [
|
5668
|
+
# "us-west-1",
|
5669
|
+
# "us-west-2",
|
5670
|
+
# ],
|
5671
|
+
# })
|
5672
|
+
#
|
5673
|
+
# resp.to_h outputs the following:
|
5674
|
+
# {
|
5675
|
+
# finding_aggregation_region: "us-east-1",
|
5676
|
+
# finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
5677
|
+
# region_linking_mode: "SPECIFIED_REGIONS",
|
5678
|
+
# regions: [
|
5679
|
+
# "us-west-1",
|
5680
|
+
# "us-west-2",
|
5681
|
+
# ],
|
5682
|
+
# }
|
5683
|
+
#
|
4472
5684
|
# @example Request syntax with placeholder values
|
4473
5685
|
#
|
4474
5686
|
# resp = client.update_finding_aggregator({
|
@@ -5183,6 +6395,30 @@ module Aws::SecurityHub
|
|
5183
6395
|
#
|
5184
6396
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5185
6397
|
#
|
6398
|
+
#
|
6399
|
+
# @example Example: To update an insight
|
6400
|
+
#
|
6401
|
+
# # The following example updates the specified Security Hub insight.
|
6402
|
+
#
|
6403
|
+
# resp = client.update_insight({
|
6404
|
+
# filters: {
|
6405
|
+
# resource_type: [
|
6406
|
+
# {
|
6407
|
+
# comparison: "EQUALS",
|
6408
|
+
# value: "AwsIamRole",
|
6409
|
+
# },
|
6410
|
+
# ],
|
6411
|
+
# severity_label: [
|
6412
|
+
# {
|
6413
|
+
# comparison: "EQUALS",
|
6414
|
+
# value: "HIGH",
|
6415
|
+
# },
|
6416
|
+
# ],
|
6417
|
+
# },
|
6418
|
+
# insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
6419
|
+
# name: "High severity role findings",
|
6420
|
+
# })
|
6421
|
+
#
|
5186
6422
|
# @example Request syntax with placeholder values
|
5187
6423
|
#
|
5188
6424
|
# resp = client.update_insight({
|
@@ -5864,6 +7100,16 @@ module Aws::SecurityHub
|
|
5864
7100
|
#
|
5865
7101
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5866
7102
|
#
|
7103
|
+
#
|
7104
|
+
# @example Example: To update organization configuration
|
7105
|
+
#
|
7106
|
+
# # The following example updates the configuration for an organization so that Security Hub is automatically activated for
|
7107
|
+
# # new member accounts. Only the Security Hub administrator account can call this operation.
|
7108
|
+
#
|
7109
|
+
# resp = client.update_organization_configuration({
|
7110
|
+
# auto_enable: true,
|
7111
|
+
# })
|
7112
|
+
#
|
5867
7113
|
# @example Request syntax with placeholder values
|
5868
7114
|
#
|
5869
7115
|
# resp = client.update_organization_configuration({
|
@@ -5905,6 +7151,17 @@ module Aws::SecurityHub
|
|
5905
7151
|
#
|
5906
7152
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5907
7153
|
#
|
7154
|
+
#
|
7155
|
+
# @example Example: To update Security Hub settings
|
7156
|
+
#
|
7157
|
+
# # The following example updates Security Hub settings to turn on consolidated control findings, and to automatically
|
7158
|
+
# # enable new controls in enabled standards.
|
7159
|
+
#
|
7160
|
+
# resp = client.update_security_hub_configuration({
|
7161
|
+
# auto_enable_controls: true,
|
7162
|
+
# control_finding_generator: "SECURITY_CONTROL",
|
7163
|
+
# })
|
7164
|
+
#
|
5908
7165
|
# @example Request syntax with placeholder values
|
5909
7166
|
#
|
5910
7167
|
# resp = client.update_security_hub_configuration({
|
@@ -5936,6 +7193,17 @@ module Aws::SecurityHub
|
|
5936
7193
|
#
|
5937
7194
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5938
7195
|
#
|
7196
|
+
#
|
7197
|
+
# @example Example: To update the enablement status of a standard control
|
7198
|
+
#
|
7199
|
+
# # The following example disables the specified control in the specified security standard.
|
7200
|
+
#
|
7201
|
+
# resp = client.update_standards_control({
|
7202
|
+
# control_status: "DISABLED",
|
7203
|
+
# disabled_reason: "Not applicable to my service",
|
7204
|
+
# standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1",
|
7205
|
+
# })
|
7206
|
+
#
|
5939
7207
|
# @example Request syntax with placeholder values
|
5940
7208
|
#
|
5941
7209
|
# resp = client.update_standards_control({
|
@@ -5966,7 +7234,7 @@ module Aws::SecurityHub
|
|
5966
7234
|
params: params,
|
5967
7235
|
config: config)
|
5968
7236
|
context[:gem_name] = 'aws-sdk-securityhub'
|
5969
|
-
context[:gem_version] = '1.
|
7237
|
+
context[:gem_version] = '1.80.0'
|
5970
7238
|
Seahorse::Client::Request.new(handlers, context)
|
5971
7239
|
end
|
5972
7240
|
|