aws-sdk-securityhub 1.95.0 → 1.96.0

data/lib/aws-sdk-securityhub/types.rb

@@ -4232,7 +4232,7 @@ module Aws::SecurityHub
     end
 
     # A complex type that describes the Amazon S3 bucket, HTTP server (for
-    # example, a web server), AWS Elemental MediaStore, or other server from
+    # example, a web server), Elemental MediaStore, or other server from
     # which CloudFront gets your files.
     #
     # @!attribute [rw] domain_name
@@ -18690,12 +18690,11 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # A collection of attributes that are applied to all active Security
-    # Hub-aggregated findings and that result in a subset of findings that
-    # are included in this insight.
+    # A collection of filters that are applied to all active findings
+    # aggregated by Security Hub.
     #
-    # You can filter by up to 10 finding attributes. For each attribute, you
-    # can provide up to 20 filter values.
+    # You can filter by up to ten finding attributes. For each attribute,
+    # you can provide up to 20 filter values.
     #
     # @!attribute [rw] product_arn
     #   The ARN generated by Security Hub that uniquely identifies a
@@ -19273,6 +19272,26 @@ module Aws::SecurityHub
     #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html
     #   @return [Array<Types::StringFilter>]
     #
+    # @!attribute [rw] vulnerabilities_exploit_available
+    #   Indicates whether a software vulnerability in your environment has a
+    #   known exploit. You can filter findings by this field only if you use
+    #   Security Hub and Amazon Inspector.
+    #   @return [Array<Types::StringFilter>]
+    #
+    # @!attribute [rw] vulnerabilities_fix_available
+    #   Indicates whether a vulnerability is fixed in a newer version of the
+    #   affected software packages. You can filter findings by this field
+    #   only if you use Security Hub and Amazon Inspector.
+    #   @return [Array<Types::StringFilter>]
+    #
+    # @!attribute [rw] compliance_security_control_parameters_name
+    #   The name of a security control parameter.
+    #   @return [Array<Types::StringFilter>]
+    #
+    # @!attribute [rw] compliance_security_control_parameters_value
+    #   The current value of a security control parameter.
+    #   @return [Array<Types::StringFilter>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
     #
     class AwsSecurityFindingFilters < Struct.new(
@@ -19372,7 +19391,11 @@ module Aws::SecurityHub
       :finding_provider_fields_types,
       :sample,
       :compliance_security_control_id,
-      :compliance_associated_standards_id)
+      :compliance_associated_standards_id,
+      :vulnerabilities_exploit_available,
+      :vulnerabilities_fix_available,
+      :compliance_security_control_parameters_name,
+      :compliance_security_control_parameters_value)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -21431,6 +21454,21 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The options for customizing a security control parameter with a
+    # boolean. For a boolean parameter, the options are `true` and `false`.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a boolean parameter.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BooleanConfigurationOptions AWS API Documentation
+    #
+    class BooleanConfigurationOptions < Struct.new(
+      :default_value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Boolean filter for querying findings.
     #
     # @!attribute [rw] value
@@ -21693,6 +21731,10 @@ module Aws::SecurityHub
     #   currently enabled.
     #   @return [Array<Types::AssociatedStandard>]
     #
+    # @!attribute [rw] security_control_parameters
+    #   An object that includes security control parameter names and values.
+    #   @return [Array<Types::SecurityControlParameter>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
     #
     class Compliance < Struct.new(
@@ -21700,11 +21742,84 @@ module Aws::SecurityHub
       :related_requirements,
       :status_reasons,
       :security_control_id,
-      :associated_standards)
+      :associated_standards,
+      :security_control_parameters)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # The options for customizing a security control parameter.
+    #
+    # @note ConfigurationOptions is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationOptions corresponding to the set member.
+    #
+    # @!attribute [rw] integer
+    #   The options for customizing a security control parameter that is an
+    #   integer.
+    #   @return [Types::IntegerConfigurationOptions]
+    #
+    # @!attribute [rw] integer_list
+    #   The options for customizing a security control parameter that is a
+    #   list of integers.
+    #   @return [Types::IntegerListConfigurationOptions]
+    #
+    # @!attribute [rw] double
+    #   The options for customizing a security control parameter that is a
+    #   double.
+    #   @return [Types::DoubleConfigurationOptions]
+    #
+    # @!attribute [rw] string
+    #   The options for customizing a security control parameter that is a
+    #   string data type.
+    #   @return [Types::StringConfigurationOptions]
+    #
+    # @!attribute [rw] string_list
+    #   The options for customizing a security control parameter that is a
+    #   list of strings.
+    #   @return [Types::StringListConfigurationOptions]
+    #
+    # @!attribute [rw] boolean
+    #   The options for customizing a security control parameter that is a
+    #   boolean. For a boolean parameter, the options are `true` and
+    #   `false`.
