aws-sdk-securityhub 1.95.0 → 1.97.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +1672 -29
- data/lib/aws-sdk-securityhub/client_api.rb +593 -0
- data/lib/aws-sdk-securityhub/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-securityhub/endpoints.rb +168 -0
- data/lib/aws-sdk-securityhub/errors.rb +21 -0
- data/lib/aws-sdk-securityhub/plugins/endpoints.rb +24 -0
- data/lib/aws-sdk-securityhub/types.rb +1681 -57
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -329,6 +329,36 @@ module Aws::SecurityHub
|
|
329
329
|
include Aws::Structure
|
330
330
|
end
|
331
331
|
|
332
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
333
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
334
|
+
# universally unique identifier (UUID) of a configuration policy,
|
335
|
+
# `AssociationType`, or `AssociationStatus`.
|
336
|
+
#
|
337
|
+
# @!attribute [rw] configuration_policy_id
|
338
|
+
# The ARN or UUID of the configuration policy.
|
339
|
+
# @return [String]
|
340
|
+
#
|
341
|
+
# @!attribute [rw] association_type
|
342
|
+
# Indicates whether the association between a target and a
|
343
|
+
# configuration was directly applied by the Security Hub delegated
|
344
|
+
# administrator or inherited from a parent.
|
345
|
+
# @return [String]
|
346
|
+
#
|
347
|
+
# @!attribute [rw] association_status
|
348
|
+
# The current status of the association between a target and a
|
349
|
+
# configuration policy.
|
350
|
+
# @return [String]
|
351
|
+
#
|
352
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationFilters AWS API Documentation
|
353
|
+
#
|
354
|
+
class AssociationFilters < Struct.new(
|
355
|
+
:configuration_policy_id,
|
356
|
+
:association_type,
|
357
|
+
:association_status)
|
358
|
+
SENSITIVE = []
|
359
|
+
include Aws::Structure
|
360
|
+
end
|
361
|
+
|
332
362
|
# The associations between a route table and one or more subnets or a
|
333
363
|
# gateway.
|
334
364
|
#
|
@@ -886,6 +916,26 @@ module Aws::SecurityHub
|
|
886
916
|
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
887
917
|
# @return [Array<Types::MapFilter>]
|
888
918
|
#
|
919
|
+
# @!attribute [rw] resource_application_arn
|
920
|
+
# The Amazon Resource Name (ARN) of the application that is related to
|
921
|
+
# a finding.
|
922
|
+
#
|
923
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
924
|
+
# @return [Array<Types::StringFilter>]
|
925
|
+
#
|
926
|
+
# @!attribute [rw] resource_application_name
|
927
|
+
# The name of the application that is related to a finding.
|
928
|
+
#
|
929
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
930
|
+
# @return [Array<Types::StringFilter>]
|
931
|
+
#
|
932
|
+
# @!attribute [rw] aws_account_name
|
933
|
+
# The name of the Amazon Web Services account in which a finding was
|
934
|
+
# generated.
|
935
|
+
#
|
936
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
937
|
+
# @return [Array<Types::StringFilter>]
|
938
|
+
#
|
889
939
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AutomationRulesFindingFilters AWS API Documentation
|
890
940
|
#
|
891
941
|
class AutomationRulesFindingFilters < Struct.new(
|
@@ -923,7 +973,10 @@ module Aws::SecurityHub
|
|
923
973
|
:note_text,
|
924
974
|
:note_updated_at,
|
925
975
|
:note_updated_by,
|
926
|
-
:user_defined_fields
|
976
|
+
:user_defined_fields,
|
977
|
+
:resource_application_arn,
|
978
|
+
:resource_application_name,
|
979
|
+
:aws_account_name)
|
927
980
|
SENSITIVE = []
|
928
981
|
include Aws::Structure
|
929
982
|
end
|
@@ -4232,7 +4285,7 @@ module Aws::SecurityHub
|
|
4232
4285
|
end
|
4233
4286
|
|
4234
4287
|
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
4235
|
-
# example, a web server),
|
4288
|
+
# example, a web server), Elemental MediaStore, or other server from
|
4236
4289
|
# which CloudFront gets your files.
|
4237
4290
|
#
|
4238
4291
|
# @!attribute [rw] domain_name
|
@@ -18641,6 +18694,25 @@ module Aws::SecurityHub
|
|
18641
18694
|
# receives those findings.
|
18642
18695
|
# @return [Types::GeneratorDetails]
|
18643
18696
|
#
|
18697
|
+
# @!attribute [rw] processed_at
|
18698
|
+
# An ISO8601-formatted timestamp that indicates when Security Hub
|
18699
|
+
# received a finding and begins to process it.
|
18700
|
+
#
|
18701
|
+
# A correctly formatted example is `2020-05-21T20:16:34.724Z`. The
|
18702
|
+
# value cannot contain spaces, and date and time should be separated
|
18703
|
+
# by `T`. For more information, see [RFC 3339 section 5.6, Internet
|
18704
|
+
# Date/Time Format][1].
|
18705
|
+
#
|
18706
|
+
#
|
18707
|
+
#
|
18708
|
+
# [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
|
18709
|
+
# @return [String]
|
18710
|
+
#
|
18711
|
+
# @!attribute [rw] aws_account_name
|
18712
|
+
# The name of the Amazon Web Services account from which a finding was
|
18713
|
+
# generated.
|
18714
|
+
# @return [String]
|
18715
|
+
#
|
18644
18716
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
|
18645
18717
|
#
|
18646
18718
|
class AwsSecurityFinding < Struct.new(
|
@@ -18685,17 +18757,18 @@ module Aws::SecurityHub
|
|
18685
18757
|
:action,
|
18686
18758
|
:finding_provider_fields,
|
18687
18759
|
:sample,
|
18688
|
-
:generator_details
|
18760
|
+
:generator_details,
|
18761
|
+
:processed_at,
|
18762
|
+
:aws_account_name)
|
18689
18763
|
SENSITIVE = []
|
18690
18764
|
include Aws::Structure
|
18691
18765
|
end
|
18692
18766
|
|
18693
|
-
# A collection of
|
18694
|
-
#
|
18695
|
-
# are included in this insight.
|
18767
|
+
# A collection of filters that are applied to all active findings
|
18768
|
+
# aggregated by Security Hub.
|
18696
18769
|
#
|
18697
|
-
# You can filter by up to
|
18698
|
-
# can provide up to 20 filter values.
|
18770
|
+
# You can filter by up to ten finding attributes. For each attribute,
|
18771
|
+
# you can provide up to 20 filter values.
|
18699
18772
|
#
|
18700
18773
|
# @!attribute [rw] product_arn
|
18701
18774
|
# The ARN generated by Security Hub that uniquely identifies a
|
@@ -18705,7 +18778,7 @@ module Aws::SecurityHub
|
|
18705
18778
|
# @return [Array<Types::StringFilter>]
|
18706
18779
|
#
|
18707
18780
|
# @!attribute [rw] aws_account_id
|
18708
|
-
# The Amazon Web Services account ID
|
18781
|
+
# The Amazon Web Services account ID in which a finding is generated.
|
18709
18782
|
# @return [Array<Types::StringFilter>]
|
18710
18783
|
#
|
18711
18784
|
# @!attribute [rw] id
|
@@ -19273,6 +19346,39 @@ module Aws::SecurityHub
|
|
19273
19346
|
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html
|
19274
19347
|
# @return [Array<Types::StringFilter>]
|
19275
19348
|
#
|
19349
|
+
# @!attribute [rw] vulnerabilities_exploit_available
|
19350
|
+
# Indicates whether a software vulnerability in your environment has a
|
19351
|
+
# known exploit. You can filter findings by this field only if you use
|
19352
|
+
# Security Hub and Amazon Inspector.
|
19353
|
+
# @return [Array<Types::StringFilter>]
|
19354
|
+
#
|
19355
|
+
# @!attribute [rw] vulnerabilities_fix_available
|
19356
|
+
# Indicates whether a vulnerability is fixed in a newer version of the
|
19357
|
+
# affected software packages. You can filter findings by this field
|
19358
|
+
# only if you use Security Hub and Amazon Inspector.
|
19359
|
+
# @return [Array<Types::StringFilter>]
|
19360
|
+
#
|
19361
|
+
# @!attribute [rw] compliance_security_control_parameters_name
|
19362
|
+
# The name of a security control parameter.
|
19363
|
+
# @return [Array<Types::StringFilter>]
|
19364
|
+
#
|
19365
|
+
# @!attribute [rw] compliance_security_control_parameters_value
|
19366
|
+
# The current value of a security control parameter.
|
19367
|
+
# @return [Array<Types::StringFilter>]
|
19368
|
+
#
|
19369
|
+
# @!attribute [rw] aws_account_name
|
19370
|
+
# The name of the Amazon Web Services account in which a finding is
|
19371
|
+
# generated.
|
19372
|
+
# @return [Array<Types::StringFilter>]
|
19373
|
+
#
|
19374
|
+
# @!attribute [rw] resource_application_name
|
19375
|
+
# The name of the application that is related to a finding.
|
19376
|
+
# @return [Array<Types::StringFilter>]
|
19377
|
+
#
|
19378
|
+
# @!attribute [rw] resource_application_arn
|
19379
|
+
# The ARN of the application that is related to a finding.
|
19380
|
+
# @return [Array<Types::StringFilter>]
|
19381
|
+
#
|
19276
19382
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
|
19277
19383
|
#
|
19278
19384
|
class AwsSecurityFindingFilters < Struct.new(
|
@@ -19372,7 +19478,14 @@ module Aws::SecurityHub
|
|
19372
19478
|
:finding_provider_fields_types,
|
19373
19479
|
:sample,
|
19374
19480
|
:compliance_security_control_id,
|
19375
|
-
:compliance_associated_standards_id
|
19481
|
+
:compliance_associated_standards_id,
|
19482
|
+
:vulnerabilities_exploit_available,
|
19483
|
+
:vulnerabilities_fix_available,
|
19484
|
+
:compliance_security_control_parameters_name,
|
19485
|
+
:compliance_security_control_parameters_value,
|
19486
|
+
:aws_account_name,
|
19487
|
+
:resource_application_name,
|
19488
|
+
:resource_application_arn)
|
19376
19489
|
SENSITIVE = []
|
19377
19490
|
include Aws::Structure
|
19378
19491
|
end
|
@@ -21076,6 +21189,38 @@ module Aws::SecurityHub
|
|
21076
21189
|
include Aws::Structure
|
21077
21190
|
end
|
21078
21191
|
|
21192
|
+
# @!attribute [rw] configuration_policy_association_identifiers
|
21193
|
+
# Specifies one or more target account IDs, organizational unit (OU)
|
21194
|
+
# IDs, or the root ID to retrieve associations for.
|
21195
|
+
# @return [Array<Types::ConfigurationPolicyAssociation>]
|
21196
|
+
#
|
21197
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsRequest AWS API Documentation
|
21198
|
+
#
|
21199
|
+
class BatchGetConfigurationPolicyAssociationsRequest < Struct.new(
|
21200
|
+
:configuration_policy_association_identifiers)
|
21201
|
+
SENSITIVE = []
|
21202
|
+
include Aws::Structure
|
21203
|
+
end
|
21204
|
+
|
21205
|
+
# @!attribute [rw] configuration_policy_associations
|
21206
|
+
# Describes associations for the target accounts, OUs, or the root.
|
21207
|
+
# @return [Array<Types::ConfigurationPolicyAssociationSummary>]
|
21208
|
+
#
|
21209
|
+
# @!attribute [rw] unprocessed_configuration_policy_associations
|
21210
|
+
# An array of configuration policy associations, one for each
|
21211
|
+
# configuration policy association identifier, that was specified in
|
21212
|
+
# the request but couldn’t be processed due to an error.
|
21213
|
+
# @return [Array<Types::UnprocessedConfigurationPolicyAssociation>]
|
21214
|
+
#
|
21215
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsResponse AWS API Documentation
|
21216
|
+
#
|
21217
|
+
class BatchGetConfigurationPolicyAssociationsResponse < Struct.new(
|
21218
|
+
:configuration_policy_associations,
|
21219
|
+
:unprocessed_configuration_policy_associations)
|
21220
|
+
SENSITIVE = []
