aws-sdk-securityhub 1.95.0 → 1.97.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -329,6 +329,36 @@ module Aws::SecurityHub
329
329
  include Aws::Structure
330
330
  end
331
331
 
332
+ # Options for filtering the `ListConfigurationPolicyAssociations`
333
+ # response. You can filter by the Amazon Resource Name (ARN) or
334
+ # universally unique identifier (UUID) of a configuration policy,
335
+ # `AssociationType`, or `AssociationStatus`.
336
+ #
337
+ # @!attribute [rw] configuration_policy_id
338
+ # The ARN or UUID of the configuration policy.
339
+ # @return [String]
340
+ #
341
+ # @!attribute [rw] association_type
342
+ # Indicates whether the association between a target and a
343
+ # configuration was directly applied by the Security Hub delegated
344
+ # administrator or inherited from a parent.
345
+ # @return [String]
346
+ #
347
+ # @!attribute [rw] association_status
348
+ # The current status of the association between a target and a
349
+ # configuration policy.
350
+ # @return [String]
351
+ #
352
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationFilters AWS API Documentation
353
+ #
354
+ class AssociationFilters < Struct.new(
355
+ :configuration_policy_id,
356
+ :association_type,
357
+ :association_status)
358
+ SENSITIVE = []
359
+ include Aws::Structure
360
+ end
361
+
332
362
  # The associations between a route table and one or more subnets or a
333
363
  # gateway.
334
364
  #
@@ -886,6 +916,26 @@ module Aws::SecurityHub
886
916
  # Array Members: Minimum number of 1 item. Maximum number of 20 items.
887
917
  # @return [Array<Types::MapFilter>]
888
918
  #
919
+ # @!attribute [rw] resource_application_arn
920
+ # The Amazon Resource Name (ARN) of the application that is related to
921
+ # a finding.
922
+ #
923
+ # Array Members: Minimum number of 1 item. Maximum number of 20 items.
924
+ # @return [Array<Types::StringFilter>]
925
+ #
926
+ # @!attribute [rw] resource_application_name
927
+ # The name of the application that is related to a finding.
928
+ #
929
+ # Array Members: Minimum number of 1 item. Maximum number of 20 items.
930
+ # @return [Array<Types::StringFilter>]
931
+ #
932
+ # @!attribute [rw] aws_account_name
933
+ # The name of the Amazon Web Services account in which a finding was
934
+ # generated.
935
+ #
936
+ # Array Members: Minimum number of 1 item. Maximum number of 20 items.
937
+ # @return [Array<Types::StringFilter>]
938
+ #
889
939
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AutomationRulesFindingFilters AWS API Documentation
890
940
  #
891
941
  class AutomationRulesFindingFilters < Struct.new(
@@ -923,7 +973,10 @@ module Aws::SecurityHub
923
973
  :note_text,
924
974
  :note_updated_at,
925
975
  :note_updated_by,
926
- :user_defined_fields)
976
+ :user_defined_fields,
977
+ :resource_application_arn,
978
+ :resource_application_name,
979
+ :aws_account_name)
927
980
  SENSITIVE = []
928
981
  include Aws::Structure
929
982
  end
@@ -4232,7 +4285,7 @@ module Aws::SecurityHub
4232
4285
  end
4233
4286
 
4234
4287
  # A complex type that describes the Amazon S3 bucket, HTTP server (for
4235
- # example, a web server), AWS Elemental MediaStore, or other server from
4288
+ # example, a web server), Elemental MediaStore, or other server from
4236
4289
  # which CloudFront gets your files.
4237
4290
  #
4238
4291
  # @!attribute [rw] domain_name
@@ -18641,6 +18694,25 @@ module Aws::SecurityHub
18641
18694
  # receives those findings.
18642
18695
  # @return [Types::GeneratorDetails]
18643
18696
  #
18697
+ # @!attribute [rw] processed_at
18698
+ # An ISO8601-formatted timestamp that indicates when Security Hub
18699
+ # received a finding and begins to process it.
18700
+ #
18701
+ # A correctly formatted example is `2020-05-21T20:16:34.724Z`. The
18702
+ # value cannot contain spaces, and date and time should be separated
18703
+ # by `T`. For more information, see [RFC 3339 section 5.6, Internet
18704
+ # Date/Time Format][1].
18705
+ #
18706
+ #
18707
+ #
18708
+ # [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
18709
+ # @return [String]
18710
+ #
18711
+ # @!attribute [rw] aws_account_name
18712
+ # The name of the Amazon Web Services account from which a finding was
18713
+ # generated.
18714
+ # @return [String]
18715
+ #
18644
18716
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
18645
18717
  #
18646
18718
  class AwsSecurityFinding < Struct.new(
@@ -18685,17 +18757,18 @@ module Aws::SecurityHub
18685
18757
  :action,
18686
18758
  :finding_provider_fields,
18687
18759
  :sample,
18688
- :generator_details)
18760
+ :generator_details,
18761
+ :processed_at,
18762
+ :aws_account_name)
18689
18763
  SENSITIVE = []
18690
18764
  include Aws::Structure
18691
18765
  end
18692
18766
 
18693
- # A collection of attributes that are applied to all active Security
18694
- # Hub-aggregated findings and that result in a subset of findings that
18695
- # are included in this insight.
18767
+ # A collection of filters that are applied to all active findings
18768
+ # aggregated by Security Hub.
18696
18769
  #
18697
- # You can filter by up to 10 finding attributes. For each attribute, you
18698
- # can provide up to 20 filter values.
18770
+ # You can filter by up to ten finding attributes. For each attribute,
18771
+ # you can provide up to 20 filter values.
18699
18772
  #
18700
18773
  # @!attribute [rw] product_arn
18701
18774
  # The ARN generated by Security Hub that uniquely identifies a
@@ -18705,7 +18778,7 @@ module Aws::SecurityHub
18705
18778
  # @return [Array<Types::StringFilter>]
18706
18779
  #
18707
18780
  # @!attribute [rw] aws_account_id
18708
- # The Amazon Web Services account ID that a finding is generated in.
18781
+ # The Amazon Web Services account ID in which a finding is generated.
18709
18782
  # @return [Array<Types::StringFilter>]
18710
18783
  #
18711
18784
  # @!attribute [rw] id
@@ -19273,6 +19346,39 @@ module Aws::SecurityHub
19273
19346
  # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html
19274
19347
  # @return [Array<Types::StringFilter>]
19275
19348
  #
19349
+ # @!attribute [rw] vulnerabilities_exploit_available
19350
+ # Indicates whether a software vulnerability in your environment has a
19351
+ # known exploit. You can filter findings by this field only if you use
19352
+ # Security Hub and Amazon Inspector.
19353
+ # @return [Array<Types::StringFilter>]
19354
+ #
19355
+ # @!attribute [rw] vulnerabilities_fix_available
19356
+ # Indicates whether a vulnerability is fixed in a newer version of the
19357
+ # affected software packages. You can filter findings by this field
19358
+ # only if you use Security Hub and Amazon Inspector.
19359
+ # @return [Array<Types::StringFilter>]
19360
+ #
19361
+ # @!attribute [rw] compliance_security_control_parameters_name
19362
+ # The name of a security control parameter.
19363
+ # @return [Array<Types::StringFilter>]
19364
+ #
19365
+ # @!attribute [rw] compliance_security_control_parameters_value
19366
+ # The current value of a security control parameter.
19367
+ # @return [Array<Types::StringFilter>]
19368
+ #
19369
+ # @!attribute [rw] aws_account_name
19370
+ # The name of the Amazon Web Services account in which a finding is
19371
+ # generated.
19372
+ # @return [Array<Types::StringFilter>]
19373
+ #
19374
+ # @!attribute [rw] resource_application_name
19375
+ # The name of the application that is related to a finding.
19376
+ # @return [Array<Types::StringFilter>]
19377
+ #
19378
+ # @!attribute [rw] resource_application_arn
19379
+ # The ARN of the application that is related to a finding.
19380
+ # @return [Array<Types::StringFilter>]
19381
+ #
19276
19382
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
19277
19383
  #
19278
19384
  class AwsSecurityFindingFilters < Struct.new(
@@ -19372,7 +19478,14 @@ module Aws::SecurityHub
19372
19478
  :finding_provider_fields_types,
19373
19479
  :sample,
19374
19480
  :compliance_security_control_id,
19375
- :compliance_associated_standards_id)
19481
+ :compliance_associated_standards_id,
19482
+ :vulnerabilities_exploit_available,
19483
+ :vulnerabilities_fix_available,
19484
+ :compliance_security_control_parameters_name,
19485
+ :compliance_security_control_parameters_value,
19486
+ :aws_account_name,
19487
+ :resource_application_name,
19488
+ :resource_application_arn)
19376
19489
  SENSITIVE = []
19377
19490
  include Aws::Structure
19378
19491
  end
@@ -21076,6 +21189,38 @@ module Aws::SecurityHub
21076
21189
  include Aws::Structure
21077
21190
  end
21078
21191
 
21192
+ # @!attribute [rw] configuration_policy_association_identifiers
21193
+ # Specifies one or more target account IDs, organizational unit (OU)
21194
+ # IDs, or the root ID to retrieve associations for.
21195
+ # @return [Array<Types::ConfigurationPolicyAssociation>]
21196
+ #
21197
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsRequest AWS API Documentation
21198
+ #
21199
+ class BatchGetConfigurationPolicyAssociationsRequest < Struct.new(
21200
+ :configuration_policy_association_identifiers)
21201
+ SENSITIVE = []
21202
+ include Aws::Structure
21203
+ end
21204
+
21205
+ # @!attribute [rw] configuration_policy_associations
21206
+ # Describes associations for the target accounts, OUs, or the root.
21207
+ # @return [Array<Types::ConfigurationPolicyAssociationSummary>]
21208
+ #
21209
+ # @!attribute [rw] unprocessed_configuration_policy_associations
21210
+ # An array of configuration policy associations, one for each
21211
+ # configuration policy association identifier, that was specified in
21212
+ # the request but couldn’t be processed due to an error.
21213
+ # @return [Array<Types::UnprocessedConfigurationPolicyAssociation>]
21214
+ #
21215
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsResponse AWS API Documentation
21216
+ #
21217
+ class BatchGetConfigurationPolicyAssociationsResponse < Struct.new(
21218
+ :configuration_policy_associations,
21219
+ :unprocessed_configuration_policy_associations)
21220
+ SENSITIVE = []
21221
+ include Aws::Structure
21222
+ end
21223
+
21079
21224
  # @!attribute [rw] security_control_ids
21080
21225
  # A list of security controls (identified with `SecurityControlId`,
21081
21226
  # `SecurityControlArn`, or a mix of both parameters). The security
@@ -21431,6 +21576,21 @@ module Aws::SecurityHub
21431
21576
  include Aws::Structure
21432
21577
  end
21433
21578
 