+    #   @return [Types::BooleanConfigurationOptions]
+    #
+    # @!attribute [rw] enum
+    #   The options for customizing a security control parameter that is an
+    #   enum.
+    #   @return [Types::EnumConfigurationOptions]
+    #
+    # @!attribute [rw] enum_list
+    #   The options for customizing a security control parameter that is a
+    #   list of enums.
+    #   @return [Types::EnumListConfigurationOptions]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationOptions AWS API Documentation
+    #
+    class ConfigurationOptions < Struct.new(
+      :integer,
+      :integer_list,
+      :double,
+      :string,
+      :string_list,
+      :boolean,
+      :enum,
+      :enum_list,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class Integer < ConfigurationOptions; end
+      class IntegerList < ConfigurationOptions; end
+      class Double < ConfigurationOptions; end
+      class String < ConfigurationOptions; end
+      class StringList < ConfigurationOptions; end
+      class Boolean < ConfigurationOptions; end
+      class Enum < ConfigurationOptions; end
+      class EnumList < ConfigurationOptions; end
+      class Unknown < ConfigurationOptions; end
+    end
+
     # Container details related to a finding.
     #
     # @!attribute [rw] container_runtime
@@ -22738,6 +22853,32 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The options for customizing a security control parameter that is a
+    # double.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is a
+    #   double.
+    #   @return [Float]
+    #
+    # @!attribute [rw] min
+    #   The minimum valid value for a control parameter that is a double.
+    #   @return [Float]
+    #
+    # @!attribute [rw] max
+    #   The maximum valid value for a control parameter that is a double.
+    #   @return [Float]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DoubleConfigurationOptions AWS API Documentation
+    #
+    class DoubleConfigurationOptions < Struct.new(
+      :default_value,
+      :min,
+      :max)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] product_arn
     #   The ARN of the product to enable the integration for.
     #   @return [String]
@@ -22823,6 +22964,54 @@ module Aws::SecurityHub
     #
     class EnableSecurityHubResponse < Aws::EmptyStructure; end
 
+    # The options for customizing a security control parameter that is an
+    # enum.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is an
+    #   enum.
+    #   @return [String]
+    #
+    # @!attribute [rw] allowed_values
+    #   The valid values for a control parameter that is an enum.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumConfigurationOptions AWS API Documentation
+    #
+    class EnumConfigurationOptions < Struct.new(
+      :default_value,
+      :allowed_values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The options for customizing a security control parameter that is a
+    # list of enums.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is a
+    #   list of enums.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] max_items
+    #   The maximum number of list items that an enum list control parameter
+    #   can accept.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] allowed_values
+    #   The valid values for a control parameter that is a list of enums.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumListConfigurationOptions AWS API Documentation
+    #
+    class EnumListConfigurationOptions < Struct.new(
+      :default_value,
+      :max_items,
+      :allowed_values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about the file paths that were affected by the
     # threat.
     #
@@ -23628,6 +23817,34 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @!attribute [rw] security_control_id
+    #   The ID of the security control to retrieve the definition for. This
+    #   field doesn’t accept an Amazon Resource Name (ARN).
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionRequest AWS API Documentation
+    #
+    class GetSecurityControlDefinitionRequest < Struct.new(
+      :security_control_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] security_control_definition
+    #   Provides metadata for a security control, including its unique
+    #   standard-agnostic identifier, title, description, severity,
+    #   availability in Amazon Web Services Regions, and a link to
+    #   remediation steps.
+    #   @return [Types::SecurityControlDefinition]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionResponse AWS API Documentation
+    #
+    class GetSecurityControlDefinitionResponse < Struct.new(
+      :security_control_definition)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An Internet Control Message Protocol (ICMP) type and code.
     #
     # @!attribute [rw] code
@@ -23760,6 +23977,66 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The options for customizing a security control parameter that is an
+    # integer.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is an
+    #   integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] min
+    #   The minimum valid value for a control parameter that is an integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max
+    #   The maximum valid value for a control parameter that is an integer.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerConfigurationOptions AWS API Documentation
+    #
+    class IntegerConfigurationOptions < Struct.new(
+      :default_value,
+      :min,
+      :max)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The options for customizing a security control parameter that is a
+    # list of integers.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is a
+    #   list of integers.
+    #   @return [Array<Integer>]
+    #
+    # @!attribute [rw] min
+    #   The minimum valid value for a control parameter that is a list of
+    #   integers.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max
+    #   The maximum valid value for a control parameter that is a list of
+    #   integers.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_items
+    #   The maximum number of list items that an interger list control
+    #   parameter can accept.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerListConfigurationOptions AWS API Documentation
+    #
+    class IntegerListConfigurationOptions < Struct.new(
+      :default_value,
+      :min,
+      :max,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Internal server error.
