aws-sdk-securityhub 1.89.0 → 1.90.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +428 -429
- data/lib/aws-sdk-securityhub/client_api.rb +30 -0
- data/lib/aws-sdk-securityhub/types.rb +288 -89
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -82,6 +82,10 @@ module Aws::SecurityHub
|
|
82
82
|
AwsAppSyncGraphQlApiLogConfigDetails = Shapes::StructureShape.new(name: 'AwsAppSyncGraphQlApiLogConfigDetails')
|
83
83
|
AwsAppSyncGraphQlApiOpenIdConnectConfigDetails = Shapes::StructureShape.new(name: 'AwsAppSyncGraphQlApiOpenIdConnectConfigDetails')
|
84
84
|
AwsAppSyncGraphQlApiUserPoolConfigDetails = Shapes::StructureShape.new(name: 'AwsAppSyncGraphQlApiUserPoolConfigDetails')
|
85
|
+
AwsAthenaWorkGroupConfigurationDetails = Shapes::StructureShape.new(name: 'AwsAthenaWorkGroupConfigurationDetails')
|
86
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationDetails = Shapes::StructureShape.new(name: 'AwsAthenaWorkGroupConfigurationResultConfigurationDetails')
|
87
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails = Shapes::StructureShape.new(name: 'AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails')
|
88
|
+
AwsAthenaWorkGroupDetails = Shapes::StructureShape.new(name: 'AwsAthenaWorkGroupDetails')
|
85
89
|
AwsAutoScalingAutoScalingGroupAvailabilityZonesList = Shapes::ListShape.new(name: 'AwsAutoScalingAutoScalingGroupAvailabilityZonesList')
|
86
90
|
AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails = Shapes::StructureShape.new(name: 'AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails')
|
87
91
|
AwsAutoScalingAutoScalingGroupDetails = Shapes::StructureShape.new(name: 'AwsAutoScalingAutoScalingGroupDetails')
|
@@ -491,6 +495,8 @@ module Aws::SecurityHub
|
|
491
495
|
AwsRdsDbClusterMembers = Shapes::ListShape.new(name: 'AwsRdsDbClusterMembers')
|
492
496
|
AwsRdsDbClusterOptionGroupMembership = Shapes::StructureShape.new(name: 'AwsRdsDbClusterOptionGroupMembership')
|
493
497
|
AwsRdsDbClusterOptionGroupMemberships = Shapes::ListShape.new(name: 'AwsRdsDbClusterOptionGroupMemberships')
|
498
|
+
AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute = Shapes::StructureShape.new(name: 'AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute')
|
499
|
+
AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes = Shapes::ListShape.new(name: 'AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes')
|
494
500
|
AwsRdsDbClusterSnapshotDetails = Shapes::StructureShape.new(name: 'AwsRdsDbClusterSnapshotDetails')
|
495
501
|
AwsRdsDbDomainMembership = Shapes::StructureShape.new(name: 'AwsRdsDbDomainMembership')
|
496
502
|
AwsRdsDbDomainMemberships = Shapes::ListShape.new(name: 'AwsRdsDbDomainMemberships')
|
@@ -1441,6 +1447,22 @@ module Aws::SecurityHub
|
|
1441
1447
|
AwsAppSyncGraphQlApiUserPoolConfigDetails.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "UserPoolId"))
|
1442
1448
|
AwsAppSyncGraphQlApiUserPoolConfigDetails.struct_class = Types::AwsAppSyncGraphQlApiUserPoolConfigDetails
|
1443
1449
|
|
1450
|
+
AwsAthenaWorkGroupConfigurationDetails.add_member(:result_configuration, Shapes::ShapeRef.new(shape: AwsAthenaWorkGroupConfigurationResultConfigurationDetails, location_name: "ResultConfiguration"))
|
1451
|
+
AwsAthenaWorkGroupConfigurationDetails.struct_class = Types::AwsAthenaWorkGroupConfigurationDetails
|
1452
|
+
|
1453
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationDetails.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails, location_name: "EncryptionConfiguration"))
|
1454
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationDetails.struct_class = Types::AwsAthenaWorkGroupConfigurationResultConfigurationDetails
|
1455
|
+
|
1456
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails.add_member(:encryption_option, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "EncryptionOption"))
|
1457
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails.add_member(:kms_key, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KmsKey"))
|
1458
|
+
AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails.struct_class = Types::AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails
