aws-sdk-securityhub 1.95.0 → 1.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4232,7 +4232,7 @@ module Aws::SecurityHub
4232
4232
  end
4233
4233
 
4234
4234
  # A complex type that describes the Amazon S3 bucket, HTTP server (for
4235
- # example, a web server), AWS Elemental MediaStore, or other server from
4235
+ # example, a web server), Elemental MediaStore, or other server from
4236
4236
  # which CloudFront gets your files.
4237
4237
  #
4238
4238
  # @!attribute [rw] domain_name
@@ -18690,12 +18690,11 @@ module Aws::SecurityHub
18690
18690
  include Aws::Structure
18691
18691
  end
18692
18692
 
18693
- # A collection of attributes that are applied to all active Security
18694
- # Hub-aggregated findings and that result in a subset of findings that
18695
- # are included in this insight.
18693
+ # A collection of filters that are applied to all active findings
18694
+ # aggregated by Security Hub.
18696
18695
  #
18697
- # You can filter by up to 10 finding attributes. For each attribute, you
18698
- # can provide up to 20 filter values.
18696
+ # You can filter by up to ten finding attributes. For each attribute,
18697
+ # you can provide up to 20 filter values.
18699
18698
  #
18700
18699
  # @!attribute [rw] product_arn
18701
18700
  # The ARN generated by Security Hub that uniquely identifies a
@@ -19273,6 +19272,26 @@ module Aws::SecurityHub
19273
19272
  # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html
19274
19273
  # @return [Array<Types::StringFilter>]
19275
19274
  #
19275
+ # @!attribute [rw] vulnerabilities_exploit_available
19276
+ # Indicates whether a software vulnerability in your environment has a
19277
+ # known exploit. You can filter findings by this field only if you use
19278
+ # Security Hub and Amazon Inspector.
19279
+ # @return [Array<Types::StringFilter>]
19280
+ #
19281
+ # @!attribute [rw] vulnerabilities_fix_available
19282
+ # Indicates whether a vulnerability is fixed in a newer version of the
19283
+ # affected software packages. You can filter findings by this field
19284
+ # only if you use Security Hub and Amazon Inspector.
19285
+ # @return [Array<Types::StringFilter>]
19286
+ #
19287
+ # @!attribute [rw] compliance_security_control_parameters_name
19288
+ # The name of a security control parameter.
19289
+ # @return [Array<Types::StringFilter>]
19290
+ #
19291
+ # @!attribute [rw] compliance_security_control_parameters_value
19292
+ # The current value of a security control parameter.
19293
+ # @return [Array<Types::StringFilter>]
19294
+ #
19276
19295
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
19277
19296
  #
19278
19297
  class AwsSecurityFindingFilters < Struct.new(
@@ -19372,7 +19391,11 @@ module Aws::SecurityHub
19372
19391
  :finding_provider_fields_types,
19373
19392
  :sample,
19374
19393
  :compliance_security_control_id,
19375
- :compliance_associated_standards_id)
19394
+ :compliance_associated_standards_id,
19395
+ :vulnerabilities_exploit_available,
19396
+ :vulnerabilities_fix_available,
19397
+ :compliance_security_control_parameters_name,
19398
+ :compliance_security_control_parameters_value)
19376
19399
  SENSITIVE = []
19377
19400
  include Aws::Structure
19378
19401
  end
@@ -21431,6 +21454,21 @@ module Aws::SecurityHub
21431
21454
  include Aws::Structure
21432
21455
  end
21433
21456
 
21457
+ # The options for customizing a security control parameter with a
21458
+ # boolean. For a boolean parameter, the options are `true` and `false`.
21459
+ #
21460
+ # @!attribute [rw] default_value
21461
+ # The Security Hub default value for a boolean parameter.
21462
+ # @return [Boolean]
21463
+ #
21464
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BooleanConfigurationOptions AWS API Documentation
21465
+ #
21466
+ class BooleanConfigurationOptions < Struct.new(
21467
+ :default_value)
21468
+ SENSITIVE = []
21469
+ include Aws::Structure
21470
+ end
21471
+
21434
21472
  # Boolean filter for querying findings.
21435
21473
  #
21436
21474
  # @!attribute [rw] value
@@ -21693,6 +21731,10 @@ module Aws::SecurityHub
21693
21731
  # currently enabled.
21694
21732
  # @return [Array<Types::AssociatedStandard>]
21695
21733
  #
21734
+ # @!attribute [rw] security_control_parameters
21735
+ # An object that includes security control parameter names and values.
21736
+ # @return [Array<Types::SecurityControlParameter>]
21737
+ #
21696
21738
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
21697
21739
  #
21698
21740
  class Compliance < Struct.new(
@@ -21700,11 +21742,84 @@ module Aws::SecurityHub
21700
21742
  :related_requirements,
21701
21743
  :status_reasons,
21702
21744
  :security_control_id,
21703
- :associated_standards)
21745
+ :associated_standards,
21746
+ :security_control_parameters)
21704
21747
  SENSITIVE = []
21705
21748
  include Aws::Structure
21706
21749
  end
21707
21750
 