|
21221
|
+
include Aws::Structure
|
21222
|
+
end
|
21223
|
+
|
21079
21224
|
# @!attribute [rw] security_control_ids
|
21080
21225
|
# A list of security controls (identified with `SecurityControlId`,
|
21081
21226
|
# `SecurityControlArn`, or a mix of both parameters). The security
|
@@ -21431,6 +21576,21 @@ module Aws::SecurityHub
|
|
21431
21576
|
include Aws::Structure
|
21432
21577
|
end
|
21433
21578
|
|
21579
|
+
# The options for customizing a security control parameter with a
|
21580
|
+
# boolean. For a boolean parameter, the options are `true` and `false`.
|
21581
|
+
#
|
21582
|
+
# @!attribute [rw] default_value
|
21583
|
+
# The Security Hub default value for a boolean parameter.
|
21584
|
+
# @return [Boolean]
|
21585
|
+
#
|
21586
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BooleanConfigurationOptions AWS API Documentation
|
21587
|
+
#
|
21588
|
+
class BooleanConfigurationOptions < Struct.new(
|
21589
|
+
:default_value)
|
21590
|
+
SENSITIVE = []
|
21591
|
+
include Aws::Structure
|
21592
|
+
end
|
21593
|
+
|
21434
21594
|
# Boolean filter for querying findings.
|
21435
21595
|
#
|
21436
21596
|
# @!attribute [rw] value
|
@@ -21693,6 +21853,10 @@ module Aws::SecurityHub
|
|
21693
21853
|
# currently enabled.
|
21694
21854
|
# @return [Array<Types::AssociatedStandard>]
|
21695
21855
|
#
|
21856
|
+
# @!attribute [rw] security_control_parameters
|
21857
|
+
# An object that includes security control parameter names and values.
|
21858
|
+
# @return [Array<Types::SecurityControlParameter>]
|
21859
|
+
#
|
21696
21860
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
|
21697
21861
|
#
|
21698
21862
|
class Compliance < Struct.new(
|
@@ -21700,7 +21864,193 @@ module Aws::SecurityHub
|
|
21700
21864
|
:related_requirements,
|
21701
21865
|
:status_reasons,
|
21702
21866
|
:security_control_id,
|
21703
|
-
:associated_standards
|
21867
|
+
:associated_standards,
|
21868
|
+
:security_control_parameters)
|
21869
|
+
SENSITIVE = []
|
21870
|
+
include Aws::Structure
|
21871
|
+
end
|
21872
|
+
|
21873
|
+
# The options for customizing a security control parameter.
|
21874
|
+
#
|
21875
|
+
# @note ConfigurationOptions is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationOptions corresponding to the set member.
|
21876
|
+
#
|
21877
|
+
# @!attribute [rw] integer
|
21878
|
+
# The options for customizing a security control parameter that is an
|
21879
|
+
# integer.
|
21880
|
+
# @return [Types::IntegerConfigurationOptions]
|
21881
|
+
#
|
21882
|
+
# @!attribute [rw] integer_list
|
21883
|
+
# The options for customizing a security control parameter that is a
|
21884
|
+
# list of integers.
|
21885
|
+
# @return [Types::IntegerListConfigurationOptions]
|
21886
|
+
#
|
21887
|
+
# @!attribute [rw] double
|
21888
|
+
# The options for customizing a security control parameter that is a
|
21889
|
+
# double.
|
21890
|
+
# @return [Types::DoubleConfigurationOptions]
|
21891
|
+
#
|
21892
|
+
# @!attribute [rw] string
|
21893
|
+
# The options for customizing a security control parameter that is a
|
21894
|
+
# string data type.
|
21895
|
+
# @return [Types::StringConfigurationOptions]
|
21896
|
+
#
|
21897
|
+
# @!attribute [rw] string_list
|
21898
|
+
# The options for customizing a security control parameter that is a
|
21899
|
+
# list of strings.
|
21900
|
+
# @return [Types::StringListConfigurationOptions]
|
21901
|
+
#
|
21902
|
+
# @!attribute [rw] boolean
|
21903
|
+
# The options for customizing a security control parameter that is a
|
21904
|
+
# boolean. For a boolean parameter, the options are `true` and
|
21905
|
+
# `false`.
|
21906
|
+
# @return [Types::BooleanConfigurationOptions]
|
21907
|
+
#
|
21908
|
+
# @!attribute [rw] enum
|
21909
|
+
# The options for customizing a security control parameter that is an
|
21910
|
+
# enum.
|
21911
|
+
# @return [Types::EnumConfigurationOptions]
|
21912
|
+
#
|
21913
|
+
# @!attribute [rw] enum_list
|
21914
|
+
# The options for customizing a security control parameter that is a
|
21915
|
+
# list of enums.
|
21916
|
+
# @return [Types::EnumListConfigurationOptions]
|
21917
|
+
#
|
21918
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationOptions AWS API Documentation
|
21919
|
+
#
|
21920
|
+
class ConfigurationOptions < Struct.new(
|
21921
|
+
:integer,
|
21922
|
+
:integer_list,
|
21923
|
+
:double,
|
21924
|
+
:string,
|
21925
|
+
:string_list,
|
21926
|
+
:boolean,
|
21927
|
+
:enum,
|
21928
|
+
:enum_list,
|
21929
|
+
:unknown)
|
21930
|
+
SENSITIVE = []
|
21931
|
+
include Aws::Structure
|
21932
|
+
include Aws::Structure::Union
|
21933
|
+
|
21934
|
+
class Integer < ConfigurationOptions; end
|
21935
|
+
class IntegerList < ConfigurationOptions; end
|
21936
|
+
class Double < ConfigurationOptions; end
|
21937
|
+
class String < ConfigurationOptions; end
|
21938
|
+
class StringList < ConfigurationOptions; end
|
21939
|
+
class Boolean < ConfigurationOptions; end
|
21940
|
+
class Enum < ConfigurationOptions; end
|
21941
|
+
class EnumList < ConfigurationOptions; end
|
21942
|
+
class Unknown < ConfigurationOptions; end
|
21943
|
+
end
|
21944
|
+
|
21945
|
+
# Provides details about the association between an Security Hub
|
21946
|
+
# configuration and a target account, organizational unit, or the root.
|
21947
|
+
# An association can exist between a target and a configuration policy,
|
21948
|
+
# or between a target and self-managed behavior.
|
21949
|
+
#
|
21950
|
+
# @!attribute [rw] target
|
21951
|
+
# The target account, organizational unit, or the root.
|
21952
|
+
# @return [Types::Target]
|
21953
|
+
#
|
21954
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociation AWS API Documentation
|
21955
|
+
#
|
21956
|
+
class ConfigurationPolicyAssociation < Struct.new(
|
21957
|
+
:target)
|
21958
|
+
SENSITIVE = []
|
21959
|
+
include Aws::Structure
|
21960
|
+
end
|
21961
|
+
|
21962
|
+
# An object that contains the details of a configuration policy
|
21963
|
+
# association that’s returned in a `ListConfigurationPolicyAssociations`
|
21964
|
+
# request.
|
21965
|
+
#
|
21966
|
+
# @!attribute [rw] configuration_policy_id
|
21967
|
+
# The universally unique identifier (UUID) of the configuration
|
21968
|
+
# policy.
|
21969
|
+
# @return [String]
|
21970
|
+
#
|
21971
|
+
# @!attribute [rw] target_id
|
21972
|
+
# The identifier of the target account, organizational unit, or the
|
21973
|
+
# root.
|
21974
|
+
# @return [String]
|
21975
|
+
#
|
21976
|
+
# @!attribute [rw] target_type
|
21977
|
+
# Specifies whether the target is an Amazon Web Services account,
|
21978
|
+
# organizational unit, or the root.
|
21979
|
+
# @return [String]
|
21980
|
+
#
|
21981
|
+
# @!attribute [rw] association_type
|
21982
|
+
# Indicates whether the association between the specified target and
|
21983
|
+
# the configuration was directly applied by the Security Hub delegated
|
21984
|
+
# administrator or inherited from a parent.
|
21985
|
+
# @return [String]
|
21986
|
+
#
|
21987
|
+
# @!attribute [rw] updated_at
|
21988
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
21989
|
+
# configuration policy association was last updated.
|
21990
|
+
# @return [Time]
|
21991
|
+
#
|
21992
|
+
# @!attribute [rw] association_status
|
21993
|
+
# The current status of the association between the specified target
|
21994
|
+
# and the configuration.
|
21995
|
+
# @return [String]
|
21996
|
+
#
|
21997
|
+
# @!attribute [rw] association_status_message
|
21998
|
+
# The explanation for a `FAILED` value for `AssociationStatus`.
|
21999
|
+
# @return [String]
|
22000
|
+
#
|
22001
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociationSummary AWS API Documentation
|
22002
|
+
#
|
22003
|
+
class ConfigurationPolicyAssociationSummary < Struct.new(
|
22004
|
+
:configuration_policy_id,
|
22005
|
+
:target_id,
|
22006
|
+
:target_type,
|
22007
|
+
:association_type,
|
22008
|
+
:updated_at,
|
22009
|
+
:association_status,
|
22010
|
+
:association_status_message)
|
22011
|
+
SENSITIVE = []
|
22012
|
+
include Aws::Structure
|
22013
|
+
end
|
22014
|
+
|
22015
|
+
# An object that contains the details of an Security Hub configuration
|
22016
|
+
# policy that’s returned in a `ListConfigurationPolicies` request.
|
22017
|
+
#
|
22018
|
+
# @!attribute [rw] arn
|
22019
|
+
# The Amazon Resource Name (ARN) of the configuration policy.
|
22020
|
+
# @return [String]
|
22021
|
+
#
|
22022
|
+
# @!attribute [rw] id
|
22023
|
+
# The universally unique identifier (UUID) of the configuration
|
22024
|
+
# policy.
|
22025
|
+
# @return [String]
|
22026
|
+
#
|
22027
|
+
# @!attribute [rw] name
|
22028
|
+
# The name of the configuration policy.
|
22029
|
+
# @return [String]
|
22030
|
+
#
|
22031
|
+
# @!attribute [rw] description
|
22032
|
+
# The description of the configuration policy.
|
22033
|
+
# @return [String]
|
22034
|
+
#
|
22035
|
+
# @!attribute [rw] updated_at
|
22036
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22037
|
+
# configuration policy was last updated.
|
22038
|
+
# @return [Time]
|
22039
|
+
#
|
22040
|
+
# @!attribute [rw] service_enabled
|
22041
|
+
# Indicates whether the service that the configuration policy applies
|
22042
|
+
# to is enabled in the policy.
|
22043
|
+
# @return [Boolean]
|
22044
|
+
#
|
22045
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicySummary AWS API Documentation
|
22046
|
+
#
|
22047
|
+
class ConfigurationPolicySummary < Struct.new(
|
22048
|
+
:arn,
|
22049
|
+
:id,
|
22050
|
+
:name,
|
22051
|
+
:description,
|
22052
|
+
:updated_at,
|
22053
|
+
:service_enabled)
|
21704
22054
|
SENSITIVE = []