|
1459
|
+
|
1460
|
+
AwsAthenaWorkGroupDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
|
1461
|
+
AwsAthenaWorkGroupDetails.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
|
1462
|
+
AwsAthenaWorkGroupDetails.add_member(:state, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "State"))
|
1463
|
+
AwsAthenaWorkGroupDetails.add_member(:configuration, Shapes::ShapeRef.new(shape: AwsAthenaWorkGroupConfigurationDetails, location_name: "Configuration"))
|
1464
|
+
AwsAthenaWorkGroupDetails.struct_class = Types::AwsAthenaWorkGroupDetails
|
1465
|
+
|
1444
1466
|
AwsAutoScalingAutoScalingGroupAvailabilityZonesList.member = Shapes::ShapeRef.new(shape: AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails)
|
1445
1467
|
|
1446
1468
|
AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails.add_member(:value, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Value"))
|
@@ -3657,6 +3679,12 @@ module Aws::SecurityHub
|
|
3657
3679
|
|
3658
3680
|
AwsRdsDbClusterOptionGroupMemberships.member = Shapes::ShapeRef.new(shape: AwsRdsDbClusterOptionGroupMembership)
|
3659
3681
|
|
3682
|
+
AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute.add_member(:attribute_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "AttributeName"))
|
3683
|
+
AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute.add_member(:attribute_values, Shapes::ShapeRef.new(shape: NonEmptyStringList, location_name: "AttributeValues"))
|
3684
|
+
AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute.struct_class = Types::AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute
|
3685
|
+
|
3686
|
+
AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes.member = Shapes::ShapeRef.new(shape: AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute)
|
3687
|
+
|
3660
3688
|
AwsRdsDbClusterSnapshotDetails.add_member(:availability_zones, Shapes::ShapeRef.new(shape: StringList, location_name: "AvailabilityZones"))
|
3661
3689
|
AwsRdsDbClusterSnapshotDetails.add_member(:snapshot_create_time, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SnapshotCreateTime"))
|
3662
3690
|
AwsRdsDbClusterSnapshotDetails.add_member(:engine, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Engine"))
|
@@ -3675,6 +3703,7 @@ module Aws::SecurityHub
|
|
3675
3703
|
AwsRdsDbClusterSnapshotDetails.add_member(:db_cluster_identifier, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "DbClusterIdentifier"))
|
3676
3704
|
AwsRdsDbClusterSnapshotDetails.add_member(:db_cluster_snapshot_identifier, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "DbClusterSnapshotIdentifier"))
|
3677
3705
|
AwsRdsDbClusterSnapshotDetails.add_member(:iam_database_authentication_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "IamDatabaseAuthenticationEnabled"))
|
3706
|
+
AwsRdsDbClusterSnapshotDetails.add_member(:db_cluster_snapshot_attributes, Shapes::ShapeRef.new(shape: AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes, location_name: "DbClusterSnapshotAttributes"))
|
3678
3707
|
AwsRdsDbClusterSnapshotDetails.struct_class = Types::AwsRdsDbClusterSnapshotDetails
|
3679
3708
|
|
3680
3709
|
AwsRdsDbDomainMembership.add_member(:domain, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Domain"))
|
@@ -5648,6 +5677,7 @@ module Aws::SecurityHub
|
|
5648
5677
|
ResourceDetails.add_member(:aws_event_schemas_registry, Shapes::ShapeRef.new(shape: AwsEventSchemasRegistryDetails, location_name: "AwsEventSchemasRegistry"))
|
5649
5678
|
ResourceDetails.add_member(:aws_guard_duty_detector, Shapes::ShapeRef.new(shape: AwsGuardDutyDetectorDetails, location_name: "AwsGuardDutyDetector"))
|
5650
5679
|
ResourceDetails.add_member(:aws_step_function_state_machine, Shapes::ShapeRef.new(shape: AwsStepFunctionStateMachineDetails, location_name: "AwsStepFunctionStateMachine"))
|
5680
|
+
ResourceDetails.add_member(:aws_athena_work_group, Shapes::ShapeRef.new(shape: AwsAthenaWorkGroupDetails, location_name: "AwsAthenaWorkGroup"))
|
5651
5681
|
ResourceDetails.struct_class = Types::ResourceDetails
|
5652
5682
|
|
5653
5683
|
ResourceList.member = Shapes::ShapeRef.new(shape: Resource)