21751
+ # The options for customizing a security control parameter.
21752
+ #
21753
+ # @note ConfigurationOptions is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationOptions corresponding to the set member.
21754
+ #
21755
+ # @!attribute [rw] integer
21756
+ # The options for customizing a security control parameter that is an
21757
+ # integer.
21758
+ # @return [Types::IntegerConfigurationOptions]
21759
+ #
21760
+ # @!attribute [rw] integer_list
21761
+ # The options for customizing a security control parameter that is a
21762
+ # list of integers.
21763
+ # @return [Types::IntegerListConfigurationOptions]
21764
+ #
21765
+ # @!attribute [rw] double
21766
+ # The options for customizing a security control parameter that is a
21767
+ # double.
21768
+ # @return [Types::DoubleConfigurationOptions]
21769
+ #
21770
+ # @!attribute [rw] string
21771
+ # The options for customizing a security control parameter that is a
21772
+ # string data type.
21773
+ # @return [Types::StringConfigurationOptions]
21774
+ #
21775
+ # @!attribute [rw] string_list
21776
+ # The options for customizing a security control parameter that is a
21777
+ # list of strings.
21778
+ # @return [Types::StringListConfigurationOptions]
21779
+ #
21780
+ # @!attribute [rw] boolean
21781
+ # The options for customizing a security control parameter that is a
21782
+ # boolean. For a boolean parameter, the options are `true` and
21783
+ # `false`.
21784
+ # @return [Types::BooleanConfigurationOptions]
21785
+ #
21786
+ # @!attribute [rw] enum
21787
+ # The options for customizing a security control parameter that is an
21788
+ # enum.
21789
+ # @return [Types::EnumConfigurationOptions]
21790
+ #
21791
+ # @!attribute [rw] enum_list
21792
+ # The options for customizing a security control parameter that is a
21793
+ # list of enums.
21794
+ # @return [Types::EnumListConfigurationOptions]
21795
+ #
21796
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationOptions AWS API Documentation
21797
+ #
21798
+ class ConfigurationOptions < Struct.new(
21799
+ :integer,
21800
+ :integer_list,
21801
+ :double,
21802
+ :string,
21803
+ :string_list,
21804
+ :boolean,
21805
+ :enum,
21806
+ :enum_list,
21807
+ :unknown)
21808
+ SENSITIVE = []
21809
+ include Aws::Structure
21810
+ include Aws::Structure::Union
21811
+
21812
+ class Integer < ConfigurationOptions; end
21813
+ class IntegerList < ConfigurationOptions; end
21814
+ class Double < ConfigurationOptions; end
21815
+ class String < ConfigurationOptions; end
21816
+ class StringList < ConfigurationOptions; end
21817
+ class Boolean < ConfigurationOptions; end
21818
+ class Enum < ConfigurationOptions; end
21819
+ class EnumList < ConfigurationOptions; end
21820
+ class Unknown < ConfigurationOptions; end
21821
+ end
21822
+
21708
21823
  # Container details related to a finding.
21709
21824
  #
21710
21825
  # @!attribute [rw] container_runtime
@@ -22738,6 +22853,32 @@ module Aws::SecurityHub
22738
22853
  include Aws::Structure
22739
22854
  end
22740
22855
 