21579
+ # The options for customizing a security control parameter with a
21580
+ # boolean. For a boolean parameter, the options are `true` and `false`.
21581
+ #
21582
+ # @!attribute [rw] default_value
21583
+ # The Security Hub default value for a boolean parameter.
21584
+ # @return [Boolean]
21585
+ #
21586
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BooleanConfigurationOptions AWS API Documentation
21587
+ #
21588
+ class BooleanConfigurationOptions < Struct.new(
21589
+ :default_value)
21590
+ SENSITIVE = []
21591
+ include Aws::Structure
21592
+ end
21593
+
21434
21594
  # Boolean filter for querying findings.
21435
21595
  #
21436
21596
  # @!attribute [rw] value
@@ -21693,6 +21853,10 @@ module Aws::SecurityHub
21693
21853
  # currently enabled.
21694
21854
  # @return [Array<Types::AssociatedStandard>]
21695
21855
  #
21856
+ # @!attribute [rw] security_control_parameters
21857
+ # An object that includes security control parameter names and values.
21858
+ # @return [Array<Types::SecurityControlParameter>]
21859
+ #
21696
21860
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
21697
21861
  #
21698
21862
  class Compliance < Struct.new(
@@ -21700,7 +21864,193 @@ module Aws::SecurityHub
21700
21864
  :related_requirements,
21701
21865
  :status_reasons,
21702
21866
  :security_control_id,
21703
- :associated_standards)
21867
+ :associated_standards,
21868
+ :security_control_parameters)
21869
+ SENSITIVE = []
21870
+ include Aws::Structure
21871
+ end
21872
+
21873
+ # The options for customizing a security control parameter.
21874
+ #
21875
+ # @note ConfigurationOptions is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationOptions corresponding to the set member.
21876
+ #
21877
+ # @!attribute [rw] integer
21878
+ # The options for customizing a security control parameter that is an
21879
+ # integer.
21880
+ # @return [Types::IntegerConfigurationOptions]
21881
+ #
21882
+ # @!attribute [rw] integer_list
21883
+ # The options for customizing a security control parameter that is a
21884
+ # list of integers.
21885
+ # @return [Types::IntegerListConfigurationOptions]
21886
+ #
21887
+ # @!attribute [rw] double
21888
+ # The options for customizing a security control parameter that is a
21889
+ # double.
21890
+ # @return [Types::DoubleConfigurationOptions]
21891
+ #
21892
+ # @!attribute [rw] string
21893
+ # The options for customizing a security control parameter that is a
21894
+ # string data type.
21895
+ # @return [Types::StringConfigurationOptions]
21896
+ #
21897
+ # @!attribute [rw] string_list
21898
+ # The options for customizing a security control parameter that is a
21899
+ # list of strings.
21900
+ # @return [Types::StringListConfigurationOptions]
21901
+ #
21902
+ # @!attribute [rw] boolean
21903
+ # The options for customizing a security control parameter that is a
21904
+ # boolean. For a boolean parameter, the options are `true` and
21905
+ # `false`.
21906
+ # @return [Types::BooleanConfigurationOptions]
21907
+ #
21908
+ # @!attribute [rw] enum
21909
+ # The options for customizing a security control parameter that is an
21910
+ # enum.
21911
+ # @return [Types::EnumConfigurationOptions]
21912
+ #
21913
+ # @!attribute [rw] enum_list
21914
+ # The options for customizing a security control parameter that is a
21915
+ # list of enums.
21916
+ # @return [Types::EnumListConfigurationOptions]
21917
+ #
21918
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationOptions AWS API Documentation
21919
+ #
21920
+ class ConfigurationOptions < Struct.new(
21921
+ :integer,
21922
+ :integer_list,
21923
+ :double,
21924
+ :string,
21925
+ :string_list,
21926
+ :boolean,
21927
+ :enum,
21928
+ :enum_list,
21929
+ :unknown)
21930
+ SENSITIVE = []
21931
+ include Aws::Structure
21932
+ include Aws::Structure::Union
21933
+
21934
+ class Integer < ConfigurationOptions; end
21935
+ class IntegerList < ConfigurationOptions; end
21936
+ class Double < ConfigurationOptions; end
21937
+ class String < ConfigurationOptions; end
21938
+ class StringList < ConfigurationOptions; end
21939
+ class Boolean < ConfigurationOptions; end
21940
+ class Enum < ConfigurationOptions; end
21941
+ class EnumList < ConfigurationOptions; end
21942
+ class Unknown < ConfigurationOptions; end
21943
+ end
21944
+
21945
+ # Provides details about the association between an Security Hub
21946
+ # configuration and a target account, organizational unit, or the root.
21947
+ # An association can exist between a target and a configuration policy,
21948
+ # or between a target and self-managed behavior.
21949
+ #
21950
+ # @!attribute [rw] target
21951
+ # The target account, organizational unit, or the root.
21952
+ # @return [Types::Target]
21953
+ #
21954
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociation AWS API Documentation
21955
+ #
21956
+ class ConfigurationPolicyAssociation < Struct.new(
21957
+ :target)
21958
+ SENSITIVE = []
21959
+ include Aws::Structure
21960
+ end
21961
+
21962
+ # An object that contains the details of a configuration policy
21963
+ # association that’s returned in a `ListConfigurationPolicyAssociations`
21964
+ # request.
21965
+ #
21966
+ # @!attribute [rw] configuration_policy_id
21967
+ # The universally unique identifier (UUID) of the configuration
21968
+ # policy.
21969
+ # @return [String]
21970
+ #
21971
+ # @!attribute [rw] target_id
21972
+ # The identifier of the target account, organizational unit, or the
21973
+ # root.
21974
+ # @return [String]
21975
+ #
21976
+ # @!attribute [rw] target_type
21977
+ # Specifies whether the target is an Amazon Web Services account,
21978
+ # organizational unit, or the root.
21979
+ # @return [String]
21980
+ #
21981
+ # @!attribute [rw] association_type
21982
+ # Indicates whether the association between the specified target and
21983
+ # the configuration was directly applied by the Security Hub delegated
21984
+ # administrator or inherited from a parent.
21985
+ # @return [String]
21986
+ #
21987
+ # @!attribute [rw] updated_at
21988
+ # The date and time, in UTC and ISO 8601 format, that the
21989
+ # configuration policy association was last updated.
21990
+ # @return [Time]
21991
+ #
21992
+ # @!attribute [rw] association_status
21993
+ # The current status of the association between the specified target
21994
+ # and the configuration.
21995
+ # @return [String]
21996
+ #
21997
+ # @!attribute [rw] association_status_message
21998
+ # The explanation for a `FAILED` value for `AssociationStatus`.
21999
+ # @return [String]
22000
+ #
22001
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociationSummary AWS API Documentation
22002
+ #
22003
+ class ConfigurationPolicyAssociationSummary < Struct.new(
22004
+ :configuration_policy_id,
22005
+ :target_id,
22006
+ :target_type,
22007
+ :association_type,
22008
+ :updated_at,
22009
+ :association_status,
22010
+ :association_status_message)
22011
+ SENSITIVE = []
22012
+ include Aws::Structure
22013
+ end
22014
+
22015
+ # An object that contains the details of an Security Hub configuration
22016
+ # policy that’s returned in a `ListConfigurationPolicies` request.
22017
+ #
22018
+ # @!attribute [rw] arn
22019
+ # The Amazon Resource Name (ARN) of the configuration policy.
22020
+ # @return [String]
22021
+ #
22022
+ # @!attribute [rw] id
22023
+ # The universally unique identifier (UUID) of the configuration
22024
+ # policy.
22025
+ # @return [String]
22026
+ #
22027
+ # @!attribute [rw] name
22028
+ # The name of the configuration policy.
22029
+ # @return [String]
22030
+ #
22031
+ # @!attribute [rw] description
22032
+ # The description of the configuration policy.
22033
+ # @return [String]
22034
+ #
22035
+ # @!attribute [rw] updated_at
22036
+ # The date and time, in UTC and ISO 8601 format, that the
22037
+ # configuration policy was last updated.
22038
+ # @return [Time]
22039
+ #
22040
+ # @!attribute [rw] service_enabled
22041
+ # Indicates whether the service that the configuration policy applies
22042
+ # to is enabled in the policy.
22043
+ # @return [Boolean]
22044
+ #
22045
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicySummary AWS API Documentation
22046
+ #
22047
+ class ConfigurationPolicySummary < Struct.new(
22048
+ :arn,
22049
+ :id,
22050
+ :name,
22051
+ :description,
22052
+ :updated_at,
22053
+ :service_enabled)
21704
22054
  SENSITIVE = []
21705
22055
  include Aws::Structure
21706
22056
  end
@@ -21816,7 +22166,7 @@ module Aws::SecurityHub
21816
22166
  end
21817
22167
 
21818
22168
  # @!attribute [rw] tags
21819
- # User-defined tags that help you label the purpose of a rule.
22169
+ # User-defined tags associated with an automation rule.
21820
22170
  # @return [Hash<String,String>]
21821
22171
  #
21822
22172
  # @!attribute [rw] rule_status
@@ -21895,6 +22245,102 @@ module Aws::SecurityHub
21895
22245
  include Aws::Structure
21896
22246
  end
21897
22247
 