|
@@ -449,10 +449,10 @@ module Aws::SecurityHub
|
|
449
449
|
# Specifies whether a rule is the last to be applied with respect to a
|
450
450
|
# finding that matches the rule criteria. This is useful when a
|
451
451
|
# finding matches the criteria for multiple rules, and each rule has
|
452
|
-
# different actions. If
|
453
|
-
# rule
|
454
|
-
#
|
455
|
-
#
|
452
|
+
# different actions. If a rule is terminal, Security Hub applies the
|
453
|
+
# rule action to a finding that matches the rule criteria and doesn't
|
454
|
+
# evaluate other rules for the finding. By default, a rule isn't
|
455
|
+
# terminal.
|
456
456
|
# @return [Boolean]
|
457
457
|
#
|
458
458
|
# @!attribute [rw] criteria
|
@@ -891,10 +891,10 @@ module Aws::SecurityHub
|
|
891
891
|
# Specifies whether a rule is the last to be applied with respect to a
|
892
892
|
# finding that matches the rule criteria. This is useful when a
|
893
893
|
# finding matches the criteria for multiple rules, and each rule has
|
894
|
-
# different actions. If
|
895
|
-
# rule
|
896
|
-
#
|
897
|
-
#
|
894
|
+
# different actions. If a rule is terminal, Security Hub applies the
|
895
|
+
# rule action to a finding that matches the rule criteria and doesn't
|
896
|
+
# evaluate other rules for the finding. By default, a rule isn't
|
897
|
+
# terminal.
|
898
898
|
# @return [Boolean]
|
899
899
|
#
|
900
900
|
# @!attribute [rw] created_at
|
@@ -2195,6 +2195,106 @@ module Aws::SecurityHub
|
|
2195
2195
|
include Aws::Structure
|
2196
2196
|
end
|
2197
2197
|
|
2198
|
+
# The configuration of the workgroup, which includes the location in
|
2199
|
+
# Amazon Simple Storage Service (Amazon S3) where query results are
|
2200
|
+
# stored, the encryption option, if any, used for query results, whether
|
2201
|
+
# Amazon CloudWatch metrics are enabled for the workgroup, and the limit
|
2202
|
+
# for the amount of bytes scanned (cutoff) per query, if it is
|
2203
|
+
# specified.
|
2204
|
+
#
|
2205
|
+
# @!attribute [rw] result_configuration
|
2206
|
+
# The location in Amazon S3 where query and calculation results are
|
2207
|
+
# stored and the encryption option, if any, used for query and
|
2208
|
+
# calculation results. These are known as client-side settings. If
|
2209
|
+
# workgroup settings override client-side settings, then the query
|
2210
|
+
# uses the workgroup settings.
|
2211
|
+
# @return [Types::AwsAthenaWorkGroupConfigurationResultConfigurationDetails]
|
2212
|
+
#
|
2213
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAthenaWorkGroupConfigurationDetails AWS API Documentation
|
2214
|
+
#
|
2215
|
+
class AwsAthenaWorkGroupConfigurationDetails < Struct.new(
|
2216
|
+
:result_configuration)
|
2217
|
+
SENSITIVE = []
|
2218
|
+
include Aws::Structure
|
2219
|
+
end
|
2220
|
+
|
2221
|
+
# The location in Amazon Simple Storage Service (Amazon S3) where query
|
2222
|
+
# and calculation results are stored and the encryption option, if any,
|
2223
|
+
# used for query and calculation results. These are known as client-side
|
2224
|
+
# settings. If workgroup settings override client-side settings, then
|
2225
|
+
# the query uses the workgroup settings.
|
2226
|
+
#
|
2227
|
+
# @!attribute [rw] encryption_configuration
|
2228
|
+
# Specifies the method used to encrypt the user’s data stores in the
|
2229
|
+
# Athena workgroup.
|
2230
|
+
# @return [Types::AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails]
|
2231
|
+
#
|
2232
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAthenaWorkGroupConfigurationResultConfigurationDetails AWS API Documentation
|
2233
|
+
#
|
2234
|
+
class AwsAthenaWorkGroupConfigurationResultConfigurationDetails < Struct.new(
|
2235
|
+
:encryption_configuration)
|
2236
|
+
SENSITIVE = []