22856
+ # The options for customizing a security control parameter that is a
22857
+ # double.
22858
+ #
22859
+ # @!attribute [rw] default_value
22860
+ # The Security Hub default value for a control parameter that is a
22861
+ # double.
22862
+ # @return [Float]
22863
+ #
22864
+ # @!attribute [rw] min
22865
+ # The minimum valid value for a control parameter that is a double.
22866
+ # @return [Float]
22867
+ #
22868
+ # @!attribute [rw] max
22869
+ # The maximum valid value for a control parameter that is a double.
22870
+ # @return [Float]
22871
+ #
22872
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DoubleConfigurationOptions AWS API Documentation
22873
+ #
22874
+ class DoubleConfigurationOptions < Struct.new(
22875
+ :default_value,
22876
+ :min,
22877
+ :max)
22878
+ SENSITIVE = []
22879
+ include Aws::Structure
22880
+ end
22881
+
22741
22882
  # @!attribute [rw] product_arn
22742
22883
  # The ARN of the product to enable the integration for.
22743
22884
  # @return [String]
@@ -22823,6 +22964,54 @@ module Aws::SecurityHub
22823
22964
  #
22824
22965
  class EnableSecurityHubResponse < Aws::EmptyStructure; end
22825
22966
 
22967
+ # The options for customizing a security control parameter that is an
22968
+ # enum.
22969
+ #
22970
+ # @!attribute [rw] default_value
22971
+ # The Security Hub default value for a control parameter that is an
22972
+ # enum.
22973
+ # @return [String]
22974
+ #
22975
+ # @!attribute [rw] allowed_values
22976
+ # The valid values for a control parameter that is an enum.
22977
+ # @return [Array<String>]
22978
+ #
22979
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumConfigurationOptions AWS API Documentation
22980
+ #
22981
+ class EnumConfigurationOptions < Struct.new(
22982
+ :default_value,
22983
+ :allowed_values)
22984
+ SENSITIVE = []
22985
+ include Aws::Structure
22986
+ end
22987
+
22988
+ # The options for customizing a security control parameter that is a
22989
+ # list of enums.
22990
+ #
22991
+ # @!attribute [rw] default_value
22992
+ # The Security Hub default value for a control parameter that is a
22993
+ # list of enums.
22994
+ # @return [Array<String>]
22995
+ #
22996
+ # @!attribute [rw] max_items
22997
+ # The maximum number of list items that an enum list control parameter
22998
+ # can accept.
22999
+ # @return [Integer]
23000
+ #
23001
+ # @!attribute [rw] allowed_values
23002
+ # The valid values for a control parameter that is a list of enums.
23003
+ # @return [Array<String>]
23004
+ #
23005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumListConfigurationOptions AWS API Documentation
23006
+ #
23007
+ class EnumListConfigurationOptions < Struct.new(
23008
+ :default_value,
23009
+ :max_items,
23010
+ :allowed_values)
23011
+ SENSITIVE = []
23012
+ include Aws::Structure
23013
+ end
23014
+
22826
23015
  # Provides information about the file paths that were affected by the
22827
23016
  # threat.
22828
23017
  #
@@ -23628,6 +23817,34 @@ module Aws::SecurityHub
23628
23817
  include Aws::Structure
23629
23818
  end
23630
23819
 
23820
+ # @!attribute [rw] security_control_id
23821
+ # The ID of the security control to retrieve the definition for. This
23822
+ # field doesn’t accept an Amazon Resource Name (ARN).
23823
+ # @return [String]
23824
+ #
23825
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionRequest AWS API Documentation
23826
+ #
23827
+ class GetSecurityControlDefinitionRequest < Struct.new(
23828
+ :security_control_id)
23829
+ SENSITIVE = []
23830
+ include Aws::Structure
23831
+ end
23832
+
23833
+ # @!attribute [rw] security_control_definition
23834
+ # Provides metadata for a security control, including its unique
23835
+ # standard-agnostic identifier, title, description, severity,
23836
+ # availability in Amazon Web Services Regions, and a link to
23837
+ # remediation steps.
23838
+ # @return [Types::SecurityControlDefinition]
23839
+ #
23840
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionResponse AWS API Documentation
23841
+ #
23842
+ class GetSecurityControlDefinitionResponse < Struct.new(
23843
+ :security_control_definition)
23844
+ SENSITIVE = []
23845
+ include Aws::Structure
23846
+ end
23847
+
23631
23848
  # An Internet Control Message Protocol (ICMP) type and code.
23632
23849
  #
23633
23850
  # @!attribute [rw] code
@@ -23760,6 +23977,66 @@ module Aws::SecurityHub
23760
23977
  include Aws::Structure
23761
23978
  end
23762
23979
 
