aws-sdk-securityhub 1.95.0 → 1.97.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +1672 -29
- data/lib/aws-sdk-securityhub/client_api.rb +593 -0
- data/lib/aws-sdk-securityhub/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-securityhub/endpoints.rb +168 -0
- data/lib/aws-sdk-securityhub/errors.rb +21 -0
- data/lib/aws-sdk-securityhub/plugins/endpoints.rb +24 -0
- data/lib/aws-sdk-securityhub/types.rb +1681 -57
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -329,6 +329,36 @@ module Aws::SecurityHub
|
|
329
329
|
include Aws::Structure
|
330
330
|
end
|
331
331
|
|
332
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
333
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
334
|
+
# universally unique identifier (UUID) of a configuration policy,
|
335
|
+
# `AssociationType`, or `AssociationStatus`.
|
336
|
+
#
|
337
|
+
# @!attribute [rw] configuration_policy_id
|
338
|
+
# The ARN or UUID of the configuration policy.
|
339
|
+
# @return [String]
|
340
|
+
#
|
341
|
+
# @!attribute [rw] association_type
|
342
|
+
# Indicates whether the association between a target and a
|
343
|
+
# configuration was directly applied by the Security Hub delegated
|
344
|
+
# administrator or inherited from a parent.
|
345
|
+
# @return [String]
|
346
|
+
#
|
347
|
+
# @!attribute [rw] association_status
|
348
|
+
# The current status of the association between a target and a
|
349
|
+
# configuration policy.
|
350
|
+
# @return [String]
|
351
|
+
#
|
352
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationFilters AWS API Documentation
|
353
|
+
#
|
354
|
+
class AssociationFilters < Struct.new(
|
355
|
+
:configuration_policy_id,
|
356
|
+
:association_type,
|
357
|
+
:association_status)
|
358
|
+
SENSITIVE = []
|
359
|
+
include Aws::Structure
|
360
|
+
end
|
361
|
+
|
332
362
|
# The associations between a route table and one or more subnets or a
|
333
363
|
# gateway.
|
334
364
|
#
|
@@ -886,6 +916,26 @@ module Aws::SecurityHub
|
|
886
916
|
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
887
917
|
# @return [Array<Types::MapFilter>]
|
888
918
|
#
|
919
|
+
# @!attribute [rw] resource_application_arn
|
920
|
+
# The Amazon Resource Name (ARN) of the application that is related to
|
921
|
+
# a finding.
|
922
|
+
#
|
923
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
924
|
+
# @return [Array<Types::StringFilter>]
|
925
|
+
#
|
926
|
+
# @!attribute [rw] resource_application_name
|
927
|
+
# The name of the application that is related to a finding.
|
928
|
+
#
|
929
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
930
|
+
# @return [Array<Types::StringFilter>]
|
931
|
+
#
|
932
|
+
# @!attribute [rw] aws_account_name
|
933
|
+
# The name of the Amazon Web Services account in which a finding was
|
934
|
+
# generated.
|
935
|
+
#
|
936
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
937
|
+
# @return [Array<Types::StringFilter>]
|
938
|
+
#
|
889
939
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AutomationRulesFindingFilters AWS API Documentation
|
890
940
|
#
|
891
941
|
class AutomationRulesFindingFilters < Struct.new(
|
@@ -923,7 +973,10 @@ module Aws::SecurityHub
|
|
923
973
|
:note_text,
|
924
974
|
:note_updated_at,
|
925
975
|
:note_updated_by,
|
926
|
-
:user_defined_fields
|
976
|
+
:user_defined_fields,
|
977
|
+
:resource_application_arn,
|
978
|
+
:resource_application_name,
|
979
|
+
:aws_account_name)
|
927
980
|
SENSITIVE = []
|
928
981
|
include Aws::Structure
|
929
982
|
end
|
@@ -4232,7 +4285,7 @@ module Aws::SecurityHub
|
|
4232
4285
|
end
|
4233
4286
|
|
4234
4287
|
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
4235
|
-
# example, a web server),
|
4288
|
+
# example, a web server), Elemental MediaStore, or other server from
|
4236
4289
|
# which CloudFront gets your files.
|
4237
4290
|
#
|
4238
4291
|
# @!attribute [rw] domain_name
|
@@ -18641,6 +18694,25 @@ module Aws::SecurityHub
|
|
18641
18694
|
# receives those findings.
|
18642
18695
|
# @return [Types::GeneratorDetails]
|
18643
18696
|
#
|
18697
|
+
# @!attribute [rw] processed_at
|
18698
|
+
# An ISO8601-formatted timestamp that indicates when Security Hub
|
18699
|
+
# received a finding and begins to process it.
|
18700
|
+
#
|
18701
|
+
# A correctly formatted example is `2020-05-21T20:16:34.724Z`. The
|
18702
|
+
# value cannot contain spaces, and date and time should be separated
|
18703
|
+
# by `T`. For more information, see [RFC 3339 section 5.6, Internet
|
18704
|
+
# Date/Time Format][1].
|
18705
|
+
#
|
18706
|
+
#
|
18707
|
+
#
|
18708
|
+
# [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
|
18709
|
+
# @return [String]
|
18710
|
+
#
|
18711
|
+
# @!attribute [rw] aws_account_name
|
18712
|
+
# The name of the Amazon Web Services account from which a finding was
|
18713
|
+
# generated.
|
18714
|
+
# @return [String]
|
18715
|
+
#
|
18644
18716
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
|
18645
18717
|
#
|
18646
18718
|
class AwsSecurityFinding < Struct.new(
|
@@ -18685,17 +18757,18 @@ module Aws::SecurityHub
|
|
18685
18757
|
:action,
|
18686
18758
|
:finding_provider_fields,
|
18687
18759
|
:sample,
|
18688
|
-
:generator_details
|
18760
|
+
:generator_details,
|
18761
|
+
:processed_at,
|
18762
|
+
:aws_account_name)
|
18689
18763
|
SENSITIVE = []
|
18690
18764
|
include Aws::Structure
|
18691
18765
|
end
|
18692
18766
|
|
18693
|
-
# A collection of
|
18694
|
-
#
|
18695
|
-
# are included in this insight.
|
18767
|
+
# A collection of filters that are applied to all active findings
|
18768
|
+
# aggregated by Security Hub.
|
18696
18769
|
#
|
18697
|
-
# You can filter by up to
|
18698
|
-
# can provide up to 20 filter values.
|
18770
|
+
# You can filter by up to ten finding attributes. For each attribute,
|
18771
|
+
# you can provide up to 20 filter values.
|
18699
18772
|
#
|
18700
18773
|
# @!attribute [rw] product_arn
|
18701
18774
|
# The ARN generated by Security Hub that uniquely identifies a
|
@@ -18705,7 +18778,7 @@ module Aws::SecurityHub
|
|
18705
18778
|
# @return [Array<Types::StringFilter>]
|
18706
18779
|
#
|
18707
18780
|
# @!attribute [rw] aws_account_id
|
18708
|
-
# The Amazon Web Services account ID
|
18781
|
+
# The Amazon Web Services account ID in which a finding is generated.
|
18709
18782
|
# @return [Array<Types::StringFilter>]
|
18710
18783
|
#
|
18711
18784
|
# @!attribute [rw] id
|
@@ -19273,6 +19346,39 @@ module Aws::SecurityHub
|
|
19273
19346
|
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html
|
19274
19347
|
# @return [Array<Types::StringFilter>]
|
19275
19348
|
#
|
19349
|
+
# @!attribute [rw] vulnerabilities_exploit_available
|
19350
|
+
# Indicates whether a software vulnerability in your environment has a
|
19351
|
+
# known exploit. You can filter findings by this field only if you use
|
19352
|
+
# Security Hub and Amazon Inspector.
|
19353
|
+
# @return [Array<Types::StringFilter>]
|
19354
|
+
#
|
19355
|
+
# @!attribute [rw] vulnerabilities_fix_available
|
19356
|
+
# Indicates whether a vulnerability is fixed in a newer version of the
|
19357
|
+
# affected software packages. You can filter findings by this field
|
19358
|
+
# only if you use Security Hub and Amazon Inspector.
|
19359
|
+
# @return [Array<Types::StringFilter>]
|
19360
|
+
#
|
19361
|
+
# @!attribute [rw] compliance_security_control_parameters_name
|
19362
|
+
# The name of a security control parameter.
|
19363
|
+
# @return [Array<Types::StringFilter>]
|
19364
|
+
#
|
19365
|
+
# @!attribute [rw] compliance_security_control_parameters_value
|
19366
|
+
# The current value of a security control parameter.
|
19367
|
+
# @return [Array<Types::StringFilter>]
|
19368
|
+
#
|
19369
|
+
# @!attribute [rw] aws_account_name
|
19370
|
+
# The name of the Amazon Web Services account in which a finding is
|
19371
|
+
# generated.
|
19372
|
+
# @return [Array<Types::StringFilter>]
|
19373
|
+
#
|
19374
|
+
# @!attribute [rw] resource_application_name
|
19375
|
+
# The name of the application that is related to a finding.
|
19376
|
+
# @return [Array<Types::StringFilter>]
|
19377
|
+
#
|
19378
|
+
# @!attribute [rw] resource_application_arn
|
19379
|
+
# The ARN of the application that is related to a finding.
|
19380
|
+
# @return [Array<Types::StringFilter>]
|
19381
|
+
#
|
19276
19382
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
|
19277
19383
|
#
|
19278
19384
|
class AwsSecurityFindingFilters < Struct.new(
|
@@ -19372,7 +19478,14 @@ module Aws::SecurityHub
|
|
19372
19478
|
:finding_provider_fields_types,
|
19373
19479
|
:sample,
|
19374
19480
|
:compliance_security_control_id,
|
19375
|
-
:compliance_associated_standards_id
|
19481
|
+
:compliance_associated_standards_id,
|
19482
|
+
:vulnerabilities_exploit_available,
|
19483
|
+
:vulnerabilities_fix_available,
|
19484
|
+
:compliance_security_control_parameters_name,
|
19485
|
+
:compliance_security_control_parameters_value,
|
19486
|
+
:aws_account_name,
|
19487
|
+
:resource_application_name,
|
19488
|
+
:resource_application_arn)
|
19376
19489
|
SENSITIVE = []
|
19377
19490
|
include Aws::Structure
|
19378
19491
|
end
|
@@ -21076,6 +21189,38 @@ module Aws::SecurityHub
|
|
21076
21189
|
include Aws::Structure
|
21077
21190
|
end
|
21078
21191
|
|
21192
|
+
# @!attribute [rw] configuration_policy_association_identifiers
|
21193
|
+
# Specifies one or more target account IDs, organizational unit (OU)
|
21194
|
+
# IDs, or the root ID to retrieve associations for.
|
21195
|
+
# @return [Array<Types::ConfigurationPolicyAssociation>]
|
21196
|
+
#
|
21197
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsRequest AWS API Documentation
|
21198
|
+
#
|
21199
|
+
class BatchGetConfigurationPolicyAssociationsRequest < Struct.new(
|
21200
|
+
:configuration_policy_association_identifiers)
|
21201
|
+
SENSITIVE = []
|
21202
|
+
include Aws::Structure
|
21203
|
+
end
|
21204
|
+
|
21205
|
+
# @!attribute [rw] configuration_policy_associations
|
21206
|
+
# Describes associations for the target accounts, OUs, or the root.
|
21207
|
+
# @return [Array<Types::ConfigurationPolicyAssociationSummary>]
|
21208
|
+
#
|
21209
|
+
# @!attribute [rw] unprocessed_configuration_policy_associations
|
21210
|
+
# An array of configuration policy associations, one for each
|
21211
|
+
# configuration policy association identifier, that was specified in
|
21212
|
+
# the request but couldn’t be processed due to an error.
|
21213
|
+
# @return [Array<Types::UnprocessedConfigurationPolicyAssociation>]
|
21214
|
+
#
|
21215
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsResponse AWS API Documentation
|
21216
|
+
#
|
21217
|
+
class BatchGetConfigurationPolicyAssociationsResponse < Struct.new(
|
21218
|
+
:configuration_policy_associations,
|
21219
|
+
:unprocessed_configuration_policy_associations)
|
21220
|
+
SENSITIVE = []