|
21705
22055
|
include Aws::Structure
|
21706
22056
|
end
|
@@ -21816,7 +22166,7 @@ module Aws::SecurityHub
|
|
21816
22166
|
end
|
21817
22167
|
|
21818
22168
|
# @!attribute [rw] tags
|
21819
|
-
# User-defined tags
|
22169
|
+
# User-defined tags associated with an automation rule.
|
21820
22170
|
# @return [Hash<String,String>]
|
21821
22171
|
#
|
21822
22172
|
# @!attribute [rw] rule_status
|
@@ -21895,6 +22245,102 @@ module Aws::SecurityHub
|
|
21895
22245
|
include Aws::Structure
|
21896
22246
|
end
|
21897
22247
|
|
22248
|
+
# @!attribute [rw] name
|
22249
|
+
# The name of the configuration policy.
|
22250
|
+
# @return [String]
|
22251
|
+
#
|
22252
|
+
# @!attribute [rw] description
|
22253
|
+
# The description of the configuration policy.
|
22254
|
+
# @return [String]
|
22255
|
+
#
|
22256
|
+
# @!attribute [rw] configuration_policy
|
22257
|
+
# An object that defines how Security Hub is configured. It includes
|
22258
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
22259
|
+
# security standards, a list of enabled or disabled security controls,
|
22260
|
+
# and a list of custom parameter values for specified controls. If you
|
22261
|
+
# provide a list of security controls that are enabled in the
|
22262
|
+
# configuration policy, Security Hub disables all other controls
|
22263
|
+
# (including newly released controls). If you provide a list of
|
22264
|
+
# security controls that are disabled in the configuration policy,
|
22265
|
+
# Security Hub enables all other controls (including newly released
|
22266
|
+
# controls).
|
22267
|
+
# @return [Types::Policy]
|
22268
|
+
#
|
22269
|
+
# @!attribute [rw] tags
|
22270
|
+
# User-defined tags associated with a configuration policy. For more
|
22271
|
+
# information, see [Tagging Security Hub resources][1] in the
|
22272
|
+
# *Security Hub user guide*.
|
22273
|
+
#
|
22274
|
+
#
|
22275
|
+
#
|
22276
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
|
22277
|
+
# @return [Hash<String,String>]
|
22278
|
+
#
|
22279
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyRequest AWS API Documentation
|
22280
|
+
#
|
22281
|
+
class CreateConfigurationPolicyRequest < Struct.new(
|
22282
|
+
:name,
|
22283
|
+
:description,
|
22284
|
+
:configuration_policy,
|
22285
|
+
:tags)
|
22286
|
+
SENSITIVE = []
|
22287
|
+
include Aws::Structure
|
22288
|
+
end
|
22289
|
+
|
22290
|
+
# @!attribute [rw] arn
|
22291
|
+
# The Amazon Resource Name (ARN) of the configuration policy.
|
22292
|
+
# @return [String]
|
22293
|
+
#
|
22294
|
+
# @!attribute [rw] id
|
22295
|
+
# The universally unique identifier (UUID) of the configuration
|
22296
|
+
# policy.
|
22297
|
+
# @return [String]
|
22298
|
+
#
|
22299
|
+
# @!attribute [rw] name
|
22300
|
+
# The name of the configuration policy.
|
22301
|
+
# @return [String]
|
22302
|
+
#
|
22303
|
+
# @!attribute [rw] description
|
22304
|
+
# The description of the configuration policy.
|
22305
|
+
# @return [String]
|
22306
|
+
#
|
22307
|
+
# @!attribute [rw] updated_at
|
22308
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22309
|
+
# configuration policy was last updated.
|
22310
|
+
# @return [Time]
|
22311
|
+
#
|
22312
|
+
# @!attribute [rw] created_at
|
22313
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22314
|
+
# configuration policy was created.
|
22315
|
+
# @return [Time]
|
22316
|
+
#
|
22317
|
+
# @!attribute [rw] configuration_policy
|
22318
|
+
# An object that defines how Security Hub is configured. It includes
|
22319
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
22320
|
+
# security standards, a list of enabled or disabled security controls,
|
22321
|
+
# and a list of custom parameter values for specified controls. If the
|
22322
|
+
# request included a list of security controls that are enabled in the
|
22323
|
+
# configuration policy, Security Hub disables all other controls
|
22324
|
+
# (including newly released controls). If the request included a list
|
22325
|
+
# of security controls that are disabled in the configuration policy,
|
22326
|
+
# Security Hub enables all other controls (including newly released
|
22327
|
+
# controls).
|
22328
|
+
# @return [Types::Policy]
|
22329
|
+
#
|
22330
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyResponse AWS API Documentation
|
22331
|
+
#
|
22332
|
+
class CreateConfigurationPolicyResponse < Struct.new(
|
22333
|
+
:arn,
|
22334
|
+
:id,
|
22335
|
+
:name,
|
22336
|
+
:description,
|
22337
|
+
:updated_at,
|
22338
|
+
:created_at,
|
22339
|
+
:configuration_policy)
|
22340
|
+
SENSITIVE = []
|
22341
|
+
include Aws::Structure
|
22342
|
+
end
|
22343
|
+
|
21898
22344
|
# @!attribute [rw] region_linking_mode
|
21899
22345
|
# Indicates whether to aggregate findings from all of the available
|
21900
22346
|
# Regions in the current partition. Also determines whether to
|
@@ -22257,6 +22703,23 @@ module Aws::SecurityHub
|
|
22257
22703
|
include Aws::Structure
|
22258
22704
|
end
|
22259
22705
|
|
22706
|
+
# @!attribute [rw] identifier
|
22707
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
22708
|
+
# (UUID) of the configuration policy.
|
22709
|
+
# @return [String]
|
22710
|
+
#
|
22711
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyRequest AWS API Documentation
|
22712
|
+
#
|
22713
|
+
class DeleteConfigurationPolicyRequest < Struct.new(
|
22714
|
+
:identifier)
|
22715
|
+
SENSITIVE = []
|
22716
|
+
include Aws::Structure
|
22717
|
+
end
|
22718
|
+
|
22719
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyResponse AWS API Documentation
|
22720
|
+
#
|
22721
|
+
class DeleteConfigurationPolicyResponse < Aws::EmptyStructure; end
|
22722
|
+
|
22260
22723
|
# @!attribute [rw] finding_aggregator_arn
|
22261
22724
|
# The ARN of the finding aggregator to delete. To obtain the ARN, use
|
22262
22725
|
# `ListFindingAggregators`.
|
@@ -22463,11 +22926,19 @@ module Aws::SecurityHub
|
|
22463
22926
|
class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
|
22464
22927
|
|
22465
22928
|
# @!attribute [rw] auto_enable
|
22466
|
-
# Whether to automatically enable Security Hub
|
22467
|
-
# organization.
|
22468
|
-
#
|
22469
|
-
# If set to `true`, then Security Hub is enabled
|
22470
|
-
# set to false
|
22929
|
+
# Whether to automatically enable Security Hub in new member accounts
|
22930
|
+
# when they join the organization.
|
22931
|
+
#
|
22932
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
22933
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
22934
|
+
# accounts automatically. The default value is `false`.
|
22935
|
+
#
|
22936
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
22937
|
+
# then this field is set to `false` and can't be changed in the home
|
22938
|
+
# Region and linked Regions. However, in that case, the delegated
|
22939
|
+
# administrator can create a configuration policy in which Security
|
22940
|
+
# Hub is enabled and associate the policy with new organization
|
22941
|
+
# accounts.
|
22471
22942
|
# @return [Boolean]
|
22472
22943
|
#
|
22473
22944
|
# @!attribute [rw] member_account_limit_reached
|
@@ -22477,26 +22948,37 @@ module Aws::SecurityHub
|
|
22477
22948
|
#
|
22478
22949
|
# @!attribute [rw] auto_enable_standards
|
22479
22950
|
# Whether to automatically enable Security Hub [default standards][1]
|
22480
|
-
#
|
22481
|
-
#
|
22482
|
-
# The default value of this parameter is equal to `DEFAULT`.
|
22951
|
+
# in new member accounts when they join the organization.
|
22483
22952
|
#
|
22484
22953
|
# If equal to `DEFAULT`, then Security Hub default standards are
|
22485
22954
|
# automatically enabled for new member accounts. If equal to `NONE`,
|
22486
22955
|
# then default standards are not automatically enabled for new member
|
22487
|
-
# accounts.
|
22956
|
+
# accounts. The default value of this parameter is equal to `DEFAULT`.
|
22957
|
+
#
|
22958
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
22959
|
+
# then this field is set to `NONE` and can't be changed in the home
|
22960
|
+
# Region and linked Regions. However, in that case, the delegated
|
22961
|
+
# administrator can create a configuration policy in which specific
|
22962
|
+
# security standards are enabled and associate the policy with new
|
22963
|
+
# organization accounts.
|
22488
22964
|
#
|
22489
22965
|
#
|
22490
22966
|
#
|
22491
22967
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
22492
22968
|
# @return [String]
|
22493
22969
|
#
|
22970
|
+
# @!attribute [rw] organization_configuration
|
22971
|
+
# Provides information about the way an organization is configured in
|
22972
|
+
# Security Hub.
|
22973
|
+
# @return [Types::OrganizationConfiguration]
|
22974
|
+
#
|
22494
22975
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
|
22495
22976
|
#
|
22496
22977
|
class DescribeOrganizationConfigurationResponse < Struct.new(
|
22497
22978
|
:auto_enable,
|
22498
22979
|
:member_account_limit_reached,
|
22499
|
-
:auto_enable_standards
|
22980
|
+
:auto_enable_standards,
|
22981
|
+
:organization_configuration)
|
22500
22982
|
SENSITIVE = []
|
22501
22983
|
include Aws::Structure
|
22502
22984
|
end
|
@@ -22738,6 +23220,32 @@ module Aws::SecurityHub
|
|
22738
23220
|
include Aws::Structure
|
22739
23221
|
end
|
22740
23222
|
|
23223
|
+
# The options for customizing a security control parameter that is a
|
23224
|
+
# double.
|
23225
|
+
#
|
23226
|
+
# @!attribute [rw] default_value
|
23227
|
+
# The Security Hub default value for a control parameter that is a
|
23228
|
+
# double.
|
23229
|
+
# @return [Float]
|
23230
|
+
#
|
23231
|
+
# @!attribute [rw] min
|
23232
|
+
# The minimum valid value for a control parameter that is a double.
|
23233
|
+
# @return [Float]
|
23234
|
+
#
|
23235
|
+
# @!attribute [rw] max
|
23236
|
+
# The maximum valid value for a control parameter that is a double.
|
23237
|
+
# @return [Float]
|
23238
|
+
#
|
23239
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DoubleConfigurationOptions AWS API Documentation
|
23240
|
+
#
|
23241
|
+
class DoubleConfigurationOptions < Struct.new(
|
23242
|
+
:default_value,
|
23243
|
+
:min,
|
23244
|
+
:max)
|
23245
|
+
SENSITIVE = []
|
23246
|
+
include Aws::Structure
|
23247
|
+
end
|
23248
|
+
|
22741
23249
|
# @!attribute [rw] product_arn
|
22742
23250
|
# The ARN of the product to enable the integration for.
|
22743
23251
|
# @return [String]
|
@@ -22823,6 +23331,54 @@ module Aws::SecurityHub
|
|
22823
23331
|
#
|
22824
23332
|
class EnableSecurityHubResponse < Aws::EmptyStructure; end
|
22825
23333
|
|
23334
|
+
# The options for customizing a security control parameter that is an
|
23335
|
+
# enum.
|
23336
|
+
#
|
23337
|
+
# @!attribute [rw] default_value
|
23338
|
+
# The Security Hub default value for a control parameter that is an
|
23339
|
+
# enum.
|
23340
|
+
# @return [String]
|
23341
|
+
#
|
23342
|
+
# @!attribute [rw] allowed_values
|
23343
|
+
# The valid values for a control parameter that is an enum.
|
23344
|
+
# @return [Array<String>]
|
23345
|
+
#
|
23346
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumConfigurationOptions AWS API Documentation
|
23347
|
+
#
|
23348
|
+
class EnumConfigurationOptions < Struct.new(
|
23349
|
+
:default_value,
|
23350
|
+
:allowed_values)
|
23351
|
+
SENSITIVE = []
|
23352
|
+
include Aws::Structure
|
23353
|
+
end
|
23354
|
+
|
23355
|
+
# The options for customizing a security control parameter that is a
|
23356
|
+
# list of enums.
|
23357
|
+
#
|
23358
|
+
# @!attribute [rw] default_value
|
23359
|
+
# The Security Hub default value for a control parameter that is a
|
23360
|
+
# list of enums.
|
23361
|
+
# @return [Array<String>]
|
23362
|
+
#
|
23363
|
+
# @!attribute [rw] max_items
|
23364
|
+
# The maximum number of list items that an enum list control parameter
|
23365
|
+
# can accept.
|
23366
|
+
# @return [Integer]
|
23367
|
+
#
|
23368
|
+
# @!attribute [rw] allowed_values
|
23369
|
+
# The valid values for a control parameter that is a list of enums.
|
23370
|
+
# @return [Array<String>]
|
23371
|
+
#
|
23372
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumListConfigurationOptions AWS API Documentation
|
23373
|
+
#
|
23374
|
+
class EnumListConfigurationOptions < Struct.new(
|
23375
|
+
:default_value,
|
23376
|
+
:max_items,
|
23377
|
+
:allowed_values)
|
23378
|
+
SENSITIVE = []