23980
+ # The options for customizing a security control parameter that is an
23981
+ # integer.
23982
+ #
23983
+ # @!attribute [rw] default_value
23984
+ # The Security Hub default value for a control parameter that is an
23985
+ # integer.
23986
+ # @return [Integer]
23987
+ #
23988
+ # @!attribute [rw] min
23989
+ # The minimum valid value for a control parameter that is an integer.
23990
+ # @return [Integer]
23991
+ #
23992
+ # @!attribute [rw] max
23993
+ # The maximum valid value for a control parameter that is an integer.
23994
+ # @return [Integer]
23995
+ #
23996
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerConfigurationOptions AWS API Documentation
23997
+ #
23998
+ class IntegerConfigurationOptions < Struct.new(
23999
+ :default_value,
24000
+ :min,
24001
+ :max)
24002
+ SENSITIVE = []
24003
+ include Aws::Structure
24004
+ end
24005
+
24006
+ # The options for customizing a security control parameter that is a
24007
+ # list of integers.
24008
+ #
24009
+ # @!attribute [rw] default_value
24010
+ # The Security Hub default value for a control parameter that is a
24011
+ # list of integers.
24012
+ # @return [Array<Integer>]
24013
+ #
24014
+ # @!attribute [rw] min
24015
+ # The minimum valid value for a control parameter that is a list of
24016
+ # integers.
24017
+ # @return [Integer]
24018
+ #
24019
+ # @!attribute [rw] max
24020
+ # The maximum valid value for a control parameter that is a list of
24021
+ # integers.
24022
+ # @return [Integer]
24023
+ #
24024
+ # @!attribute [rw] max_items
24025
+ # The maximum number of list items that an interger list control
24026
+ # parameter can accept.
24027
+ # @return [Integer]
24028
+ #
24029
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerListConfigurationOptions AWS API Documentation
24030
+ #
24031
+ class IntegerListConfigurationOptions < Struct.new(
24032
+ :default_value,
24033
+ :min,
24034
+ :max,
24035
+ :max_items)
24036
+ SENSITIVE = []
24037
+ include Aws::Structure
24038
+ end
24039
+
23763
24040
  # Internal server error.
23764
24041
  #
23765
24042
  # @!attribute [rw] message
@@ -24838,12 +25115,24 @@ module Aws::SecurityHub
24838
25115
  # for findings.
24839
25116
  # @return [Float]
24840
25117
  #
25118
+ # @!attribute [rw] gt
25119
+ # The greater-than condition to be applied to a single field when
25120
+ # querying for findings.
25121
+ # @return [Float]
25122
+ #
25123
+ # @!attribute [rw] lt
25124
+ # The less-than condition to be applied to a single field when
25125
+ # querying for findings.
25126
+ # @return [Float]
25127
+ #
24841
25128
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NumberFilter AWS API Documentation
24842
25129
  #
24843
25130
  class NumberFilter < Struct.new(
24844
25131
  :gte,
24845
25132
  :lte,
24846
- :eq)
25133
+ :eq,
25134
+ :gt,
25135
+ :lt)
24847
25136
  SENSITIVE = []
24848
25137
  include Aws::Structure
24849
25138
  end
@@ -24915,6 +25204,114 @@ module Aws::SecurityHub
24915
25204
  include Aws::Structure
24916
25205
  end
24917
25206
 