22248
+ # @!attribute [rw] name
22249
+ # The name of the configuration policy.
22250
+ # @return [String]
22251
+ #
22252
+ # @!attribute [rw] description
22253
+ # The description of the configuration policy.
22254
+ # @return [String]
22255
+ #
22256
+ # @!attribute [rw] configuration_policy
22257
+ # An object that defines how Security Hub is configured. It includes
22258
+ # whether Security Hub is enabled or disabled, a list of enabled
22259
+ # security standards, a list of enabled or disabled security controls,
22260
+ # and a list of custom parameter values for specified controls. If you
22261
+ # provide a list of security controls that are enabled in the
22262
+ # configuration policy, Security Hub disables all other controls
22263
+ # (including newly released controls). If you provide a list of
22264
+ # security controls that are disabled in the configuration policy,
22265
+ # Security Hub enables all other controls (including newly released
22266
+ # controls).
22267
+ # @return [Types::Policy]
22268
+ #
22269
+ # @!attribute [rw] tags
22270
+ # User-defined tags associated with a configuration policy. For more
22271
+ # information, see [Tagging Security Hub resources][1] in the
22272
+ # *Security Hub user guide*.
22273
+ #
22274
+ #
22275
+ #
22276
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
22277
+ # @return [Hash<String,String>]
22278
+ #
22279
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyRequest AWS API Documentation
22280
+ #
22281
+ class CreateConfigurationPolicyRequest < Struct.new(
22282
+ :name,
22283
+ :description,
22284
+ :configuration_policy,
22285
+ :tags)
22286
+ SENSITIVE = []
22287
+ include Aws::Structure
22288
+ end
22289
+
22290
+ # @!attribute [rw] arn
22291
+ # The Amazon Resource Name (ARN) of the configuration policy.
22292
+ # @return [String]
22293
+ #
22294
+ # @!attribute [rw] id
22295
+ # The universally unique identifier (UUID) of the configuration
22296
+ # policy.
22297
+ # @return [String]
22298
+ #
22299
+ # @!attribute [rw] name
22300
+ # The name of the configuration policy.
22301
+ # @return [String]
22302
+ #
22303
+ # @!attribute [rw] description
22304
+ # The description of the configuration policy.
22305
+ # @return [String]
22306
+ #
22307
+ # @!attribute [rw] updated_at
22308
+ # The date and time, in UTC and ISO 8601 format, that the
22309
+ # configuration policy was last updated.
22310
+ # @return [Time]
22311
+ #
22312
+ # @!attribute [rw] created_at
22313
+ # The date and time, in UTC and ISO 8601 format, that the
22314
+ # configuration policy was created.
22315
+ # @return [Time]
22316
+ #
22317
+ # @!attribute [rw] configuration_policy
22318
+ # An object that defines how Security Hub is configured. It includes
22319
+ # whether Security Hub is enabled or disabled, a list of enabled
22320
+ # security standards, a list of enabled or disabled security controls,
22321
+ # and a list of custom parameter values for specified controls. If the
22322
+ # request included a list of security controls that are enabled in the
22323
+ # configuration policy, Security Hub disables all other controls
22324
+ # (including newly released controls). If the request included a list
22325
+ # of security controls that are disabled in the configuration policy,
22326
+ # Security Hub enables all other controls (including newly released
22327
+ # controls).
22328
+ # @return [Types::Policy]
22329
+ #
22330
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyResponse AWS API Documentation
22331
+ #
22332
+ class CreateConfigurationPolicyResponse < Struct.new(
22333
+ :arn,
22334
+ :id,
22335
+ :name,
22336
+ :description,
22337
+ :updated_at,
22338
+ :created_at,
22339
+ :configuration_policy)
22340
+ SENSITIVE = []
22341
+ include Aws::Structure
22342
+ end
22343
+
21898
22344
  # @!attribute [rw] region_linking_mode
21899
22345
  # Indicates whether to aggregate findings from all of the available
21900
22346
  # Regions in the current partition. Also determines whether to
@@ -22257,6 +22703,23 @@ module Aws::SecurityHub
22257
22703
  include Aws::Structure
22258
22704
  end
22259
22705
 
22706
+ # @!attribute [rw] identifier
22707
+ # The Amazon Resource Name (ARN) or universally unique identifier
22708
+ # (UUID) of the configuration policy.
22709
+ # @return [String]
22710
+ #
22711
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyRequest AWS API Documentation
22712
+ #
22713
+ class DeleteConfigurationPolicyRequest < Struct.new(
22714
+ :identifier)
22715
+ SENSITIVE = []
22716
+ include Aws::Structure
22717
+ end
22718
+
22719
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyResponse AWS API Documentation
22720
+ #
22721
+ class DeleteConfigurationPolicyResponse < Aws::EmptyStructure; end
22722
+
22260
22723
  # @!attribute [rw] finding_aggregator_arn
22261
22724
  # The ARN of the finding aggregator to delete. To obtain the ARN, use
22262
22725
  # `ListFindingAggregators`.
@@ -22463,11 +22926,19 @@ module Aws::SecurityHub
22463
22926
  class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
22464
22927
 
22465
22928
  # @!attribute [rw] auto_enable
22466
- # Whether to automatically enable Security Hub for new accounts in the
22467
- # organization.
22468
- #
22469
- # If set to `true`, then Security Hub is enabled for new accounts. If
22470
- # set to false, then new accounts are not added automatically.
22929
+ # Whether to automatically enable Security Hub in new member accounts
22930
+ # when they join the organization.
22931
+ #
22932
+ # If set to `true`, then Security Hub is automatically enabled in new
22933
+ # accounts. If set to `false`, then Security Hub isn't enabled in new
22934
+ # accounts automatically. The default value is `false`.
22935
+ #
22936
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
22937
+ # then this field is set to `false` and can't be changed in the home
22938
+ # Region and linked Regions. However, in that case, the delegated
22939
+ # administrator can create a configuration policy in which Security
22940
+ # Hub is enabled and associate the policy with new organization
22941
+ # accounts.
22471
22942
  # @return [Boolean]
22472
22943
  #
22473
22944
  # @!attribute [rw] member_account_limit_reached
@@ -22477,26 +22948,37 @@ module Aws::SecurityHub
22477
22948
  #
22478
22949
  # @!attribute [rw] auto_enable_standards
22479
22950
  # Whether to automatically enable Security Hub [default standards][1]
22480
- # for new member accounts in the organization.
22481
- #
22482
- # The default value of this parameter is equal to `DEFAULT`.
22951
+ # in new member accounts when they join the organization.
22483
22952
  #
22484
22953
  # If equal to `DEFAULT`, then Security Hub default standards are
22485
22954
  # automatically enabled for new member accounts. If equal to `NONE`,
22486
22955
  # then default standards are not automatically enabled for new member
22487
- # accounts.
22956
+ # accounts. The default value of this parameter is equal to `DEFAULT`.
22957
+ #
22958
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
22959
+ # then this field is set to `NONE` and can't be changed in the home
22960
+ # Region and linked Regions. However, in that case, the delegated
22961
+ # administrator can create a configuration policy in which specific
22962
+ # security standards are enabled and associate the policy with new
22963
+ # organization accounts.
22488
22964
  #
22489
22965
  #
22490
22966
  #
22491
22967
  # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
22492
22968
  # @return [String]
22493
22969
  #
22970
+ # @!attribute [rw] organization_configuration
22971
+ # Provides information about the way an organization is configured in
22972
+ # Security Hub.
22973
+ # @return [Types::OrganizationConfiguration]
22974
+ #
22494
22975
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
22495
22976
  #
22496
22977
  class DescribeOrganizationConfigurationResponse < Struct.new(
22497
22978
  :auto_enable,
22498
22979
  :member_account_limit_reached,
22499
- :auto_enable_standards)
22980
+ :auto_enable_standards,
22981
+ :organization_configuration)
22500
22982
  SENSITIVE = []
22501
22983
  include Aws::Structure
22502
22984
  end
@@ -22738,6 +23220,32 @@ module Aws::SecurityHub
22738
23220
  include Aws::Structure
22739
23221
  end
22740
23222
 
23223
+ # The options for customizing a security control parameter that is a
23224
+ # double.
23225
+ #
23226
+ # @!attribute [rw] default_value
23227
+ # The Security Hub default value for a control parameter that is a
23228
+ # double.
23229
+ # @return [Float]
23230
+ #
23231
+ # @!attribute [rw] min
23232
+ # The minimum valid value for a control parameter that is a double.
23233
+ # @return [Float]
23234
+ #
23235
+ # @!attribute [rw] max
23236
+ # The maximum valid value for a control parameter that is a double.
23237
+ # @return [Float]
23238
+ #
23239
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DoubleConfigurationOptions AWS API Documentation
23240
+ #
23241
+ class DoubleConfigurationOptions < Struct.new(
23242
+ :default_value,
23243
+ :min,
23244
+ :max)
23245
+ SENSITIVE = []
23246
+ include Aws::Structure
23247
+ end
23248
+
22741
23249
  # @!attribute [rw] product_arn
22742
23250
  # The ARN of the product to enable the integration for.
22743
23251
  # @return [String]
@@ -22823,6 +23331,54 @@ module Aws::SecurityHub
22823
23331
  #
22824
23332
  class EnableSecurityHubResponse < Aws::EmptyStructure; end
22825
23333
 
23334
+ # The options for customizing a security control parameter that is an
23335
+ # enum.
23336
+ #
23337
+ # @!attribute [rw] default_value
23338
+ # The Security Hub default value for a control parameter that is an
23339
+ # enum.
23340
+ # @return [String]
23341
+ #
23342
+ # @!attribute [rw] allowed_values
23343
+ # The valid values for a control parameter that is an enum.
23344
+ # @return [Array<String>]
23345
+ #
23346
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumConfigurationOptions AWS API Documentation
23347
+ #
23348
+ class EnumConfigurationOptions < Struct.new(
23349
+ :default_value,
23350
+ :allowed_values)
23351
+ SENSITIVE = []
23352
+ include Aws::Structure
23353
+ end
23354
+
23355
+ # The options for customizing a security control parameter that is a
23356
+ # list of enums.
23357
+ #
23358
+ # @!attribute [rw] default_value
23359
+ # The Security Hub default value for a control parameter that is a
23360
+ # list of enums.
23361
+ # @return [Array<String>]
23362
+ #
23363
+ # @!attribute [rw] max_items
23364
+ # The maximum number of list items that an enum list control parameter
23365
+ # can accept.
23366
+ # @return [Integer]
23367
+ #
23368
+ # @!attribute [rw] allowed_values
23369
+ # The valid values for a control parameter that is a list of enums.
23370
+ # @return [Array<String>]
23371
+ #
23372
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnumListConfigurationOptions AWS API Documentation
23373
+ #
23374
+ class EnumListConfigurationOptions < Struct.new(
23375
+ :default_value,
23376
+ :max_items,
23377
+ :allowed_values)
23378
+ SENSITIVE = []
23379
+ include Aws::Structure
23380
+ end
23381
+
22826
23382
  # Provides information about the file paths that were affected by the
22827
23383
  # threat.
22828
23384
  #
@@ -23241,18 +23797,145 @@ module Aws::SecurityHub
23241
23797
  include Aws::Structure
23242
23798
  end
23243
23799
 