|
23379
|
+
include Aws::Structure
|
23380
|
+
end
|
23381
|
+
|
22826
23382
|
# Provides information about the file paths that were affected by the
|
22827
23383
|
# threat.
|
22828
23384
|
#
|
@@ -23241,18 +23797,145 @@ module Aws::SecurityHub
|
|
23241
23797
|
include Aws::Structure
|
23242
23798
|
end
|
23243
23799
|
|
23244
|
-
# @!attribute [rw]
|
23245
|
-
# The
|
23246
|
-
# retrieve.
|
23247
|
-
# @return [
|
23800
|
+
# @!attribute [rw] target
|
23801
|
+
# The target account ID, organizational unit ID, or the root ID to
|
23802
|
+
# retrieve the association for.
|
23803
|
+
# @return [Types::Target]
|
23248
23804
|
#
|
23249
|
-
#
|
23250
|
-
# The token that is required for pagination. On your first call to the
|
23251
|
-
# `GetEnabledStandards` operation, set the value of this parameter to
|
23252
|
-
# `NULL`.
|
23805
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationRequest AWS API Documentation
|
23253
23806
|
#
|
23254
|
-
|
23255
|
-
|
23807
|
+
class GetConfigurationPolicyAssociationRequest < Struct.new(
|
23808
|
+
:target)
|
23809
|
+
SENSITIVE = []
|
23810
|
+
include Aws::Structure
|
23811
|
+
end
|
23812
|
+
|
23813
|
+
# @!attribute [rw] configuration_policy_id
|
23814
|
+
# The universally unique identifier (UUID) of a configuration policy.
|
23815
|
+
# For self-managed behavior, the value is `SELF_MANAGED_SECURITY_HUB`.
|
23816
|
+
# @return [String]
|
23817
|
+
#
|
23818
|
+
# @!attribute [rw] target_id
|
23819
|
+
# The target account ID, organizational unit ID, or the root ID for
|
23820
|
+
# which the association is retrieved.
|
23821
|
+
# @return [String]
|
23822
|
+
#
|
23823
|
+
# @!attribute [rw] target_type
|
23824
|
+
# Specifies whether the target is an Amazon Web Services account,
|
23825
|
+
# organizational unit, or the organization root.
|
23826
|
+
# @return [String]
|
23827
|
+
#
|
23828
|
+
# @!attribute [rw] association_type
|
23829
|
+
# Indicates whether the association between the specified target and
|
23830
|
+
# the configuration was directly applied by the Security Hub delegated
|
23831
|
+
# administrator or inherited from a parent.
|
23832
|
+
# @return [String]
|
23833
|
+
#
|
23834
|
+
# @!attribute [rw] updated_at
|
23835
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23836
|
+
# configuration policy association was last updated.
|
23837
|
+
# @return [Time]
|
23838
|
+
#
|
23839
|
+
# @!attribute [rw] association_status
|
23840
|
+
# The current status of the association between the specified target
|
23841
|
+
# and the configuration.
|
23842
|
+
# @return [String]
|
23843
|
+
#
|
23844
|
+
# @!attribute [rw] association_status_message
|
23845
|
+
# The explanation for a `FAILED` value for `AssociationStatus`.
|
23846
|
+
# @return [String]
|
23847
|
+
#
|
23848
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationResponse AWS API Documentation
|
23849
|
+
#
|
23850
|
+
class GetConfigurationPolicyAssociationResponse < Struct.new(
|
23851
|
+
:configuration_policy_id,
|
23852
|
+
:target_id,
|
23853
|
+
:target_type,
|
23854
|
+
:association_type,
|
23855
|
+
:updated_at,
|
23856
|
+
:association_status,
|
23857
|
+
:association_status_message)
|
23858
|
+
SENSITIVE = []
|
23859
|
+
include Aws::Structure
|
23860
|
+
end
|
23861
|
+
|
23862
|
+
# @!attribute [rw] identifier
|
23863
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
23864
|
+
# (UUID) of the configuration policy.
|
23865
|
+
# @return [String]
|
23866
|
+
#
|
23867
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyRequest AWS API Documentation
|
23868
|
+
#
|
23869
|
+
class GetConfigurationPolicyRequest < Struct.new(
|
23870
|
+
:identifier)
|
23871
|
+
SENSITIVE = []
|
23872
|
+
include Aws::Structure
|
23873
|
+
end
|
23874
|
+
|
23875
|
+
# @!attribute [rw] arn
|
23876
|
+
# The ARN of the configuration policy.
|
23877
|
+
# @return [String]
|
23878
|
+
#
|
23879
|
+
# @!attribute [rw] id
|
23880
|
+
# The UUID of the configuration policy.
|
23881
|
+
# @return [String]
|
23882
|
+
#
|
23883
|
+
# @!attribute [rw] name
|
23884
|
+
# The name of the configuration policy.
|
23885
|
+
# @return [String]
|
23886
|
+
#
|
23887
|
+
# @!attribute [rw] description
|
23888
|
+
# The description of the configuration policy.
|
23889
|
+
# @return [String]
|
23890
|
+
#
|
23891
|
+
# @!attribute [rw] updated_at
|
23892
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23893
|
+
# configuration policy was last updated.
|
23894
|
+
# @return [Time]
|
23895
|
+
#
|
23896
|
+
# @!attribute [rw] created_at
|
23897
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23898
|
+
# configuration policy was created.
|
23899
|
+
# @return [Time]
|
23900
|
+
#
|
23901
|
+
# @!attribute [rw] configuration_policy
|
23902
|
+
# An object that defines how Security Hub is configured. It includes
|
23903
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
23904
|
+
# security standards, a list of enabled or disabled security controls,
|
23905
|
+
# and a list of custom parameter values for specified controls. If the
|
23906
|
+
# policy includes a list of security controls that are enabled,
|
23907
|
+
# Security Hub disables all other controls (including newly released
|
23908
|
+
# controls). If the policy includes a list of security controls that
|
23909
|
+
# are disabled, Security Hub enables all other controls (including
|
23910
|
+
# newly released controls).
|
23911
|
+
# @return [Types::Policy]
|
23912
|
+
#
|
23913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyResponse AWS API Documentation
|
23914
|
+
#
|
23915
|
+
class GetConfigurationPolicyResponse < Struct.new(
|
23916
|
+
:arn,
|
23917
|
+
:id,
|
23918
|
+
:name,
|
23919
|
+
:description,
|
23920
|
+
:updated_at,
|
23921
|
+
:created_at,
|
23922
|
+
:configuration_policy)
|
23923
|
+
SENSITIVE = []
|
23924
|
+
include Aws::Structure
|
23925
|
+
end
|
23926
|
+
|
23927
|
+
# @!attribute [rw] standards_subscription_arns
|
23928
|
+
# The list of the standards subscription ARNs for the standards to
|
23929
|
+
# retrieve.
|
23930
|
+
# @return [Array<String>]
|
23931
|
+
#
|
23932
|
+
# @!attribute [rw] next_token
|
23933
|
+
# The token that is required for pagination. On your first call to the
|
23934
|
+
# `GetEnabledStandards` operation, set the value of this parameter to
|
23935
|
+
# `NULL`.
|
23936
|
+
#
|
23937
|
+
# For subsequent calls to the operation, to continue listing data, set
|
23938
|
+
# the value of this parameter to the value returned from the previous
|
23256
23939
|
# response.
|
23257
23940
|
# @return [String]
|
23258
23941
|
#
|
@@ -23628,6 +24311,34 @@ module Aws::SecurityHub
|
|
23628
24311
|
include Aws::Structure
|
23629
24312
|
end
|
23630
24313
|
|
24314
|
+
# @!attribute [rw] security_control_id
|
24315
|
+
# The ID of the security control to retrieve the definition for. This
|
24316
|
+
# field doesn’t accept an Amazon Resource Name (ARN).
|
24317
|
+
# @return [String]
|
24318
|
+
#
|
24319
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionRequest AWS API Documentation
|
24320
|
+
#
|
24321
|
+
class GetSecurityControlDefinitionRequest < Struct.new(
|
24322
|
+
:security_control_id)
|
24323
|
+
SENSITIVE = []
|
24324
|
+
include Aws::Structure
|
24325
|
+
end
|
24326
|
+
|
24327
|
+
# @!attribute [rw] security_control_definition
|
24328
|
+
# Provides metadata for a security control, including its unique
|
24329
|
+
# standard-agnostic identifier, title, description, severity,
|
24330
|
+
# availability in Amazon Web Services Regions, and a link to
|
24331
|
+
# remediation steps.
|
24332
|
+
# @return [Types::SecurityControlDefinition]
|
24333
|
+
#
|
24334
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionResponse AWS API Documentation
|
24335
|
+
#
|
24336
|
+
class GetSecurityControlDefinitionResponse < Struct.new(
|
24337
|
+
:security_control_definition)
|
24338
|
+
SENSITIVE = []
|
24339
|
+
include Aws::Structure
|
24340
|
+
end
|
24341
|
+
|
23631
24342
|
# An Internet Control Message Protocol (ICMP) type and code.
|
23632
24343
|
#
|
23633
24344
|
# @!attribute [rw] code
|
@@ -23760,6 +24471,66 @@ module Aws::SecurityHub
|
|
23760
24471
|
include Aws::Structure
|
23761
24472
|
end
|
23762
24473
|
|
24474
|
+
# The options for customizing a security control parameter that is an
|
24475
|
+
# integer.
|
24476
|
+
#
|
24477
|
+
# @!attribute [rw] default_value
|
24478
|
+
# The Security Hub default value for a control parameter that is an
|
24479
|
+
# integer.
|
24480
|
+
# @return [Integer]
|
24481
|
+
#
|
24482
|
+
# @!attribute [rw] min
|
24483
|
+
# The minimum valid value for a control parameter that is an integer.
|
24484
|
+
# @return [Integer]
|
24485
|
+
#
|
24486
|
+
# @!attribute [rw] max
|
24487
|
+
# The maximum valid value for a control parameter that is an integer.
|
24488
|
+
# @return [Integer]
|
24489
|
+
#
|
24490
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerConfigurationOptions AWS API Documentation
|
24491
|
+
#
|
24492
|
+
class IntegerConfigurationOptions < Struct.new(
|
24493
|
+
:default_value,
|
24494
|
+
:min,
|
24495
|
+
:max)
|
24496
|
+
SENSITIVE = []
|
24497
|
+
include Aws::Structure
|
24498
|
+
end
|
24499
|
+
|
24500
|
+
# The options for customizing a security control parameter that is a
|
24501
|
+
# list of integers.
|
24502
|
+
#
|
24503
|
+
# @!attribute [rw] default_value
|
24504
|
+
# The Security Hub default value for a control parameter that is a
|
24505
|
+
# list of integers.
|
24506
|
+
# @return [Array<Integer>]
|
24507
|
+
#
|
24508
|
+
# @!attribute [rw] min
|
24509
|
+
# The minimum valid value for a control parameter that is a list of
|
24510
|
+
# integers.
|
24511
|
+
# @return [Integer]
|
24512
|
+
#
|
24513
|
+
# @!attribute [rw] max
|
24514
|
+
# The maximum valid value for a control parameter that is a list of
|
24515
|
+
# integers.
|
24516
|
+
# @return [Integer]
|
24517
|
+
#
|
24518
|
+
# @!attribute [rw] max_items
|
24519
|
+
# The maximum number of list items that an interger list control
|
24520
|
+
# parameter can accept.
|
24521
|
+
# @return [Integer]
|
24522
|
+
#
|
24523
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerListConfigurationOptions AWS API Documentation
|
24524
|
+
#
|
24525
|
+
class IntegerListConfigurationOptions < Struct.new(
|
24526
|
+
:default_value,
|
24527
|
+
:min,
|
24528
|
+
:max,
|
24529
|
+
:max_items)
|
24530
|
+
SENSITIVE = []
|
24531
|
+
include Aws::Structure
|
24532
|
+
end
|
24533
|
+
|
23763
24534
|
# Internal server error.
|
23764
24535
|
#
|
23765
24536
|
# @!attribute [rw] message
|
@@ -24022,6 +24793,117 @@ module Aws::SecurityHub
|
|
24022
24793
|
include Aws::Structure
|
24023
24794
|
end
|
24024
24795
|
|
24796
|
+
# @!attribute [rw] next_token
|
24797
|
+
# The NextToken value that's returned from a previous paginated
|
24798
|
+
# `ListConfigurationPolicies` request where `MaxResults` was used but
|
24799
|
+
# the results exceeded the value of that parameter. Pagination
|
24800
|
+
# continues from the `MaxResults` was used but the results exceeded
|
24801
|
+
# the value of that parameter. Pagination continues from the end of
|
24802
|
+
# the previous response that returned the `NextToken` value. This
|
24803
|
+
# value is `null` when there are no more results to return.
|
24804
|
+
# @return [String]
|
24805
|
+
#
|
24806
|
+
# @!attribute [rw] max_results
|
24807
|
+
# The maximum number of results that's returned by
|
24808
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
24809
|
+
# parameter is used, `ListConfigurationPolicies` returns the specified
|
24810
|
+
# number of results in a single page and a `NextToken` response
|
24811
|
+
# element. You can see the remaining results of the initial request by
|
24812
|
+
# sending another `ListConfigurationPolicies` request with the
|
24813
|
+
# returned `NextToken` value. A valid range for `MaxResults` is
|
24814
|
+
# between 1 and 100.
|
24815
|
+
# @return [Integer]
|
24816
|
+
#
|
24817
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesRequest AWS API Documentation
|
24818
|
+
#
|
24819
|
+
class ListConfigurationPoliciesRequest < Struct.new(
|
24820
|
+
:next_token,
|
24821
|
+
:max_results)
|
24822
|
+
SENSITIVE = []