25207
+ # An object that provides the current value of a security control
25208
+ # parameter and identifies whether it has been customized.
25209
+ #
25210
+ # @!attribute [rw] value_type
25211
+ # Identifies whether a control parameter uses a custom user-defined
25212
+ # value or the Security Hub default value.
25213
+ # @return [String]
25214
+ #
25215
+ # @!attribute [rw] value
25216
+ # The current value of a control parameter.
25217
+ # @return [Types::ParameterValue]
25218
+ #
25219
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterConfiguration AWS API Documentation
25220
+ #
25221
+ class ParameterConfiguration < Struct.new(
25222
+ :value_type,
25223
+ :value)
25224
+ SENSITIVE = []
25225
+ include Aws::Structure
25226
+ end
25227
+
25228
+ # An object that describes a security control parameter and the options
25229
+ # for customizing it.
25230
+ #
25231
+ # @!attribute [rw] description
25232
+ # Description of a control parameter.
25233
+ # @return [String]
25234
+ #
25235
+ # @!attribute [rw] configuration_options
25236
+ # The options for customizing a control parameter. Customization
25237
+ # options vary based on the data type of the parameter.
25238
+ # @return [Types::ConfigurationOptions]
25239
+ #
25240
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterDefinition AWS API Documentation
25241
+ #
25242
+ class ParameterDefinition < Struct.new(
25243
+ :description,
25244
+ :configuration_options)
25245
+ SENSITIVE = []
25246
+ include Aws::Structure
25247
+ end
25248
+
25249
+ # An object that includes the data type of a security control parameter
25250
+ # and its current value.
25251
+ #
25252
+ # @note ParameterValue is a union - when making an API calls you must set exactly one of the members.
25253
+ #
25254
+ # @note ParameterValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ParameterValue corresponding to the set member.
25255
+ #
25256
+ # @!attribute [rw] integer
25257
+ # A control parameter that is an integer.
25258
+ # @return [Integer]
25259
+ #
25260
+ # @!attribute [rw] integer_list
25261
+ # A control parameter that is a list of integers.
25262
+ # @return [Array<Integer>]
25263
+ #
25264
+ # @!attribute [rw] double
25265
+ # A control parameter that is a double.
25266
+ # @return [Float]
25267
+ #
25268
+ # @!attribute [rw] string
25269
+ # A control parameter that is a string.
25270
+ # @return [String]
25271
+ #
25272
+ # @!attribute [rw] string_list
25273
+ # A control parameter that is a list of strings.
25274
+ # @return [Array<String>]
25275
+ #
25276
+ # @!attribute [rw] boolean
25277
+ # A control parameter that is a boolean.
25278
+ # @return [Boolean]
25279
+ #
25280
+ # @!attribute [rw] enum
25281
+ # A control parameter that is an enum.
25282
+ # @return [String]
25283
+ #
25284
+ # @!attribute [rw] enum_list
25285
+ # A control parameter that is a list of enums.
25286
+ # @return [Array<String>]
25287
+ #
25288
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterValue AWS API Documentation
25289
+ #
25290
+ class ParameterValue < Struct.new(
25291
+ :integer,
25292
+ :integer_list,
25293
+ :double,
25294
+ :string,
25295
+ :string_list,
25296
+ :boolean,
25297
+ :enum,
25298
+ :enum_list,
25299
+ :unknown)
25300
+ SENSITIVE = []
25301
+ include Aws::Structure
25302
+ include Aws::Structure::Union
25303
+
25304
+ class Integer < ParameterValue; end
25305
+ class IntegerList < ParameterValue; end
25306
+ class Double < ParameterValue; end
25307
+ class String < ParameterValue; end
25308
+ class StringList < ParameterValue; end
25309
+ class Boolean < ParameterValue; end
25310
+ class Enum < ParameterValue; end
25311
+ class EnumList < ParameterValue; end
25312
+ class Unknown < ParameterValue; end
25313
+ end
25314
+
24918
25315
  # Provides an overview of the patch compliance status for an instance
24919
25316
  # against a selected compliance standard.
24920
25317
  #
@@ -25985,6 +26382,25 @@ module Aws::SecurityHub
25985
26382
  include Aws::Structure
25986
26383
  end
25987
26384
 