     #
     # @!attribute [rw] message
@@ -24838,12 +25115,24 @@ module Aws::SecurityHub
     #   for findings.
     #   @return [Float]
     #
+    # @!attribute [rw] gt
+    #   The greater-than condition to be applied to a single field when
+    #   querying for findings.
+    #   @return [Float]
+    #
+    # @!attribute [rw] lt
+    #   The less-than condition to be applied to a single field when
+    #   querying for findings.
+    #   @return [Float]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NumberFilter AWS API Documentation
     #
     class NumberFilter < Struct.new(
       :gte,
       :lte,
-      :eq)
+      :eq,
+      :gt,
+      :lt)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -24915,6 +25204,114 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # An object that provides the current value of a security control
+    # parameter and identifies whether it has been customized.
+    #
+    # @!attribute [rw] value_type
+    #   Identifies whether a control parameter uses a custom user-defined
+    #   value or the Security Hub default value.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The current value of a control parameter.
+    #   @return [Types::ParameterValue]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterConfiguration AWS API Documentation
+    #
+    class ParameterConfiguration < Struct.new(
+      :value_type,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An object that describes a security control parameter and the options
+    # for customizing it.
+    #
+    # @!attribute [rw] description
+    #   Description of a control parameter.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration_options
+    #   The options for customizing a control parameter. Customization
+    #   options vary based on the data type of the parameter.
+    #   @return [Types::ConfigurationOptions]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterDefinition AWS API Documentation
+    #
+    class ParameterDefinition < Struct.new(
+      :description,
+      :configuration_options)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An object that includes the data type of a security control parameter
+    # and its current value.
+    #
+    # @note ParameterValue is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @note ParameterValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ParameterValue corresponding to the set member.
+    #
+    # @!attribute [rw] integer
+    #   A control parameter that is an integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] integer_list
+    #   A control parameter that is a list of integers.
+    #   @return [Array<Integer>]
+    #
+    # @!attribute [rw] double
+    #   A control parameter that is a double.
+    #   @return [Float]
+    #
+    # @!attribute [rw] string
+    #   A control parameter that is a string.
+    #   @return [String]
+    #
+    # @!attribute [rw] string_list
+    #   A control parameter that is a list of strings.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] boolean
+    #   A control parameter that is a boolean.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] enum
+    #   A control parameter that is an enum.
+    #   @return [String]
+    #
+    # @!attribute [rw] enum_list
+    #   A control parameter that is a list of enums.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterValue AWS API Documentation
+    #
+    class ParameterValue < Struct.new(
+      :integer,
+      :integer_list,
+      :double,
+      :string,
+      :string_list,
+      :boolean,
+      :enum,
+      :enum_list,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class Integer < ParameterValue; end
+      class IntegerList < ParameterValue; end
+      class Double < ParameterValue; end
+      class String < ParameterValue; end
+      class StringList < ParameterValue; end
+      class Boolean < ParameterValue; end
+      class Enum < ParameterValue; end
+      class EnumList < ParameterValue; end
+      class Unknown < ParameterValue; end
+    end
+
     # Provides an overview of the patch compliance status for an instance
     # against a selected compliance standard.
     #
@@ -25985,6 +26382,25 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The request was rejected because it conflicts with the resource's
+    # availability. For example, you tried to update a security control
+    # that's currently in the `UPDATING` state.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @!attribute [rw] code
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceInUseException AWS API Documentation
+    #
+    class ResourceInUseException < Struct.new(
+      :message,
+      :code)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because we can't find the specified
     # resource.
     #
@@ -26598,6 +27014,32 @@ module Aws::SecurityHub
     #   The enablement status of a security control in a specific standard.
     #   @return [String]
     #
+    # @!attribute [rw] update_status
+    #   Identifies whether customizable properties of a security control are
+    #   reflected in Security Hub findings. A status of `READY` indicates
+    #   findings include the current parameter values. A status of
+    #   `UPDATING` indicates that all findings may not include the current
+    #   parameter values.
+    #   @return [String]
+    #
+    # @!attribute [rw] parameters
+    #   An object that identifies the name of a control parameter, its
+    #   current value, and whether it has been customized.