|
24823
|
+
include Aws::Structure
|
24824
|
+
end
|
24825
|
+
|
24826
|
+
# @!attribute [rw] configuration_policy_summaries
|
24827
|
+
# Provides metadata for each of your configuration policies.
|
24828
|
+
# @return [Array<Types::ConfigurationPolicySummary>]
|
24829
|
+
#
|
24830
|
+
# @!attribute [rw] next_token
|
24831
|
+
# The `NextToken` value to include in the next
|
24832
|
+
# `ListConfigurationPolicies` request. When the results of a
|
24833
|
+
# `ListConfigurationPolicies` request exceed `MaxResults`, this value
|
24834
|
+
# can be used to retrieve the next page of results. This value is
|
24835
|
+
# `null` when there are no more results to return.
|
24836
|
+
# @return [String]
|
24837
|
+
#
|
24838
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesResponse AWS API Documentation
|
24839
|
+
#
|
24840
|
+
class ListConfigurationPoliciesResponse < Struct.new(
|
24841
|
+
:configuration_policy_summaries,
|
24842
|
+
:next_token)
|
24843
|
+
SENSITIVE = []
|
24844
|
+
include Aws::Structure
|
24845
|
+
end
|
24846
|
+
|
24847
|
+
# @!attribute [rw] next_token
|
24848
|
+
# The `NextToken` value that's returned from a previous paginated
|
24849
|
+
# `ListConfigurationPolicyAssociations` request where `MaxResults` was
|
24850
|
+
# used but the results exceeded the value of that parameter.
|
24851
|
+
# Pagination continues from the end of the previous response that
|
24852
|
+
# returned the `NextToken` value. This value is `null` when there are
|
24853
|
+
# no more results to return.
|
24854
|
+
# @return [String]
|
24855
|
+
#
|
24856
|
+
# @!attribute [rw] max_results
|
24857
|
+
# The maximum number of results that's returned by
|
24858
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
24859
|
+
# parameter is used, `ListConfigurationPolicyAssociations` returns the
|
24860
|
+
# specified number of results in a single page and a `NextToken`
|
24861
|
+
# response element. You can see the remaining results of the initial
|
24862
|
+
# request by sending another `ListConfigurationPolicyAssociations`
|
24863
|
+
# request with the returned `NextToken` value. A valid range for
|
24864
|
+
# `MaxResults` is between 1 and 100.
|
24865
|
+
# @return [Integer]
|
24866
|
+
#
|
24867
|
+
# @!attribute [rw] filters
|
24868
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
24869
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
24870
|
+
# universally unique identifier (UUID) of a configuration,
|
24871
|
+
# `AssociationType`, or `AssociationStatus`.
|
24872
|
+
# @return [Types::AssociationFilters]
|
24873
|
+
#
|
24874
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsRequest AWS API Documentation
|
24875
|
+
#
|
24876
|
+
class ListConfigurationPolicyAssociationsRequest < Struct.new(
|
24877
|
+
:next_token,
|
24878
|
+
:max_results,
|
24879
|
+
:filters)
|
24880
|
+
SENSITIVE = []
|
24881
|
+
include Aws::Structure
|
24882
|
+
end
|
24883
|
+
|
24884
|
+
# @!attribute [rw] configuration_policy_association_summaries
|
24885
|
+
# An object that contains the details of each configuration policy
|
24886
|
+
# association that’s returned in a
|
24887
|
+
# `ListConfigurationPolicyAssociations` request.
|
24888
|
+
# @return [Array<Types::ConfigurationPolicyAssociationSummary>]
|
24889
|
+
#
|
24890
|
+
# @!attribute [rw] next_token
|
24891
|
+
# The `NextToken` value to include in the next
|
24892
|
+
# `ListConfigurationPolicyAssociations` request. When the results of a
|
24893
|
+
# `ListConfigurationPolicyAssociations` request exceed `MaxResults`,
|
24894
|
+
# this value can be used to retrieve the next page of results. This
|
24895
|
+
# value is `null` when there are no more results to return.
|
24896
|
+
# @return [String]
|
24897
|
+
#
|
24898
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsResponse AWS API Documentation
|
24899
|
+
#
|
24900
|
+
class ListConfigurationPolicyAssociationsResponse < Struct.new(
|
24901
|
+
:configuration_policy_association_summaries,
|
24902
|
+
:next_token)
|
24903
|
+
SENSITIVE = []
|
24904
|
+
include Aws::Structure
|
24905
|
+
end
|
24906
|
+
|
24025
24907
|
# @!attribute [rw] next_token
|
24026
24908
|
# The token that is required for pagination. On your first call to the
|
24027
24909
|
# `ListEnabledProductsForImport` operation, set the value of this
|
@@ -24838,12 +25720,24 @@ module Aws::SecurityHub
|
|
24838
25720
|
# for findings.
|
24839
25721
|
# @return [Float]
|
24840
25722
|
#
|
25723
|
+
# @!attribute [rw] gt
|
25724
|
+
# The greater-than condition to be applied to a single field when
|
25725
|
+
# querying for findings.
|
25726
|
+
# @return [Float]
|
25727
|
+
#
|
25728
|
+
# @!attribute [rw] lt
|
25729
|
+
# The less-than condition to be applied to a single field when
|
25730
|
+
# querying for findings.
|
25731
|
+
# @return [Float]
|
25732
|
+
#
|
24841
25733
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NumberFilter AWS API Documentation
|
24842
25734
|
#
|
24843
25735
|
class NumberFilter < Struct.new(
|
24844
25736
|
:gte,
|
24845
25737
|
:lte,
|
24846
|
-
:eq
|
25738
|
+
:eq,
|
25739
|
+
:gt,
|
25740
|
+
:lt)
|
24847
25741
|
SENSITIVE = []
|
24848
25742
|
include Aws::Structure
|
24849
25743
|
end
|
@@ -24888,6 +25782,53 @@ module Aws::SecurityHub
|
|
24888
25782
|
include Aws::Structure
|
24889
25783
|
end
|
24890
25784
|
|
25785
|
+
# Provides information about the way an organization is configured in
|
25786
|
+
# Security Hub.
|
25787
|
+
#
|
25788
|
+
# @!attribute [rw] configuration_type
|
25789
|
+
# Indicates whether the organization uses local or central
|
25790
|
+
# configuration.
|
25791
|
+
#
|
25792
|
+
# If you use local configuration, the Security Hub delegated
|
25793
|
+
# administrator can set `AutoEnable` to `true` and
|
25794
|
+
# `AutoEnableStandards` to `DEFAULT`. This automatically enables
|
25795
|
+
# Security Hub and default security standards in new organization
|
25796
|
+
# accounts. These new account settings must be set separately in each
|
25797
|
+
# Amazon Web Services Region, and settings may be different in each
|
25798
|
+
# Region.
|
25799
|
+
#
|
25800
|
+
# If you use central configuration, the delegated administrator can
|
25801
|
+
# create configuration policies. Configuration policies can be used to
|
25802
|
+
# configure Security Hub, security standards, and security controls in
|
25803
|
+
# multiple accounts and Regions. If you want new organization accounts
|
25804
|
+
# to use a specific configuration, you can create a configuration
|
25805
|
+
# policy and associate it with the root or specific organizational
|
25806
|
+
# units (OUs). New accounts will inherit the policy from the root or
|
25807
|
+
# their assigned OU.
|
25808
|
+
# @return [String]
|
25809
|
+
#
|
25810
|
+
# @!attribute [rw] status
|
25811
|
+
# Describes whether central configuration could be enabled as the
|
25812
|
+
# `ConfigurationType` for the organization. If your
|
25813
|
+
# `ConfigurationType` is local configuration, then the value of
|
25814
|
+
# `Status` is always `ENABLED`.
|
25815
|
+
# @return [String]
|
25816
|
+
#
|
25817
|
+
# @!attribute [rw] status_message
|
25818
|
+
# Provides an explanation if the value of `Status` is equal to
|
25819
|
+
# `FAILED` when `ConfigurationType` is equal to `CENTRAL`.
|
25820
|
+
# @return [String]
|
25821
|
+
#
|
25822
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/OrganizationConfiguration AWS API Documentation
|
25823
|
+
#
|
25824
|
+
class OrganizationConfiguration < Struct.new(
|
25825
|
+
:configuration_type,
|
25826
|
+
:status,
|
25827
|
+
:status_message)
|
25828
|
+
SENSITIVE = []
|
25829
|
+
include Aws::Structure
|
25830
|
+
end
|
25831
|
+
|
24891
25832
|
# An occurrence of sensitive data in an Adobe Portable Document Format
|
24892
25833
|
# (PDF) file.
|
24893
25834
|
#
|
@@ -24915,6 +25856,114 @@ module Aws::SecurityHub
|
|
24915
25856
|
include Aws::Structure
|
24916
25857
|
end
|
24917
25858
|
|
25859
|
+
# An object that provides the current value of a security control
|
25860
|
+
# parameter and identifies whether it has been customized.
|
25861
|
+
#
|
25862
|
+
# @!attribute [rw] value_type
|
25863
|
+
# Identifies whether a control parameter uses a custom user-defined
|
25864
|
+
# value or the Security Hub default value.
|
25865
|
+
# @return [String]
|
25866
|
+
#
|
25867
|
+
# @!attribute [rw] value
|
25868
|
+
# The current value of a control parameter.
|
25869
|
+
# @return [Types::ParameterValue]
|
25870
|
+
#
|
25871
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterConfiguration AWS API Documentation
|
25872
|
+
#
|
25873
|
+
class ParameterConfiguration < Struct.new(
|
25874
|
+
:value_type,
|
25875
|
+
:value)
|
25876
|
+
SENSITIVE = []
|
25877
|
+
include Aws::Structure
|
25878
|
+
end
|
25879
|
+
|
25880
|
+
# An object that describes a security control parameter and the options
|
25881
|
+
# for customizing it.
|
25882
|
+
#
|
25883
|
+
# @!attribute [rw] description
|
25884
|
+
# Description of a control parameter.
|
25885
|
+
# @return [String]
|
25886
|
+
#
|
25887
|
+
# @!attribute [rw] configuration_options
|
25888
|
+
# The options for customizing a control parameter. Customization
|
25889
|
+
# options vary based on the data type of the parameter.
|
25890
|
+
# @return [Types::ConfigurationOptions]
|
25891
|
+
#
|
25892
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterDefinition AWS API Documentation
|
25893
|
+
#
|
25894
|
+
class ParameterDefinition < Struct.new(
|
25895
|
+
:description,
|
25896
|
+
:configuration_options)
|
25897
|
+
SENSITIVE = []