26385
+ # The request was rejected because it conflicts with the resource's
26386
+ # availability. For example, you tried to update a security control
26387
+ # that's currently in the `UPDATING` state.
26388
+ #
26389
+ # @!attribute [rw] message
26390
+ # @return [String]
26391
+ #
26392
+ # @!attribute [rw] code
26393
+ # @return [String]
26394
+ #
26395
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceInUseException AWS API Documentation
26396
+ #
26397
+ class ResourceInUseException < Struct.new(
26398
+ :message,
26399
+ :code)
26400
+ SENSITIVE = []
26401
+ include Aws::Structure
26402
+ end
26403
+
25988
26404
  # The request was rejected because we can't find the specified
25989
26405
  # resource.
25990
26406
  #
@@ -26598,6 +27014,32 @@ module Aws::SecurityHub
26598
27014
  # The enablement status of a security control in a specific standard.
26599
27015
  # @return [String]
26600
27016
  #
27017
+ # @!attribute [rw] update_status
27018
+ # Identifies whether customizable properties of a security control are
27019
+ # reflected in Security Hub findings. A status of `READY` indicates
27020
+ # findings include the current parameter values. A status of
27021
+ # `UPDATING` indicates that all findings may not include the current
27022
+ # parameter values.
27023
+ # @return [String]
27024
+ #
27025
+ # @!attribute [rw] parameters
27026
+ # An object that identifies the name of a control parameter, its
27027
+ # current value, and whether it has been customized.
27028
+ # @return [Hash<String,Types::ParameterConfiguration>]
27029
+ #
27030
+ # @!attribute [rw] last_update_reason
27031
+ # The most recent reason for updating the customizable properties of a
27032
+ # security control. This differs from the `UpdateReason` field of the
27033
+ # [ `BatchUpdateStandardsControlAssociations` ][1] API, which tracks
27034
+ # the reason for updating the enablement status of a control. This
27035
+ # field accepts alphanumeric characters in addition to white spaces,
27036
+ # dashes, and underscores.
27037
+ #
27038
+ #
27039
+ #
27040
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
27041
+ # @return [String]
27042
+ #
26601
27043
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
26602
27044
  #
26603
27045
  class SecurityControl < Struct.new(
@@ -26607,7 +27049,10 @@ module Aws::SecurityHub
26607
27049
  :description,
26608
27050
  :remediation_url,
26609
27051
  :severity_rating,
26610
- :security_control_status)
27052
+ :security_control_status,
27053
+ :update_status,
27054
+ :parameters,
27055
+ :last_update_reason)
26611
27056
  SENSITIVE = []
26612
27057
  include Aws::Structure
26613
27058
  end
@@ -26658,6 +27103,18 @@ module Aws::SecurityHub
26658
27103
  # Amazon Web Services Region.
26659
27104
  # @return [String]
26660
27105
  #
27106
+ # @!attribute [rw] customizable_properties
27107
+ # Security control properties that you can customize. Currently, only
27108
+ # parameter customization is supported for select controls. An empty
27109
+ # array is returned for controls that don’t support custom properties.
27110
+ # @return [Array<String>]
27111
+ #
27112
+ # @!attribute [rw] parameter_definitions
27113
+ # An object that provides a security control parameter name,
27114
+ # description, and the options for customizing it. This object is
27115
+ # excluded for a control that doesn't support custom parameters.
27116
+ # @return [Hash<String,Types::ParameterDefinition>]
27117
+ #
26661
27118
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
26662
27119
  #
26663
27120
  class SecurityControlDefinition < Struct.new(
@@ -26666,7 +27123,28 @@ module Aws::SecurityHub
26666
27123
  :description,
26667
27124
  :remediation_url,
26668
27125
  :severity_rating,
26669
- :current_region_availability)
27126
+ :current_region_availability,
27127
+ :customizable_properties,
27128
+ :parameter_definitions)
27129
+ SENSITIVE = []
27130
+ include Aws::Structure
27131
+ end
27132
+
27133
+ # A parameter that a security control accepts.
27134
+ #
27135
+ # @!attribute [rw] name
27136
+ # The name of a
27137
+ # @return [String]
27138
+ #
27139
+ # @!attribute [rw] value
27140
+ # The current value of a control parameter.
27141
+ # @return [Array<String>]
27142
+ #
27143
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlParameter AWS API Documentation
27144
+ #
27145
+ class SecurityControlParameter < Struct.new(
27146
+ :name,
27147
+ :value)
26670
27148
  SENSITIVE = []
26671
27149
  include Aws::Structure
26672
27150
  end
@@ -26737,8 +27215,8 @@ module Aws::SecurityHub
26737
27215
  # attribute.
26738
27216
  #
26739
27217
  # @!attribute [rw] product
26740
- # Deprecated. This attribute is being deprecated. Instead of providing
26741
- # `Product`, provide `Original`.
27218
+ # Deprecated. This attribute isn't included in findings. Instead of
27219
+ # providing `Product`, provide `Original`.
26742
27220
  #
26743
27221
  # The native severity as defined by the Amazon Web Services service or
26744
27222
  # integrated partner product that generated the finding.
@@ -26774,9 +27252,8 @@ module Aws::SecurityHub
26774
27252
  # @return [String]
26775
27253
  #
26776
27254
  # @!attribute [rw] normalized
26777
- # Deprecated. The normalized severity of a finding. This attribute is
26778
- # being deprecated. Instead of providing `Normalized`, provide
26779
- # `Label`.
27255
+ # Deprecated. The normalized severity of a finding. Instead of
27256
+ # providing `Normalized`, provide `Label`.
26780
27257
  #
26781
27258
  # If you provide `Label` and do not provide `Normalized`, then
26782
27259
  # `Normalized` is set automatically as follows.
@@ -27430,6 +27907,33 @@ module Aws::SecurityHub
27430
27907
  include Aws::Structure
27431
27908
  end
27432
27909
 