23244
- # @!attribute [rw] standards_subscription_arns
23245
- # The list of the standards subscription ARNs for the standards to
23246
- # retrieve.
23247
- # @return [Array<String>]
23800
+ # @!attribute [rw] target
23801
+ # The target account ID, organizational unit ID, or the root ID to
23802
+ # retrieve the association for.
23803
+ # @return [Types::Target]
23248
23804
  #
23249
- # @!attribute [rw] next_token
23250
- # The token that is required for pagination. On your first call to the
23251
- # `GetEnabledStandards` operation, set the value of this parameter to
23252
- # `NULL`.
23805
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationRequest AWS API Documentation
23253
23806
  #
23254
- # For subsequent calls to the operation, to continue listing data, set
23255
- # the value of this parameter to the value returned from the previous
23807
+ class GetConfigurationPolicyAssociationRequest < Struct.new(
23808
+ :target)
23809
+ SENSITIVE = []
23810
+ include Aws::Structure
23811
+ end
23812
+
23813
+ # @!attribute [rw] configuration_policy_id
23814
+ # The universally unique identifier (UUID) of a configuration policy.
23815
+ # For self-managed behavior, the value is `SELF_MANAGED_SECURITY_HUB`.
23816
+ # @return [String]
23817
+ #
23818
+ # @!attribute [rw] target_id
23819
+ # The target account ID, organizational unit ID, or the root ID for
23820
+ # which the association is retrieved.
23821
+ # @return [String]
23822
+ #
23823
+ # @!attribute [rw] target_type
23824
+ # Specifies whether the target is an Amazon Web Services account,
23825
+ # organizational unit, or the organization root.
23826
+ # @return [String]
23827
+ #
23828
+ # @!attribute [rw] association_type
23829
+ # Indicates whether the association between the specified target and
23830
+ # the configuration was directly applied by the Security Hub delegated
23831
+ # administrator or inherited from a parent.
23832
+ # @return [String]
23833
+ #
23834
+ # @!attribute [rw] updated_at
23835
+ # The date and time, in UTC and ISO 8601 format, that the
23836
+ # configuration policy association was last updated.
23837
+ # @return [Time]
23838
+ #
23839
+ # @!attribute [rw] association_status
23840
+ # The current status of the association between the specified target
23841
+ # and the configuration.
23842
+ # @return [String]
23843
+ #
23844
+ # @!attribute [rw] association_status_message
23845
+ # The explanation for a `FAILED` value for `AssociationStatus`.
23846
+ # @return [String]
23847
+ #
23848
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationResponse AWS API Documentation
23849
+ #
23850
+ class GetConfigurationPolicyAssociationResponse < Struct.new(
23851
+ :configuration_policy_id,
23852
+ :target_id,
23853
+ :target_type,
23854
+ :association_type,
23855
+ :updated_at,
23856
+ :association_status,
23857
+ :association_status_message)
23858
+ SENSITIVE = []
23859
+ include Aws::Structure
23860
+ end
23861
+
23862
+ # @!attribute [rw] identifier
23863
+ # The Amazon Resource Name (ARN) or universally unique identifier
23864
+ # (UUID) of the configuration policy.
23865
+ # @return [String]
23866
+ #
23867
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyRequest AWS API Documentation
23868
+ #
23869
+ class GetConfigurationPolicyRequest < Struct.new(
23870
+ :identifier)
23871
+ SENSITIVE = []
23872
+ include Aws::Structure
23873
+ end
23874
+
23875
+ # @!attribute [rw] arn
23876
+ # The ARN of the configuration policy.
23877
+ # @return [String]
23878
+ #
23879
+ # @!attribute [rw] id
23880
+ # The UUID of the configuration policy.
23881
+ # @return [String]
23882
+ #
23883
+ # @!attribute [rw] name
23884
+ # The name of the configuration policy.
23885
+ # @return [String]
23886
+ #
23887
+ # @!attribute [rw] description
23888
+ # The description of the configuration policy.
23889
+ # @return [String]
23890
+ #
23891
+ # @!attribute [rw] updated_at
23892
+ # The date and time, in UTC and ISO 8601 format, that the
23893
+ # configuration policy was last updated.
23894
+ # @return [Time]
23895
+ #
23896
+ # @!attribute [rw] created_at
23897
+ # The date and time, in UTC and ISO 8601 format, that the
23898
+ # configuration policy was created.
23899
+ # @return [Time]
23900
+ #
23901
+ # @!attribute [rw] configuration_policy
23902
+ # An object that defines how Security Hub is configured. It includes
23903
+ # whether Security Hub is enabled or disabled, a list of enabled
23904
+ # security standards, a list of enabled or disabled security controls,
23905
+ # and a list of custom parameter values for specified controls. If the
23906
+ # policy includes a list of security controls that are enabled,
23907
+ # Security Hub disables all other controls (including newly released
23908
+ # controls). If the policy includes a list of security controls that
23909
+ # are disabled, Security Hub enables all other controls (including
23910
+ # newly released controls).
23911
+ # @return [Types::Policy]
23912
+ #
23913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyResponse AWS API Documentation
23914
+ #
23915
+ class GetConfigurationPolicyResponse < Struct.new(
23916
+ :arn,
23917
+ :id,
23918
+ :name,
23919
+ :description,
23920
+ :updated_at,
23921
+ :created_at,
23922
+ :configuration_policy)
23923
+ SENSITIVE = []
23924
+ include Aws::Structure
23925
+ end
23926
+
23927
+ # @!attribute [rw] standards_subscription_arns
23928
+ # The list of the standards subscription ARNs for the standards to
23929
+ # retrieve.
23930
+ # @return [Array<String>]
23931
+ #
23932
+ # @!attribute [rw] next_token
23933
+ # The token that is required for pagination. On your first call to the
23934
+ # `GetEnabledStandards` operation, set the value of this parameter to
23935
+ # `NULL`.
23936
+ #
23937
+ # For subsequent calls to the operation, to continue listing data, set
23938
+ # the value of this parameter to the value returned from the previous
23256
23939
  # response.
23257
23940
  # @return [String]
23258
23941
  #
@@ -23628,6 +24311,34 @@ module Aws::SecurityHub
23628
24311
  include Aws::Structure
23629
24312
  end
23630
24313
 
24314
+ # @!attribute [rw] security_control_id
24315
+ # The ID of the security control to retrieve the definition for. This
24316
+ # field doesn’t accept an Amazon Resource Name (ARN).
24317
+ # @return [String]
24318
+ #
24319
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionRequest AWS API Documentation
24320
+ #
24321
+ class GetSecurityControlDefinitionRequest < Struct.new(
24322
+ :security_control_id)
24323
+ SENSITIVE = []
24324
+ include Aws::Structure
24325
+ end
24326
+
24327
+ # @!attribute [rw] security_control_definition
24328
+ # Provides metadata for a security control, including its unique
24329
+ # standard-agnostic identifier, title, description, severity,
24330
+ # availability in Amazon Web Services Regions, and a link to
24331
+ # remediation steps.
24332
+ # @return [Types::SecurityControlDefinition]
24333
+ #
24334
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinitionResponse AWS API Documentation
24335
+ #
24336
+ class GetSecurityControlDefinitionResponse < Struct.new(
24337
+ :security_control_definition)
24338
+ SENSITIVE = []
24339
+ include Aws::Structure
24340
+ end
24341
+
23631
24342
  # An Internet Control Message Protocol (ICMP) type and code.
23632
24343
  #
23633
24344
  # @!attribute [rw] code
@@ -23760,6 +24471,66 @@ module Aws::SecurityHub
23760
24471
  include Aws::Structure
23761
24472
  end
23762
24473
 
24474
+ # The options for customizing a security control parameter that is an
24475
+ # integer.
24476
+ #
24477
+ # @!attribute [rw] default_value
24478
+ # The Security Hub default value for a control parameter that is an
24479
+ # integer.
24480
+ # @return [Integer]
24481
+ #
24482
+ # @!attribute [rw] min
24483
+ # The minimum valid value for a control parameter that is an integer.
24484
+ # @return [Integer]
24485
+ #
24486
+ # @!attribute [rw] max
24487
+ # The maximum valid value for a control parameter that is an integer.
24488
+ # @return [Integer]
24489
+ #
24490
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerConfigurationOptions AWS API Documentation
24491
+ #
24492
+ class IntegerConfigurationOptions < Struct.new(
24493
+ :default_value,
24494
+ :min,
24495
+ :max)
24496
+ SENSITIVE = []
24497
+ include Aws::Structure
24498
+ end
24499
+
24500
+ # The options for customizing a security control parameter that is a
24501
+ # list of integers.
24502
+ #
24503
+ # @!attribute [rw] default_value
24504
+ # The Security Hub default value for a control parameter that is a
24505
+ # list of integers.
24506
+ # @return [Array<Integer>]
24507
+ #
24508
+ # @!attribute [rw] min
24509
+ # The minimum valid value for a control parameter that is a list of
24510
+ # integers.
24511
+ # @return [Integer]
24512
+ #
24513
+ # @!attribute [rw] max
24514
+ # The maximum valid value for a control parameter that is a list of
24515
+ # integers.
24516
+ # @return [Integer]
24517
+ #
24518
+ # @!attribute [rw] max_items
24519
+ # The maximum number of list items that an interger list control
24520
+ # parameter can accept.
24521
+ # @return [Integer]
24522
+ #
24523
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IntegerListConfigurationOptions AWS API Documentation
24524
+ #
24525
+ class IntegerListConfigurationOptions < Struct.new(
24526
+ :default_value,
24527
+ :min,
24528
+ :max,
24529
+ :max_items)
24530
+ SENSITIVE = []
24531
+ include Aws::Structure
24532
+ end
24533
+
23763
24534
  # Internal server error.
23764
24535
  #
23765
24536
  # @!attribute [rw] message
@@ -24022,6 +24793,117 @@ module Aws::SecurityHub
24022
24793
  include Aws::Structure
24023
24794
  end
24024
24795
 
