aws-sdk-securityhub 1.96.0 → 1.98.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +1209 -28
- data/lib/aws-sdk-securityhub/client_api.rb +410 -0
- data/lib/aws-sdk-securityhub/endpoints.rb +140 -0
- data/lib/aws-sdk-securityhub/plugins/endpoints.rb +23 -2
- data/lib/aws-sdk-securityhub/types.rb +1090 -32
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -329,6 +329,36 @@ module Aws::SecurityHub
|
|
329
329
|
include Aws::Structure
|
330
330
|
end
|
331
331
|
|
332
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
333
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
334
|
+
# universally unique identifier (UUID) of a configuration policy,
|
335
|
+
# `AssociationType`, or `AssociationStatus`.
|
336
|
+
#
|
337
|
+
# @!attribute [rw] configuration_policy_id
|
338
|
+
# The ARN or UUID of the configuration policy.
|
339
|
+
# @return [String]
|
340
|
+
#
|
341
|
+
# @!attribute [rw] association_type
|
342
|
+
# Indicates whether the association between a target and a
|
343
|
+
# configuration was directly applied by the Security Hub delegated
|
344
|
+
# administrator or inherited from a parent.
|
345
|
+
# @return [String]
|
346
|
+
#
|
347
|
+
# @!attribute [rw] association_status
|
348
|
+
# The current status of the association between a target and a
|
349
|
+
# configuration policy.
|
350
|
+
# @return [String]
|
351
|
+
#
|
352
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationFilters AWS API Documentation
|
353
|
+
#
|
354
|
+
class AssociationFilters < Struct.new(
|
355
|
+
:configuration_policy_id,
|
356
|
+
:association_type,
|
357
|
+
:association_status)
|
358
|
+
SENSITIVE = []
|
359
|
+
include Aws::Structure
|
360
|
+
end
|
361
|
+
|
332
362
|
# The associations between a route table and one or more subnets or a
|
333
363
|
# gateway.
|
334
364
|
#
|
@@ -886,6 +916,26 @@ module Aws::SecurityHub
|
|
886
916
|
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
887
917
|
# @return [Array<Types::MapFilter>]
|
888
918
|
#
|
919
|
+
# @!attribute [rw] resource_application_arn
|
920
|
+
# The Amazon Resource Name (ARN) of the application that is related to
|
921
|
+
# a finding.
|
922
|
+
#
|
923
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
924
|
+
# @return [Array<Types::StringFilter>]
|
925
|
+
#
|
926
|
+
# @!attribute [rw] resource_application_name
|
927
|
+
# The name of the application that is related to a finding.
|
928
|
+
#
|
929
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
930
|
+
# @return [Array<Types::StringFilter>]
|
931
|
+
#
|
932
|
+
# @!attribute [rw] aws_account_name
|
933
|
+
# The name of the Amazon Web Services account in which a finding was
|
934
|
+
# generated.
|
935
|
+
#
|
936
|
+
# Array Members: Minimum number of 1 item. Maximum number of 20 items.
|
937
|
+
# @return [Array<Types::StringFilter>]
|
938
|
+
#
|
889
939
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AutomationRulesFindingFilters AWS API Documentation
|
890
940
|
#
|
891
941
|
class AutomationRulesFindingFilters < Struct.new(
|
@@ -923,7 +973,10 @@ module Aws::SecurityHub
|
|
923
973
|
:note_text,
|
924
974
|
:note_updated_at,
|
925
975
|
:note_updated_by,
|
926
|
-
:user_defined_fields
|
976
|
+
:user_defined_fields,
|
977
|
+
:resource_application_arn,
|
978
|
+
:resource_application_name,
|
979
|
+
:aws_account_name)
|
927
980
|
SENSITIVE = []