|
21221
|
+
include Aws::Structure
|
21222
|
+
end
|
21223
|
+
|
21079
21224
|
# @!attribute [rw] security_control_ids
|
21080
21225
|
# A list of security controls (identified with `SecurityControlId`,
|
21081
21226
|
# `SecurityControlArn`, or a mix of both parameters). The security
|
@@ -21431,6 +21576,21 @@ module Aws::SecurityHub
|
|
21431
21576
|
include Aws::Structure
|
21432
21577
|
end
|
21433
21578
|
|
21579
|
+
# The options for customizing a security control parameter with a
|
21580
|
+
# boolean. For a boolean parameter, the options are `true` and `false`.
|
21581
|
+
#
|
21582
|
+
# @!attribute [rw] default_value
|
21583
|
+
# The Security Hub default value for a boolean parameter.
|
21584
|
+
# @return [Boolean]
|
21585
|
+
#
|
21586
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BooleanConfigurationOptions AWS API Documentation
|
21587
|
+
#
|
21588
|
+
class BooleanConfigurationOptions < Struct.new(
|
21589
|
+
:default_value)
|
21590
|
+
SENSITIVE = []
|
21591
|
+
include Aws::Structure
|
21592
|
+
end
|
21593
|
+
|
21434
21594
|
# Boolean filter for querying findings.
|
21435
21595
|
#
|
21436
21596
|
# @!attribute [rw] value
|
@@ -21693,6 +21853,10 @@ module Aws::SecurityHub
|
|
21693
21853
|
# currently enabled.
|
21694
21854
|
# @return [Array<Types::AssociatedStandard>]
|
21695
21855
|
#
|
21856
|
+
# @!attribute [rw] security_control_parameters
|
21857
|
+
# An object that includes security control parameter names and values.
|
21858
|
+
# @return [Array<Types::SecurityControlParameter>]
|
21859
|
+
#
|
21696
21860
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
|
21697
21861
|
#
|
21698
21862
|
class Compliance < Struct.new(
|
@@ -21700,7 +21864,193 @@ module Aws::SecurityHub
|
|
21700
21864
|
:related_requirements,
|
21701
21865
|
:status_reasons,
|
21702
21866
|
:security_control_id,
|
21703
|
-
:associated_standards
|
21867
|
+
:associated_standards,
|
21868
|
+
:security_control_parameters)
|
21869
|
+
SENSITIVE = []
|
21870
|
+
include Aws::Structure
|
21871
|
+
end
|
21872
|
+
|
21873
|
+
# The options for customizing a security control parameter.
|
21874
|
+
#
|
21875
|
+
# @note ConfigurationOptions is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationOptions corresponding to the set member.
|
21876
|
+
#
|
21877
|
+
# @!attribute [rw] integer
|
21878
|
+
# The options for customizing a security control parameter that is an
|
21879
|
+
# integer.
|
21880
|
+
# @return [Types::IntegerConfigurationOptions]
|
21881
|
+
#
|
21882
|
+
# @!attribute [rw] integer_list
|
21883
|
+
# The options for customizing a security control parameter that is a
|
21884
|
+
# list of integers.
|
21885
|
+
# @return [Types::IntegerListConfigurationOptions]
|
21886
|
+
#
|
21887
|
+
# @!attribute [rw] double
|
21888
|
+
# The options for customizing a security control parameter that is a
|
21889
|
+
# double.
|
21890
|
+
# @return [Types::DoubleConfigurationOptions]
|
21891
|
+
#
|
21892
|
+
# @!attribute [rw] string
|
21893
|
+
# The options for customizing a security control parameter that is a
|
21894
|
+
# string data type.
|
21895
|
+
# @return [Types::StringConfigurationOptions]
|
21896
|
+
#
|
21897
|
+
# @!attribute [rw] string_list
|
21898
|
+
# The options for customizing a security control parameter that is a
|
21899
|
+
# list of strings.
|
21900
|
+
# @return [Types::StringListConfigurationOptions]
|
21901
|
+
#
|
21902
|
+
# @!attribute [rw] boolean
|
21903
|
+
# The options for customizing a security control parameter that is a
|
21904
|
+
# boolean. For a boolean parameter, the options are `true` and
|
21905
|
+
# `false`.
|
21906
|
+
# @return [Types::BooleanConfigurationOptions]
|
21907
|
+
#
|
21908
|
+
# @!attribute [rw] enum
|
21909
|
+
# The options for customizing a security control parameter that is an
|
21910
|
+
# enum.
|
21911
|
+
# @return [Types::EnumConfigurationOptions]
|
21912
|
+
#
|
21913
|
+
# @!attribute [rw] enum_list
|
21914
|
+
# The options for customizing a security control parameter that is a
|
21915
|
+
# list of enums.
|
21916
|
+
# @return [Types::EnumListConfigurationOptions]
|
21917
|
+
#
|
21918
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationOptions AWS API Documentation
|
21919
|
+
#
|
21920
|
+
class ConfigurationOptions < Struct.new(
|
21921
|
+
:integer,
|
21922
|
+
:integer_list,
|
21923
|
+
:double,
|
21924
|
+
:string,
|
21925
|
+
:string_list,
|
21926
|
+
:boolean,
|
21927
|
+
:enum,
|
21928
|
+
:enum_list,
|
21929
|
+
:unknown)
|
21930
|
+
SENSITIVE = []
|
21931
|
+
include Aws::Structure
|
21932
|
+
include Aws::Structure::Union
|
21933
|
+
|
21934
|
+
class Integer < ConfigurationOptions; end
|
21935
|
+
class IntegerList < ConfigurationOptions; end
|
21936
|
+
class Double < ConfigurationOptions; end
|
21937
|
+
class String < ConfigurationOptions; end
|
21938
|
+
class StringList < ConfigurationOptions; end
|
21939
|
+
class Boolean < ConfigurationOptions; end
|
21940
|
+
class Enum < ConfigurationOptions; end
|
21941
|
+
class EnumList < ConfigurationOptions; end
|
21942
|
+
class Unknown < ConfigurationOptions; end
|
21943
|
+
end
|
21944
|
+
|
21945
|
+
# Provides details about the association between an Security Hub
|
21946
|
+
# configuration and a target account, organizational unit, or the root.
|
21947
|
+
# An association can exist between a target and a configuration policy,
|
21948
|
+
# or between a target and self-managed behavior.
|
21949
|
+
#
|
21950
|
+
# @!attribute [rw] target
|
21951
|
+
# The target account, organizational unit, or the root.
|
21952
|
+
# @return [Types::Target]
|
21953
|
+
#
|
21954
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociation AWS API Documentation
|
21955
|
+
#
|
21956
|
+
class ConfigurationPolicyAssociation < Struct.new(
|
21957
|
+
:target)
|
21958
|
+
SENSITIVE = []
|
21959
|
+
include Aws::Structure
|
21960
|
+
end
|
21961
|
+
|
21962
|
+
# An object that contains the details of a configuration policy
|
21963
|
+
# association that’s returned in a `ListConfigurationPolicyAssociations`
|
21964
|
+
# request.
|
21965
|
+
#
|
21966
|
+
# @!attribute [rw] configuration_policy_id
|
21967
|
+
# The universally unique identifier (UUID) of the configuration
|
21968
|
+
# policy.
|
21969
|
+
# @return [String]
|
21970
|
+
#
|
21971
|
+
# @!attribute [rw] target_id
|
21972
|
+
# The identifier of the target account, organizational unit, or the
|
21973
|
+
# root.
|
21974
|
+
# @return [String]
|
21975
|
+
#
|
21976
|
+
# @!attribute [rw] target_type
|
21977
|
+
# Specifies whether the target is an Amazon Web Services account,
|
21978
|
+
# organizational unit, or the root.
|
21979
|
+
# @return [String]
|
21980
|
+
#
|
21981
|
+
# @!attribute [rw] association_type
|
21982
|
+
# Indicates whether the association between the specified target and
|
21983
|
+
# the configuration was directly applied by the Security Hub delegated
|
21984
|
+
# administrator or inherited from a parent.
|
21985
|
+
# @return [String]
|
21986
|
+
#
|
21987
|
+
# @!attribute [rw] updated_at
|
21988
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
21989
|
+
# configuration policy association was last updated.
|
21990
|
+
# @return [Time]
|
21991
|
+
#
|
21992
|
+
# @!attribute [rw] association_status
|
21993
|
+
# The current status of the association between the specified target
|
21994
|
+
# and the configuration.
|
21995
|
+
# @return [String]
|
21996
|
+
#
|
21997
|
+
# @!attribute [rw] association_status_message
|
21998
|
+
# The explanation for a `FAILED` value for `AssociationStatus`.
|
21999
|
+
# @return [String]
|
22000
|
+
#
|
22001
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociationSummary AWS API Documentation
|
22002
|
+
#
|
22003
|
+
class ConfigurationPolicyAssociationSummary < Struct.new(
|
22004
|
+
:configuration_policy_id,
|
22005
|
+
:target_id,
|
22006
|
+
:target_type,
|
22007
|
+
:association_type,
|
22008
|
+
:updated_at,
|
22009
|
+
:association_status,
|
22010
|
+
:association_status_message)
|
22011
|
+
SENSITIVE = []
|
22012
|
+
include Aws::Structure
|
22013
|
+
end
|
22014
|
+
|
22015
|
+
# An object that contains the details of an Security Hub configuration
|
22016
|
+
# policy that’s returned in a `ListConfigurationPolicies` request.
|
22017
|
+
#
|
22018
|
+
# @!attribute [rw] arn
|
22019
|
+
# The Amazon Resource Name (ARN) of the configuration policy.
|
22020
|
+
# @return [String]
|
22021
|
+
#
|
22022
|
+
# @!attribute [rw] id
|
22023
|
+
# The universally unique identifier (UUID) of the configuration
|
22024
|
+
# policy.
|
22025
|
+
# @return [String]
|
22026
|
+
#
|
22027
|
+
# @!attribute [rw] name
|
22028
|
+
# The name of the configuration policy.
|
22029
|
+
# @return [String]
|
22030
|
+
#
|
22031
|
+
# @!attribute [rw] description
|
22032
|
+
# The description of the configuration policy.
|
22033
|
+
# @return [String]
|
22034
|
+
#
|
22035
|
+
# @!attribute [rw] updated_at
|
22036
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22037
|
+
# configuration policy was last updated.
|
22038
|
+
# @return [Time]
|
22039
|
+
#
|
22040
|
+
# @!attribute [rw] service_enabled
|
22041
|
+
# Indicates whether the service that the configuration policy applies
|
22042
|
+
# to is enabled in the policy.
|
22043
|
+
# @return [Boolean]
|
22044
|
+
#
|
22045
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicySummary AWS API Documentation
|
22046
|
+
#
|
22047
|
+
class ConfigurationPolicySummary < Struct.new(
|
22048
|
+
:arn,
|
22049
|
+
:id,
|
22050
|
+
:name,
|
22051
|
+
:description,
|
22052
|
+
:updated_at,
|
22053
|
+
:service_enabled)
|
21704
22054
|
SENSITIVE = []