24796
+ # @!attribute [rw] next_token
24797
+ # The NextToken value that's returned from a previous paginated
24798
+ # `ListConfigurationPolicies` request where `MaxResults` was used but
24799
+ # the results exceeded the value of that parameter. Pagination
24800
+ # continues from the `MaxResults` was used but the results exceeded
24801
+ # the value of that parameter. Pagination continues from the end of
24802
+ # the previous response that returned the `NextToken` value. This
24803
+ # value is `null` when there are no more results to return.
24804
+ # @return [String]
24805
+ #
24806
+ # @!attribute [rw] max_results
24807
+ # The maximum number of results that's returned by
24808
+ # `ListConfigurationPolicies` in each page of the response. When this
24809
+ # parameter is used, `ListConfigurationPolicies` returns the specified
24810
+ # number of results in a single page and a `NextToken` response
24811
+ # element. You can see the remaining results of the initial request by
24812
+ # sending another `ListConfigurationPolicies` request with the
24813
+ # returned `NextToken` value. A valid range for `MaxResults` is
24814
+ # between 1 and 100.
24815
+ # @return [Integer]
24816
+ #
24817
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesRequest AWS API Documentation
24818
+ #
24819
+ class ListConfigurationPoliciesRequest < Struct.new(
24820
+ :next_token,
24821
+ :max_results)
24822
+ SENSITIVE = []
24823
+ include Aws::Structure
24824
+ end
24825
+
24826
+ # @!attribute [rw] configuration_policy_summaries
24827
+ # Provides metadata for each of your configuration policies.
24828
+ # @return [Array<Types::ConfigurationPolicySummary>]
24829
+ #
24830
+ # @!attribute [rw] next_token
24831
+ # The `NextToken` value to include in the next
24832
+ # `ListConfigurationPolicies` request. When the results of a
24833
+ # `ListConfigurationPolicies` request exceed `MaxResults`, this value
24834
+ # can be used to retrieve the next page of results. This value is
24835
+ # `null` when there are no more results to return.
24836
+ # @return [String]
24837
+ #
24838
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesResponse AWS API Documentation
24839
+ #
24840
+ class ListConfigurationPoliciesResponse < Struct.new(
24841
+ :configuration_policy_summaries,
24842
+ :next_token)
24843
+ SENSITIVE = []
24844
+ include Aws::Structure
24845
+ end
24846
+
24847
+ # @!attribute [rw] next_token
24848
+ # The `NextToken` value that's returned from a previous paginated
24849
+ # `ListConfigurationPolicyAssociations` request where `MaxResults` was
24850
+ # used but the results exceeded the value of that parameter.
24851
+ # Pagination continues from the end of the previous response that
24852
+ # returned the `NextToken` value. This value is `null` when there are
24853
+ # no more results to return.
24854
+ # @return [String]
24855
+ #
24856
+ # @!attribute [rw] max_results
24857
+ # The maximum number of results that's returned by
24858
+ # `ListConfigurationPolicies` in each page of the response. When this
24859
+ # parameter is used, `ListConfigurationPolicyAssociations` returns the
24860
+ # specified number of results in a single page and a `NextToken`
24861
+ # response element. You can see the remaining results of the initial
24862
+ # request by sending another `ListConfigurationPolicyAssociations`
24863
+ # request with the returned `NextToken` value. A valid range for
24864
+ # `MaxResults` is between 1 and 100.
24865
+ # @return [Integer]
24866
+ #
24867
+ # @!attribute [rw] filters
24868
+ # Options for filtering the `ListConfigurationPolicyAssociations`
24869
+ # response. You can filter by the Amazon Resource Name (ARN) or
24870
+ # universally unique identifier (UUID) of a configuration,
24871
+ # `AssociationType`, or `AssociationStatus`.
24872
+ # @return [Types::AssociationFilters]
24873
+ #
24874
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsRequest AWS API Documentation
24875
+ #
24876
+ class ListConfigurationPolicyAssociationsRequest < Struct.new(
24877
+ :next_token,
24878
+ :max_results,
24879
+ :filters)
24880
+ SENSITIVE = []
24881
+ include Aws::Structure
24882
+ end
24883
+
24884
+ # @!attribute [rw] configuration_policy_association_summaries
24885
+ # An object that contains the details of each configuration policy
24886
+ # association that’s returned in a
24887
+ # `ListConfigurationPolicyAssociations` request.
24888
+ # @return [Array<Types::ConfigurationPolicyAssociationSummary>]
24889
+ #
24890
+ # @!attribute [rw] next_token
24891
+ # The `NextToken` value to include in the next
24892
+ # `ListConfigurationPolicyAssociations` request. When the results of a
24893
+ # `ListConfigurationPolicyAssociations` request exceed `MaxResults`,
24894
+ # this value can be used to retrieve the next page of results. This
24895
+ # value is `null` when there are no more results to return.
24896
+ # @return [String]
24897
+ #
24898
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsResponse AWS API Documentation
24899
+ #
24900
+ class ListConfigurationPolicyAssociationsResponse < Struct.new(
24901
+ :configuration_policy_association_summaries,
24902
+ :next_token)
24903
+ SENSITIVE = []
24904
+ include Aws::Structure
24905
+ end
24906
+
24025
24907
  # @!attribute [rw] next_token
24026
24908
  # The token that is required for pagination. On your first call to the
24027
24909
  # `ListEnabledProductsForImport` operation, set the value of this
@@ -24838,12 +25720,24 @@ module Aws::SecurityHub
24838
25720
  # for findings.
24839
25721
  # @return [Float]
24840
25722
  #
25723
+ # @!attribute [rw] gt
25724
+ # The greater-than condition to be applied to a single field when
25725
+ # querying for findings.
25726
+ # @return [Float]
25727
+ #
25728
+ # @!attribute [rw] lt
25729
+ # The less-than condition to be applied to a single field when
25730
+ # querying for findings.
25731
+ # @return [Float]
25732
+ #
24841
25733
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NumberFilter AWS API Documentation
24842
25734
  #
24843
25735
  class NumberFilter < Struct.new(
24844
25736
  :gte,
24845
25737
  :lte,
24846
- :eq)
25738
+ :eq,
25739
+ :gt,
25740
+ :lt)
24847
25741
  SENSITIVE = []
24848
25742
  include Aws::Structure
24849
25743
  end
@@ -24888,6 +25782,53 @@ module Aws::SecurityHub
24888
25782
  include Aws::Structure
24889
25783
  end
24890
25784
 
25785
+ # Provides information about the way an organization is configured in
25786
+ # Security Hub.
25787
+ #
25788
+ # @!attribute [rw] configuration_type
25789
+ # Indicates whether the organization uses local or central
25790
+ # configuration.
25791
+ #
25792
+ # If you use local configuration, the Security Hub delegated
25793
+ # administrator can set `AutoEnable` to `true` and
25794
+ # `AutoEnableStandards` to `DEFAULT`. This automatically enables
25795
+ # Security Hub and default security standards in new organization
25796
+ # accounts. These new account settings must be set separately in each
25797
+ # Amazon Web Services Region, and settings may be different in each
25798
+ # Region.
25799
+ #
25800
+ # If you use central configuration, the delegated administrator can
25801
+ # create configuration policies. Configuration policies can be used to
25802
+ # configure Security Hub, security standards, and security controls in
25803
+ # multiple accounts and Regions. If you want new organization accounts
25804
+ # to use a specific configuration, you can create a configuration
25805
+ # policy and associate it with the root or specific organizational
25806
+ # units (OUs). New accounts will inherit the policy from the root or
25807
+ # their assigned OU.
25808
+ # @return [String]
25809
+ #
25810
+ # @!attribute [rw] status
25811
+ # Describes whether central configuration could be enabled as the
25812
+ # `ConfigurationType` for the organization. If your
25813
+ # `ConfigurationType` is local configuration, then the value of
25814
+ # `Status` is always `ENABLED`.
25815
+ # @return [String]
25816
+ #
25817
+ # @!attribute [rw] status_message
25818
+ # Provides an explanation if the value of `Status` is equal to
25819
+ # `FAILED` when `ConfigurationType` is equal to `CENTRAL`.
25820
+ # @return [String]
25821
+ #
25822
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/OrganizationConfiguration AWS API Documentation
25823
+ #
25824
+ class OrganizationConfiguration < Struct.new(
25825
+ :configuration_type,
25826
+ :status,
25827
+ :status_message)
25828
+ SENSITIVE = []
25829
+ include Aws::Structure
25830
+ end
25831
+
24891
25832
  # An occurrence of sensitive data in an Adobe Portable Document Format
24892
25833
  # (PDF) file.
24893
25834
  #
@@ -24915,6 +25856,114 @@ module Aws::SecurityHub
24915
25856
  include Aws::Structure
24916
25857
  end
24917
25858
 
25859
+ # An object that provides the current value of a security control
25860
+ # parameter and identifies whether it has been customized.
25861
+ #
25862
+ # @!attribute [rw] value_type
25863
+ # Identifies whether a control parameter uses a custom user-defined
25864
+ # value or the Security Hub default value.
25865
+ # @return [String]
25866
+ #
25867
+ # @!attribute [rw] value
25868
+ # The current value of a control parameter.
25869
+ # @return [Types::ParameterValue]
25870
+ #
25871
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterConfiguration AWS API Documentation
25872
+ #
25873
+ class ParameterConfiguration < Struct.new(
25874
+ :value_type,
25875
+ :value)
25876
+ SENSITIVE = []
25877
+ include Aws::Structure
25878
+ end
25879
+
25880
+ # An object that describes a security control parameter and the options
25881
+ # for customizing it.
25882
+ #
25883
+ # @!attribute [rw] description
25884
+ # Description of a control parameter.
25885
+ # @return [String]
25886
+ #
25887
+ # @!attribute [rw] configuration_options
25888
+ # The options for customizing a control parameter. Customization
25889
+ # options vary based on the data type of the parameter.
25890
+ # @return [Types::ConfigurationOptions]
25891
+ #
25892
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterDefinition AWS API Documentation
25893
+ #
25894
+ class ParameterDefinition < Struct.new(
25895
+ :description,
25896
+ :configuration_options)
25897
+ SENSITIVE = []
25898
+ include Aws::Structure
25899
+ end
25900
+
25901
+ # An object that includes the data type of a security control parameter
25902
+ # and its current value.
25903
+ #
25904
+ # @note ParameterValue is a union - when making an API calls you must set exactly one of the members.
25905
+ #
25906
+ # @note ParameterValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ParameterValue corresponding to the set member.
25907
+ #
25908
+ # @!attribute [rw] integer
25909
+ # A control parameter that is an integer.
25910
+ # @return [Integer]
25911
+ #
25912
+ # @!attribute [rw] integer_list
25913
+ # A control parameter that is a list of integers.
25914
+ # @return [Array<Integer>]
25915
+ #
25916
+ # @!attribute [rw] double
25917
+ # A control parameter that is a double.
25918
+ # @return [Float]
25919
+ #
25920
+ # @!attribute [rw] string
25921
+ # A control parameter that is a string.
25922
+ # @return [String]
25923
+ #
25924
+ # @!attribute [rw] string_list
25925
+ # A control parameter that is a list of strings.
25926
+ # @return [Array<String>]
25927
+ #
25928
+ # @!attribute [rw] boolean
25929
+ # A control parameter that is a boolean.
25930
+ # @return [Boolean]
25931
+ #
25932
+ # @!attribute [rw] enum
25933
+ # A control parameter that is an enum.
25934
+ # @return [String]
25935
+ #
25936
+ # @!attribute [rw] enum_list
25937
+ # A control parameter that is a list of enums.
25938
+ # @return [Array<String>]
25939
+ #
25940
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ParameterValue AWS API Documentation
25941
+ #
25942
+ class ParameterValue < Struct.new(
25943
+ :integer,
25944
+ :integer_list,
25945
+ :double,
25946
+ :string,
25947
+ :string_list,
25948
+ :boolean,
25949
+ :enum,
25950
+ :enum_list,
25951
+ :unknown)
25952
+ SENSITIVE = []
25953
+ include Aws::Structure
25954
+ include Aws::Structure::Union
25955
+
25956
+ class Integer < ParameterValue; end
25957
+ class IntegerList < ParameterValue; end
25958
+ class Double < ParameterValue; end
25959
+ class String < ParameterValue; end
25960
+ class StringList < ParameterValue; end
25961
+ class Boolean < ParameterValue; end
25962
+ class Enum < ParameterValue; end
25963
+ class EnumList < ParameterValue; end
25964
+ class Unknown < ParameterValue; end
25965
+ end
25966
+
24918
25967
  # Provides an overview of the patch compliance status for an instance
24919
25968
  # against a selected compliance standard.
24920
25969
  #
@@ -25007,6 +26056,37 @@ module Aws::SecurityHub
25007
26056
  include Aws::Structure
25008
26057
  end
25009
26058
 