|
25898
|
+
include Aws::Structure
|
25899
|
+
end
|
25900
|
+
|
25901
|
+
# An object that includes the data type of a security control parameter
|
25902
|
+
# and its current value.
|
25903
|
+
#
|
25904
|
+
# @note ParameterValue is a union - when making an API calls you must set exactly one of the members.
|
25905
|
+
#
|
25906
|
+
# @note ParameterValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ParameterValue corresponding to the set member.
|
25907
|
+
#
|
25908
|
+
# @!attribute [rw] integer
|
25909
|
+
# A control parameter that is an integer.
|
25910
|
+
# @return [Integer]
|
25911
|
+
#
|
25912
|
+
# @!attribute [rw] integer_list
|
25913
|
+
# A control parameter that is a list of integers.
|
25914
|
+
# @return [Array<Integer>]
|
25915
|
+
#
|
25916
|
+
# @!attribute [rw] double
|
25917
|
+
# A control parameter that is a double.
|
25918
|
+
# @return [Float]
|
25919
|
+
#
|
25920
|
+
# @!attribute [rw] string
|
25921
|
+
# A control parameter that is a string.
|
25922
|
+
# @return [String]
|
25923
|
+
#
|
25924
|
+
# @!attribute [rw] string_list
|
25925
|
+
# A control parameter that is a list of strings.
|
25926
|
+
# @return [Array<String>]
|
25927
|
+
#
|
25928
|
+
# @!attribute [rw] boolean
|
25929
|
+
# A control parameter that is a boolean.
|
25930
|
+
# @return [Boolean]
|
25931
|
+
#
|
25932
|
+
# @!attribute [rw] enum
|
25933
|
+
# A control parameter that is an enum.
|
25934
|
+
# @return [String]
|
25935
|
+
#
|
25936
|
+
# @!attribute [rw] enum_list
|
25937
|
+
# A control parameter that is a list of enums.
|
25938
|
+
# @return [Array<String>]
|
25939
|
+
#
|
25940
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterValue AWS API Documentation
|
25941
|
+
#
|
25942
|
+
class ParameterValue < Struct.new(
|
25943
|
+
:integer,
|
25944
|
+
:integer_list,
|
25945
|
+
:double,
|
25946
|
+
:string,
|
25947
|
+
:string_list,
|
25948
|
+
:boolean,
|
25949
|
+
:enum,
|
25950
|
+
:enum_list,
|
25951
|
+
:unknown)
|
25952
|
+
SENSITIVE = []
|
25953
|
+
include Aws::Structure
|
25954
|
+
include Aws::Structure::Union
|
25955
|
+
|
25956
|
+
class Integer < ParameterValue; end
|
25957
|
+
class IntegerList < ParameterValue; end
|
25958
|
+
class Double < ParameterValue; end
|
25959
|
+
class String < ParameterValue; end
|
25960
|
+
class StringList < ParameterValue; end
|
25961
|
+
class Boolean < ParameterValue; end
|
25962
|
+
class Enum < ParameterValue; end
|
25963
|
+
class EnumList < ParameterValue; end
|
25964
|
+
class Unknown < ParameterValue; end
|
25965
|
+
end
|
25966
|
+
|
24918
25967
|
# Provides an overview of the patch compliance status for an instance
|
24919
25968
|
# against a selected compliance standard.
|
24920
25969
|
#
|
@@ -25007,6 +26056,37 @@ module Aws::SecurityHub
|
|
25007
26056
|
include Aws::Structure
|
25008
26057
|
end
|
25009
26058
|
|
26059
|
+
# An object that defines how Security Hub is configured. It includes
|
26060
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
26061
|
+
# security standards, a list of enabled or disabled security controls,
|
26062
|
+
# and a list of custom parameter values for specified controls. If you
|
26063
|
+
# provide a list of security controls that are enabled in the
|
26064
|
+
# configuration policy, Security Hub disables all other controls
|
26065
|
+
# (including newly released controls). If you provide a list of security
|
26066
|
+
# controls that are disabled in the configuration policy, Security Hub
|
26067
|
+
# enables all other controls (including newly released controls).
|
26068
|
+
#
|
26069
|
+
# @note Policy is a union - when making an API calls you must set exactly one of the members.
|
26070
|
+
#
|
26071
|
+
# @note Policy is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Policy corresponding to the set member.
|
26072
|
+
#
|
26073
|
+
# @!attribute [rw] security_hub
|
26074
|
+
# The Amazon Web Service that the configuration policy applies to.
|
26075
|
+
# @return [Types::SecurityHubPolicy]
|
26076
|
+
#
|
26077
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Policy AWS API Documentation
|
26078
|
+
#
|
26079
|
+
class Policy < Struct.new(
|
26080
|
+
:security_hub,
|
26081
|
+
:unknown)
|
26082
|
+
SENSITIVE = []
|
26083
|
+
include Aws::Structure
|
26084
|
+
include Aws::Structure::Union
|
26085
|
+
|
26086
|
+
class SecurityHub < Policy; end
|
26087
|
+
class Unknown < Policy; end
|
26088
|
+
end
|
26089
|
+
|
25010
26090
|
# Provided if `ActionType` is `PORT_PROBE`. It provides details about
|
25011
26091
|
# the attempted port probe that was detected.
|
25012
26092
|
#
|
@@ -25391,6 +26471,15 @@ module Aws::SecurityHub
|
|
25391
26471
|
# Additional details about the resource related to a finding.
|
25392
26472
|
# @return [Types::ResourceDetails]
|
25393
26473
|
#
|
26474
|
+
# @!attribute [rw] application_name
|
26475
|
+
# The name of the application that is related to a finding.
|
26476
|
+
# @return [String]
|
26477
|
+
#
|
26478
|
+
# @!attribute [rw] application_arn
|
26479
|
+
# The Amazon Resource Name (ARN) of the application that is related to
|
26480
|
+
# a finding.
|
26481
|
+
# @return [String]
|
26482
|
+
#
|
25394
26483
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Resource AWS API Documentation
|
25395
26484
|
#
|
25396
26485
|
class Resource < Struct.new(
|
@@ -25401,7 +26490,9 @@ module Aws::SecurityHub
|
|
25401
26490
|
:resource_role,
|
25402
26491
|
:tags,
|
25403
26492
|
:data_classification,
|
25404
|
-
:details
|
26493
|
+
:details,
|
26494
|
+
:application_name,
|
26495
|
+
:application_arn)
|
25405
26496
|
SENSITIVE = []
|
25406
26497
|
include Aws::Structure
|
25407
26498
|
end
|
@@ -25985,6 +27076,25 @@ module Aws::SecurityHub
|
|
25985
27076
|
include Aws::Structure
|
25986
27077
|
end
|
25987
27078
|
|
27079
|
+
# The request was rejected because it conflicts with the resource's
|
27080
|
+
# availability. For example, you tried to update a security control
|
27081
|
+
# that's currently in the `UPDATING` state.
|
27082
|
+
#
|
27083
|
+
# @!attribute [rw] message
|
27084
|
+
# @return [String]
|
27085
|
+
#
|
27086
|
+
# @!attribute [rw] code
|
27087
|
+
# @return [String]
|
27088
|
+
#
|
27089
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceInUseException AWS API Documentation
|
27090
|
+
#
|
27091
|
+
class ResourceInUseException < Struct.new(
|
27092
|
+
:message,
|
27093
|
+
:code)
|
27094
|
+
SENSITIVE = []
|
27095
|
+
include Aws::Structure
|
27096
|
+
end
|
27097
|
+
|
25988
27098
|
# The request was rejected because we can't find the specified
|
25989
27099
|
# resource.
|
25990
27100
|
#
|
@@ -26598,6 +27708,32 @@ module Aws::SecurityHub
|
|
26598
27708
|
# The enablement status of a security control in a specific standard.
|
26599
27709
|
# @return [String]
|
26600
27710
|
#
|
27711
|
+
# @!attribute [rw] update_status
|
27712
|
+
# Identifies whether customizable properties of a security control are
|
27713
|
+
# reflected in Security Hub findings. A status of `READY` indicates
|
27714
|
+
# findings include the current parameter values. A status of
|
27715
|
+
# `UPDATING` indicates that all findings may not include the current
|
27716
|
+
# parameter values.
|
27717
|
+
# @return [String]
|
27718
|
+
#
|
27719
|
+
# @!attribute [rw] parameters
|
27720
|
+
# An object that identifies the name of a control parameter, its
|
27721
|
+
# current value, and whether it has been customized.
|
27722
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
27723
|
+
#
|
27724
|
+
# @!attribute [rw] last_update_reason
|
27725
|
+
# The most recent reason for updating the customizable properties of a
|
27726
|
+
# security control. This differs from the `UpdateReason` field of the
|
27727
|
+
# [ `BatchUpdateStandardsControlAssociations` ][1] API, which tracks
|
27728
|
+
# the reason for updating the enablement status of a control. This
|
27729
|
+
# field accepts alphanumeric characters in addition to white spaces,
|
27730
|
+
# dashes, and underscores.
|
27731
|
+
#
|
27732
|
+
#
|
27733
|
+
#
|
27734
|
+
# [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
|
27735
|
+
# @return [String]
|
27736
|
+
#
|
26601
27737
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
|
26602
27738
|
#
|
26603
27739
|
class SecurityControl < Struct.new(
|
@@ -26607,7 +27743,31 @@ module Aws::SecurityHub
|
|
26607
27743
|
:description,
|
26608
27744
|
:remediation_url,
|
26609
27745
|
:severity_rating,
|
26610
|
-
:security_control_status
|
27746
|
+
:security_control_status,
|
27747
|
+
:update_status,
|
27748
|
+
:parameters,
|
27749
|
+
:last_update_reason)
|
27750
|
+
SENSITIVE = []
|
27751
|
+
include Aws::Structure
|
27752
|
+
end
|
27753
|
+
|
27754
|
+
# A list of security controls and control parameter values that are
|
27755
|
+
# included in a configuration policy.
|
27756
|
+
#
|
27757
|
+
# @!attribute [rw] security_control_id
|
27758
|
+
# The ID of the security control.
|
27759
|
+
# @return [String]
|
27760
|
+
#
|
27761
|
+
# @!attribute [rw] parameters
|
27762
|
+
# An object that specifies parameter values for a control in a
|
27763
|
+
# configuration policy.
|
27764
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
27765
|
+
#
|
27766
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlCustomParameter AWS API Documentation
|
27767
|
+
#
|
27768
|
+
class SecurityControlCustomParameter < Struct.new(
|
27769
|
+
:security_control_id,
|
27770
|
+
:parameters)
|
26611
27771
|
SENSITIVE = []
|
26612
27772
|
include Aws::Structure
|
26613
27773
|
end
|
@@ -26658,6 +27818,18 @@ module Aws::SecurityHub
|
|
26658
27818
|
# Amazon Web Services Region.
|
26659
27819
|
# @return [String]
|
26660
27820
|
#
|
27821
|
+
# @!attribute [rw] customizable_properties
|
27822
|
+
# Security control properties that you can customize. Currently, only
|
27823
|
+
# parameter customization is supported for select controls. An empty
|
27824
|
+
# array is returned for controls that don’t support custom properties.
|
27825
|
+
# @return [Array<String>]
|
27826
|
+
#
|
27827
|
+
# @!attribute [rw] parameter_definitions
|
27828
|
+
# An object that provides a security control parameter name,
|
27829
|
+
# description, and the options for customizing it. This object is
|
27830
|
+
# excluded for a control that doesn't support custom parameters.
|
27831
|
+
# @return [Hash<String,Types::ParameterDefinition>]
|
27832
|
+
#
|
26661
27833
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
|
26662
27834
|
#
|
26663
27835
|
class SecurityControlDefinition < Struct.new(
|
@@ -26666,7 +27838,95 @@ module Aws::SecurityHub
|
|
26666
27838
|
:description,
|
26667
27839
|
:remediation_url,
|
26668
27840
|
:severity_rating,
|
26669
|
-
:current_region_availability
|
27841
|
+
:current_region_availability,
|
27842
|
+
:customizable_properties,
|
27843
|
+
:parameter_definitions)
|
27844
|
+
SENSITIVE = []
|
27845
|
+
include Aws::Structure
|
27846
|
+
end
|
27847
|
+
|
27848
|
+
# A parameter that a security control accepts.
|
27849
|
+
#
|
27850
|
+
# @!attribute [rw] name
|
27851
|
+
# The name of a
|
27852
|
+
# @return [String]
|
27853
|
+
#
|
27854
|
+
# @!attribute [rw] value
|
27855
|
+
# The current value of a control parameter.
|
27856
|
+
# @return [Array<String>]
|
27857
|
+
#
|
27858
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlParameter AWS API Documentation
|
27859
|
+
#
|
27860
|
+
class SecurityControlParameter < Struct.new(
|
27861
|
+
:name,
|
27862
|
+
:value)
|
27863
|
+
SENSITIVE = []
|
27864
|
+
include Aws::Structure
|
27865
|
+
end
|
27866
|
+
|
27867
|
+
# An object that defines which security controls are enabled in an
|
27868
|
+
# Security Hub configuration policy. The enablement status of a control
|
27869
|
+
# is aligned across all of the enabled standards in an account.
|
27870
|
+
#
|
27871
|
+
# @!attribute [rw] enabled_security_control_identifiers
|
27872
|
+
# A list of security controls that are enabled in the configuration
|
27873
|
+
# policy. Security Hub disables all other controls (including newly
|
27874
|
+
# released controls) other than the listed controls.
|
27875
|
+
# @return [Array<String>]
|
27876
|
+
#
|
27877
|
+
# @!attribute [rw] disabled_security_control_identifiers
|
27878
|
+
# A list of security controls that are disabled in the configuration
|
27879
|
+
# policy. Security Hub enables all other controls (including newly
|
27880
|
+
# released controls) other than the listed controls.
|
27881
|
+
# @return [Array<String>]
|
27882
|
+
#
|
27883
|
+
# @!attribute [rw] security_control_custom_parameters
|
27884
|
+
# A list of security controls and control parameter values that are
|
27885
|
+
# included in a configuration policy.
|
27886
|
+
# @return [Array<Types::SecurityControlCustomParameter>]
|
27887
|
+
#
|
27888
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlsConfiguration AWS API Documentation
|
27889
|
+
#
|
27890
|
+
class SecurityControlsConfiguration < Struct.new(
|
27891
|
+
:enabled_security_control_identifiers,
|
27892
|
+
:disabled_security_control_identifiers,
|
27893
|
+
:security_control_custom_parameters)
|
27894
|
+
SENSITIVE = []