27910
+ # The options for customizing a security control parameter that is a
27911
+ # string.
27912
+ #
27913
+ # @!attribute [rw] default_value
27914
+ # The Security Hub default value for a control parameter that is a
27915
+ # string.
27916
+ # @return [String]
27917
+ #
27918
+ # @!attribute [rw] re_2_expression
27919
+ # An RE2 regular expression that Security Hub uses to validate a
27920
+ # user-provided control parameter string.
27921
+ # @return [String]
27922
+ #
27923
+ # @!attribute [rw] expression_description
27924
+ # The description of the RE2 regular expression.
27925
+ # @return [String]
27926
+ #
27927
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringConfigurationOptions AWS API Documentation
27928
+ #
27929
+ class StringConfigurationOptions < Struct.new(
27930
+ :default_value,
27931
+ :re_2_expression,
27932
+ :expression_description)
27933
+ SENSITIVE = []
27934
+ include Aws::Structure
27935
+ end
27936
+
27433
27937
  # A string filter for filtering Security Hub findings.
27434
27938
  #
27435
27939
  # @!attribute [rw] value
@@ -27537,6 +28041,39 @@ module Aws::SecurityHub
27537
28041
  include Aws::Structure
27538
28042
  end
27539
28043
 
28044
+ # The options for customizing a security control parameter that is a
28045
+ # list of strings.
28046
+ #
28047
+ # @!attribute [rw] default_value
28048
+ # The Security Hub default value for a control parameter that is a
28049
+ # list of strings.
28050
+ # @return [Array<String>]
28051
+ #
28052
+ # @!attribute [rw] re_2_expression
28053
+ # An RE2 regular expression that Security Hub uses to validate a
28054
+ # user-provided list of strings for a control parameter.
28055
+ # @return [String]
28056
+ #
28057
+ # @!attribute [rw] max_items
28058
+ # The maximum number of list items that a string list control
28059
+ # parameter can accept.
28060
+ # @return [Integer]
28061
+ #
28062
+ # @!attribute [rw] expression_description
28063
+ # The description of the RE2 regular expression.
28064
+ # @return [String]
28065
+ #
28066
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringListConfigurationOptions AWS API Documentation
28067
+ #
28068
+ class StringListConfigurationOptions < Struct.new(
28069
+ :default_value,
28070
+ :re_2_expression,
28071
+ :max_items,
28072
+ :expression_description)
28073
+ SENSITIVE = []
28074
+ include Aws::Structure
28075
+ end
28076
+
27540
28077
  # @!attribute [rw] resource_arn
27541
28078
  # The ARN of the resource to apply the tags to.
27542
28079
  # @return [String]
@@ -28069,6 +28606,35 @@ module Aws::SecurityHub
28069
28606
  #
28070
28607
  class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
28071
28608
 
28609
+ # @!attribute [rw] security_control_id
28610
+ # The Amazon Resource Name (ARN) or ID of the control to update.
28611
+ # @return [String]
28612
+ #
28613
+ # @!attribute [rw] parameters
28614
+ # An object that specifies which security control parameters to
28615
+ # update.
28616
+ # @return [Hash<String,Types::ParameterConfiguration>]
28617
+ #
28618
+ # @!attribute [rw] last_update_reason
28619
+ # The most recent reason for updating the properties of the security
28620
+ # control. This field accepts alphanumeric characters in addition to
28621
+ # white spaces, dashes, and underscores.
28622
+ # @return [String]
28623
+ #
28624
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlRequest AWS API Documentation
28625
+ #
28626
+ class UpdateSecurityControlRequest < Struct.new(
28627
+ :security_control_id,
28628
+ :parameters,
28629
+ :last_update_reason)
28630
+ SENSITIVE = []
28631
+ include Aws::Structure
28632
+ end
28633
+
28634
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlResponse AWS API Documentation
28635
+ #
28636
+ class UpdateSecurityControlResponse < Aws::EmptyStructure; end
28637
+
28072
28638
  # @!attribute [rw] auto_enable_controls
28073
28639
  # Whether to automatically enable new controls when they are added to
28074
28640
  # standards that are enabled.