aws-sdk-securityhub 1.80.0 → 1.82.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7fe39abcc2096a495ec8a44d44453b4ff663040a34b7ca5ca89ef485add6a5f5
4
- data.tar.gz: 32f796ff5449feb8a40269707f939b7d08560419d9cb9ad6a45f968480578ba8
3
+ metadata.gz: 5d27ed4d7665d3add4f2c19cf9120ec8d2002c3e1f6418c88696d691ec01355f
4
+ data.tar.gz: d93f50cf335002ee567f0afc8b4205882515c2f2719d0b1bcc598caa48802d58
5
5
  SHA512:
6
- metadata.gz: 6d712aca3964c2779b1bbd50843cbc28afa67b698446a803ea01c7a0e79f0ff0b6dbc475b408d29ff04fe5cfb2c72d25372d983226dfe8a64f32fa4fdf7d1f1c
7
- data.tar.gz: 1b1e4eacb745dc9ea2de1f0cb40c04a59b4de56c641c33cea6961e9c40ece32500c51f1963fe1e61f71d741fe4d601b5d3c1f4beb7182a587d3439270fd9980a
6
+ metadata.gz: 1068b75b7131d88ae7123c7af60e3a054159efb22b83e0695ecf4dd2a44ead984641f4e7968662296efccad8f9486ee4f5db450af2db4626d80588336618eaba
7
+ data.tar.gz: ec3b6d8d01fb19636fefb92935c411db90b636eeabddc9a577bf866f6d2fca9fa9e51b163b4231b23c602d83d85c3913d6edbc4d23d41b8652e81f7331a4b22c
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.82.0 (2023-05-30)
5
+ ------------------
6
+
7
+ * Feature - Added new resource detail objects to ASFF, including resources for AwsGuardDutyDetector, AwsAmazonMqBroker, AwsEventSchemasRegistry, AwsAppSyncGraphQlApi and AwsStepFunctionStateMachine.
8
+
9
+ 1.81.0 (2023-05-04)
10
+ ------------------
11
+
12
+ * Feature - Add support for Finding History.
13
+
4
14
  1.80.0 (2023-04-19)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.80.0
1
+ 1.82.0
@@ -547,9 +547,10 @@ module Aws::SecurityHub
547
547
  # * {Types::BatchEnableStandardsResponse#standards_subscriptions #standards_subscriptions} => Array<Types::StandardsSubscription>
548
548
  #
549
549
  #
550
- # @example Example: To import security findings from a third party provider to Security Hub
550
+ # @example Example: To enable security standards
551
551
  #
552
- # # The following example imports findings from a third party provider to Security Hub.
552
+ # # The following example enables the security standard specified by the StandardArn. You can use this operation to enable
553
+ # # one or more Security Hub standards.
553
554
  #
554
555
  # resp = client.batch_enable_standards({
555
556
  # standards_subscription_requests: [
@@ -617,6 +618,42 @@ module Aws::SecurityHub
617
618
  # * {Types::BatchGetSecurityControlsResponse#security_controls #security_controls} => Array<Types::SecurityControl>
618
619
  # * {Types::BatchGetSecurityControlsResponse#unprocessed_ids #unprocessed_ids} => Array<Types::UnprocessedSecurityControl>
619
620
  #
621
+ #
622
+ # @example Example: To get security control details
623
+ #
624
+ # # The following example gets details for the specified controls in the current AWS account and AWS Region.
625
+ #
626
+ # resp = client.batch_get_security_controls({
627
+ # security_control_ids: [
628
+ # "ACM.1",
629
+ # "APIGateway.1",
630
+ # ],
631
+ # })
632
+ #
633
+ # resp.to_h outputs the following:
634
+ # {
635
+ # security_controls: [
636
+ # {
637
+ # description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
638
+ # remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
639
+ # security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1",
640
+ # security_control_id: "ACM.1",
641
+ # security_control_status: "ENABLED",
642
+ # severity_rating: "MEDIUM",
643
+ # title: "Imported and ACM-issued certificates should be renewed after a specified time period",
644
+ # },
645
+ # {
646
+ # description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
647
+ # remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
648
+ # security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1",
649
+ # security_control_id: "APIGateway.1",
650
+ # security_control_status: "ENABLED",
651
+ # severity_rating: "MEDIUM",
652
+ # title: "API Gateway REST and WebSocket API execution logging should be enabled",
653
+ # },
654
+ # ],
655
+ # }
656
+ #
620
657
  # @example Request syntax with placeholder values
621
658
  #
622
659
  # resp = client.batch_get_security_controls({
@@ -663,6 +700,54 @@ module Aws::SecurityHub
663
700
  # * {Types::BatchGetStandardsControlAssociationsResponse#standards_control_association_details #standards_control_association_details} => Array<Types::StandardsControlAssociationDetail>
664
701
  # * {Types::BatchGetStandardsControlAssociationsResponse#unprocessed_associations #unprocessed_associations} => Array<Types::UnprocessedStandardsControlAssociation>
665
702
  #
703
+ #
704
+ # @example Example: To get enablement status of a batch of controls
705
+ #
706
+ # # The following example retrieves the enablement status of the specified controls in the specified standards.