|
27895
|
+
include Aws::Structure
|
27896
|
+
end
|
27897
|
+
|
27898
|
+
# An object that defines how Security Hub is configured. The
|
27899
|
+
# configuration policy includes whether Security Hub is enabled or
|
27900
|
+
# disabled, a list of enabled security standards, a list of enabled or
|
27901
|
+
# disabled security controls, and a list of custom parameter values for
|
27902
|
+
# specified controls. If you provide a list of security controls that
|
27903
|
+
# are enabled in the configuration policy, Security Hub disables all
|
27904
|
+
# other controls (including newly released controls). If you provide a
|
27905
|
+
# list of security controls that are disabled in the configuration
|
27906
|
+
# policy, Security Hub enables all other controls (including newly
|
27907
|
+
# released controls).
|
27908
|
+
#
|
27909
|
+
# @!attribute [rw] service_enabled
|
27910
|
+
# Indicates whether Security Hub is enabled in the policy.
|
27911
|
+
# @return [Boolean]
|
27912
|
+
#
|
27913
|
+
# @!attribute [rw] enabled_standard_identifiers
|
27914
|
+
# A list that defines which security standards are enabled in the
|
27915
|
+
# configuration policy.
|
27916
|
+
# @return [Array<String>]
|
27917
|
+
#
|
27918
|
+
# @!attribute [rw] security_controls_configuration
|
27919
|
+
# An object that defines which security controls are enabled in the
|
27920
|
+
# configuration policy. The enablement status of a control is aligned
|
27921
|
+
# across all of the enabled standards in an account.
|
27922
|
+
# @return [Types::SecurityControlsConfiguration]
|
27923
|
+
#
|
27924
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityHubPolicy AWS API Documentation
|
27925
|
+
#
|
27926
|
+
class SecurityHubPolicy < Struct.new(
|
27927
|
+
:service_enabled,
|
27928
|
+
:enabled_standard_identifiers,
|
27929
|
+
:security_controls_configuration)
|
26670
27930
|
SENSITIVE = []
|
26671
27931
|
include Aws::Structure
|
26672
27932
|
end
|
@@ -26737,8 +27997,8 @@ module Aws::SecurityHub
|
|
26737
27997
|
# attribute.
|
26738
27998
|
#
|
26739
27999
|
# @!attribute [rw] product
|
26740
|
-
# Deprecated. This attribute
|
26741
|
-
# `Product`, provide `Original`.
|
28000
|
+
# Deprecated. This attribute isn't included in findings. Instead of
|
28001
|
+
# providing `Product`, provide `Original`.
|
26742
28002
|
#
|
26743
28003
|
# The native severity as defined by the Amazon Web Services service or
|
26744
28004
|
# integrated partner product that generated the finding.
|
@@ -26774,9 +28034,8 @@ module Aws::SecurityHub
|
|
26774
28034
|
# @return [String]
|
26775
28035
|
#
|
26776
28036
|
# @!attribute [rw] normalized
|
26777
|
-
# Deprecated. The normalized severity of a finding.
|
26778
|
-
#
|
26779
|
-
# `Label`.
|
28037
|
+
# Deprecated. The normalized severity of a finding. Instead of
|
28038
|
+
# providing `Normalized`, provide `Label`.
|
26780
28039
|
#
|
26781
28040
|
# If you provide `Label` and do not provide `Normalized`, then
|
26782
28041
|
# `Normalized` is set automatically as follows.
|
@@ -27189,7 +28448,7 @@ module Aws::SecurityHub
|
|
27189
28448
|
# @return [Time]
|
27190
28449
|
#
|
27191
28450
|
# @!attribute [rw] updated_reason
|
27192
|
-
# The reason for updating
|
28451
|
+
# The reason for updating a control's enablement status in a
|
27193
28452
|
# specified standard.
|
27194
28453
|
# @return [String]
|
27195
28454
|
#
|
@@ -27362,6 +28621,96 @@ module Aws::SecurityHub
|
|
27362
28621
|
include Aws::Structure
|
27363
28622
|
end
|
27364
28623
|
|
28624
|
+
# @!attribute [rw] configuration_policy_identifier
|
28625
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
28626
|
+
# (UUID) of the configuration policy.
|
28627
|
+
# @return [String]
|
28628
|
+
#
|
28629
|
+
# @!attribute [rw] target
|
28630
|
+
# The identifier of the target account, organizational unit, or the
|
28631
|
+
# root to associate with the specified configuration.
|
28632
|
+
# @return [Types::Target]
|
28633
|
+
#
|
28634
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationRequest AWS API Documentation
|
28635
|
+
#
|
28636
|
+
class StartConfigurationPolicyAssociationRequest < Struct.new(
|
28637
|
+
:configuration_policy_identifier,
|
28638
|
+
:target)
|
28639
|
+
SENSITIVE = []
|
28640
|
+
include Aws::Structure
|
28641
|
+
end
|
28642
|
+
|
28643
|
+
# @!attribute [rw] configuration_policy_id
|
28644
|
+
# The UUID of the configuration policy.
|
28645
|
+
# @return [String]
|
28646
|
+
#
|
28647
|
+
# @!attribute [rw] target_id
|
28648
|
+
# The identifier of the target account, organizational unit, or the
|
28649
|
+
# organization root with which the configuration is associated.
|
28650
|
+
# @return [String]
|
28651
|
+
#
|
28652
|
+
# @!attribute [rw] target_type
|
28653
|
+
# Indicates whether the target is an Amazon Web Services account,
|
28654
|
+
# organizational unit, or the organization root.
|
28655
|
+
# @return [String]
|
28656
|
+
#
|
28657
|
+
# @!attribute [rw] association_type
|
28658
|
+
# Indicates whether the association between the specified target and
|
28659
|
+
# the configuration was directly applied by the Security Hub delegated
|
28660
|
+
# administrator or inherited from a parent.
|
28661
|
+
# @return [String]
|
28662
|
+
#
|
28663
|
+
# @!attribute [rw] updated_at
|
28664
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
28665
|
+
# configuration policy association was last updated.
|
28666
|
+
# @return [Time]
|
28667
|
+
#
|
28668
|
+
# @!attribute [rw] association_status
|
28669
|
+
# The current status of the association between the specified target
|
28670
|
+
# and the configuration.
|
28671
|
+
# @return [String]
|
28672
|
+
#
|
28673
|
+
# @!attribute [rw] association_status_message
|
28674
|
+
# An explanation for a `FAILED` value for `AssociationStatus`.
|
28675
|
+
# @return [String]
|
28676
|
+
#
|
28677
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationResponse AWS API Documentation
|
28678
|
+
#
|
28679
|
+
class StartConfigurationPolicyAssociationResponse < Struct.new(
|
28680
|
+
:configuration_policy_id,
|
28681
|
+
:target_id,
|
28682
|
+
:target_type,
|
28683
|
+
:association_type,
|
28684
|
+
:updated_at,
|
28685
|
+
:association_status,
|
28686
|
+
:association_status_message)
|
28687
|
+
SENSITIVE = []
|
28688
|
+
include Aws::Structure
|
28689
|
+
end
|
28690
|
+
|
28691
|
+
# @!attribute [rw] target
|
28692
|
+
# The identifier of the target account, organizational unit, or the
|
28693
|
+
# root to disassociate from the specified configuration.
|
28694
|
+
# @return [Types::Target]
|
28695
|
+
#
|
28696
|
+
# @!attribute [rw] configuration_policy_identifier
|
28697
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
28698
|
+
# (UUID) of the configuration policy.
|
28699
|
+
# @return [String]
|
28700
|
+
#
|
28701
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationRequest AWS API Documentation
|
28702
|
+
#
|
28703
|
+
class StartConfigurationPolicyDisassociationRequest < Struct.new(
|
28704
|
+
:target,
|
28705
|
+
:configuration_policy_identifier)
|
28706
|
+
SENSITIVE = []
|
28707
|
+
include Aws::Structure
|
28708
|
+
end
|
28709
|
+
|
28710
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationResponse AWS API Documentation
|
28711
|
+
#
|
28712
|
+
class StartConfigurationPolicyDisassociationResponse < Aws::EmptyStructure; end
|
28713
|
+
|
27365
28714
|
# The definition of a custom action that can be used for stateless
|
27366
28715
|
# packet handling.
|
27367
28716
|
#
|
@@ -27430,6 +28779,33 @@ module Aws::SecurityHub
|
|
27430
28779
|
include Aws::Structure
|
27431
28780
|
end
|
27432
28781
|
|
28782
|
+
# The options for customizing a security control parameter that is a
|
28783
|
+
# string.
|
28784
|
+
#
|
28785
|
+
# @!attribute [rw] default_value
|
28786
|
+
# The Security Hub default value for a control parameter that is a
|
28787
|
+
# string.
|
28788
|
+
# @return [String]
|
28789
|
+
#
|
28790
|
+
# @!attribute [rw] re_2_expression
|
28791
|
+
# An RE2 regular expression that Security Hub uses to validate a
|
28792
|
+
# user-provided control parameter string.
|
28793
|
+
# @return [String]
|
28794
|
+
#
|
28795
|
+
# @!attribute [rw] expression_description
|
28796
|
+
# The description of the RE2 regular expression.
|
28797
|
+
# @return [String]
|
28798
|
+
#
|
28799
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringConfigurationOptions AWS API Documentation
|
28800
|
+
#
|
28801
|
+
class StringConfigurationOptions < Struct.new(
|
28802
|
+
:default_value,
|
28803
|
+
:re_2_expression,
|
28804
|
+
:expression_description)
|
28805
|
+
SENSITIVE = []
|
28806
|
+
include Aws::Structure
|
28807
|
+
end
|
28808
|
+
|
27433
28809
|
# A string filter for filtering Security Hub findings.
|
27434
28810
|
#
|
27435
28811
|
# @!attribute [rw] value
|
@@ -27537,6 +28913,39 @@ module Aws::SecurityHub
|
|
27537
28913
|
include Aws::Structure
|
27538
28914
|
end
|
27539
28915
|
|
28916
|
+
# The options for customizing a security control parameter that is a
|
28917
|
+
# list of strings.
|
28918
|
+
#
|
28919
|
+
# @!attribute [rw] default_value
|
28920
|
+
# The Security Hub default value for a control parameter that is a
|
28921
|
+
# list of strings.
|
28922
|
+
# @return [Array<String>]
|
28923
|
+
#
|
28924
|
+
# @!attribute [rw] re_2_expression
|
28925
|
+
# An RE2 regular expression that Security Hub uses to validate a
|
28926
|
+
# user-provided list of strings for a control parameter.
|
28927
|
+
# @return [String]
|
28928
|
+
#
|
28929
|
+
# @!attribute [rw] max_items
|
28930
|
+
# The maximum number of list items that a string list control
|
28931
|
+
# parameter can accept.
|
28932
|
+
# @return [Integer]
|
28933
|
+
#
|
28934
|
+
# @!attribute [rw] expression_description
|
28935
|
+
# The description of the RE2 regular expression.
|
28936
|
+
# @return [String]
|
28937
|
+
#
|
28938
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringListConfigurationOptions AWS API Documentation
|
28939
|
+
#
|
28940
|
+
class StringListConfigurationOptions < Struct.new(
|
28941
|
+
:default_value,
|
28942
|
+
:re_2_expression,
|
28943
|
+
:max_items,
|
28944
|
+
:expression_description)
|
28945
|
+
SENSITIVE = []