|
21705
22055
|
include Aws::Structure
|
21706
22056
|
end
|
@@ -21816,7 +22166,7 @@ module Aws::SecurityHub
|
|
21816
22166
|
end
|
21817
22167
|
|
21818
22168
|
# @!attribute [rw] tags
|
21819
|
-
# User-defined tags
|
22169
|
+
# User-defined tags associated with an automation rule.
|
21820
22170
|
# @return [Hash<String,String>]
|
21821
22171
|
#
|
21822
22172
|
# @!attribute [rw] rule_status
|
@@ -21895,6 +22245,102 @@ module Aws::SecurityHub
|
|
21895
22245
|
include Aws::Structure
|
21896
22246
|
end
|
21897
22247
|
|
22248
|
+
# @!attribute [rw] name
|
22249
|
+
# The name of the configuration policy.
|
22250
|
+
# @return [String]
|
22251
|
+
#
|
22252
|
+
# @!attribute [rw] description
|
22253
|
+
# The description of the configuration policy.
|
22254
|
+
# @return [String]
|
22255
|
+
#
|
22256
|
+
# @!attribute [rw] configuration_policy
|
22257
|
+
# An object that defines how Security Hub is configured. It includes
|
22258
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
22259
|
+
# security standards, a list of enabled or disabled security controls,
|
22260
|
+
# and a list of custom parameter values for specified controls. If you
|
22261
|
+
# provide a list of security controls that are enabled in the
|
22262
|
+
# configuration policy, Security Hub disables all other controls
|
22263
|
+
# (including newly released controls). If you provide a list of
|
22264
|
+
# security controls that are disabled in the configuration policy,
|
22265
|
+
# Security Hub enables all other controls (including newly released
|
22266
|
+
# controls).
|
22267
|
+
# @return [Types::Policy]
|
22268
|
+
#
|
22269
|
+
# @!attribute [rw] tags
|
22270
|
+
# User-defined tags associated with a configuration policy. For more
|
22271
|
+
# information, see [Tagging Security Hub resources][1] in the
|
22272
|
+
# *Security Hub user guide*.
|
22273
|
+
#
|
22274
|
+
#
|
22275
|
+
#
|
22276
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
|
22277
|
+
# @return [Hash<String,String>]
|
22278
|
+
#
|
22279
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyRequest AWS API Documentation
|
22280
|
+
#
|
22281
|
+
class CreateConfigurationPolicyRequest < Struct.new(
|
22282
|
+
:name,
|
22283
|
+
:description,
|
22284
|
+
:configuration_policy,
|
22285
|
+
:tags)
|
22286
|
+
SENSITIVE = []
|
22287
|
+
include Aws::Structure
|
22288
|
+
end
|
22289
|
+
|
22290
|
+
# @!attribute [rw] arn
|
22291
|
+
# The Amazon Resource Name (ARN) of the configuration policy.
|
22292
|
+
# @return [String]
|
22293
|
+
#
|
22294
|
+
# @!attribute [rw] id
|
22295
|
+
# The universally unique identifier (UUID) of the configuration
|
22296
|
+
# policy.
|
22297
|
+
# @return [String]
|
22298
|
+
#
|
22299
|
+
# @!attribute [rw] name
|
22300
|
+
# The name of the configuration policy.
|
22301
|
+
# @return [String]
|
22302
|
+
#
|
22303
|
+
# @!attribute [rw] description
|
22304
|
+
# The description of the configuration policy.
|
22305
|
+
# @return [String]
|
22306
|
+
#
|
22307
|
+
# @!attribute [rw] updated_at
|
22308
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22309
|
+
# configuration policy was last updated.
|
22310
|
+
# @return [Time]
|
22311
|
+
#
|
22312
|
+
# @!attribute [rw] created_at
|
22313
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22314
|
+
# configuration policy was created.
|
22315
|
+
# @return [Time]
|
22316
|
+
#
|
22317
|
+
# @!attribute [rw] configuration_policy
|
22318
|
+
# An object that defines how Security Hub is configured. It includes
|
22319
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
22320
|
+
# security standards, a list of enabled or disabled security controls,
|
22321
|
+
# and a list of custom parameter values for specified controls. If the
|
22322
|
+
# request included a list of security controls that are enabled in the
|
22323
|
+
# configuration policy, Security Hub disables all other controls
|
22324
|
+
# (including newly released controls). If the request included a list
|
22325
|
+
# of security controls that are disabled in the configuration policy,
|
22326
|
+
# Security Hub enables all other controls (including newly released
|
22327
|
+
# controls).
|
22328
|
+
# @return [Types::Policy]
|
22329
|
+
#
|
22330
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyResponse AWS API Documentation
|
22331
|
+
#
|
22332
|
+
class CreateConfigurationPolicyResponse < Struct.new(
|
22333
|
+
:arn,
|
22334
|
+
:id,
|
22335
|
+
:name,
|
22336
|
+
:description,
|
22337
|
+
:updated_at,
|
22338
|
+
:created_at,
|
22339
|
+
:configuration_policy)
|
22340
|
+
SENSITIVE = []
|
22341
|
+
include Aws::Structure
|
22342
|
+
end
|
22343
|
+
|
21898
22344
|
# @!attribute [rw] region_linking_mode
|
21899
22345
|
# Indicates whether to aggregate findings from all of the available
|
21900
22346
|
# Regions in the current partition. Also determines whether to
|
@@ -22257,6 +22703,23 @@ module Aws::SecurityHub
|
|
22257
22703
|
include Aws::Structure
|
22258
22704
|
end
|
22259
22705
|
|
22706
|
+
# @!attribute [rw] identifier
|
22707
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
22708
|
+
# (UUID) of the configuration policy.
|
22709
|
+
# @return [String]
|
22710
|
+
#
|
22711
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyRequest AWS API Documentation
|
22712
|
+
#
|
22713
|
+
class DeleteConfigurationPolicyRequest < Struct.new(
|
22714
|
+
:identifier)
|
22715
|
+
SENSITIVE = []
|
22716
|
+
include Aws::Structure
|
22717
|
+
end
|
22718
|
+
|
22719
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyResponse AWS API Documentation
|
22720
|
+
#
|
22721
|
+
class DeleteConfigurationPolicyResponse < Aws::EmptyStructure; end
|
22722
|
+
|
22260
22723
|
# @!attribute [rw] finding_aggregator_arn
|
22261
22724
|
# The ARN of the finding aggregator to delete. To obtain the ARN, use
|
22262
22725
|
# `ListFindingAggregators`.
|
@@ -22463,11 +22926,19 @@ module Aws::SecurityHub
|
|
22463
22926
|
class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
|
22464
22927
|
|
22465
22928
|
# @!attribute [rw] auto_enable
|
22466
|
-
# Whether to automatically enable Security Hub
|
22467
|
-
# organization.
|
22468
|
-
#
|
22469
|
-
# If set to `true`, then Security Hub is enabled
|
22470
|
-
# set to false
|
22929
|
+
# Whether to automatically enable Security Hub in new member accounts
|
22930
|
+
# when they join the organization.
|
22931
|
+
#
|
22932
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
22933
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
22934
|
+
# accounts automatically. The default value is `false`.
|
22935
|
+
#
|
22936
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
22937
|
+
# then this field is set to `false` and can't be changed in the home
|
22938
|
+
# Region and linked Regions. However, in that case, the delegated
|
22939
|
+
# administrator can create a configuration policy in which Security
|
22940
|
+
# Hub is enabled and associate the policy with new organization
|
22941
|
+
# accounts.
|
22471
22942
|
# @return [Boolean]
|
22472
22943
|
#
|
22473
22944
|
# @!attribute [rw] member_account_limit_reached
|
@@ -22477,26 +22948,37 @@ module Aws::SecurityHub
|
|
22477
22948
|
#
|
22478
22949
|
# @!attribute [rw] auto_enable_standards
|
22479
22950
|
# Whether to automatically enable Security Hub [default standards][1]
|
22480
|
-
#
|
22481
|
-
#
|
22482
|
-
# The default value of this parameter is equal to `DEFAULT`.
|
22951
|
+
# in new member accounts when they join the organization.
|
22483
22952
|
#
|
22484
22953
|
# If equal to `DEFAULT`, then Security Hub default standards are
|
22485
22954
|
# automatically enabled for new member accounts. If equal to `NONE`,
|
22486
22955
|
# then default standards are not automatically enabled for new member
|
22487
|
-
# accounts.
|
22956
|
+
# accounts. The default value of this parameter is equal to `DEFAULT`.
|
22957
|
+
#
|
22958
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
22959
|
+
# then this field is set to `NONE` and can't be changed in the home
|
22960
|
+
# Region and linked Regions. However, in that case, the delegated
|
22961
|
+
# administrator can create a configuration policy in which specific
|
22962
|
+
# security standards are enabled and associate the policy with new
|
22963
|
+
# organization accounts.
|
22488
22964
|
#
|
22489
22965
|
#
|
22490
22966
|
#
|
22491
22967
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
22492
22968
|
# @return [String]
|
22493
22969
|
#
|
22970
|
+
# @!attribute [rw] organization_configuration
|
22971
|
+
# Provides information about the way an organization is configured in
|
22972
|
+
# Security Hub.
|
22973
|
+
# @return [Types::OrganizationConfiguration]
|
22974
|
+
#
|
22494
22975
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
|
22495
22976
|
#
|
22496
22977
|
class DescribeOrganizationConfigurationResponse < Struct.new(
|
22497
22978
|
:auto_enable,
|
22498
22979
|
:member_account_limit_reached,
|
22499
|
-
:auto_enable_standards
|
22980
|
+
:auto_enable_standards,
|
22981
|
+
:organization_configuration)
|
22500
22982
|
SENSITIVE = []
|
22501
22983
|
include Aws::Structure
|
22502
22984
|
end
|
@@ -22738,6 +23220,32 @@ module Aws::SecurityHub
|
|
22738
23220
|
include Aws::Structure
|
22739
23221
|
end
|
22740
23222
|
|
23223
|
+
# The options for customizing a security control parameter that is a
|
23224
|
+
# double.
|
23225
|
+
#
|
23226
|
+
# @!attribute [rw] default_value
|
23227
|
+
# The Security Hub default value for a control parameter that is a
|
23228
|
+
# double.
|
23229
|
+
# @return [Float]
|
23230
|
+
#
|
23231
|
+
# @!attribute [rw] min
|
23232
|
+
# The minimum valid value for a control parameter that is a double.
|
23233
|
+
# @return [Float]
|
23234
|
+
#
|
23235
|
+
# @!attribute [rw] max
|
23236
|
+
# The maximum valid value for a control parameter that is a double.
|
23237
|
+
# @return [Float]
|
23238
|
+
#
|
23239
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DoubleConfigurationOptions AWS API Documentation
|
23240
|
+
#
|
23241
|
+
class DoubleConfigurationOptions < Struct.new(
|
23242
|
+
:default_value,
|
23243
|
+
:min,
|
23244
|
+
:max)
|
23245
|
+
SENSITIVE = []
|
23246
|
+
include Aws::Structure
|
23247
|
+
end
|
23248
|
+
|
22741
23249
|
# @!attribute [rw] product_arn
|
22742
23250
|
# The ARN of the product to enable the integration for.
|
22743
23251
|
# @return [String]
|
@@ -22823,6 +23331,54 @@ module Aws::SecurityHub
|
|
22823
23331
|
#
|
22824
23332
|
class EnableSecurityHubResponse < Aws::EmptyStructure; end
|
22825
23333
|
|
23334
|
+
# The options for customizing a security control parameter that is an
|
23335
|
+
# enum.
|
23336
|
+
#
|
23337
|
+
# @!attribute [rw] default_value
|
23338
|
+
# The Security Hub default value for a control parameter that is an
|
23339
|
+
# enum.
|
23340
|
+
# @return [String]
|
23341
|
+
#
|
23342
|
+
# @!attribute [rw] allowed_values
|
23343
|
+
# The valid values for a control parameter that is an enum.
|
23344
|
+
# @return [Array<String>]
|
23345
|
+
#
|
23346
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumConfigurationOptions AWS API Documentation
|
23347
|
+
#
|
23348
|
+
class EnumConfigurationOptions < Struct.new(
|
23349
|
+
:default_value,
|
23350
|
+
:allowed_values)
|
23351
|
+
SENSITIVE = []
|
23352
|
+
include Aws::Structure
|
23353
|
+
end
|
23354
|
+
|
23355
|
+
# The options for customizing a security control parameter that is a
|
23356
|
+
# list of enums.
|
23357
|
+
#
|
23358
|
+
# @!attribute [rw] default_value
|
23359
|
+
# The Security Hub default value for a control parameter that is a
|
23360
|
+
# list of enums.
|
23361
|
+
# @return [Array<String>]
|
23362
|
+
#
|
23363
|
+
# @!attribute [rw] max_items
|
23364
|
+
# The maximum number of list items that an enum list control parameter
|
23365
|
+
# can accept.
|
23366
|
+
# @return [Integer]
|
23367
|
+
#
|
23368
|
+
# @!attribute [rw] allowed_values
|
23369
|
+
# The valid values for a control parameter that is a list of enums.
|
23370
|
+
# @return [Array<String>]
|
23371
|
+
#
|
23372
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumListConfigurationOptions AWS API Documentation
|
23373
|
+
#
|
23374
|
+
class EnumListConfigurationOptions < Struct.new(
|
23375
|
+
:default_value,
|
23376
|
+
:max_items,
|
23377
|
+
:allowed_values)
|
23378
|
+
SENSITIVE = []