707
+ #
708
+ # resp = client.batch_get_standards_control_associations({
709
+ # standards_control_association_ids: [
710
+ # {
711
+ # security_control_id: "CloudTrail.1",
712
+ # standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
713
+ # },
714
+ # {
715
+ # security_control_id: "CloudWatch.12",
716
+ # standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
717
+ # },
718
+ # ],
719
+ # })
720
+ #
721
+ # resp.to_h outputs the following:
722
+ # {
723
+ # standards_control_association_details: [
724
+ # {
725
+ # association_status: "ENABLED",
726
+ # related_requirements: [
727
+ # "CIS AWS Foundations 2.1",
728
+ # ],
729
+ # security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudTrail.1",
730
+ # security_control_id: "CloudTrail.1",
731
+ # standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
732
+ # standards_control_description: "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.",
733
+ # standards_control_title: "Ensure CloudTrail is enabled in all regions",
734
+ # updated_at: Time.parse("2022-01-13T18:52:29.539000+00:00"),
735
+ # },
736
+ # {
737
+ # association_status: "ENABLED",
738
+ # related_requirements: [
739
+ # "CIS AWS Foundations 3.12",
740
+ # ],
741
+ # security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudWatch.12",
742
+ # security_control_id: "CloudWatch.12",
743
+ # standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
744
+ # standards_control_description: "Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Network gateways are required to send/receive traffic to a destination outside of a VPC. It is recommended that a metric filter and alarm be established for changes to network gateways.",
745
+ # standards_control_title: "Ensure a log metric filter and alarm exist for changes to network gateways",
746
+ # updated_at: Time.parse("2022-01-13T18:52:29.686000+00:00"),
747
+ # },
748
+ # ],
749
+ # }
750
+ #
666
751
  # @example Request syntax with placeholder values
667
752
  #
668
753
  # resp = client.batch_get_standards_control_associations({
@@ -1079,6 +1164,45 @@ module Aws::SecurityHub
1079
1164
  #
1080
1165
  # * {Types::BatchUpdateStandardsControlAssociationsResponse#unprocessed_association_updates #unprocessed_association_updates} => Array<Types::UnprocessedStandardsControlAssociationUpdate>
1081
1166
  #
1167
+ #
1168
+ # @example Example: To update enablement status of a batch of controls
1169
+ #
1170
+ # # The following example disables CloudWatch.12 in CIS AWS Foundations Benchmark v1.2.0. The example returns an error for
1171
+ # # CloudTrail.1 because an invalid standard ARN is provided.
1172
+ #
1173
+ # resp = client.batch_update_standards_control_associations({
1174
+ # standards_control_association_updates: [
1175
+ # {
1176
+ # association_status: "DISABLED",
1177
+ # security_control_id: "CloudTrail.1",
1178
+ # standards_arn: "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0",
1179
+ # updated_reason: "Not relevant to environment",
1180
+ # },
1181
+ # {
1182
+ # association_status: "DISABLED",
1183
+ # security_control_id: "CloudWatch.12",
1184
+ # standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
1185
+ # updated_reason: "Not relevant to environment",
1186
+ # },
1187
+ # ],
1188
+ # })
1189
+ #
1190
+ # resp.to_h outputs the following:
1191
+ # {
1192
+ # unprocessed_association_updates: [
1193
+ # {
1194
+ # error_code: "INVALID_INPUT",
1195
+ # error_reason: "Invalid Standards Arn: 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0'",
1196
+ # standards_control_association_update: {
1197
+ # association_status: "DISABLED",
1198
+ # security_control_id: "CloudTrail.1",
1199
+ # standards_arn: "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0",
1200
+ # updated_reason: "Test Reason",
1201
+ # },
1202
+ # },
1203
+ # ],
1204
+ # }
1205
+ #
1082
1206
  # @example Request syntax with placeholder values
1083
1207
  #
1084
1208
  # resp = client.batch_update_standards_control_associations({
@@ -3392,6 +3516,158 @@ module Aws::SecurityHub
3392
3516
  req.send_request(options)
3393
3517
  end
3394
3518
 
3519
+ # Returns history for a Security Hub finding in the last 90 days. The
3520
+ # history includes changes made to any fields in the Amazon Web Services
3521
+ # Security Finding Format (ASFF).