|
2237
|
+
include Aws::Structure
|
2238
|
+
end
|
2239
|
+
|
2240
|
+
# Specifies the method used to encrypt the user’s data stores in the
|
2241
|
+
# Athena workgroup.
|
2242
|
+
#
|
2243
|
+
# @!attribute [rw] encryption_option
|
2244
|
+
# Indicates whether Amazon Simple Storage Service (Amazon S3)
|
2245
|
+
# server-side encryption with Amazon S3 managed keys (SSE\_S3),
|
2246
|
+
# server-side encryption with KMS keys (SSE\_KMS), or client-side
|
2247
|
+
# encryption with KMS customer managed keys (CSE\_KMS) is used.
|
2248
|
+
# @return [String]
|
2249
|
+
#
|
2250
|
+
# @!attribute [rw] kms_key
|
2251
|
+
# For `SSE_KMS` and `CSE_KMS`, this is the KMS key Amazon Resource
|
2252
|
+
# Name (ARN) or ID.
|
2253
|
+
# @return [String]
|
2254
|
+
#
|
2255
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails AWS API Documentation
|
2256
|
+
#
|
2257
|
+
class AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails < Struct.new(
|
2258
|
+
:encryption_option,
|
2259
|
+
:kms_key)
|
2260
|
+
SENSITIVE = []
|
2261
|
+
include Aws::Structure
|
2262
|
+
end
|
2263
|
+
|
2264
|
+
# Provides information about an Amazon Athena workgroup.
|
2265
|
+
#
|
2266
|
+
# @!attribute [rw] name
|
2267
|
+
# The workgroup name.
|
2268
|
+
# @return [String]
|
2269
|
+
#
|
2270
|
+
# @!attribute [rw] description
|
2271
|
+
# The workgroup description.
|
2272
|
+
# @return [String]
|
2273
|
+
#
|
2274
|
+
# @!attribute [rw] state
|
2275
|
+
# Whether the workgroup is enabled or disabled.
|
2276
|
+
# @return [String]
|
2277
|
+
#
|
2278
|
+
# @!attribute [rw] configuration
|
2279
|
+
# The configuration of the workgroup, which includes the location in
|
2280
|
+
# Amazon Simple Storage Service (Amazon S3) where query results are
|
2281
|
+
# stored, the encryption option, if any, used for query results,
|
2282
|
+
# whether Amazon CloudWatch metrics are enabled for the workgroup, and
|
2283
|
+
# the limit for the amount of bytes scanned (cutoff) per query, if it
|
2284
|
+
# is specified.
|
2285
|
+
# @return [Types::AwsAthenaWorkGroupConfigurationDetails]
|
2286
|
+
#
|
2287
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAthenaWorkGroupDetails AWS API Documentation
|
2288
|
+
#
|
2289
|
+
class AwsAthenaWorkGroupDetails < Struct.new(
|
2290
|
+
:name,
|
2291
|
+
:description,
|
2292
|
+
:state,
|
2293
|
+
:configuration)
|
2294
|
+
SENSITIVE = []
|
2295
|
+
include Aws::Structure
|
2296
|
+
end
|
2297
|
+
|
2198
2298
|
# An Availability Zone for the automatic scaling group.
|
2199
2299
|
#
|
2200
2300
|
# @!attribute [rw] value
|
@@ -14129,6 +14229,35 @@ module Aws::SecurityHub
|
|
14129
14229
|
include Aws::Structure
|
14130
14230
|
end
|
14131
14231
|
|
14232
|
+
# Contains the name and values of a manual Amazon Relational Database
|
14233
|
+
# Service (RDS) DB cluster snapshot attribute.
|
14234
|
+
#
|
14235
|
+
# @!attribute [rw] attribute_name
|
14236
|
+
# The name of the manual DB cluster snapshot attribute. The attribute
|
14237
|
+
# named `restore` refers to the list of Amazon Web Services accounts
|
14238
|
+
# that have permission to copy or restore the manual DB cluster
|
14239
|
+
# snapshot.
|
14240
|
+
# @return [String]
|
14241
|
+
#
|
14242
|
+
# @!attribute [rw] attribute_values
|
14243
|
+
# The value(s) for the manual DB cluster snapshot attribute. If the
|
14244
|
+
# `AttributeName` field is set to `restore`, then this element returns
|
14245
|
+
# a list of IDs of the Amazon Web Services accounts that are
|
14246
|
+
# authorized to copy or restore the manual DB cluster snapshot. If a
|
14247
|
+
# value of `all` is in the list, then the manual DB cluster snapshot
|
14248
|
+
# is public and available for any Amazon Web Services account to copy
|
14249
|
+
# or restore.
|
14250
|
+
# @return [Array<String>]
|
14251
|
+
#
|
14252
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute AWS API Documentation
|
14253
|
+
#
|
14254
|
+
class AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute < Struct.new(
|
14255
|
+
:attribute_name,
|
14256
|
+
:attribute_values)
|
14257
|
+
SENSITIVE = []