26059
+ # An object that defines how Security Hub is configured. It includes
26060
+ # whether Security Hub is enabled or disabled, a list of enabled
26061
+ # security standards, a list of enabled or disabled security controls,
26062
+ # and a list of custom parameter values for specified controls. If you
26063
+ # provide a list of security controls that are enabled in the
26064
+ # configuration policy, Security Hub disables all other controls
26065
+ # (including newly released controls). If you provide a list of security
26066
+ # controls that are disabled in the configuration policy, Security Hub
26067
+ # enables all other controls (including newly released controls).
26068
+ #
26069
+ # @note Policy is a union - when making an API calls you must set exactly one of the members.
26070
+ #
26071
+ # @note Policy is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Policy corresponding to the set member.
26072
+ #
26073
+ # @!attribute [rw] security_hub
26074
+ # The Amazon Web Service that the configuration policy applies to.
26075
+ # @return [Types::SecurityHubPolicy]
26076
+ #
26077
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Policy AWS API Documentation
26078
+ #
26079
+ class Policy < Struct.new(
26080
+ :security_hub,
26081
+ :unknown)
26082
+ SENSITIVE = []
26083
+ include Aws::Structure
26084
+ include Aws::Structure::Union
26085
+
26086
+ class SecurityHub < Policy; end
26087
+ class Unknown < Policy; end
26088
+ end
26089
+
25010
26090
  # Provided if `ActionType` is `PORT_PROBE`. It provides details about
25011
26091
  # the attempted port probe that was detected.
25012
26092
  #
@@ -25391,6 +26471,15 @@ module Aws::SecurityHub
25391
26471
  # Additional details about the resource related to a finding.
25392
26472
  # @return [Types::ResourceDetails]
25393
26473
  #
26474
+ # @!attribute [rw] application_name
26475
+ # The name of the application that is related to a finding.
26476
+ # @return [String]
26477
+ #
26478
+ # @!attribute [rw] application_arn
26479
+ # The Amazon Resource Name (ARN) of the application that is related to
26480
+ # a finding.
26481
+ # @return [String]
26482
+ #
25394
26483
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Resource AWS API Documentation
25395
26484
  #
25396
26485
  class Resource < Struct.new(
@@ -25401,7 +26490,9 @@ module Aws::SecurityHub
25401
26490
  :resource_role,
25402
26491
  :tags,
25403
26492
  :data_classification,
25404
- :details)
26493
+ :details,
26494
+ :application_name,
26495
+ :application_arn)
25405
26496
  SENSITIVE = []
25406
26497
  include Aws::Structure
25407
26498
  end
@@ -25985,6 +27076,25 @@ module Aws::SecurityHub
25985
27076
  include Aws::Structure
25986
27077
  end
25987
27078
 
27079
+ # The request was rejected because it conflicts with the resource's
27080
+ # availability. For example, you tried to update a security control
27081
+ # that's currently in the `UPDATING` state.
27082
+ #
27083
+ # @!attribute [rw] message
27084
+ # @return [String]
27085
+ #
27086
+ # @!attribute [rw] code
27087
+ # @return [String]
27088
+ #
27089
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceInUseException AWS API Documentation
27090
+ #
27091
+ class ResourceInUseException < Struct.new(
27092
+ :message,
27093
+ :code)
27094
+ SENSITIVE = []
27095
+ include Aws::Structure
27096
+ end
27097
+
25988
27098
  # The request was rejected because we can't find the specified
25989
27099
  # resource.
25990
27100
  #
@@ -26598,6 +27708,32 @@ module Aws::SecurityHub
26598
27708
  # The enablement status of a security control in a specific standard.
26599
27709
  # @return [String]
26600
27710
  #
27711
+ # @!attribute [rw] update_status
27712
+ # Identifies whether customizable properties of a security control are
27713
+ # reflected in Security Hub findings. A status of `READY` indicates
27714
+ # findings include the current parameter values. A status of
27715
+ # `UPDATING` indicates that all findings may not include the current
27716
+ # parameter values.
27717
+ # @return [String]
27718
+ #
27719
+ # @!attribute [rw] parameters
27720
+ # An object that identifies the name of a control parameter, its
27721
+ # current value, and whether it has been customized.
27722
+ # @return [Hash<String,Types::ParameterConfiguration>]
27723
+ #
27724
+ # @!attribute [rw] last_update_reason
27725
+ # The most recent reason for updating the customizable properties of a
27726
+ # security control. This differs from the `UpdateReason` field of the
27727
+ # [ `BatchUpdateStandardsControlAssociations` ][1] API, which tracks
27728
+ # the reason for updating the enablement status of a control. This
27729
+ # field accepts alphanumeric characters in addition to white spaces,
27730
+ # dashes, and underscores.
27731
+ #
27732
+ #
27733
+ #
27734
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
27735
+ # @return [String]
27736
+ #
26601
27737
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControl AWS API Documentation
26602
27738
  #
26603
27739
  class SecurityControl < Struct.new(
@@ -26607,7 +27743,31 @@ module Aws::SecurityHub
26607
27743
  :description,
26608
27744
  :remediation_url,
26609
27745
  :severity_rating,
26610
- :security_control_status)
27746
+ :security_control_status,
27747
+ :update_status,
27748
+ :parameters,
27749
+ :last_update_reason)
27750
+ SENSITIVE = []
27751
+ include Aws::Structure
27752
+ end
27753
+
27754
+ # A list of security controls and control parameter values that are
27755
+ # included in a configuration policy.
27756
+ #
27757
+ # @!attribute [rw] security_control_id
27758
+ # The ID of the security control.
27759
+ # @return [String]
27760
+ #
27761
+ # @!attribute [rw] parameters
27762
+ # An object that specifies parameter values for a control in a
27763
+ # configuration policy.
27764
+ # @return [Hash<String,Types::ParameterConfiguration>]
27765
+ #
27766
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlCustomParameter AWS API Documentation
27767
+ #
27768
+ class SecurityControlCustomParameter < Struct.new(
27769
+ :security_control_id,
27770
+ :parameters)
26611
27771
  SENSITIVE = []
26612
27772
  include Aws::Structure
26613
27773
  end
@@ -26658,6 +27818,18 @@ module Aws::SecurityHub
26658
27818
  # Amazon Web Services Region.
26659
27819
  # @return [String]
26660
27820
  #
27821
+ # @!attribute [rw] customizable_properties
27822
+ # Security control properties that you can customize. Currently, only
27823
+ # parameter customization is supported for select controls. An empty
27824
+ # array is returned for controls that don’t support custom properties.
27825
+ # @return [Array<String>]
27826
+ #
27827
+ # @!attribute [rw] parameter_definitions
27828
+ # An object that provides a security control parameter name,
27829
+ # description, and the options for customizing it. This object is
27830
+ # excluded for a control that doesn't support custom parameters.
27831
+ # @return [Hash<String,Types::ParameterDefinition>]
27832
+ #
26661
27833
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlDefinition AWS API Documentation
26662
27834
  #
26663
27835
  class SecurityControlDefinition < Struct.new(
@@ -26666,7 +27838,95 @@ module Aws::SecurityHub
26666
27838
  :description,
26667
27839
  :remediation_url,
26668
27840
  :severity_rating,
26669
- :current_region_availability)
27841
+ :current_region_availability,
27842
+ :customizable_properties,
27843
+ :parameter_definitions)
27844
+ SENSITIVE = []
27845
+ include Aws::Structure
27846
+ end
27847
+
27848
+ # A parameter that a security control accepts.
27849
+ #
27850
+ # @!attribute [rw] name
27851
+ # The name of a
27852
+ # @return [String]
27853
+ #
27854
+ # @!attribute [rw] value
27855
+ # The current value of a control parameter.
27856
+ # @return [Array<String>]
27857
+ #
27858
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlParameter AWS API Documentation
27859
+ #
27860
+ class SecurityControlParameter < Struct.new(
27861
+ :name,
27862
+ :value)
27863
+ SENSITIVE = []
27864
+ include Aws::Structure
27865
+ end
27866
+
27867
+ # An object that defines which security controls are enabled in an
27868
+ # Security Hub configuration policy. The enablement status of a control
27869
+ # is aligned across all of the enabled standards in an account.
27870
+ #
27871
+ # @!attribute [rw] enabled_security_control_identifiers
27872
+ # A list of security controls that are enabled in the configuration
27873
+ # policy. Security Hub disables all other controls (including newly
27874
+ # released controls) other than the listed controls.
27875
+ # @return [Array<String>]
27876
+ #
27877
+ # @!attribute [rw] disabled_security_control_identifiers
27878
+ # A list of security controls that are disabled in the configuration
27879
+ # policy. Security Hub enables all other controls (including newly
27880
+ # released controls) other than the listed controls.
27881
+ # @return [Array<String>]
27882
+ #
27883
+ # @!attribute [rw] security_control_custom_parameters
27884
+ # A list of security controls and control parameter values that are
27885
+ # included in a configuration policy.
27886
+ # @return [Array<Types::SecurityControlCustomParameter>]
27887
+ #
27888
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlsConfiguration AWS API Documentation
27889
+ #
27890
+ class SecurityControlsConfiguration < Struct.new(
27891
+ :enabled_security_control_identifiers,
27892
+ :disabled_security_control_identifiers,
27893
+ :security_control_custom_parameters)
27894
+ SENSITIVE = []
27895
+ include Aws::Structure
27896
+ end
27897
+
27898
+ # An object that defines how Security Hub is configured. The
27899
+ # configuration policy includes whether Security Hub is enabled or
27900
+ # disabled, a list of enabled security standards, a list of enabled or
27901
+ # disabled security controls, and a list of custom parameter values for
27902
+ # specified controls. If you provide a list of security controls that
27903
+ # are enabled in the configuration policy, Security Hub disables all
27904
+ # other controls (including newly released controls). If you provide a
27905
+ # list of security controls that are disabled in the configuration
27906
+ # policy, Security Hub enables all other controls (including newly
27907
+ # released controls).
27908
+ #
27909
+ # @!attribute [rw] service_enabled
27910
+ # Indicates whether Security Hub is enabled in the policy.
27911
+ # @return [Boolean]
27912
+ #
27913
+ # @!attribute [rw] enabled_standard_identifiers
27914
+ # A list that defines which security standards are enabled in the
27915
+ # configuration policy.
27916
+ # @return [Array<String>]
27917
+ #
27918
+ # @!attribute [rw] security_controls_configuration
27919
+ # An object that defines which security controls are enabled in the
27920
+ # configuration policy. The enablement status of a control is aligned
27921
+ # across all of the enabled standards in an account.
27922
+ # @return [Types::SecurityControlsConfiguration]
27923
+ #
27924
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityHubPolicy AWS API Documentation
27925
+ #
27926
+ class SecurityHubPolicy < Struct.new(
27927
+ :service_enabled,
27928
+ :enabled_standard_identifiers,
27929
+ :security_controls_configuration)
26670
27930
  SENSITIVE = []
26671
27931
  include Aws::Structure
26672
27932
  end
@@ -26737,8 +27997,8 @@ module Aws::SecurityHub
26737
27997
  # attribute.
26738
27998
  #
26739
27999
  # @!attribute [rw] product
26740
- # Deprecated. This attribute is being deprecated. Instead of providing
26741
- # `Product`, provide `Original`.
28000
+ # Deprecated. This attribute isn't included in findings. Instead of
28001
+ # providing `Product`, provide `Original`.
26742
28002
  #
26743
28003
  # The native severity as defined by the Amazon Web Services service or
26744
28004
  # integrated partner product that generated the finding.
@@ -26774,9 +28034,8 @@ module Aws::SecurityHub
26774
28034
  # @return [String]
26775
28035
  #
26776
28036
  # @!attribute [rw] normalized
26777
- # Deprecated. The normalized severity of a finding. This attribute is
26778
- # being deprecated. Instead of providing `Normalized`, provide
26779
- # `Label`.
28037
+ # Deprecated. The normalized severity of a finding. Instead of
28038
+ # providing `Normalized`, provide `Label`.
26780
28039
  #
26781
28040
  # If you provide `Label` and do not provide `Normalized`, then
26782
28041
  # `Normalized` is set automatically as follows.
@@ -27189,7 +28448,7 @@ module Aws::SecurityHub
27189
28448
  # @return [Time]
27190
28449
  #
27191
28450
  # @!attribute [rw] updated_reason
27192
- # The reason for updating the control's enablement status in a
28451
+ # The reason for updating a control's enablement status in a
27193
28452
  # specified standard.
27194
28453
  # @return [String]
27195
28454
  #
@@ -27362,6 +28621,96 @@ module Aws::SecurityHub
27362
28621
  include Aws::Structure
27363
28622
  end
27364
28623
 