3522
+ #
3523
+ # @option params [required, Types::AwsSecurityFindingIdentifier] :finding_identifier
3524
+ # Identifies which finding to get the finding history for.
3525
+ #
3526
+ # @option params [Time,DateTime,Date,Integer,String] :start_time
3527
+ # An ISO 8601-formatted timestamp that indicates the start time of the
3528
+ # requested finding history. A correctly formatted example is
3529
+ # `2020-05-21T20:16:34.724Z`. The value cannot contain spaces, and date
3530
+ # and time should be separated by `T`. For more information, see [RFC
3531
+ # 3339 section 5.6, Internet Date/Time Format][1].
3532
+ #
3533
+ # If you provide values for both `StartTime` and `EndTime`, Security Hub
3534
+ # returns finding history for the specified time period. If you provide
3535
+ # a value for `StartTime` but not for `EndTime`, Security Hub returns
3536
+ # finding history from the `StartTime` to the time at which the API is
3537
+ # called. If you provide a value for `EndTime` but not for `StartTime`,
3538
+ # Security Hub returns finding history from the [CreatedAt][2] timestamp
3539
+ # of the finding to the `EndTime`. If you provide neither `StartTime`
3540
+ # nor `EndTime`, Security Hub returns finding history from the CreatedAt
3541
+ # timestamp of the finding to the time at which the API is called. In
3542
+ # all of these scenarios, the response is limited to 100 results, and
3543
+ # the maximum time period is limited to 90 days.
3544
+ #
3545
+ #
3546
+ #
3547
+ # [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
3548
+ # [2]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt
3549
+ #
3550
+ # @option params [Time,DateTime,Date,Integer,String] :end_time
3551
+ # An ISO 8601-formatted timestamp that indicates the end time of the
3552
+ # requested finding history. A correctly formatted example is
3553
+ # `2020-05-21T20:16:34.724Z`. The value cannot contain spaces, and date
3554
+ # and time should be separated by `T`. For more information, see [RFC
3555
+ # 3339 section 5.6, Internet Date/Time Format][1].
3556
+ #
3557
+ # If you provide values for both `StartTime` and `EndTime`, Security Hub
3558
+ # returns finding history for the specified time period. If you provide
3559
+ # a value for `StartTime` but not for `EndTime`, Security Hub returns
3560
+ # finding history from the `StartTime` to the time at which the API is
3561
+ # called. If you provide a value for `EndTime` but not for `StartTime`,
3562
+ # Security Hub returns finding history from the [CreatedAt][2] timestamp
3563
+ # of the finding to the `EndTime`. If you provide neither `StartTime`
3564
+ # nor `EndTime`, Security Hub returns finding history from the CreatedAt
3565
+ # timestamp of the finding to the time at which the API is called. In
3566
+ # all of these scenarios, the response is limited to 100 results, and
3567
+ # the maximum time period is limited to 90 days.
3568
+ #
3569
+ #
3570
+ #
3571
+ # [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
3572
+ # [2]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt
3573
+ #
3574
+ # @option params [String] :next_token
3575
+ # A token for pagination purposes. Provide `NULL` as the initial value.
3576
+ # In subsequent requests, provide the token included in the response to
3577
+ # get up to an additional 100 results of finding history. If you don’t
3578
+ # provide `NextToken`, Security Hub returns up to 100 results of finding
3579
+ # history for each request.