|
28946
|
+
include Aws::Structure
|
28947
|
+
end
|
28948
|
+
|
27540
28949
|
# @!attribute [rw] resource_arn
|
27541
28950
|
# The ARN of the resource to apply the tags to.
|
27542
28951
|
# @return [String]
|
@@ -27560,6 +28969,43 @@ module Aws::SecurityHub
|
|
27560
28969
|
#
|
27561
28970
|
class TagResourceResponse < Aws::EmptyStructure; end
|
27562
28971
|
|
28972
|
+
# The target account, organizational unit, or the root that is
|
28973
|
+
# associated with an Security Hub configuration. The configuration can
|
28974
|
+
# be a configuration policy or self-managed behavior.
|
28975
|
+
#
|
28976
|
+
# @note Target is a union - when making an API calls you must set exactly one of the members.
|
28977
|
+
#
|
28978
|
+
# @note Target is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Target corresponding to the set member.
|
28979
|
+
#
|
28980
|
+
# @!attribute [rw] account_id
|
28981
|
+
# The Amazon Web Services account ID of the target account.
|
28982
|
+
# @return [String]
|
28983
|
+
#
|
28984
|
+
# @!attribute [rw] organizational_unit_id
|
28985
|
+
# The organizational unit ID of the target organizational unit.
|
28986
|
+
# @return [String]
|
28987
|
+
#
|
28988
|
+
# @!attribute [rw] root_id
|
28989
|
+
# The ID of the organization root.
|
28990
|
+
# @return [String]
|
28991
|
+
#
|
28992
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Target AWS API Documentation
|
28993
|
+
#
|
28994
|
+
class Target < Struct.new(
|
28995
|
+
:account_id,
|
28996
|
+
:organizational_unit_id,
|
28997
|
+
:root_id,
|
28998
|
+
:unknown)
|
28999
|
+
SENSITIVE = []
|
29000
|
+
include Aws::Structure
|
29001
|
+
include Aws::Structure::Union
|
29002
|
+
|
29003
|
+
class AccountId < Target; end
|
29004
|
+
class OrganizationalUnitId < Target; end
|
29005
|
+
class RootId < Target; end
|
29006
|
+
class Unknown < Target; end
|
29007
|
+
end
|
29008
|
+
|
27563
29009
|
# Provides information about the threat detected in a security finding
|
27564
29010
|
# and the file paths that were affected by the threat.
|
27565
29011
|
#
|
@@ -27668,6 +29114,37 @@ module Aws::SecurityHub
|
|
27668
29114
|
include Aws::Structure
|
27669
29115
|
end
|
27670
29116
|
|
29117
|
+
# An array of configuration policy associations, one for each
|
29118
|
+
# configuration policy association identifier, that was specified in a
|
29119
|
+
# `BatchGetConfigurationPolicyAssociations` request but couldn’t be
|
29120
|
+
# processed due to an error.
|
29121
|
+
#
|
29122
|
+
# @!attribute [rw] configuration_policy_association_identifiers
|
29123
|
+
# Configuration policy association identifiers that were specified in
|
29124
|
+
# a `BatchGetConfigurationPolicyAssociations` request but couldn’t be
|
29125
|
+
# processed due to an error.
|
29126
|
+
# @return [Types::ConfigurationPolicyAssociation]
|
29127
|
+
#
|
29128
|
+
# @!attribute [rw] error_code
|
29129
|
+
# An HTTP status code that identifies why the configuration policy
|
29130
|
+
# association failed.
|
29131
|
+
# @return [String]
|
29132
|
+
#
|
29133
|
+
# @!attribute [rw] error_reason
|
29134
|
+
# A string that identifies why the configuration policy association
|
29135
|
+
# failed.
|
29136
|
+
# @return [String]
|
29137
|
+
#
|
29138
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedConfigurationPolicyAssociation AWS API Documentation
|
29139
|
+
#
|
29140
|
+
class UnprocessedConfigurationPolicyAssociation < Struct.new(
|
29141
|
+
:configuration_policy_association_identifiers,
|
29142
|
+
:error_code,
|
29143
|
+
:error_reason)
|
29144
|
+
SENSITIVE = []
|
29145
|
+
include Aws::Structure
|
29146
|
+
end
|
29147
|
+
|
27671
29148
|
# Provides details about a security control for which a response
|
27672
29149
|
# couldn't be returned.
|
27673
29150
|
#
|
@@ -27890,6 +29367,106 @@ module Aws::SecurityHub
|
|
27890
29367
|
include Aws::Structure
|
27891
29368
|
end
|
27892
29369
|
|
29370
|
+
# @!attribute [rw] identifier
|
29371
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
29372
|
+
# (UUID) of the configuration policy.
|
29373
|
+
# @return [String]
|
29374
|
+
#
|
29375
|
+
# @!attribute [rw] name
|
29376
|
+
# The name of the configuration policy.
|
29377
|
+
# @return [String]
|
29378
|
+
#
|
29379
|
+
# @!attribute [rw] description
|
29380
|
+
# The description of the configuration policy.
|
29381
|
+
# @return [String]
|
29382
|
+
#
|
29383
|
+
# @!attribute [rw] updated_reason
|
29384
|
+
# The reason for updating the configuration policy.
|
29385
|
+
# @return [String]
|
29386
|
+
#
|
29387
|
+
# @!attribute [rw] configuration_policy
|
29388
|
+
# An object that defines how Security Hub is configured. It includes
|
29389
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
29390
|
+
# security standards, a list of enabled or disabled security controls,
|
29391
|
+
# and a list of custom parameter values for specified controls. If you
|
29392
|
+
# provide a list of security controls that are enabled in the
|
29393
|
+
# configuration policy, Security Hub disables all other controls
|
29394
|
+
# (including newly released controls). If you provide a list of
|
29395
|
+
# security controls that are disabled in the configuration policy,
|
29396
|
+
# Security Hub enables all other controls (including newly released
|
29397
|
+
# controls).
|
29398
|
+
#
|
29399
|
+
# When updating a configuration policy, provide a complete list of
|
29400
|
+
# standards that you want to enable and a complete list of controls
|
29401
|
+
# that you want to enable or disable. The updated configuration
|
29402
|
+
# replaces the current configuration.
|
29403
|
+
# @return [Types::Policy]
|
29404
|
+
#
|
29405
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyRequest AWS API Documentation
|
29406
|
+
#
|
29407
|
+
class UpdateConfigurationPolicyRequest < Struct.new(
|
29408
|
+
:identifier,
|
29409
|
+
:name,
|
29410
|
+
:description,
|
29411
|
+
:updated_reason,
|
29412
|
+
:configuration_policy)
|
29413
|
+
SENSITIVE = []
|
29414
|
+
include Aws::Structure
|
29415
|
+
end
|
29416
|
+
|
29417
|
+
# @!attribute [rw] arn
|
29418
|
+
# The ARN of the configuration policy.
|
29419
|
+
# @return [String]
|
29420
|
+
#
|
29421
|
+
# @!attribute [rw] id
|
29422
|
+
# The UUID of the configuration policy.
|
29423
|
+
# @return [String]
|
29424
|
+
#
|
29425
|
+
# @!attribute [rw] name
|
29426
|
+
# The name of the configuration policy.
|
29427
|
+
# @return [String]
|
29428
|
+
#
|
29429
|
+
# @!attribute [rw] description
|
29430
|
+
# The description of the configuration policy.
|
29431
|
+
# @return [String]
|
29432
|
+
#
|
29433
|
+
# @!attribute [rw] updated_at
|
29434
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
29435
|
+
# configuration policy was last updated.
|
29436
|
+
# @return [Time]
|
29437
|
+
#
|
29438
|
+
# @!attribute [rw] created_at
|
29439
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
29440
|
+
# configuration policy was created.
|
29441
|
+
# @return [Time]
|
29442
|
+
#
|
29443
|
+
# @!attribute [rw] configuration_policy
|
29444
|
+
# An object that defines how Security Hub is configured. It includes
|
29445
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
29446
|
+
# security standards, a list of enabled or disabled security controls,
|
29447
|
+
# and a list of custom parameter values for specified controls. If the
|
29448
|
+
# request included a list of security controls that are enabled in the
|
29449
|
+
# configuration policy, Security Hub disables all other controls
|
29450
|
+
# (including newly released controls). If the request included a list
|
29451
|
+
# of security controls that are disabled in the configuration policy,
|
29452
|
+
# Security Hub enables all other controls (including newly released
|
29453
|
+
# controls).
|
29454
|
+
# @return [Types::Policy]
|
29455
|
+
#
|
29456
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyResponse AWS API Documentation
|
29457
|
+
#
|
29458
|
+
class UpdateConfigurationPolicyResponse < Struct.new(
|
29459
|
+
:arn,
|
29460
|
+
:id,
|
29461
|
+
:name,
|
29462
|
+
:description,
|
29463
|
+
:updated_at,
|
29464
|
+
:created_at,
|
29465
|
+
:configuration_policy)
|
29466
|
+
SENSITIVE = []
|
29467
|
+
include Aws::Structure
|
29468
|
+
end
|
29469
|
+
|
27893
29470
|
# @!attribute [rw] finding_aggregator_arn
|
27894
29471
|
# The ARN of the finding aggregator. To obtain the ARN, use
|
27895
29472
|
# `ListFindingAggregators`.
|
@@ -28030,37 +29607,55 @@ module Aws::SecurityHub
|
|
28030
29607
|
class UpdateInsightResponse < Aws::EmptyStructure; end
|
28031
29608
|
|
28032
29609
|
# @!attribute [rw] auto_enable
|
28033
|
-
# Whether to automatically enable Security Hub
|
28034
|
-
# organization.
|
28035
|
-
#
|
28036
|
-
#
|
28037
|
-
#
|
28038
|
-
#
|
28039
|
-
#
|
28040
|
-
# `
|
29610
|
+
# Whether to automatically enable Security Hub in new member accounts
|
29611
|
+
# when they join the organization.
|
29612
|
+
#
|
29613
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
29614
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
29615
|
+
# accounts automatically. The default value is `false`.
|
29616
|
+
#
|
29617
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
29618
|
+
# then this field is set to `false` and can't be changed in the home
|
29619
|
+
# Region and linked Regions. However, in that case, the delegated
|
29620
|
+
# administrator can create a configuration policy in which Security
|
29621
|
+
# Hub is enabled and associate the policy with new organization
|
29622
|
+
# accounts.
|
28041
29623
|
# @return [Boolean]
|
28042
29624
|
#
|
28043
29625
|
# @!attribute [rw] auto_enable_standards
|
28044
29626
|
# Whether to automatically enable Security Hub [default standards][1]
|
28045
|
-
#
|
29627
|
+
# in new member accounts when they join the organization.
|
28046
29628
|
#
|
28047
|
-
#
|
28048
|
-
#
|
28049
|
-
# standards
|
29629
|
+
# The default value of this parameter is equal to `DEFAULT`.
|
29630
|
+
#
|
29631
|
+
# If equal to `DEFAULT`, then Security Hub default standards are
|
29632
|
+
# automatically enabled for new member accounts. If equal to `NONE`,
|
29633
|
+
# then default standards are not automatically enabled for new member
|
29634
|
+
# accounts.
|
28050
29635
|
#
|
28051
|
-
#
|
28052
|
-
#
|
29636
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
29637
|
+
# then this field is set to `NONE` and can't be changed in the home
|
29638
|
+
# Region and linked Regions. However, in that case, the delegated
|
29639
|
+
# administrator can create a configuration policy in which specific
|
29640
|
+
# security standards are enabled and associate the policy with new
|
29641
|
+
# organization accounts.
|
28053
29642
|
#
|
28054
29643
|
#
|
28055
29644
|
#
|
28056
29645
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
28057
29646
|
# @return [String]
|
28058
29647
|
#
|
29648
|
+
# @!attribute [rw] organization_configuration
|
29649
|
+
# Provides information about the way an organization is configured in
|
29650
|
+
# Security Hub.
|
29651
|
+
# @return [Types::OrganizationConfiguration]
|
29652
|
+
#
|
28059
29653
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
|
28060
29654
|
#
|
28061
29655
|
class UpdateOrganizationConfigurationRequest < Struct.new(
|
28062
29656
|
:auto_enable,
|
28063
|
-
:auto_enable_standards
|
29657
|
+
:auto_enable_standards,
|
29658
|
+
:organization_configuration)
|
28064
29659
|
SENSITIVE = []
|
28065
29660
|
include Aws::Structure
|
28066
29661
|
end
|
@@ -28069,6 +29664,35 @@ module Aws::SecurityHub
|
|
28069
29664
|
#
|
28070
29665
|
class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
|
28071
29666
|
|
29667
|
+
# @!attribute [rw] security_control_id
|
29668
|
+
# The Amazon Resource Name (ARN) or ID of the control to update.
|
29669
|
+
# @return [String]
|
29670
|
+
#
|
29671
|
+
# @!attribute [rw] parameters
|
29672
|
+
# An object that specifies which security control parameters to
|
29673
|
+
# update.
|
29674
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
29675
|
+
#
|
29676
|
+
# @!attribute [rw] last_update_reason
|
29677
|
+
# The most recent reason for updating the properties of the security
|
29678
|
+
# control. This field accepts alphanumeric characters in addition to
|
29679
|
+
# white spaces, dashes, and underscores.
|
29680
|
+
# @return [String]
|
29681
|
+
#
|
29682
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlRequest AWS API Documentation
|
29683
|
+
#
|
29684
|
+
class UpdateSecurityControlRequest < Struct.new(
|
29685
|
+
:security_control_id,
|
29686
|
+
:parameters,
|
29687
|
+
:last_update_reason)
|
29688
|
+
SENSITIVE = []
|
29689
|
+
include Aws::Structure
|
29690
|
+
end
|
29691
|
+
|
29692
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlResponse AWS API Documentation
|
29693
|
+
#
|
29694
|
+
class UpdateSecurityControlResponse < Aws::EmptyStructure; end
|
29695
|
+
|
28072
29696
|
# @!attribute [rw] auto_enable_controls
|
28073
29697
|
# Whether to automatically enable new controls when they are added to
|
28074
29698
|
# standards that are enabled.
|