|
14258
|
+
include Aws::Structure
|
14259
|
+
end
|
14260
|
+
|
14132
14261
|
# Information about an Amazon RDS DB cluster snapshot.
|
14133
14262
|
#
|
14134
14263
|
# @!attribute [rw] availability_zones
|
@@ -14227,6 +14356,11 @@ module Aws::SecurityHub
|
|
14227
14356
|
# Whether mapping of IAM accounts to database accounts is enabled.
|
14228
14357
|
# @return [Boolean]
|
14229
14358
|
#
|
14359
|
+
# @!attribute [rw] db_cluster_snapshot_attributes
|
14360
|
+
# Contains the name and values of a manual DB cluster snapshot
|
14361
|
+
# attribute.
|
14362
|
+
# @return [Array<Types::AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute>]
|
14363
|
+
#
|
14230
14364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterSnapshotDetails AWS API Documentation
|
14231
14365
|
#
|
14232
14366
|
class AwsRdsDbClusterSnapshotDetails < Struct.new(
|
@@ -14247,7 +14381,8 @@ module Aws::SecurityHub
|
|
14247
14381
|
:kms_key_id,
|
14248
14382
|
:db_cluster_identifier,
|
14249
14383
|
:db_cluster_snapshot_identifier,
|
14250
|
-
:iam_database_authentication_enabled
|
14384
|
+
:iam_database_authentication_enabled,
|
14385
|
+
:db_cluster_snapshot_attributes)
|
14251
14386
|
SENSITIVE = []