|
23379
|
+
include Aws::Structure
|
23380
|
+
end
|
23381
|
+
|
22826
23382
|
# Provides information about the file paths that were affected by the
|
22827
23383
|
# threat.
|
22828
23384
|
#
|
@@ -23241,18 +23797,145 @@ module Aws::SecurityHub
|
|
23241
23797
|
include Aws::Structure
|
23242
23798
|
end
|
23243
23799
|
|
23244
|
-
# @!attribute [rw]
|
23245
|
-
# The
|
23246
|
-
# retrieve.
|
23247
|
-
# @return [
|
23800
|
+
# @!attribute [rw] target
|
23801
|
+
# The target account ID, organizational unit ID, or the root ID to
|
23802
|
+
# retrieve the association for.
|
23803
|
+
# @return [Types::Target]
|
23248
23804
|
#
|
23249
|
-
#
|
23250
|
-
# The token that is required for pagination. On your first call to the
|
23251
|
-
# `GetEnabledStandards` operation, set the value of this parameter to
|
23252
|
-
# `NULL`.
|
23805
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationRequest AWS API Documentation
|
23253
23806
|
#
|
23254
|
-
|
23255
|
-
|
23807
|
+
class GetConfigurationPolicyAssociationRequest < Struct.new(
|
23808
|
+
:target)
|
23809
|
+
SENSITIVE = []
|
23810
|
+
include Aws::Structure
|
23811
|
+
end
|
23812
|
+
|
23813
|
+
# @!attribute [rw] configuration_policy_id
|
23814
|
+
# The universally unique identifier (UUID) of a configuration policy.
|
23815
|
+
# For self-managed behavior, the value is `SELF_MANAGED_SECURITY_HUB`.
|
23816
|
+
# @return [String]
|
23817
|
+
#
|
23818
|
+
# @!attribute [rw] target_id
|
23819
|
+
# The target account ID, organizational unit ID, or the root ID for
|
23820
|
+
# which the association is retrieved.
|
23821
|
+
# @return [String]
|
23822
|
+
#
|
23823
|
+
# @!attribute [rw] target_type
|
23824
|
+
# Specifies whether the target is an Amazon Web Services account,
|
23825
|
+
# organizational unit, or the organization root.
|
23826
|
+
# @return [String]
|
23827
|
+
#
|
23828
|
+
# @!attribute [rw] association_type
|
23829
|
+
# Indicates whether the association between the specified target and
|
23830
|
+
# the configuration was directly applied by the Security Hub delegated
|
23831
|
+
# administrator or inherited from a parent.
|
23832
|
+
# @return [String]
|
23833
|
+
#
|
23834
|
+
# @!attribute [rw] updated_at
|
23835
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23836
|
+
# configuration policy association was last updated.
|
23837
|
+
# @return [Time]
|
23838
|
+
#
|
23839
|
+
# @!attribute [rw] association_status
|
23840
|
+
# The current status of the association between the specified target
|
23841
|
+
# and the configuration.
|
23842
|
+
# @return [String]
|
23843
|
+
#
|
23844
|
+
# @!attribute [rw] association_status_message
|
23845
|
+
# The explanation for a `FAILED` value for `AssociationStatus`.
|
23846
|
+
# @return [String]
|
23847
|
+
#
|
23848
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationResponse AWS API Documentation
|
23849
|
+
#
|
23850
|
+
class GetConfigurationPolicyAssociationResponse < Struct.new(
|
23851
|
+
:configuration_policy_id,
|
23852
|
+
:target_id,
|
23853
|
+
:target_type,
|
23854
|
+
:association_type,
|
23855
|
+
:updated_at,
|
23856
|
+
:association_status,
|
23857
|
+
:association_status_message)
|
23858
|
+
SENSITIVE = []
|
23859
|
+
include Aws::Structure
|
23860
|
+
end
|
23861
|
+
|
23862
|
+
# @!attribute [rw] identifier
|
23863
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
23864
|
+
# (UUID) of the configuration policy.
|
23865
|
+
# @return [String]
|
23866
|
+
#
|
23867
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyRequest AWS API Documentation
|
23868
|
+
#
|
23869
|
+
class GetConfigurationPolicyRequest < Struct.new(
|
23870
|
+
:identifier)
|
23871
|
+
SENSITIVE = []
|
23872
|
+
include Aws::Structure
|
23873
|
+
end
|
23874
|
+
|
23875
|
+
# @!attribute [rw] arn
|
23876
|
+
# The ARN of the configuration policy.
|
23877
|
+
# @return [String]
|
23878
|
+
#
|
23879
|
+
# @!attribute [rw] id
|
23880
|
+
# The UUID of the configuration policy.
|
23881
|
+
# @return [String]
|
23882
|
+
#
|
23883
|
+
# @!attribute [rw] name
|
23884
|
+
# The name of the configuration policy.
|
23885
|
+
# @return [String]
|
23886
|
+
#
|
23887
|
+
# @!attribute [rw] description
|
23888
|
+
# The description of the configuration policy.
|
23889
|
+
# @return [String]
|
23890
|
+
#
|
23891
|
+
# @!attribute [rw] updated_at
|
23892
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23893
|
+
# configuration policy was last updated.
|
23894
|
+
# @return [Time]
|
23895
|
+
#
|
23896
|
+
# @!attribute [rw] created_at
|
23897
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23898
|
+
# configuration policy was created.
|
23899
|
+
# @return [Time]
|
23900
|
+
#
|
23901
|
+
# @!attribute [rw] configuration_policy
|
23902
|
+
# An object that defines how Security Hub is configured. It includes
|
23903
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
23904
|
+
# security standards, a list of enabled or disabled security controls,
|
23905
|
+
# and a list of custom parameter values for specified controls. If the
|
23906
|
+
# policy includes a list of security controls that are enabled,
|
23907
|
+
# Security Hub disables all other controls (including newly released
|
23908
|
+
# controls). If the policy includes a list of security controls that
|
23909
|
+
# are disabled, Security Hub enables all other controls (including
|
23910
|
+
# newly released controls).
|
23911
|
+
# @return [Types::Policy]
|
23912
|
+
#
|
23913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyResponse AWS API Documentation
|
23914
|
+
#
|
23915
|
+
class GetConfigurationPolicyResponse < Struct.new(
|
23916
|
+
:arn,
|
23917
|
+
:id,
|
23918
|
+
:name,
|
23919
|
+
:description,
|
23920
|
+
:updated_at,
|
23921
|
+
:created_at,
|
23922
|
+
:configuration_policy)
|
23923
|
+
SENSITIVE = []
|
23924
|
+
include Aws::Structure
|
23925
|
+
end
|
23926
|
+
|
23927
|
+
# @!attribute [rw] standards_subscription_arns
|
23928
|
+
# The list of the standards subscription ARNs for the standards to
|
23929
|
+
# retrieve.
|
23930
|
+
# @return [Array<String>]
|
23931
|
+
#
|
23932
|
+
# @!attribute [rw] next_token
|
23933
|
+
# The token that is required for pagination. On your first call to the
|
23934
|
+
# `GetEnabledStandards` operation, set the value of this parameter to
|
23935
|
+
# `NULL`.
|
23936
|
+
#
|
23937
|
+
# For subsequent calls to the operation, to continue listing data, set
|
23938
|
+
# the value of this parameter to the value returned from the previous
|
23256
23939
|
# response.
|
23257
23940
|
# @return [String]
|
23258
23941
|
#
|
@@ -23628,6 +24311,34 @@ module Aws::SecurityHub
|
|
23628
24311
|
include Aws::Structure
|
23629
24312
|
end
|
23630
24313
|
|
24314
|
+
# @!attribute [rw] security_control_id
|
24315
|
+
# The ID of the security control to retrieve the definition for. This
|
24316
|
+
# field doesn’t accept an Amazon Resource Name (ARN).
|
24317
|
+
# @return [String]
|
24318
|
+
#
|
24319
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionRequest AWS API Documentation
|
24320
|
+
#
|
24321
|
+
class GetSecurityControlDefinitionRequest < Struct.new(
|
24322
|
+
:security_control_id)
|
24323
|
+
SENSITIVE = []
|
24324
|
+
include Aws::Structure
|
24325
|
+
end
|
24326
|
+
|
24327
|
+
# @!attribute [rw] security_control_definition
|
24328
|
+
# Provides metadata for a security control, including its unique
|
24329
|
+
# standard-agnostic identifier, title, description, severity,
|
24330
|
+
# availability in Amazon Web Services Regions, and a link to
|
24331
|
+
# remediation steps.
|
24332
|
+
# @return [Types::SecurityControlDefinition]
|
24333
|
+
#
|
24334
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionResponse AWS API Documentation
|
24335
|
+
#
|
24336
|
+
class GetSecurityControlDefinitionResponse < Struct.new(
|
24337
|
+
:security_control_definition)
|
24338
|
+
SENSITIVE = []
|
24339
|
+
include Aws::Structure
|
24340
|
+
end
|
24341
|
+
|
23631
24342
|
# An Internet Control Message Protocol (ICMP) type and code.
|
23632
24343
|
#
|
23633
24344
|
# @!attribute [rw] code
|
@@ -23760,6 +24471,66 @@ module Aws::SecurityHub
|
|
23760
24471
|
include Aws::Structure
|
23761
24472
|
end
|
23762
24473
|
|
24474
|
+
# The options for customizing a security control parameter that is an
|
24475
|
+
# integer.
|
24476
|
+
#
|
24477
|
+
# @!attribute [rw] default_value
|
24478
|
+
# The Security Hub default value for a control parameter that is an
|
24479
|
+
# integer.
|
24480
|
+
# @return [Integer]
|
24481
|
+
#
|
24482
|
+
# @!attribute [rw] min
|
24483
|
+
# The minimum valid value for a control parameter that is an integer.
|
24484
|
+
# @return [Integer]
|
24485
|
+
#
|
24486
|
+
# @!attribute [rw] max
|
24487
|
+
# The maximum valid value for a control parameter that is an integer.
|
24488
|
+
# @return [Integer]
|
24489
|
+
#
|
24490
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerConfigurationOptions AWS API Documentation
|
24491
|
+
#
|
24492
|
+
class IntegerConfigurationOptions < Struct.new(
|
24493
|
+
:default_value,
|
24494
|
+
:min,
|
24495
|
+
:max)
|
24496
|
+
SENSITIVE = []
|
24497
|
+
include Aws::Structure
|
24498
|
+
end
|
24499
|
+
|
24500
|
+
# The options for customizing a security control parameter that is a
|
24501
|
+
# list of integers.
|
24502
|
+
#
|
24503
|
+
# @!attribute [rw] default_value
|
24504
|
+
# The Security Hub default value for a control parameter that is a
|
24505
|
+
# list of integers.
|
24506
|
+
# @return [Array<Integer>]
|
24507
|
+
#
|
24508
|
+
# @!attribute [rw] min
|
24509
|
+
# The minimum valid value for a control parameter that is a list of
|
24510
|
+
# integers.
|
24511
|
+
# @return [Integer]
|
24512
|
+
#
|
24513
|
+
# @!attribute [rw] max
|
24514
|
+
# The maximum valid value for a control parameter that is a list of
|
24515
|
+
# integers.
|
24516
|
+
# @return [Integer]
|
24517
|
+
#
|
24518
|
+
# @!attribute [rw] max_items
|
24519
|
+
# The maximum number of list items that an interger list control
|
24520
|
+
# parameter can accept.
|
24521
|
+
# @return [Integer]
|
24522
|
+
#
|
24523
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerListConfigurationOptions AWS API Documentation
|
24524
|
+
#
|
24525
|
+
class IntegerListConfigurationOptions < Struct.new(
|
24526
|
+
:default_value,
|
24527
|
+
:min,
|
24528
|
+
:max,
|
24529
|
+
:max_items)
|
24530
|
+
SENSITIVE = []
|
24531
|
+
include Aws::Structure
|
24532
|
+
end
|
24533
|
+
|
23763
24534
|
# Internal server error.
|
23764
24535
|
#
|
23765
24536
|
# @!attribute [rw] message
|
@@ -24022,6 +24793,117 @@ module Aws::SecurityHub
|
|
24022
24793
|
include Aws::Structure
|
24023
24794
|
end
|
24024
24795
|
|
24796
|
+
# @!attribute [rw] next_token
|
24797
|
+
# The NextToken value that's returned from a previous paginated
|
24798
|
+
# `ListConfigurationPolicies` request where `MaxResults` was used but
|
24799
|
+
# the results exceeded the value of that parameter. Pagination
|
24800
|
+
# continues from the `MaxResults` was used but the results exceeded
|
24801
|
+
# the value of that parameter. Pagination continues from the end of
|
24802
|
+
# the previous response that returned the `NextToken` value. This
|
24803
|
+
# value is `null` when there are no more results to return.
|
24804
|
+
# @return [String]
|
24805
|
+
#
|
24806
|
+
# @!attribute [rw] max_results
|
24807
|
+
# The maximum number of results that's returned by
|
24808
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
24809
|
+
# parameter is used, `ListConfigurationPolicies` returns the specified
|
24810
|
+
# number of results in a single page and a `NextToken` response
|
24811
|
+
# element. You can see the remaining results of the initial request by
|
24812
|
+
# sending another `ListConfigurationPolicies` request with the
|
24813
|
+
# returned `NextToken` value. A valid range for `MaxResults` is
|
24814
|
+
# between 1 and 100.
|
24815
|
+
# @return [Integer]
|
24816
|
+
#
|
24817
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesRequest AWS API Documentation
|
24818
|
+
#
|
24819
|
+
class ListConfigurationPoliciesRequest < Struct.new(
|
24820
|
+
:next_token,
|
24821
|
+
:max_results)
|
24822
|
+
SENSITIVE = []