3580
+ #
3581
+ # @option params [Integer] :max_results
3582
+ # The maximum number of results to be returned. If you don’t provide it,
3583
+ # Security Hub returns up to 100 results of finding history.
3584
+ #
3585
+ # @return [Types::GetFindingHistoryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3586
+ #
3587
+ # * {Types::GetFindingHistoryResponse#records #records} => Array<Types::FindingHistoryRecord>
3588
+ # * {Types::GetFindingHistoryResponse#next_token #next_token} => String
3589
+ #
3590
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3591
+ #
3592
+ #
3593
+ # @example Example: To get finding history
3594
+ #
3595
+ # # The following example retrieves the history of the specified finding during the specified time frame. If the time frame
3596
+ # # permits, Security Hub returns finding history for the last 90 days.
3597
+ #
3598
+ # resp = client.get_finding_history({
3599
+ # end_time: Time.parse("2021-09-31T15:53:35.573Z"),
3600
+ # finding_identifier: {
3601
+ # id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
3602
+ # product_arn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
3603
+ # },
3604
+ # max_results: 2,
3605
+ # start_time: Time.parse("2021-09-30T15:53:35.573Z"),
3606
+ # })
3607
+ #
3608
+ # resp.to_h outputs the following:
3609
+ # {
3610
+ # records: [
3611
+ # {
3612
+ # finding_created: false,
3613
+ # finding_identifier: {
3614
+ # id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
3615
+ # product_arn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
3616
+ # },
3617
+ # update_source: {
3618
+ # identity: "arn:aws:iam::444455556666:role/Admin",
3619
+ # type: "BATCH_UPDATE_FINDINGS",
3620
+ # },
3621
+ # update_time: Time.parse("2021-09-31T15:52:25.573Z"),
3622
+ # updates: [
3623
+ # {
3624
+ # new_value: "MEDIUM",
3625
+ # old_value: "HIGH",
3626
+ # updated_field: "Severity",
3627
+ # },
3628
+ # ],
3629
+ # },
3630
+ # ],
3631
+ # }
3632
+ #
3633
+ # @example Request syntax with placeholder values
3634
+ #
3635
+ # resp = client.get_finding_history({
3636
+ # finding_identifier: { # required
3637
+ # id: "NonEmptyString", # required
3638
+ # product_arn: "NonEmptyString", # required
3639
+ # },
3640
+ # start_time: Time.now,
3641
+ # end_time: Time.now,
3642
+ # next_token: "NextToken",
3643
+ # max_results: 1,
3644
+ # })
3645
+ #
3646
+ # @example Response structure
3647
+ #
3648
+ # resp.records #=> Array
3649
+ # resp.records[0].finding_identifier.id #=> String
3650
+ # resp.records[0].finding_identifier.product_arn #=> String
3651
+ # resp.records[0].update_time #=> Time
3652
+ # resp.records[0].finding_created #=> Boolean
3653
+ # resp.records[0].update_source.type #=> String, one of "BATCH_UPDATE_FINDINGS", "BATCH_IMPORT_FINDINGS"
3654
+ # resp.records[0].update_source.identity #=> String
3655
+ # resp.records[0].updates #=> Array
3656
+ # resp.records[0].updates[0].updated_field #=> String
3657
+ # resp.records[0].updates[0].old_value #=> String
3658
+ # resp.records[0].updates[0].new_value #=> String
3659
+ # resp.records[0].next_token #=> String
3660
+ # resp.next_token #=> String
3661
+ #
3662
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingHistory AWS API Documentation
3663
+ #
3664
+ # @overload get_finding_history(params = {})
3665
+ # @param [Hash] params ({})
3666
+ def get_finding_history(params = {}, options = {})
3667
+ req = build_request(:get_finding_history, params)
3668
+ req.send_request(options)
3669
+ end
3670
+
3395
3671
  # Returns a list of findings that match the specified criteria.
3396
3672
  #
3397
3673
  # If finding aggregation is enabled, then when you call `GetFindings`
@@ -7234,7 +7510,7 @@ module Aws::SecurityHub
7234
7510
  params: params,
7235
7511
  config: config)
7236
7512
  context[:gem_name] = 'aws-sdk-securityhub'
7237
- context[:gem_version] = '1.80.0'
7513
+ context[:gem_version] = '1.82.0'
7238
7514
  Seahorse::Client::Request.new(handlers, context)
7239
7515
  end
7240
7516