+    #   @return [Hash<String,Types::ParameterConfiguration>]
+    #
+    # @!attribute [rw] last_update_reason
+    #   The most recent reason for updating the customizable properties of a
+    #   security control. This differs from the `UpdateReason` field of the
+    #   [ `BatchUpdateStandardsControlAssociations` ][1] API, which tracks
+    #   the reason for updating the enablement status of a control. This
+    #   field accepts alphanumeric characters in addition to white spaces,
+    #   dashes, and underscores.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
     #
     class SecurityControl < Struct.new(
@@ -26607,7 +27049,10 @@ module Aws::SecurityHub
       :description,
       :remediation_url,
       :severity_rating,
-      :security_control_status)
+      :security_control_status,
+      :update_status,
+      :parameters,
+      :last_update_reason)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -26658,6 +27103,18 @@ module Aws::SecurityHub
     #   Amazon Web Services Region.
     #   @return [String]
     #
+    # @!attribute [rw] customizable_properties
+    #   Security control properties that you can customize. Currently, only
+    #   parameter customization is supported for select controls. An empty
+    #   array is returned for controls that don’t support custom properties.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] parameter_definitions
+    #   An object that provides a security control parameter name,
+    #   description, and the options for customizing it. This object is
+    #   excluded for a control that doesn't support custom parameters.
+    #   @return [Hash<String,Types::ParameterDefinition>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
     #
     class SecurityControlDefinition < Struct.new(
@@ -26666,7 +27123,28 @@ module Aws::SecurityHub
       :description,
       :remediation_url,
       :severity_rating,
-      :current_region_availability)
+      :current_region_availability,
+      :customizable_properties,
+      :parameter_definitions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A parameter that a security control accepts.
+    #
+    # @!attribute [rw] name
+    #   The name of a
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The current value of a control parameter.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlParameter AWS API Documentation
+    #
+    class SecurityControlParameter < Struct.new(
+      :name,
+      :value)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -26737,8 +27215,8 @@ module Aws::SecurityHub
     # attribute.
     #
     # @!attribute [rw] product
-    #   Deprecated. This attribute is being deprecated. Instead of providing
-    #   `Product`, provide `Original`.
+    #   Deprecated. This attribute isn't included in findings. Instead of
+    #   providing `Product`, provide `Original`.
     #
     #   The native severity as defined by the Amazon Web Services service or
     #   integrated partner product that generated the finding.
@@ -26774,9 +27252,8 @@ module Aws::SecurityHub
     #   @return [String]
     #
     # @!attribute [rw] normalized
-    #   Deprecated. The normalized severity of a finding. This attribute is
-    #   being deprecated. Instead of providing `Normalized`, provide
-    #   `Label`.
+    #   Deprecated. The normalized severity of a finding. Instead of
+    #   providing `Normalized`, provide `Label`.
     #
     #   If you provide `Label` and do not provide `Normalized`, then
     #   `Normalized` is set automatically as follows.
@@ -27430,6 +27907,33 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The options for customizing a security control parameter that is a
+    # string.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is a
+    #   string.
+    #   @return [String]
+    #
+    # @!attribute [rw] re_2_expression
+    #   An RE2 regular expression that Security Hub uses to validate a
+    #   user-provided control parameter string.
+    #   @return [String]
+    #
+    # @!attribute [rw] expression_description
+    #   The description of the RE2 regular expression.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringConfigurationOptions AWS API Documentation
+    #
+    class StringConfigurationOptions < Struct.new(
+      :default_value,
+      :re_2_expression,
+      :expression_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A string filter for filtering Security Hub findings.
     #
     # @!attribute [rw] value
@@ -27537,6 +28041,39 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # The options for customizing a security control parameter that is a
+    # list of strings.
+    #
+    # @!attribute [rw] default_value
+    #   The Security Hub default value for a control parameter that is a
+    #   list of strings.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] re_2_expression
+    #   An RE2 regular expression that Security Hub uses to validate a
+    #   user-provided list of strings for a control parameter.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   The maximum number of list items that a string list control
+    #   parameter can accept.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] expression_description
+    #   The description of the RE2 regular expression.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringListConfigurationOptions AWS API Documentation
+    #
+    class StringListConfigurationOptions < Struct.new(
+      :default_value,
+      :re_2_expression,
+      :max_items,
+      :expression_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   The ARN of the resource to apply the tags to.
     #   @return [String]
@@ -28069,6 +28606,35 @@ module Aws::SecurityHub
     #
     class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
 
+    # @!attribute [rw] security_control_id
+    #   The Amazon Resource Name (ARN) or ID of the control to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] parameters
+    #   An object that specifies which security control parameters to
+    #   update.
+    #   @return [Hash<String,Types::ParameterConfiguration>]
+    #
+    # @!attribute [rw] last_update_reason
+    #   The most recent reason for updating the properties of the security
+    #   control. This field accepts alphanumeric characters in addition to
+    #   white spaces, dashes, and underscores.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlRequest AWS API Documentation
+    #
+    class UpdateSecurityControlRequest < Struct.new(
+      :security_control_id,
+      :parameters,
+      :last_update_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlResponse AWS API Documentation
+    #
+    class UpdateSecurityControlResponse < Aws::EmptyStructure; end
+
     # @!attribute [rw] auto_enable_controls
     #   Whether to automatically enable new controls when they are added to
     #   standards that are enabled.