|
24823
|
+
include Aws::Structure
|
24824
|
+
end
|
24825
|
+
|
24826
|
+
# @!attribute [rw] configuration_policy_summaries
|
24827
|
+
# Provides metadata for each of your configuration policies.
|
24828
|
+
# @return [Array<Types::ConfigurationPolicySummary>]
|
24829
|
+
#
|
24830
|
+
# @!attribute [rw] next_token
|
24831
|
+
# The `NextToken` value to include in the next
|
24832
|
+
# `ListConfigurationPolicies` request. When the results of a
|
24833
|
+
# `ListConfigurationPolicies` request exceed `MaxResults`, this value
|
24834
|
+
# can be used to retrieve the next page of results. This value is
|
24835
|
+
# `null` when there are no more results to return.
|
24836
|
+
# @return [String]
|
24837
|
+
#
|
24838
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesResponse AWS API Documentation
|
24839
|
+
#
|
24840
|
+
class ListConfigurationPoliciesResponse < Struct.new(
|
24841
|
+
:configuration_policy_summaries,
|
24842
|
+
:next_token)
|
24843
|
+
SENSITIVE = []
|
24844
|
+
include Aws::Structure
|
24845
|
+
end
|
24846
|
+
|
24847
|
+
# @!attribute [rw] next_token
|
24848
|
+
# The `NextToken` value that's returned from a previous paginated
|
24849
|
+
# `ListConfigurationPolicyAssociations` request where `MaxResults` was
|
24850
|
+
# used but the results exceeded the value of that parameter.
|
24851
|
+
# Pagination continues from the end of the previous response that
|
24852
|
+
# returned the `NextToken` value. This value is `null` when there are
|
24853
|
+
# no more results to return.
|
24854
|
+
# @return [String]
|
24855
|
+
#
|
24856
|
+
# @!attribute [rw] max_results
|
24857
|
+
# The maximum number of results that's returned by
|
24858
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
24859
|
+
# parameter is used, `ListConfigurationPolicyAssociations` returns the
|
24860
|
+
# specified number of results in a single page and a `NextToken`
|
24861
|
+
# response element. You can see the remaining results of the initial
|
24862
|
+
# request by sending another `ListConfigurationPolicyAssociations`
|
24863
|
+
# request with the returned `NextToken` value. A valid range for
|
24864
|
+
# `MaxResults` is between 1 and 100.
|
24865
|
+
# @return [Integer]
|
24866
|
+
#
|
24867
|
+
# @!attribute [rw] filters
|
24868
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
24869
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
24870
|
+
# universally unique identifier (UUID) of a configuration,
|
24871
|
+
# `AssociationType`, or `AssociationStatus`.
|
24872
|
+
# @return [Types::AssociationFilters]
|
24873
|
+
#
|
24874
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsRequest AWS API Documentation
|
24875
|
+
#
|
24876
|
+
class ListConfigurationPolicyAssociationsRequest < Struct.new(
|
24877
|
+
:next_token,
|
24878
|
+
:max_results,
|
24879
|
+
:filters)
|
24880
|
+
SENSITIVE = []
|
24881
|
+
include Aws::Structure
|
24882
|
+
end
|
24883
|
+
|
24884
|
+
# @!attribute [rw] configuration_policy_association_summaries
|
24885
|
+
# An object that contains the details of each configuration policy
|
24886
|
+
# association that’s returned in a
|
24887
|
+
# `ListConfigurationPolicyAssociations` request.
|
24888
|
+
# @return [Array<Types::ConfigurationPolicyAssociationSummary>]
|
24889
|
+
#
|
24890
|
+
# @!attribute [rw] next_token
|
24891
|
+
# The `NextToken` value to include in the next
|
24892
|
+
# `ListConfigurationPolicyAssociations` request. When the results of a
|
24893
|
+
# `ListConfigurationPolicyAssociations` request exceed `MaxResults`,
|
24894
|
+
# this value can be used to retrieve the next page of results. This
|
24895
|
+
# value is `null` when there are no more results to return.
|
24896
|
+
# @return [String]
|
24897
|
+
#
|
24898
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsResponse AWS API Documentation
|
24899
|
+
#
|
24900
|
+
class ListConfigurationPolicyAssociationsResponse < Struct.new(
|
24901
|
+
:configuration_policy_association_summaries,
|
24902
|
+
:next_token)
|
24903
|
+
SENSITIVE = []
|
24904
|
+
include Aws::Structure
|
24905
|
+
end
|
24906
|
+
|
24025
24907
|
# @!attribute [rw] next_token
|
24026
24908
|
# The token that is required for pagination. On your first call to the
|
24027
24909
|
# `ListEnabledProductsForImport` operation, set the value of this
|
@@ -24838,12 +25720,24 @@ module Aws::SecurityHub
|
|
24838
25720
|
# for findings.
|
24839
25721
|
# @return [Float]
|
24840
25722
|
#
|
25723
|
+
# @!attribute [rw] gt
|
25724
|
+
# The greater-than condition to be applied to a single field when
|
25725
|
+
# querying for findings.
|
25726
|
+
# @return [Float]
|
25727
|
+
#
|
25728
|
+
# @!attribute [rw] lt
|
25729
|
+
# The less-than condition to be applied to a single field when
|
25730
|
+
# querying for findings.
|
25731
|
+
# @return [Float]
|
25732
|
+
#
|
24841
25733
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NumberFilter AWS API Documentation
|
24842
25734
|
#
|
24843
25735
|
class NumberFilter < Struct.new(
|
24844
25736
|
:gte,
|
24845
25737
|
:lte,
|
24846
|
-
:eq
|
25738
|
+
:eq,
|
25739
|
+
:gt,
|
25740
|
+
:lt)
|
24847
25741
|
SENSITIVE = []
|
24848
25742
|
include Aws::Structure
|
24849
25743
|
end
|
@@ -24888,6 +25782,53 @@ module Aws::SecurityHub
|
|
24888
25782
|
include Aws::Structure
|
24889
25783
|
end
|
24890
25784
|
|
25785
|
+
# Provides information about the way an organization is configured in
|
25786
|
+
# Security Hub.
|
25787
|
+
#
|
25788
|
+
# @!attribute [rw] configuration_type
|
25789
|
+
# Indicates whether the organization uses local or central
|
25790
|
+
# configuration.
|
25791
|
+
#
|
25792
|
+
# If you use local configuration, the Security Hub delegated
|
25793
|
+
# administrator can set `AutoEnable` to `true` and
|
25794
|
+
# `AutoEnableStandards` to `DEFAULT`. This automatically enables
|
25795
|
+
# Security Hub and default security standards in new organization
|
25796
|
+
# accounts. These new account settings must be set separately in each
|
25797
|
+
# Amazon Web Services Region, and settings may be different in each
|
25798
|
+
# Region.
|
25799
|
+
#
|
25800
|
+
# If you use central configuration, the delegated administrator can
|
25801
|
+
# create configuration policies. Configuration policies can be used to
|
25802
|
+
# configure Security Hub, security standards, and security controls in
|
25803
|
+
# multiple accounts and Regions. If you want new organization accounts
|
25804
|
+
# to use a specific configuration, you can create a configuration
|
25805
|
+
# policy and associate it with the root or specific organizational
|
25806
|
+
# units (OUs). New accounts will inherit the policy from the root or
|
25807
|
+
# their assigned OU.
|
25808
|
+
# @return [String]
|
25809
|
+
#
|
25810
|
+
# @!attribute [rw] status
|
25811
|
+
# Describes whether central configuration could be enabled as the
|
25812
|
+
# `ConfigurationType` for the organization. If your
|
25813
|
+
# `ConfigurationType` is local configuration, then the value of
|
25814
|
+
# `Status` is always `ENABLED`.
|
25815
|
+
# @return [String]
|
25816
|
+
#
|
25817
|
+
# @!attribute [rw] status_message
|
25818
|
+
# Provides an explanation if the value of `Status` is equal to
|
25819
|
+
# `FAILED` when `ConfigurationType` is equal to `CENTRAL`.
|
25820
|
+
# @return [String]
|
25821
|
+
#
|
25822
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/OrganizationConfiguration AWS API Documentation
|
25823
|
+
#
|
25824
|
+
class OrganizationConfiguration < Struct.new(
|
25825
|
+
:configuration_type,
|
25826
|
+
:status,
|
25827
|
+
:status_message)
|
25828
|
+
SENSITIVE = []
|
25829
|
+
include Aws::Structure
|
25830
|
+
end
|
25831
|
+
|
24891
25832
|
# An occurrence of sensitive data in an Adobe Portable Document Format
|
24892
25833
|
# (PDF) file.
|
24893
25834
|
#
|
@@ -24915,6 +25856,114 @@ module Aws::SecurityHub
|
|
24915
25856
|
include Aws::Structure
|
24916
25857
|
end
|
24917
25858
|
|
25859
|
+
# An object that provides the current value of a security control
|
25860
|
+
# parameter and identifies whether it has been customized.
|
25861
|
+
#
|
25862
|
+
# @!attribute [rw] value_type
|
25863
|
+
# Identifies whether a control parameter uses a custom user-defined
|
25864
|
+
# value or the Security Hub default value.
|
25865
|
+
# @return [String]
|
25866
|
+
#
|
25867
|
+
# @!attribute [rw] value
|
25868
|
+
# The current value of a control parameter.
|
25869
|
+
# @return [Types::ParameterValue]
|
25870
|
+
#
|
25871
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterConfiguration AWS API Documentation
|
25872
|
+
#
|
25873
|
+
class ParameterConfiguration < Struct.new(
|
25874
|
+
:value_type,
|
25875
|
+
:value)
|
25876
|
+
SENSITIVE = []
|
25877
|
+
include Aws::Structure
|
25878
|
+
end
|
25879
|
+
|
25880
|
+
# An object that describes a security control parameter and the options
|
25881
|
+
# for customizing it.
|
25882
|
+
#
|
25883
|
+
# @!attribute [rw] description
|
25884
|
+
# Description of a control parameter.
|
25885
|
+
# @return [String]
|
25886
|
+
#
|
25887
|
+
# @!attribute [rw] configuration_options
|
25888
|
+
# The options for customizing a control parameter. Customization
|
25889
|
+
# options vary based on the data type of the parameter.
|
25890
|
+
# @return [Types::ConfigurationOptions]
|
25891
|
+
#
|
25892
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterDefinition AWS API Documentation
|
25893
|
+
#
|
25894
|
+
class ParameterDefinition < Struct.new(
|
25895
|
+
:description,
|
25896
|
+
:configuration_options)
|
25897
|
+
SENSITIVE = []