28624
+ # @!attribute [rw] configuration_policy_identifier
28625
+ # The Amazon Resource Name (ARN) or universally unique identifier
28626
+ # (UUID) of the configuration policy.
28627
+ # @return [String]
28628
+ #
28629
+ # @!attribute [rw] target
28630
+ # The identifier of the target account, organizational unit, or the
28631
+ # root to associate with the specified configuration.
28632
+ # @return [Types::Target]
28633
+ #
28634
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationRequest AWS API Documentation
28635
+ #
28636
+ class StartConfigurationPolicyAssociationRequest < Struct.new(
28637
+ :configuration_policy_identifier,
28638
+ :target)
28639
+ SENSITIVE = []
28640
+ include Aws::Structure
28641
+ end
28642
+
28643
+ # @!attribute [rw] configuration_policy_id
28644
+ # The UUID of the configuration policy.
28645
+ # @return [String]
28646
+ #
28647
+ # @!attribute [rw] target_id
28648
+ # The identifier of the target account, organizational unit, or the
28649
+ # organization root with which the configuration is associated.
28650
+ # @return [String]
28651
+ #
28652
+ # @!attribute [rw] target_type
28653
+ # Indicates whether the target is an Amazon Web Services account,
28654
+ # organizational unit, or the organization root.
28655
+ # @return [String]
28656
+ #
28657
+ # @!attribute [rw] association_type
28658
+ # Indicates whether the association between the specified target and
28659
+ # the configuration was directly applied by the Security Hub delegated
28660
+ # administrator or inherited from a parent.
28661
+ # @return [String]
28662
+ #
28663
+ # @!attribute [rw] updated_at
28664
+ # The date and time, in UTC and ISO 8601 format, that the
28665
+ # configuration policy association was last updated.
28666
+ # @return [Time]
28667
+ #
28668
+ # @!attribute [rw] association_status
28669
+ # The current status of the association between the specified target
28670
+ # and the configuration.
28671
+ # @return [String]
28672
+ #
28673
+ # @!attribute [rw] association_status_message
28674
+ # An explanation for a `FAILED` value for `AssociationStatus`.
28675
+ # @return [String]
28676
+ #
28677
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationResponse AWS API Documentation
28678
+ #
28679
+ class StartConfigurationPolicyAssociationResponse < Struct.new(
28680
+ :configuration_policy_id,
28681
+ :target_id,
28682
+ :target_type,
28683
+ :association_type,
28684
+ :updated_at,
28685
+ :association_status,
28686
+ :association_status_message)
28687
+ SENSITIVE = []
28688
+ include Aws::Structure
28689
+ end
28690
+
28691
+ # @!attribute [rw] target
28692
+ # The identifier of the target account, organizational unit, or the
28693
+ # root to disassociate from the specified configuration.
28694
+ # @return [Types::Target]
28695
+ #
28696
+ # @!attribute [rw] configuration_policy_identifier
28697
+ # The Amazon Resource Name (ARN) or universally unique identifier
28698
+ # (UUID) of the configuration policy.
28699
+ # @return [String]
28700
+ #
28701
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationRequest AWS API Documentation
28702
+ #
28703
+ class StartConfigurationPolicyDisassociationRequest < Struct.new(
28704
+ :target,
28705
+ :configuration_policy_identifier)
28706
+ SENSITIVE = []
28707
+ include Aws::Structure
28708
+ end
28709
+
28710
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationResponse AWS API Documentation
28711
+ #
28712
+ class StartConfigurationPolicyDisassociationResponse < Aws::EmptyStructure; end
28713
+
27365
28714
  # The definition of a custom action that can be used for stateless
27366
28715
  # packet handling.
27367
28716
  #
@@ -27430,6 +28779,33 @@ module Aws::SecurityHub
27430
28779
  include Aws::Structure
27431
28780
  end
27432
28781
 
28782
+ # The options for customizing a security control parameter that is a
28783
+ # string.
28784
+ #
28785
+ # @!attribute [rw] default_value
28786
+ # The Security Hub default value for a control parameter that is a
28787
+ # string.
28788
+ # @return [String]
28789
+ #
28790
+ # @!attribute [rw] re_2_expression
28791
+ # An RE2 regular expression that Security Hub uses to validate a
28792
+ # user-provided control parameter string.
28793
+ # @return [String]
28794
+ #
28795
+ # @!attribute [rw] expression_description
28796
+ # The description of the RE2 regular expression.
28797
+ # @return [String]
28798
+ #
28799
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringConfigurationOptions AWS API Documentation
28800
+ #
28801
+ class StringConfigurationOptions < Struct.new(
28802
+ :default_value,
28803
+ :re_2_expression,
28804
+ :expression_description)
28805
+ SENSITIVE = []
28806
+ include Aws::Structure
28807
+ end
28808
+
27433
28809
  # A string filter for filtering Security Hub findings.
27434
28810
  #
27435
28811
  # @!attribute [rw] value
@@ -27537,6 +28913,39 @@ module Aws::SecurityHub
27537
28913
  include Aws::Structure
27538
28914
  end
27539
28915
 
28916
+ # The options for customizing a security control parameter that is a
28917
+ # list of strings.
28918
+ #
28919
+ # @!attribute [rw] default_value
28920
+ # The Security Hub default value for a control parameter that is a
28921
+ # list of strings.
28922
+ # @return [Array<String>]
28923
+ #
28924
+ # @!attribute [rw] re_2_expression
28925
+ # An RE2 regular expression that Security Hub uses to validate a
28926
+ # user-provided list of strings for a control parameter.
28927
+ # @return [String]
28928
+ #
28929
+ # @!attribute [rw] max_items
28930
+ # The maximum number of list items that a string list control
28931
+ # parameter can accept.
28932
+ # @return [Integer]
28933
+ #
28934
+ # @!attribute [rw] expression_description
28935
+ # The description of the RE2 regular expression.
28936
+ # @return [String]
28937
+ #
28938
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringListConfigurationOptions AWS API Documentation
28939
+ #
28940
+ class StringListConfigurationOptions < Struct.new(
28941
+ :default_value,
28942
+ :re_2_expression,
28943
+ :max_items,
28944
+ :expression_description)
28945
+ SENSITIVE = []
28946
+ include Aws::Structure
28947
+ end
28948
+
27540
28949
  # @!attribute [rw] resource_arn
27541
28950
  # The ARN of the resource to apply the tags to.
27542
28951
  # @return [String]
@@ -27560,6 +28969,43 @@ module Aws::SecurityHub
27560
28969
  #
27561
28970
  class TagResourceResponse < Aws::EmptyStructure; end
27562
28971
 
28972
+ # The target account, organizational unit, or the root that is
28973
+ # associated with an Security Hub configuration. The configuration can
28974
+ # be a configuration policy or self-managed behavior.
28975
+ #
28976
+ # @note Target is a union - when making an API calls you must set exactly one of the members.
28977
+ #
28978
+ # @note Target is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Target corresponding to the set member.
28979
+ #
28980
+ # @!attribute [rw] account_id
28981
+ # The Amazon Web Services account ID of the target account.
28982
+ # @return [String]
28983
+ #
28984
+ # @!attribute [rw] organizational_unit_id
28985
+ # The organizational unit ID of the target organizational unit.
28986
+ # @return [String]
28987
+ #
28988
+ # @!attribute [rw] root_id
28989
+ # The ID of the organization root.
28990
+ # @return [String]
28991
+ #
28992
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Target AWS API Documentation
28993
+ #
28994
+ class Target < Struct.new(
28995
+ :account_id,
28996
+ :organizational_unit_id,
28997
+ :root_id,
28998
+ :unknown)
28999
+ SENSITIVE = []
29000
+ include Aws::Structure
29001
+ include Aws::Structure::Union
29002
+
29003
+ class AccountId < Target; end
29004
+ class OrganizationalUnitId < Target; end
29005
+ class RootId < Target; end
29006
+ class Unknown < Target; end
29007
+ end
29008
+
27563
29009
  # Provides information about the threat detected in a security finding
27564
29010
  # and the file paths that were affected by the threat.
27565
29011
  #
@@ -27668,6 +29114,37 @@ module Aws::SecurityHub
27668
29114
  include Aws::Structure
27669
29115
  end
27670
29116
 