|
14252
14387
|
include Aws::Structure
|
14253
14388
|
end
|
@@ -20734,10 +20869,10 @@ module Aws::SecurityHub
|
|
20734
20869
|
# Specifies whether a rule is the last to be applied with respect to a
|
20735
20870
|
# finding that matches the rule criteria. This is useful when a
|
20736
20871
|
# finding matches the criteria for multiple rules, and each rule has
|
20737
|
-
# different actions. If
|
20738
|
-
# rule
|
20739
|
-
#
|
20740
|
-
#
|
20872
|
+
# different actions. If a rule is terminal, Security Hub applies the
|
20873
|
+
# rule action to a finding that matches the rule criteria and doesn't
|
20874
|
+
# evaluate other rules for the finding. By default, a rule isn't
|
20875
|
+
# terminal.
|
20741
20876
|
# @return [Boolean]
|
20742
20877
|
#
|
20743
20878
|
# @!attribute [rw] criteria
|
@@ -23264,8 +23399,9 @@ module Aws::SecurityHub
|
|
23264
23399
|
include Aws::Structure
|
23265
23400
|
end
|
23266
23401
|
|
23267
|
-
# A map filter for
|
23268
|
-
# to check, the value to
|
23402
|
+
# A map filter for filtering Security Hub findings. Each map filter
|
23403
|
+
# provides the field to check for, the value to check for, and the
|
23404
|
+
# comparison operator.
|
23269
23405
|
#
|
23270
23406
|
# @!attribute [rw] key
|
23271
23407
|
# The key of the map filter. For example, for `ResourceTags`, `Key`
|
@@ -23277,31 +23413,69 @@ module Aws::SecurityHub
|
|
23277
23413
|
# The value for the key in the map filter. Filter values are case
|
23278
23414
|
# sensitive. For example, one of the values for a tag called
|
23279
23415
|
# `Department` might be `Security`. If you provide `security` as the
|
23280
|
-
# filter value, then there
|
23416
|
+
# filter value, then there's no match.
|
23281
23417
|
# @return [String]
|
23282
23418
|
#
|
23283
23419
|
# @!attribute [rw] comparison
|
23284
|
-
# The condition to apply to the key value when
|
23285
|
-
# with a map filter.
|
23420
|
+
# The condition to apply to the key value when filtering Security Hub
|
23421
|
+
# findings with a map filter.
|
23422
|
+
#
|
23423
|
+
# To search for values that have the filter value, use one of the
|
23424
|
+
# following comparison operators:
|
23425
|
+
#
|
23426
|
+
# * To search for values that include the filter value, use
|
23427
|
+
# `CONTAINS`. For example, for the `ResourceTags` field, the filter
|
23428
|
+
# `Department CONTAINS Security` matches findings that include the
|
23429
|
+
# value `Security` for the `Department` tag. In the same example, a
|
23430
|
+
# finding with a value of `Security team` for the `Department` tag
|
23431
|
+
# is a match.
|
23432
|
+
#
|
23433
|
+
# * To search for values that exactly match the filter value, use
|
23434
|
+
# `EQUALS`. For example, for the `ResourceTags` field, the filter
|
23435
|
+
# `Department EQUALS Security` matches findings that have the value
|
23436
|
+
# `Security` for the `Department` tag.
|
23437
|
+
#
|
23438
|
+
# `CONTAINS` and `EQUALS` filters on the same field are joined by
|
23439
|
+
# `OR`. A finding matches if it matches any one of those filters. For
|
23440
|
+
# example, the filters `Department CONTAINS Security OR Department
|
23441
|
+
# CONTAINS Finance` match a finding that includes either `Security`,
|
23442
|
+
# `Finance`, or both values.
|
23443
|
+
#
|
23444
|
+
# To search for values that don't have the filter value, use one of
|
23445
|
+
# the following comparison operators:
|
23446
|
+
#
|
23447
|
+
# * To search for values that exclude the filter value, use
|
23448
|
+
# `NOT_CONTAINS`. For example, for the `ResourceTags` field, the
|
23449
|
+
# filter `Department NOT_CONTAINS Finance` matches findings that
|
23450
|
+
# exclude the value `Finance` for the `Department` tag.
|
23451
|
+
#
|
23452
|
+
# * To search for values other than the filter value, use
|
23453
|
+
# `NOT_EQUALS`. For example, for the `ResourceTags` field, the
|
23454
|
+
# filter `Department NOT_EQUALS Finance` matches findings that don’t
|
23455
|
+
# have the value `Finance` for the `Department` tag.
|
23456
|
+
#
|
23457
|
+
# `NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined
|
23458
|
+
# by `AND`. A finding matches only if it matches all of those filters.
|
23459
|
+
# For example, the filters `Department NOT_CONTAINS Security AND
|
23460
|
+
# Department NOT_CONTAINS Finance` match a finding that excludes both
|
23461
|
+
# the `Security` and `Finance` values.
|
23462
|
+
#
|
23463
|
+
# `CONTAINS` filters can only be used with other `CONTAINS` filters.
|
23464
|
+
# `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS`
|
23465
|
+
# filters.
|
23286
23466
|
#
|
23287
|
-
#
|
23288
|
-
#
|
23289
|
-
#
|
23290
|
-
#
|
23467
|
+
# You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter
|
23468
|
+
# on the same field. Similarly, you can’t have both an `EQUALS` filter
|
23469
|
+
# and a `NOT_EQUALS` filter on the same field. Combining filters in
|
23470
|
+
# this way returns an error.
|
23291
23471
|
#
|
23292
|
-
#
|
23293
|
-
#
|
23294
|
-
#
|
23295
|
-
# `Finance` for the tag `Department`.
|
23472
|
+
# `CONTAINS` and `NOT_CONTAINS` operators can be used only with
|
23473
|
+
# automation rules. For more information, see [Automation rules][1] in
|
23474
|
+
# the *Security Hub User Guide*.
|
23296
23475
|
#
|
23297
|
-
# `EQUALS` filters on the same field are joined by `OR`. A finding
|
23298
|
-
# matches if it matches any one of those filters.
|
23299
23476
|
#
|
23300
|
-
# `NOT_EQUALS` filters on the same field are joined by `AND`. A
|
23301
|
-
# finding matches only if it matches all of those filters.
|
23302
23477
|
#
|
23303
|
-
#
|
23304
|
-
# the same field.
|
23478
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html
|
23305
23479
|
# @return [String]
|
23306
23480
|
#
|
23307
23481
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/MapFilter AWS API Documentation
|
@@ -24648,6 +24822,12 @@ module Aws::SecurityHub
|
|
24648
24822
|
# workflow consisting of a series of event-driven steps.
|
24649
24823
|
# @return [Types::AwsStepFunctionStateMachineDetails]
|
24650
24824
|
#
|
24825
|
+
# @!attribute [rw] aws_athena_work_group
|
24826
|
+
# Provides information about an Amazon Athena workgroup. A workgroup
|
24827
|
+
# helps you separate users, teams, applications, or workloads. It also
|
24828
|
+
# helps you set limits on data processing and track costs.
|
24829
|
+
# @return [Types::AwsAthenaWorkGroupDetails]
|
24830
|
+
#
|
24651
24831
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
24652
24832
|
#
|
24653
24833
|
class ResourceDetails < Struct.new(
|
@@ -24739,7 +24919,8 @@ module Aws::SecurityHub
|
|
24739
24919
|
:aws_app_sync_graph_ql_api,
|
24740
24920
|
:aws_event_schemas_registry,
|
24741
24921
|
:aws_guard_duty_detector,
|
24742
|
-
:aws_step_function_state_machine
|
24922
|
+
:aws_step_function_state_machine,
|
24923
|
+
:aws_athena_work_group)
|
24743
24924
|
SENSITIVE = []