|
25898
|
+
include Aws::Structure
|
25899
|
+
end
|
25900
|
+
|
25901
|
+
# An object that includes the data type of a security control parameter
|
25902
|
+
# and its current value.
|
25903
|
+
#
|
25904
|
+
# @note ParameterValue is a union - when making an API calls you must set exactly one of the members.
|
25905
|
+
#
|
25906
|
+
# @note ParameterValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ParameterValue corresponding to the set member.
|
25907
|
+
#
|
25908
|
+
# @!attribute [rw] integer
|
25909
|
+
# A control parameter that is an integer.
|
25910
|
+
# @return [Integer]
|
25911
|
+
#
|
25912
|
+
# @!attribute [rw] integer_list
|
25913
|
+
# A control parameter that is a list of integers.
|
25914
|
+
# @return [Array<Integer>]
|
25915
|
+
#
|
25916
|
+
# @!attribute [rw] double
|
25917
|
+
# A control parameter that is a double.
|
25918
|
+
# @return [Float]
|
25919
|
+
#
|
25920
|
+
# @!attribute [rw] string
|
25921
|
+
# A control parameter that is a string.
|
25922
|
+
# @return [String]
|
25923
|
+
#
|
25924
|
+
# @!attribute [rw] string_list
|
25925
|
+
# A control parameter that is a list of strings.
|
25926
|
+
# @return [Array<String>]
|
25927
|
+
#
|
25928
|
+
# @!attribute [rw] boolean
|
25929
|
+
# A control parameter that is a boolean.
|
25930
|
+
# @return [Boolean]
|
25931
|
+
#
|
25932
|
+
# @!attribute [rw] enum
|
25933
|
+
# A control parameter that is an enum.
|
25934
|
+
# @return [String]
|
25935
|
+
#
|
25936
|
+
# @!attribute [rw] enum_list
|
25937
|
+
# A control parameter that is a list of enums.
|
25938
|
+
# @return [Array<String>]
|
25939
|
+
#
|
25940
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterValue AWS API Documentation
|
25941
|
+
#
|
25942
|
+
class ParameterValue < Struct.new(
|
25943
|
+
:integer,
|
25944
|
+
:integer_list,
|
25945
|
+
:double,
|
25946
|
+
:string,
|
25947
|
+
:string_list,
|
25948
|
+
:boolean,
|
25949
|
+
:enum,
|
25950
|
+
:enum_list,
|
25951
|
+
:unknown)
|
25952
|
+
SENSITIVE = []
|
25953
|
+
include Aws::Structure
|
25954
|
+
include Aws::Structure::Union
|
25955
|
+
|
25956
|
+
class Integer < ParameterValue; end
|
25957
|
+
class IntegerList < ParameterValue; end
|
25958
|
+
class Double < ParameterValue; end
|
25959
|
+
class String < ParameterValue; end
|
25960
|
+
class StringList < ParameterValue; end
|
25961
|
+
class Boolean < ParameterValue; end
|
25962
|
+
class Enum < ParameterValue; end
|
25963
|
+
class EnumList < ParameterValue; end
|
25964
|
+
class Unknown < ParameterValue; end
|
25965
|
+
end
|
25966
|
+
|
24918
25967
|
# Provides an overview of the patch compliance status for an instance
|
24919
25968
|
# against a selected compliance standard.
|
24920
25969
|
#
|
@@ -25007,6 +26056,37 @@ module Aws::SecurityHub
|
|
25007
26056
|
include Aws::Structure
|
25008
26057
|
end
|
25009
26058
|
|
26059
|
+
# An object that defines how Security Hub is configured. It includes
|
26060
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
26061
|
+
# security standards, a list of enabled or disabled security controls,
|
26062
|
+
# and a list of custom parameter values for specified controls. If you
|
26063
|
+
# provide a list of security controls that are enabled in the
|
26064
|
+
# configuration policy, Security Hub disables all other controls
|
26065
|
+
# (including newly released controls). If you provide a list of security
|
26066
|
+
# controls that are disabled in the configuration policy, Security Hub
|
26067
|
+
# enables all other controls (including newly released controls).
|
26068
|
+
#
|
26069
|
+
# @note Policy is a union - when making an API calls you must set exactly one of the members.
|
26070
|
+
#
|
26071
|
+
# @note Policy is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Policy corresponding to the set member.
|
26072
|
+
#
|
26073
|
+
# @!attribute [rw] security_hub
|
26074
|
+
# The Amazon Web Service that the configuration policy applies to.
|
26075
|
+
# @return [Types::SecurityHubPolicy]
|
26076
|
+
#
|
26077
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Policy AWS API Documentation
|
26078
|
+
#
|
26079
|
+
class Policy < Struct.new(
|
26080
|
+
:security_hub,
|
26081
|
+
:unknown)
|
26082
|
+
SENSITIVE = []
|
26083
|
+
include Aws::Structure
|
26084
|
+
include Aws::Structure::Union
|
26085
|
+
|
26086
|
+
class SecurityHub < Policy; end
|
26087
|
+
class Unknown < Policy; end
|
26088
|
+
end
|
26089
|
+
|
25010
26090
|
# Provided if `ActionType` is `PORT_PROBE`. It provides details about
|
25011
26091
|
# the attempted port probe that was detected.
|
25012
26092
|
#
|
@@ -25391,6 +26471,15 @@ module Aws::SecurityHub
|
|
25391
26471
|
# Additional details about the resource related to a finding.
|
25392
26472
|
# @return [Types::ResourceDetails]
|
25393
26473
|
#
|
26474
|
+
# @!attribute [rw] application_name
|
26475
|
+
# The name of the application that is related to a finding.
|
26476
|
+
# @return [String]
|
26477
|
+
#
|
26478
|
+
# @!attribute [rw] application_arn
|
26479
|
+
# The Amazon Resource Name (ARN) of the application that is related to
|
26480
|
+
# a finding.
|
26481
|
+
# @return [String]
|
26482
|
+
#
|
25394
26483
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Resource AWS API Documentation
|
25395
26484
|
#
|
25396
26485
|
class Resource < Struct.new(
|
@@ -25401,7 +26490,9 @@ module Aws::SecurityHub
|
|
25401
26490
|
:resource_role,
|
25402
26491
|
:tags,
|
25403
26492
|
:data_classification,
|
25404
|
-
:details
|
26493
|
+
:details,
|
26494
|
+
:application_name,
|
26495
|
+
:application_arn)
|
25405
26496
|
SENSITIVE = []
|
25406
26497
|
include Aws::Structure
|
25407
26498
|
end
|
@@ -25985,6 +27076,25 @@ module Aws::SecurityHub
|
|
25985
27076
|
include Aws::Structure
|
25986
27077
|
end
|
25987
27078
|
|
27079
|
+
# The request was rejected because it conflicts with the resource's
|
27080
|
+
# availability. For example, you tried to update a security control
|
27081
|
+
# that's currently in the `UPDATING` state.
|
27082
|
+
#
|
27083
|
+
# @!attribute [rw] message
|
27084
|
+
# @return [String]
|
27085
|
+
#
|
27086
|
+
# @!attribute [rw] code
|
27087
|
+
# @return [String]
|
27088
|
+
#
|
27089
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceInUseException AWS API Documentation
|
27090
|
+
#
|
27091
|
+
class ResourceInUseException < Struct.new(
|
27092
|
+
:message,
|
27093
|
+
:code)
|
27094
|
+
SENSITIVE = []
|
27095
|
+
include Aws::Structure
|
27096
|
+
end
|
27097
|
+
|
25988
27098
|
# The request was rejected because we can't find the specified
|
25989
27099
|
# resource.
|
25990
27100
|
#
|
@@ -26598,6 +27708,32 @@ module Aws::SecurityHub
|
|
26598
27708
|
# The enablement status of a security control in a specific standard.
|
26599
27709
|
# @return [String]
|
26600
27710
|
#
|
27711
|
+
# @!attribute [rw] update_status
|
27712
|
+
# Identifies whether customizable properties of a security control are
|
27713
|
+
# reflected in Security Hub findings. A status of `READY` indicates
|
27714
|
+
# findings include the current parameter values. A status of
|
27715
|
+
# `UPDATING` indicates that all findings may not include the current
|
27716
|
+
# parameter values.
|
27717
|
+
# @return [String]
|
27718
|
+
#
|
27719
|
+
# @!attribute [rw] parameters
|
27720
|
+
# An object that identifies the name of a control parameter, its
|
27721
|
+
# current value, and whether it has been customized.
|
27722
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
27723
|
+
#
|
27724
|
+
# @!attribute [rw] last_update_reason
|
27725
|
+
# The most recent reason for updating the customizable properties of a
|
27726
|
+
# security control. This differs from the `UpdateReason` field of the
|
27727
|
+
# [ `BatchUpdateStandardsControlAssociations` ][1] API, which tracks
|
27728
|
+
# the reason for updating the enablement status of a control. This
|
27729
|
+
# field accepts alphanumeric characters in addition to white spaces,
|
27730
|
+
# dashes, and underscores.
|
27731
|
+
#
|
27732
|
+
#
|
27733
|
+
#
|
27734
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
|
27735
|
+
# @return [String]
|
27736
|
+
#
|
26601
27737
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
|
26602
27738
|
#
|
26603
27739
|
class SecurityControl < Struct.new(
|
@@ -26607,7 +27743,31 @@ module Aws::SecurityHub
|
|
26607
27743
|
:description,
|
26608
27744
|
:remediation_url,
|
26609
27745
|
:severity_rating,
|
26610
|
-
:security_control_status
|
27746
|
+
:security_control_status,
|
27747
|
+
:update_status,
|
27748
|
+
:parameters,
|
27749
|
+
:last_update_reason)
|
27750
|
+
SENSITIVE = []
|
27751
|
+
include Aws::Structure
|
27752
|
+
end
|
27753
|
+
|
27754
|
+
# A list of security controls and control parameter values that are
|
27755
|
+
# included in a configuration policy.
|
27756
|
+
#
|
27757
|
+
# @!attribute [rw] security_control_id
|
27758
|
+
# The ID of the security control.
|
27759
|
+
# @return [String]
|
27760
|
+
#
|
27761
|
+
# @!attribute [rw] parameters
|
27762
|
+
# An object that specifies parameter values for a control in a
|
27763
|
+
# configuration policy.
|
27764
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
27765
|
+
#
|
27766
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlCustomParameter AWS API Documentation
|
27767
|
+
#
|
27768
|
+
class SecurityControlCustomParameter < Struct.new(
|
27769
|
+
:security_control_id,
|
27770
|
+
:parameters)
|
26611
27771
|
SENSITIVE = []
|
26612
27772
|
include Aws::Structure
|
26613
27773
|
end
|
@@ -26658,6 +27818,18 @@ module Aws::SecurityHub
|
|
26658
27818
|
# Amazon Web Services Region.
|
26659
27819
|
# @return [String]
|
26660
27820
|
#
|
27821
|
+
# @!attribute [rw] customizable_properties
|
27822
|
+
# Security control properties that you can customize. Currently, only
|
27823
|
+
# parameter customization is supported for select controls. An empty
|
27824
|
+
# array is returned for controls that don’t support custom properties.
|
27825
|
+
# @return [Array<String>]
|
27826
|
+
#
|
27827
|
+
# @!attribute [rw] parameter_definitions
|
27828
|
+
# An object that provides a security control parameter name,
|
27829
|
+
# description, and the options for customizing it. This object is
|
27830
|
+
# excluded for a control that doesn't support custom parameters.
|
27831
|
+
# @return [Hash<String,Types::ParameterDefinition>]
|
27832
|
+
#
|
26661
27833
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
|
26662
27834
|
#
|
26663
27835
|
class SecurityControlDefinition < Struct.new(
|
@@ -26666,7 +27838,95 @@ module Aws::SecurityHub
|
|
26666
27838
|
:description,
|
26667
27839
|
:remediation_url,
|
26668
27840
|
:severity_rating,
|
26669
|
-
:current_region_availability
|
27841
|
+
:current_region_availability,
|
27842
|
+
:customizable_properties,
|
27843
|
+
:parameter_definitions)
|
27844
|
+
SENSITIVE = []
|
27845
|
+
include Aws::Structure
|
27846
|
+
end
|
27847
|
+
|
27848
|
+
# A parameter that a security control accepts.
|
27849
|
+
#
|
27850
|
+
# @!attribute [rw] name
|
27851
|
+
# The name of a
|
27852
|
+
# @return [String]
|
27853
|
+
#
|
27854
|
+
# @!attribute [rw] value
|
27855
|
+
# The current value of a control parameter.
|
27856
|
+
# @return [Array<String>]
|
27857
|
+
#
|
27858
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlParameter AWS API Documentation
|
27859
|
+
#
|
27860
|
+
class SecurityControlParameter < Struct.new(
|
27861
|
+
:name,
|
27862
|
+
:value)
|
27863
|
+
SENSITIVE = []
|
27864
|
+
include Aws::Structure
|
27865
|
+
end
|
27866
|
+
|
27867
|
+
# An object that defines which security controls are enabled in an
|
27868
|
+
# Security Hub configuration policy. The enablement status of a control
|
27869
|
+
# is aligned across all of the enabled standards in an account.
|
27870
|
+
#
|
27871
|
+
# @!attribute [rw] enabled_security_control_identifiers
|
27872
|
+
# A list of security controls that are enabled in the configuration
|
27873
|
+
# policy. Security Hub disables all other controls (including newly
|
27874
|
+
# released controls) other than the listed controls.
|
27875
|
+
# @return [Array<String>]
|
27876
|
+
#
|
27877
|
+
# @!attribute [rw] disabled_security_control_identifiers
|
27878
|
+
# A list of security controls that are disabled in the configuration
|
27879
|
+
# policy. Security Hub enables all other controls (including newly
|
27880
|
+
# released controls) other than the listed controls.
|
27881
|
+
# @return [Array<String>]
|
27882
|
+
#
|
27883
|
+
# @!attribute [rw] security_control_custom_parameters
|
27884
|
+
# A list of security controls and control parameter values that are
|
27885
|
+
# included in a configuration policy.
|
27886
|
+
# @return [Array<Types::SecurityControlCustomParameter>]
|
27887
|
+
#
|
27888
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlsConfiguration AWS API Documentation
|
27889
|
+
#
|
27890
|
+
class SecurityControlsConfiguration < Struct.new(
|
27891
|
+
:enabled_security_control_identifiers,
|
27892
|
+
:disabled_security_control_identifiers,
|
27893
|
+
:security_control_custom_parameters)
|
27894
|
+
SENSITIVE = []