29117
+ # An array of configuration policy associations, one for each
29118
+ # configuration policy association identifier, that was specified in a
29119
+ # `BatchGetConfigurationPolicyAssociations` request but couldn’t be
29120
+ # processed due to an error.
29121
+ #
29122
+ # @!attribute [rw] configuration_policy_association_identifiers
29123
+ # Configuration policy association identifiers that were specified in
29124
+ # a `BatchGetConfigurationPolicyAssociations` request but couldn’t be
29125
+ # processed due to an error.
29126
+ # @return [Types::ConfigurationPolicyAssociation]
29127
+ #
29128
+ # @!attribute [rw] error_code
29129
+ # An HTTP status code that identifies why the configuration policy
29130
+ # association failed.
29131
+ # @return [String]
29132
+ #
29133
+ # @!attribute [rw] error_reason
29134
+ # A string that identifies why the configuration policy association
29135
+ # failed.
29136
+ # @return [String]
29137
+ #
29138
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedConfigurationPolicyAssociation AWS API Documentation
29139
+ #
29140
+ class UnprocessedConfigurationPolicyAssociation < Struct.new(
29141
+ :configuration_policy_association_identifiers,
29142
+ :error_code,
29143
+ :error_reason)
29144
+ SENSITIVE = []
29145
+ include Aws::Structure
29146
+ end
29147
+
27671
29148
  # Provides details about a security control for which a response
27672
29149
  # couldn't be returned.
27673
29150
  #
@@ -27890,6 +29367,106 @@ module Aws::SecurityHub
27890
29367
  include Aws::Structure
27891
29368
  end
27892
29369
 
29370
+ # @!attribute [rw] identifier
29371
+ # The Amazon Resource Name (ARN) or universally unique identifier
29372
+ # (UUID) of the configuration policy.
29373
+ # @return [String]
29374
+ #
29375
+ # @!attribute [rw] name
29376
+ # The name of the configuration policy.
29377
+ # @return [String]
29378
+ #
29379
+ # @!attribute [rw] description
29380
+ # The description of the configuration policy.
29381
+ # @return [String]
29382
+ #
29383
+ # @!attribute [rw] updated_reason
29384
+ # The reason for updating the configuration policy.
29385
+ # @return [String]
29386
+ #
29387
+ # @!attribute [rw] configuration_policy
29388
+ # An object that defines how Security Hub is configured. It includes
29389
+ # whether Security Hub is enabled or disabled, a list of enabled
29390
+ # security standards, a list of enabled or disabled security controls,
29391
+ # and a list of custom parameter values for specified controls. If you
29392
+ # provide a list of security controls that are enabled in the
29393
+ # configuration policy, Security Hub disables all other controls
29394
+ # (including newly released controls). If you provide a list of
29395
+ # security controls that are disabled in the configuration policy,
29396
+ # Security Hub enables all other controls (including newly released
29397
+ # controls).
29398
+ #
29399
+ # When updating a configuration policy, provide a complete list of
29400
+ # standards that you want to enable and a complete list of controls
29401
+ # that you want to enable or disable. The updated configuration
29402
+ # replaces the current configuration.
29403
+ # @return [Types::Policy]
29404
+ #
29405
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyRequest AWS API Documentation
29406
+ #
29407
+ class UpdateConfigurationPolicyRequest < Struct.new(
29408
+ :identifier,
29409
+ :name,
29410
+ :description,
29411
+ :updated_reason,
29412
+ :configuration_policy)
29413
+ SENSITIVE = []
29414
+ include Aws::Structure
29415
+ end
29416
+
29417
+ # @!attribute [rw] arn
29418
+ # The ARN of the configuration policy.
29419
+ # @return [String]
29420
+ #
29421
+ # @!attribute [rw] id
29422
+ # The UUID of the configuration policy.
29423
+ # @return [String]
29424
+ #
29425
+ # @!attribute [rw] name
29426
+ # The name of the configuration policy.
29427
+ # @return [String]
29428
+ #
29429
+ # @!attribute [rw] description
29430
+ # The description of the configuration policy.
29431
+ # @return [String]
29432
+ #
29433
+ # @!attribute [rw] updated_at
29434
+ # The date and time, in UTC and ISO 8601 format, that the
29435
+ # configuration policy was last updated.
29436
+ # @return [Time]
29437
+ #
29438
+ # @!attribute [rw] created_at
29439
+ # The date and time, in UTC and ISO 8601 format, that the
29440
+ # configuration policy was created.
29441
+ # @return [Time]
29442
+ #
29443
+ # @!attribute [rw] configuration_policy
29444
+ # An object that defines how Security Hub is configured. It includes
29445
+ # whether Security Hub is enabled or disabled, a list of enabled
29446
+ # security standards, a list of enabled or disabled security controls,
29447
+ # and a list of custom parameter values for specified controls. If the
29448
+ # request included a list of security controls that are enabled in the
29449
+ # configuration policy, Security Hub disables all other controls
29450
+ # (including newly released controls). If the request included a list
29451
+ # of security controls that are disabled in the configuration policy,
29452
+ # Security Hub enables all other controls (including newly released
29453
+ # controls).
29454
+ # @return [Types::Policy]
29455
+ #
29456
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyResponse AWS API Documentation
29457
+ #
29458
+ class UpdateConfigurationPolicyResponse < Struct.new(
29459
+ :arn,
29460
+ :id,
29461
+ :name,
29462
+ :description,
29463
+ :updated_at,
29464
+ :created_at,
29465
+ :configuration_policy)
29466
+ SENSITIVE = []
29467
+ include Aws::Structure
29468
+ end
29469
+
27893
29470
  # @!attribute [rw] finding_aggregator_arn
27894
29471
  # The ARN of the finding aggregator. To obtain the ARN, use
27895
29472
  # `ListFindingAggregators`.
@@ -28030,37 +29607,55 @@ module Aws::SecurityHub
28030
29607
  class UpdateInsightResponse < Aws::EmptyStructure; end
28031
29608
 
28032
29609
  # @!attribute [rw] auto_enable
28033
- # Whether to automatically enable Security Hub for new accounts in the
28034
- # organization.
28035
- #
28036
- # By default, this is `false`, and new accounts are not added
28037
- # automatically.
28038
- #
28039
- # To automatically enable Security Hub for new accounts, set this to
28040
- # `true`.
29610
+ # Whether to automatically enable Security Hub in new member accounts
29611
+ # when they join the organization.
29612
+ #
29613
+ # If set to `true`, then Security Hub is automatically enabled in new
29614
+ # accounts. If set to `false`, then Security Hub isn't enabled in new
29615
+ # accounts automatically. The default value is `false`.
29616
+ #
29617
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
29618
+ # then this field is set to `false` and can't be changed in the home
29619
+ # Region and linked Regions. However, in that case, the delegated
29620
+ # administrator can create a configuration policy in which Security
29621
+ # Hub is enabled and associate the policy with new organization
29622
+ # accounts.
28041
29623
  # @return [Boolean]
28042
29624
  #
28043
29625
  # @!attribute [rw] auto_enable_standards
28044
29626
  # Whether to automatically enable Security Hub [default standards][1]
28045
- # for new member accounts in the organization.
29627
+ # in new member accounts when they join the organization.
28046
29628
  #
28047
- # By default, this parameter is equal to `DEFAULT`, and new member
28048
- # accounts are automatically enabled with default Security Hub
28049
- # standards.
29629
+ # The default value of this parameter is equal to `DEFAULT`.
29630
+ #
29631
+ # If equal to `DEFAULT`, then Security Hub default standards are
29632
+ # automatically enabled for new member accounts. If equal to `NONE`,
29633
+ # then default standards are not automatically enabled for new member
29634
+ # accounts.
28050
29635
  #
28051
- # To opt out of enabling default standards for new member accounts,
28052
- # set this parameter equal to `NONE`.
29636
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
29637
+ # then this field is set to `NONE` and can't be changed in the home
29638
+ # Region and linked Regions. However, in that case, the delegated
29639
+ # administrator can create a configuration policy in which specific
29640
+ # security standards are enabled and associate the policy with new
29641
+ # organization accounts.
28053
29642
  #
28054
29643
  #
28055
29644
  #
28056
29645
  # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
28057
29646
  # @return [String]
28058
29647
  #
29648
+ # @!attribute [rw] organization_configuration
29649
+ # Provides information about the way an organization is configured in
29650
+ # Security Hub.
29651
+ # @return [Types::OrganizationConfiguration]
29652
+ #
28059
29653
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
28060
29654
  #
28061
29655
  class UpdateOrganizationConfigurationRequest < Struct.new(
28062
29656
  :auto_enable,
28063
- :auto_enable_standards)
29657
+ :auto_enable_standards,
29658
+ :organization_configuration)
28064
29659
  SENSITIVE = []
28065
29660
  include Aws::Structure
28066
29661
  end
@@ -28069,6 +29664,35 @@ module Aws::SecurityHub
28069
29664
  #
28070
29665
  class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
28071
29666
 
29667
+ # @!attribute [rw] security_control_id
29668
+ # The Amazon Resource Name (ARN) or ID of the control to update.
29669
+ # @return [String]
29670
+ #
29671
+ # @!attribute [rw] parameters
29672
+ # An object that specifies which security control parameters to
29673
+ # update.
29674
+ # @return [Hash<String,Types::ParameterConfiguration>]
29675
+ #
29676
+ # @!attribute [rw] last_update_reason
29677
+ # The most recent reason for updating the properties of the security
29678
+ # control. This field accepts alphanumeric characters in addition to
29679
+ # white spaces, dashes, and underscores.
29680
+ # @return [String]
29681
+ #
29682
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlRequest AWS API Documentation
29683
+ #
29684
+ class UpdateSecurityControlRequest < Struct.new(
29685
+ :security_control_id,
29686
+ :parameters,
29687
+ :last_update_reason)
29688
+ SENSITIVE = []
29689
+ include Aws::Structure
29690
+ end
29691
+
29692
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControlResponse AWS API Documentation
29693
+ #
29694
+ class UpdateSecurityControlResponse < Aws::EmptyStructure; end
29695
+
28072
29696
  # @!attribute [rw] auto_enable_controls
28073
29697
  # Whether to automatically enable new controls when they are added to
28074
29698
  # standards that are enabled.