|
24744
24925
|
include Aws::Structure
|
24745
24926
|
end
|
@@ -26189,75 +26370,85 @@ module Aws::SecurityHub
|
|
26189
26370
|
include Aws::Structure
|
26190
26371
|
end
|
26191
26372
|
|
26192
|
-
# A string filter for
|
26373
|
+
# A string filter for filtering Security Hub findings.
|
26193
26374
|
#
|
26194
26375
|
# @!attribute [rw] value
|
26195
26376
|
# The string filter value. Filter values are case sensitive. For
|
26196
26377
|
# example, the product name for control-based findings is `Security
|
26197
|
-
# Hub`. If you provide `security hub` as the filter
|
26198
|
-
#
|
26378
|
+
# Hub`. If you provide `security hub` as the filter value, there's no
|
26379
|
+
# match.
|
26199
26380
|
# @return [String]
|
26200
26381
|
#
|
26201
26382
|
# @!attribute [rw] comparison
|
26202
|
-
# The condition to apply to a string value when
|
26203
|
-
#
|
26204
|
-
# of the following comparison operators:
|
26205
|
-
#
|
26206
|
-
# * To search for values that exactly match the filter value, use
|
26207
|
-
# `EQUALS`.
|
26208
|
-
#
|
26209
|
-
# For example, the filter `ResourceType EQUALS AwsEc2SecurityGroup`
|
26210
|
-
# only matches findings that have a resource type of
|
26211
|
-
# `AwsEc2SecurityGroup`.
|
26212
|
-
#
|
26213
|
-
# * To search for values that start with the filter value, use
|
26214
|
-
# `PREFIX`.
|
26215
|
-
#
|
26216
|
-
# For example, the filter `ResourceType PREFIX AwsIam` matches
|
26217
|
-
# findings that have a resource type that starts with `AwsIam`.
|
26218
|
-
# Findings with a resource type of `AwsIamPolicy`, `AwsIamRole`, or
|
26219
|
-
# `AwsIamUser` would all match.
|
26383
|
+
# The condition to apply to a string value when filtering Security Hub
|
26384
|
+
# findings.
|
26220
26385
|
#
|
26221
|
-
#
|
26222
|
-
#
|
26386
|
+
# To search for values that have the filter value, use one of the
|
26387
|
+
# following comparison operators:
|
26223
26388
|
#
|
26224
|
-
# To search for values that
|
26225
|
-
#
|
26389
|
+
# * To search for values that include the filter value, use
|
26390
|
+
# `CONTAINS`. For example, the filter `Title CONTAINS CloudFront`
|
26391
|
+
# matches findings that have a `Title` that includes the string
|
26392
|
+
# CloudFront.
|
26226
26393
|
#
|
26227
|
-
# * To search for values that
|
26228
|
-
#
|
26229
|
-
#
|
26230
|
-
#
|
26231
|
-
# matches findings that have a resource type other than
|
26232
|
-
# `AwsIamPolicy`.
|
26233
|
-
#
|
26234
|
-
# * To search for values that do not start with the filter value, use
|
26235
|
-
# `PREFIX_NOT_EQUALS`.
|
26236
|
-
#
|
26237
|
-
# For example, the filter `ResourceType PREFIX_NOT_EQUALS AwsIam`
|
26238
|
-
# matches findings that have a resource type that does not start
|
26239
|
-
# with `AwsIam`. Findings with a resource type of `AwsIamPolicy`,
|
26240
|
-
# `AwsIamRole`, or `AwsIamUser` would all be excluded from the
|
26241
|
-
# results.
|
26394
|
+
# * To search for values that exactly match the filter value, use
|
26395
|
+
# `EQUALS`. For example, the filter `AwsAccountId EQUALS
|
26396
|
+
# 123456789012` only matches findings that have an account ID of
|
26397
|
+
# `123456789012`.
|
26242
26398
|
#
|
26243
|
-
#
|
26244
|
-
#
|
26399
|
+
# * To search for values that start with the filter value, use
|
26400
|
+
# `PREFIX`. For example, the filter `ResourceRegion PREFIX us`
|
26401
|
+
# matches findings that have a `ResourceRegion` that starts with
|
26402
|
+
# `us`. A `ResourceRegion` that starts with a different value, such
|
26403
|
+
# as `af`, `ap`, or `ca`, doesn't match.
|
26404
|
+
#
|
26405
|
+
# `CONTAINS`, `EQUALS`, and `PREFIX` filters on the same field are
|
26406
|
+
# joined by `OR`. A finding matches if it matches any one of those
|
26407
|
+
# filters. For example, the filters `Title CONTAINS CloudFront OR
|
26408
|
+
# Title CONTAINS CloudWatch` match a finding that includes either
|
26409
|
+
# `CloudFront`, `CloudWatch`, or both strings in the title.
|
26410
|
+
#
|
26411
|
+
# To search for values that don’t have the filter value, use one of
|
26412
|
+
# the following comparison operators:
|
26413
|
+
#
|
26414
|
+
# * To search for values that exclude the filter value, use
|
26415
|
+
# `NOT_CONTAINS`. For example, the filter `Title NOT_CONTAINS
|
26416
|
+
# CloudFront` matches findings that have a `Title` that excludes the
|
26417
|
+
# string CloudFront.
|
26418
|
+
#
|
26419
|
+
# * To search for values other than the filter value, use
|
26420