|
27895
|
+
include Aws::Structure
|
27896
|
+
end
|
27897
|
+
|
27898
|
+
# An object that defines how Security Hub is configured. The
|
27899
|
+
# configuration policy includes whether Security Hub is enabled or
|
27900
|
+
# disabled, a list of enabled security standards, a list of enabled or
|
27901
|
+
# disabled security controls, and a list of custom parameter values for
|
27902
|
+
# specified controls. If you provide a list of security controls that
|
27903
|
+
# are enabled in the configuration policy, Security Hub disables all
|
27904
|
+
# other controls (including newly released controls). If you provide a
|
27905
|
+
# list of security controls that are disabled in the configuration
|
27906
|
+
# policy, Security Hub enables all other controls (including newly
|
27907
|
+
# released controls).
|
27908
|
+
#
|
27909
|
+
# @!attribute [rw] service_enabled
|
27910
|
+
# Indicates whether Security Hub is enabled in the policy.
|
27911
|
+
# @return [Boolean]
|
27912
|
+
#
|
27913
|
+
# @!attribute [rw] enabled_standard_identifiers
|
27914
|
+
# A list that defines which security standards are enabled in the
|
27915
|
+
# configuration policy.
|
27916
|
+
# @return [Array<String>]
|
27917
|
+
#
|
27918
|
+
# @!attribute [rw] security_controls_configuration
|
27919
|
+
# An object that defines which security controls are enabled in the
|
27920
|
+
# configuration policy. The enablement status of a control is aligned
|
27921
|
+
# across all of the enabled standards in an account.
|
27922
|
+
# @return [Types::SecurityControlsConfiguration]
|
27923
|
+
#
|
27924
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityHubPolicy AWS API Documentation
|
27925
|
+
#
|
27926
|
+
class SecurityHubPolicy < Struct.new(
|
27927
|
+
:service_enabled,
|
27928
|
+
:enabled_standard_identifiers,
|
27929
|
+
:security_controls_configuration)
|
26670
27930
|
SENSITIVE = []
|
26671
27931
|
include Aws::Structure
|
26672
27932
|
end
|
@@ -26737,8 +27997,8 @@ module Aws::SecurityHub
|
|
26737
27997
|
# attribute.
|
26738
27998
|
#
|
26739
27999
|
# @!attribute [rw] product
|
26740
|
-
# Deprecated. This attribute
|
26741
|
-
# `Product`, provide `Original`.
|
28000
|
+
# Deprecated. This attribute isn't included in findings. Instead of
|
28001
|
+
# providing `Product`, provide `Original`.
|
26742
28002
|
#
|
26743
28003
|
# The native severity as defined by the Amazon Web Services service or
|
26744
28004
|
# integrated partner product that generated the finding.
|
@@ -26774,9 +28034,8 @@ module Aws::SecurityHub
|
|
26774
28034
|
# @return [String]
|
26775
28035
|
#
|
26776
28036
|
# @!attribute [rw] normalized
|
26777
|
-
# Deprecated. The normalized severity of a finding.
|
26778
|
-
#
|
26779
|
-
# `Label`.
|
28037
|
+
# Deprecated. The normalized severity of a finding. Instead of
|
28038
|
+
# providing `Normalized`, provide `Label`.
|
26780
28039
|
#
|
26781
28040
|
# If you provide `Label` and do not provide `Normalized`, then
|
26782
28041
|
# `Normalized` is set automatically as follows.
|
@@ -27189,7 +28448,7 @@ module Aws::SecurityHub
|
|
27189
28448
|
# @return [Time]
|
27190
28449
|
#
|
27191
28450
|
# @!attribute [rw] updated_reason
|
27192
|
-
# The reason for updating
|
28451
|
+
# The reason for updating a control's enablement status in a
|
27193
28452
|
# specified standard.
|
27194
28453
|
# @return [String]
|
27195
28454
|
#
|
@@ -27362,6 +28621,96 @@ module Aws::SecurityHub
|
|
27362
28621
|
include Aws::Structure
|
27363
28622
|
end
|
27364
28623
|
|
28624
|
+
# @!attribute [rw] configuration_policy_identifier
|
28625
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
28626
|
+
# (UUID) of the configuration policy.
|
28627
|
+
# @return [String]
|
28628
|
+
#
|
28629
|
+
# @!attribute [rw] target
|
28630
|
+
# The identifier of the target account, organizational unit, or the
|
28631
|
+
# root to associate with the specified configuration.
|
28632
|
+
# @return [Types::Target]
|
28633
|
+
#
|
28634
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationRequest AWS API Documentation
|
28635
|
+
#
|
28636
|
+
class StartConfigurationPolicyAssociationRequest < Struct.new(
|
28637
|
+
:configuration_policy_identifier,
|
28638
|
+
:target)
|
28639
|
+
SENSITIVE = []
|
28640
|
+
include Aws::Structure
|
28641
|
+
end
|
28642
|
+
|
28643
|
+
# @!attribute [rw] configuration_policy_id
|
28644
|
+
# The UUID of the configuration policy.
|
28645
|
+
# @return [String]
|
28646
|
+
#
|
28647
|
+
# @!attribute [rw] target_id
|
28648
|
+
# The identifier of the target account, organizational unit, or the
|
28649
|
+
# organization root with which the configuration is associated.
|
28650
|
+
# @return [String]
|
28651
|
+
#
|
28652
|
+
# @!attribute [rw] target_type
|
28653
|
+
# Indicates whether the target is an Amazon Web Services account,
|
28654
|
+
# organizational unit, or the organization root.
|
28655
|
+
# @return [String]
|
28656
|
+
#
|
28657
|
+
# @!attribute [rw] association_type
|
28658
|
+
# Indicates whether the association between the specified target and
|
28659
|
+
# the configuration was directly applied by the Security Hub delegated
|
28660
|
+
# administrator or inherited from a parent.
|
28661
|
+
# @return [String]
|
28662
|
+
#
|
28663
|
+
# @!attribute [rw] updated_at
|
28664
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
28665
|
+
# configuration policy association was last updated.
|
28666
|
+
# @return [Time]
|
28667
|
+
#
|
28668
|
+
# @!attribute [rw] association_status
|
28669
|
+
# The current status of the association between the specified target
|
28670
|
+
# and the configuration.
|
28671
|
+
# @return [String]
|
28672
|
+
#
|
28673
|
+
# @!attribute [rw] association_status_message
|
28674
|
+
# An explanation for a `FAILED` value for `AssociationStatus`.
|
28675
|
+
# @return [String]
|
28676
|
+
#
|
28677
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationResponse AWS API Documentation
|
28678
|
+
#
|
28679
|
+
class StartConfigurationPolicyAssociationResponse < Struct.new(
|
28680
|
+
:configuration_policy_id,
|
28681
|
+
:target_id,
|
28682
|
+
:target_type,
|
28683
|
+
:association_type,
|
28684
|
+
:updated_at,
|
28685
|
+
:association_status,
|
28686
|
+
:association_status_message)
|
28687
|
+
SENSITIVE = []
|
28688
|
+
include Aws::Structure
|
28689
|
+
end
|
28690
|
+
|
28691
|
+
# @!attribute [rw] target
|
28692
|
+
# The identifier of the target account, organizational unit, or the
|
28693
|
+
# root to disassociate from the specified configuration.
|
28694
|
+
# @return [Types::Target]
|
28695
|
+
#
|
28696
|
+
# @!attribute [rw] configuration_policy_identifier
|
28697
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
28698
|
+
# (UUID) of the configuration policy.
|
28699
|
+
# @return [String]
|
28700
|
+
#
|
28701
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationRequest AWS API Documentation
|
28702
|
+
#
|
28703
|
+
class StartConfigurationPolicyDisassociationRequest < Struct.new(
|
28704
|
+
:target,
|
28705
|
+
:configuration_policy_identifier)
|
28706
|
+
SENSITIVE = []
|
28707
|
+
include Aws::Structure
|
28708
|
+
end
|
28709
|
+
|
28710
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationResponse AWS API Documentation
|
28711
|
+
#
|
28712
|
+
class StartConfigurationPolicyDisassociationResponse < Aws::EmptyStructure; end
|
28713
|
+
|
27365
28714
|
# The definition of a custom action that can be used for stateless
|
27366
28715
|
# packet handling.
|
27367
28716
|
#
|
@@ -27430,6 +28779,33 @@ module Aws::SecurityHub
|
|
27430
28779
|
include Aws::Structure
|
27431
28780
|
end
|
27432
28781
|
|
28782
|
+
# The options for customizing a security control parameter that is a
|
28783
|
+
# string.
|
28784
|
+
#
|
28785
|
+
# @!attribute [rw] default_value
|
28786
|
+
# The Security Hub default value for a control parameter that is a
|
28787
|
+
# string.
|
28788
|
+
# @return [String]
|
28789
|
+
#
|
28790
|
+
# @!attribute [rw] re_2_expression
|
28791
|
+
# An RE2 regular expression that Security Hub uses to validate a
|
28792
|
+
# user-provided control parameter string.
|
28793
|
+
# @return [String]
|
28794
|
+
#
|
28795
|
+
# @!attribute [rw] expression_description
|
28796
|
+
# The description of the RE2 regular expression.
|
28797
|
+
# @return [String]
|
28798
|
+
#
|
28799
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringConfigurationOptions AWS API Documentation
|
28800
|
+
#
|
28801
|
+
class StringConfigurationOptions < Struct.new(
|
28802
|
+
:default_value,
|
28803
|
+
:re_2_expression,
|
28804
|
+
:expression_description)
|
28805
|
+
SENSITIVE = []
|
28806
|
+
include Aws::Structure
|
28807
|
+
end
|
28808
|
+
|
27433
28809
|
# A string filter for filtering Security Hub findings.
|
27434
28810
|
#
|
27435
28811
|
# @!attribute [rw] value
|
@@ -27537,6 +28913,39 @@ module Aws::SecurityHub
|
|
27537
28913
|
include Aws::Structure
|
27538
28914
|
end
|
27539
28915
|
|
28916
|
+
# The options for customizing a security control parameter that is a
|
28917
|
+
# list of strings.
|
28918
|
+
#
|
28919
|
+
# @!attribute [rw] default_value
|
28920
|
+
# The Security Hub default value for a control parameter that is a
|
28921
|
+
# list of strings.
|
28922
|
+
# @return [Array<String>]
|
28923
|
+
#
|
28924
|
+
# @!attribute [rw] re_2_expression
|
28925
|
+
# An RE2 regular expression that Security Hub uses to validate a
|
28926
|
+
# user-provided list of strings for a control parameter.
|
28927
|
+
# @return [String]
|
28928
|
+
#
|
28929
|
+
# @!attribute [rw] max_items
|
28930
|
+
# The maximum number of list items that a string list control
|
28931
|
+
# parameter can accept.
|
28932
|
+
# @return [Integer]
|
28933
|
+
#
|
28934
|
+
# @!attribute [rw] expression_description
|
28935
|
+
# The description of the RE2 regular expression.
|
28936
|
+
# @return [String]
|
28937
|
+
#
|
28938
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringListConfigurationOptions AWS API Documentation
|
28939
|
+
#
|
28940
|
+
class StringListConfigurationOptions < Struct.new(
|
28941
|
+
:default_value,
|
28942
|
+
:re_2_expression,
|
28943
|
+
:max_items,
|
28944
|
+
:expression_description)
|
28945
|
+
SENSITIVE = []
|
28946
|
+
include Aws::Structure
|
28947
|
+
end
|
28948
|
+
|
27540
28949
|
# @!attribute [rw] resource_arn
|
27541
28950
|
# The ARN of the resource to apply the tags to.
|
27542
28951
|
# @return [String]
|
@@ -27560,6 +28969,43 @@ module Aws::SecurityHub
|
|
27560
28969
|
#
|
27561
28970
|
class TagResourceResponse < Aws::EmptyStructure; end
|
27562
28971
|
|
28972
|
+
# The target account, organizational unit, or the root that is
|
28973
|
+
# associated with an Security Hub configuration. The configuration can
|
28974
|
+
# be a configuration policy or self-managed behavior.
|
28975
|
+
#
|
28976
|
+
# @note Target is a union - when making an API calls you must set exactly one of the members.
|
28977
|
+
#
|
28978
|
+
# @note Target is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Target corresponding to the set member.
|
28979
|
+
#
|
28980
|
+
# @!attribute [rw] account_id
|
28981
|
+
# The Amazon Web Services account ID of the target account.
|
28982
|
+
# @return [String]
|
28983
|
+
#
|
28984
|
+
# @!attribute [rw] organizational_unit_id
|
28985
|
+
# The organizational unit ID of the target organizational unit.
|
28986
|
+
# @return [String]
|
28987
|
+
#
|
28988
|
+
# @!attribute [rw] root_id
|
28989
|
+
# The ID of the organization root.
|
28990
|
+
# @return [String]
|
28991
|
+
#
|
28992
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Target AWS API Documentation
|
28993
|
+
#
|
28994
|
+
class Target < Struct.new(
|
28995
|
+
:account_id,
|
28996
|
+
:organizational_unit_id,
|
28997
|
+
:root_id,
|
28998
|
+
:unknown)
|
28999
|
+
SENSITIVE = []
|
29000
|
+
include Aws::Structure
|
29001
|
+
include Aws::Structure::Union
|
29002
|
+
|
29003
|
+
class AccountId < Target; end
|
29004
|
+
class OrganizationalUnitId < Target; end
|
29005
|
+
class RootId < Target; end
|
29006
|
+
class Unknown < Target; end
|
29007
|
+
end
|
29008
|
+
|
27563
29009
|
# Provides information about the threat detected in a security finding
|
27564
29010
|
# and the file paths that were affected by the threat.
|
27565
29011
|
#
|
@@ -27668,6 +29114,37 @@ module Aws::SecurityHub
|
|
27668
29114
|
include Aws::Structure
|
27669
29115
|
end
|
27670
29116
|
|
29117
|
+
# An array of configuration policy associations, one for each
|
29118
|
+
# configuration policy association identifier, that was specified in a
|
29119
|
+
# `BatchGetConfigurationPolicyAssociations` request but couldn’t be
|
29120
|
+
# processed due to an error.
|
29121
|
+
#
|
29122
|
+
# @!attribute [rw] configuration_policy_association_identifiers
|
29123
|
+
# Configuration policy association identifiers that were specified in
|
29124
|
+
# a `BatchGetConfigurationPolicyAssociations` request but couldn’t be
|
29125
|
+
# processed due to an error.
|
29126
|
+
# @return [Types::ConfigurationPolicyAssociation]
|
29127
|
+
#
|
29128
|
+
# @!attribute [rw] error_code
|
29129
|
+
# An HTTP status code that identifies why the configuration policy
|
29130
|
+
# association failed.
|
29131
|
+
# @return [String]
|
29132
|
+
#
|
29133
|
+
# @!attribute [rw] error_reason
|
29134
|
+
# A string that identifies why the configuration policy association
|
29135
|
+
# failed.
|
29136
|
+
# @return [String]
|
29137
|
+
#
|
29138
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedConfigurationPolicyAssociation AWS API Documentation
|
29139
|
+
#
|
29140
|
+
class UnprocessedConfigurationPolicyAssociation < Struct.new(
|
29141
|
+
:configuration_policy_association_identifiers,
|
29142
|
+
:error_code,
|
29143
|
+
:error_reason)
|
29144
|
+
SENSITIVE = []
|
29145
|
+
include Aws::Structure
|
29146
|
+
end
|
29147
|
+
|
27671
29148
|
# Provides details about a security control for which a response
|
27672
29149
|
# couldn't be returned.
|
27673
29150
|
#
|
@@ -27890,6 +29367,106 @@ module Aws::SecurityHub
|
|
27890
29367
|
include Aws::Structure
|
27891
29368
|
end
|
27892
29369
|
|
29370
|
+
# @!attribute [rw] identifier
|
29371
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
29372
|
+
# (UUID) of the configuration policy.
|
29373
|
+
# @return [String]
|
29374
|
+
#
|
29375
|
+
# @!attribute [rw] name
|
29376
|
+
# The name of the configuration policy.
|
29377
|
+
# @return [String]
|
29378
|
+
#
|
29379
|
+
# @!attribute [rw] description
|
29380
|
+
# The description of the configuration policy.
|
29381
|
+
# @return [String]
|
29382
|
+
#
|
29383
|
+
# @!attribute [rw] updated_reason
|
29384
|
+
# The reason for updating the configuration policy.
|
29385
|
+
# @return [String]
|
29386
|
+
#
|
29387
|
+
# @!attribute [rw] configuration_policy
|
29388
|
+
# An object that defines how Security Hub is configured. It includes
|
29389
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
29390
|
+
# security standards, a list of enabled or disabled security controls,
|
29391
|
+
# and a list of custom parameter values for specified controls. If you
|
29392
|
+
# provide a list of security controls that are enabled in the
|
29393
|
+
# configuration policy, Security Hub disables all other controls
|
29394
|
+
# (including newly released controls). If you provide a list of
|
29395
|
+
# security controls that are disabled in the configuration policy,
|
29396
|
+
# Security Hub enables all other controls (including newly released
|
29397
|
+
# controls).
|
29398
|
+
#
|
29399
|
+
# When updating a configuration policy, provide a complete list of
|
29400
|
+
# standards that you want to enable and a complete list of controls
|
29401
|
+
# that you want to enable or disable. The updated configuration
|
29402
|
+
# replaces the current configuration.
|
29403
|
+
# @return [Types::Policy]
|
29404
|
+
#
|
29405
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyRequest AWS API Documentation
|
29406
|
+
#
|
29407
|
+
class UpdateConfigurationPolicyRequest < Struct.new(
|
29408
|
+
:identifier,
|
29409
|
+
:name,
|
29410
|
+
:description,
|
29411
|
+
:updated_reason,
|
29412
|
+
:configuration_policy)
|
29413
|
+
SENSITIVE = []
|
29414
|
+
include Aws::Structure
|
29415
|
+
end
|
29416
|
+
|
29417
|
+
# @!attribute [rw] arn
|
29418
|
+
# The ARN of the configuration policy.
|
29419
|
+
# @return [String]
|
29420
|
+
#
|
29421
|
+
# @!attribute [rw] id
|
29422
|
+
# The UUID of the configuration policy.
|
29423
|
+
# @return [String]
|
29424
|
+
#
|
29425
|
+
# @!attribute [rw] name
|
29426
|
+
# The name of the configuration policy.
|
29427
|
+
# @return [String]
|
29428
|
+
#
|
29429
|
+
# @!attribute [rw] description
|
29430
|
+
# The description of the configuration policy.
|
29431
|
+
# @return [String]
|
29432
|
+
#
|
29433
|
+
# @!attribute [rw] updated_at
|
29434
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
29435
|
+
# configuration policy was last updated.
|
29436
|
+
# @return [Time]
|
29437
|
+
#
|
29438
|
+
# @!attribute [rw] created_at
|
29439
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
29440
|
+
# configuration policy was created.
|
29441
|
+
# @return [Time]
|
29442
|
+
#
|
29443
|
+
# @!attribute [rw] configuration_policy
|
29444
|
+
# An object that defines how Security Hub is configured. It includes
|
29445
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
29446
|
+
# security standards, a list of enabled or disabled security controls,
|
29447
|
+
# and a list of custom parameter values for specified controls. If the
|
29448
|
+
# request included a list of security controls that are enabled in the
|
29449
|
+
# configuration policy, Security Hub disables all other controls
|
29450
|
+
# (including newly released controls). If the request included a list
|
29451
|
+
# of security controls that are disabled in the configuration policy,
|
29452
|
+
# Security Hub enables all other controls (including newly released
|
29453
|
+
# controls).
|
29454
|
+
# @return [Types::Policy]
|
29455
|
+
#
|
29456
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyResponse AWS API Documentation
|
29457
|
+
#
|
29458
|
+
class UpdateConfigurationPolicyResponse < Struct.new(
|
29459
|
+
:arn,
|
29460
|
+
:id,
|
29461
|
+
:name,
|
29462
|
+
:description,
|
29463
|
+
:updated_at,
|
29464
|
+
:created_at,
|
29465
|
+
:configuration_policy)
|
29466
|
+
SENSITIVE = []
|
29467
|
+
include Aws::Structure
|
29468
|
+
end
|
29469
|
+
|
27893
29470
|
# @!attribute [rw] finding_aggregator_arn
|
27894
29471
|
# The ARN of the finding aggregator. To obtain the ARN, use
|
27895
29472
|
# `ListFindingAggregators`.
|
@@ -28030,37 +29607,55 @@ module Aws::SecurityHub
|
|
28030
29607
|
class UpdateInsightResponse < Aws::EmptyStructure; end
|
28031
29608
|
|
28032
29609
|
# @!attribute [rw] auto_enable
|
28033
|
-
# Whether to automatically enable Security Hub
|
28034
|
-
# organization.
|
28035
|
-
#
|
28036
|
-
#
|
28037
|
-
#
|
28038
|
-
#
|
28039
|
-
#
|
28040
|
-
# `
|
29610
|
+
# Whether to automatically enable Security Hub in new member accounts
|
29611
|
+
# when they join the organization.
|
29612
|
+
#
|
29613
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
29614
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
29615
|
+
# accounts automatically. The default value is `false`.
|
29616
|
+
#
|
29617
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
29618
|
+
# then this field is set to `false` and can't be changed in the home
|
29619
|
+
# Region and linked Regions. However, in that case, the delegated
|
29620
|
+
# administrator can create a configuration policy in which Security
|
29621
|
+
# Hub is enabled and associate the policy with new organization
|
29622
|
+
# accounts.
|
28041
29623
|
# @return [Boolean]
|
28042
29624
|
#
|
28043
29625
|
# @!attribute [rw] auto_enable_standards
|
28044
29626
|
# Whether to automatically enable Security Hub [default standards][1]
|
28045
|
-
#
|
29627
|
+
# in new member accounts when they join the organization.
|
28046
29628
|
#
|
28047
|
-
#
|
28048
|
-
#
|
28049
|
-
# standards
|
29629
|
+
# The default value of this parameter is equal to `DEFAULT`.
|
29630
|
+
#
|
29631
|
+
# If equal to `DEFAULT`, then Security Hub default standards are
|
29632
|
+
# automatically enabled for new member accounts. If equal to `NONE`,
|
29633
|
+
# then default standards are not automatically enabled for new member
|
29634
|
+
# accounts.
|
28050
29635
|
#
|
28051
|
-
#
|
28052
|
-
#
|
29636
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
29637
|
+
# then this field is set to `NONE` and can't be changed in the home
|
29638
|
+
# Region and linked Regions. However, in that case, the delegated
|
29639
|
+
# administrator can create a configuration policy in which specific
|
29640
|
+
# security standards are enabled and associate the policy with new
|
29641
|
+
# organization accounts.
|
28053
29642
|
#
|
28054
29643
|
#
|
28055
29644
|
#
|
28056
29645
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
28057
29646
|
# @return [String]
|
28058
29647
|
#
|
29648
|
+
# @!attribute [rw] organization_configuration
|
29649
|
+
# Provides information about the way an organization is configured in
|
29650
|
+
# Security Hub.
|
29651
|
+
# @return [Types::OrganizationConfiguration]
|
29652
|
+
#
|
28059
29653
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
|
28060
29654
|
#
|
28061
29655
|
class UpdateOrganizationConfigurationRequest < Struct.new(
|
28062
29656
|
:auto_enable,
|
28063
|
-
:auto_enable_standards
|
29657
|
+
:auto_enable_standards,
|
29658
|
+
:organization_configuration)
|
28064
29659
|
SENSITIVE = []
|
28065
29660
|
include Aws::Structure
|
28066
29661
|
end
|
@@ -28069,6 +29664,35 @@ module Aws::SecurityHub
|
|
28069
29664
|
#
|
28070
29665
|
class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
|
28071
29666
|
|
29667
|
+
# @!attribute [rw] security_control_id
|
29668
|
+
# The Amazon Resource Name (ARN) or ID of the control to update.
|
29669
|
+
# @return [String]
|
29670
|
+
#
|
29671
|
+
# @!attribute [rw] parameters
|
29672
|
+
# An object that specifies which security control parameters to
|
29673
|
+
# update.
|
29674
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
29675
|
+
#
|
29676
|
+
# @!attribute [rw] last_update_reason
|
29677
|
+
# The most recent reason for updating the properties of the security
|
29678
|
+
# control. This field accepts alphanumeric characters in addition to
|
29679
|
+
# white spaces, dashes, and underscores.
|
29680
|
+
# @return [String]
|
29681
|
+
#
|
29682
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlRequest AWS API Documentation
|
29683
|
+
#
|
29684
|
+
class UpdateSecurityControlRequest < Struct.new(
|
29685
|
+
:security_control_id,
|
29686
|
+
:parameters,
|
29687
|
+
:last_update_reason)
|
29688
|
+
SENSITIVE = []
|
29689
|
+
include Aws::Structure
|
29690
|
+
end
|
29691
|
+
|
29692
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlResponse AWS API Documentation
|
29693
|
+
#
|
29694
|
+
class UpdateSecurityControlResponse < Aws::EmptyStructure; end
|
29695
|
+
|
28072
29696
|
# @!attribute [rw] auto_enable_controls
|
28073
29697
|
# Whether to automatically enable new controls when they are added to
|
28074
29698
|
# standards that are enabled.
|