|
+
# `NOT_EQUALS`. For example, the filter `AwsAccountId NOT_EQUALS
|
26421
|
+
# 123456789012` only matches findings that have an account ID other
|
26422
|
+
# than `123456789012`.
|
26423
|
+
#
|
26424
|
+
# * To search for values that don't start with the filter value, use
|
26425
|
+
# `PREFIX_NOT_EQUALS`. For example, the filter `ResourceRegion
|
26426
|
+
# PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion`
|
26427
|
+
# that starts with a value other than `us`.
|
26428
|
+
#
|
26429
|
+
# `NOT_CONTAINS`, `NOT_EQUALS`, and `PREFIX_NOT_EQUALS` filters on the
|
26430
|
+
# same field are joined by `AND`. A finding matches only if it matches
|
26431
|
+
# all of those filters. For example, the filters `Title NOT_CONTAINS
|
26432
|
+
# CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that
|
26433
|
+
# excludes both `CloudFront` and `CloudWatch` in the title.
|
26434
|
+
#
|
26435
|
+
# You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter
|
26436
|
+
# on the same field. Similarly, you can't provide both an `EQUALS`
|
26437
|
+
# filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same
|
26438
|
+
# field. Combining filters in this way returns an error. `CONTAINS`
|
26439
|
+
# filters can only be used with other `CONTAINS` filters.
|
26440
|
+
# `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS`
|
26245
26441
|
# filters.
|
26246
26442
|
#
|
26247
|
-
# For filters on the same field, you cannot provide both an `EQUALS`
|
26248
|
-
# filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter. Combining
|
26249
|
-
# filters in this way always returns an error, even if the provided
|
26250
|
-
# filter values would return valid results.
|
26251
|
-
#
|
26252
26443
|
# You can combine `PREFIX` filters with `NOT_EQUALS` or
|
26253
26444
|
# `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first
|
26254
|
-
# processes the `PREFIX` filters, then the `NOT_EQUALS` or
|
26445
|
+
# processes the `PREFIX` filters, and then the `NOT_EQUALS` or
|
26255
26446
|
# `PREFIX_NOT_EQUALS` filters.
|
26256
26447
|
#
|
26257
|
-
# For example, for the following
|
26258
|
-
# findings that have resource types that start with either
|
26259
|
-
# `AwsEc2`. It then excludes findings that have a resource
|
26260
|
-
# `AwsIamPolicy` and findings that have a resource type of
|
26448
|
+
# For example, for the following filters, Security Hub first
|
26449
|
+
# identifies findings that have resource types that start with either
|
26450
|
+
# `AwsIam` or `AwsEc2`. It then excludes findings that have a resource
|
26451
|
+
# type of `AwsIamPolicy` and findings that have a resource type of
|
26261
26452
|
# `AwsEc2NetworkInterface`.
|
26262
26453
|
#
|
26263
26454
|
# * `ResourceType PREFIX AwsIam`
|
@@ -26267,6 +26458,14 @@ module Aws::SecurityHub
|
|
26267
26458
|
# * `ResourceType NOT_EQUALS AwsIamPolicy`
|
26268
26459
|
#
|
26269
26460
|
# * `ResourceType NOT_EQUALS AwsEc2NetworkInterface`
|
26461
|
+
#
|
26462
|
+
# `CONTAINS` and `NOT_CONTAINS` operators can be used only with
|
26463
|
+
# automation rules. For more information, see [Automation rules][1] in
|
26464
|
+
# the *Security Hub User Guide*.
|
26465
|
+
#
|
26466
|
+
#
|
26467
|
+
#
|
26468
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html
|
26270
26469
|
# @return [String]
|
26271
26470
|
#
|
26272
26471
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringFilter AWS API Documentation
|
@@ -26598,10 +26797,10 @@ module Aws::SecurityHub
|
|
26598
26797
|
# Specifies whether a rule is the last to be applied with respect to a
|
26599
26798
|
# finding that matches the rule criteria. This is useful when a
|
26600
26799
|
# finding matches the criteria for multiple rules, and each rule has
|
26601
|
-
# different actions. If
|
26602
|
-
# rule
|
26603
|
-
#
|
26604
|
-
#
|
26800
|
+
# different actions. If a rule is terminal, Security Hub applies the
|
26801
|
+
# rule action to a finding that matches the rule criteria and doesn't
|
26802
|
+
# evaluate other rules for the finding. By default, a rule isn't
|
26803
|
+
# terminal.
|
26605
26804
|
# @return [Boolean]
|
26606
26805
|
#
|
26607
26806
|
# @!attribute [rw] criteria
|
data/lib/aws-sdk-securityhub.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-securityhub
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.90.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-07-
|
11
|
+
date: 2023-07-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|