|
928
981
|
include Aws::Structure
|
929
982
|
end
|
@@ -18641,6 +18694,25 @@ module Aws::SecurityHub
|
|
18641
18694
|
# receives those findings.
|
18642
18695
|
# @return [Types::GeneratorDetails]
|
18643
18696
|
#
|
18697
|
+
# @!attribute [rw] processed_at
|
18698
|
+
# An ISO8601-formatted timestamp that indicates when Security Hub
|
18699
|
+
# received a finding and begins to process it.
|
18700
|
+
#
|
18701
|
+
# A correctly formatted example is `2020-05-21T20:16:34.724Z`. The
|
18702
|
+
# value cannot contain spaces, and date and time should be separated
|
18703
|
+
# by `T`. For more information, see [RFC 3339 section 5.6, Internet
|
18704
|
+
# Date/Time Format][1].
|
18705
|
+
#
|
18706
|
+
#
|
18707
|
+
#
|
18708
|
+
# [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
|
18709
|
+
# @return [String]
|
18710
|
+
#
|
18711
|
+
# @!attribute [rw] aws_account_name
|
18712
|
+
# The name of the Amazon Web Services account from which a finding was
|
18713
|
+
# generated.
|
18714
|
+
# @return [String]
|
18715
|
+
#
|
18644
18716
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
|
18645
18717
|
#
|
18646
18718
|
class AwsSecurityFinding < Struct.new(
|
@@ -18685,7 +18757,9 @@ module Aws::SecurityHub
|
|
18685
18757
|
:action,
|
18686
18758
|
:finding_provider_fields,
|
18687
18759
|
:sample,
|
18688
|
-
:generator_details
|
18760
|
+
:generator_details,
|
18761
|
+
:processed_at,
|
18762
|
+
:aws_account_name)
|
18689
18763
|
SENSITIVE = []
|
18690
18764
|
include Aws::Structure
|
18691
18765
|
end
|
@@ -18704,7 +18778,7 @@ module Aws::SecurityHub
|
|
18704
18778
|
# @return [Array<Types::StringFilter>]
|
18705
18779
|
#
|
18706
18780
|
# @!attribute [rw] aws_account_id
|
18707
|
-
# The Amazon Web Services account ID
|
18781
|
+
# The Amazon Web Services account ID in which a finding is generated.
|
18708
18782
|
# @return [Array<Types::StringFilter>]
|
18709
18783
|
#
|
18710
18784
|
# @!attribute [rw] id
|
@@ -19292,6 +19366,19 @@ module Aws::SecurityHub
|
|
19292
19366
|
# The current value of a security control parameter.
|
19293
19367
|
# @return [Array<Types::StringFilter>]
|
19294
19368
|
#
|
19369
|
+
# @!attribute [rw] aws_account_name
|
19370
|
+
# The name of the Amazon Web Services account in which a finding is
|
19371
|
+
# generated.
|
19372
|
+
# @return [Array<Types::StringFilter>]
|
19373
|
+
#
|
19374
|
+
# @!attribute [rw] resource_application_name
|
19375
|
+
# The name of the application that is related to a finding.
|
19376
|
+
# @return [Array<Types::StringFilter>]
|
19377
|
+
#
|
19378
|
+
# @!attribute [rw] resource_application_arn
|
19379
|
+
# The ARN of the application that is related to a finding.
|
19380
|
+
# @return [Array<Types::StringFilter>]
|
19381
|
+
#
|
19295
19382
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
|
19296
19383
|
#
|
19297
19384
|
class AwsSecurityFindingFilters < Struct.new(
|
@@ -19395,7 +19482,10 @@ module Aws::SecurityHub
|
|
19395
19482
|
:vulnerabilities_exploit_available,
|
19396
19483
|
:vulnerabilities_fix_available,
|
19397
19484
|
:compliance_security_control_parameters_name,
|
19398
|
-
:compliance_security_control_parameters_value
|
19485
|
+
:compliance_security_control_parameters_value,
|
19486
|
+
:aws_account_name,
|
19487
|
+
:resource_application_name,
|
19488
|
+
:resource_application_arn)
|
19399
19489
|
SENSITIVE = []
|
19400
19490
|
include Aws::Structure
|
19401
19491
|
end
|
@@ -21099,6 +21189,38 @@ module Aws::SecurityHub
|
|
21099
21189
|
include Aws::Structure
|
21100
21190
|
end
|
21101
21191
|
|
21192
|
+
# @!attribute [rw] configuration_policy_association_identifiers
|
21193
|
+
# Specifies one or more target account IDs, organizational unit (OU)
|
21194
|
+
# IDs, or the root ID to retrieve associations for.
|
21195
|
+
# @return [Array<Types::ConfigurationPolicyAssociation>]
|
21196
|
+
#
|
21197
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsRequest AWS API Documentation
|
21198
|
+
#
|
21199
|
+
class BatchGetConfigurationPolicyAssociationsRequest < Struct.new(
|
21200
|
+
:configuration_policy_association_identifiers)
|
21201
|
+
SENSITIVE = []
|
21202
|
+
include Aws::Structure
|
21203
|
+
end
|
21204
|
+
|
21205
|
+
# @!attribute [rw] configuration_policy_associations
|
21206
|
+
# Describes associations for the target accounts, OUs, or the root.
|
21207
|
+
# @return [Array<Types::ConfigurationPolicyAssociationSummary>]
|
21208
|
+
#
|
21209
|
+
# @!attribute [rw] unprocessed_configuration_policy_associations
|
21210
|
+
# An array of configuration policy associations, one for each
|
21211
|
+
# configuration policy association identifier, that was specified in
|
21212
|
+
# the request but couldn’t be processed due to an error.
|
21213
|
+
# @return [Array<Types::UnprocessedConfigurationPolicyAssociation>]
|
21214
|
+
#
|
21215
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsResponse AWS API Documentation
|
21216
|
+
#
|
21217
|
+
class BatchGetConfigurationPolicyAssociationsResponse < Struct.new(
|
21218
|
+
:configuration_policy_associations,
|
21219
|
+
:unprocessed_configuration_policy_associations)
|
21220
|
+
SENSITIVE = []
|
21221
|
+
include Aws::Structure
|
21222
|
+
end
|
21223
|
+
|
21102
21224
|
# @!attribute [rw] security_control_ids
|
21103
21225
|
# A list of security controls (identified with `SecurityControlId`,
|
21104
21226
|
# `SecurityControlArn`, or a mix of both parameters). The security
|
@@ -21820,6 +21942,119 @@ module Aws::SecurityHub
|
|
21820
21942
|
class Unknown < ConfigurationOptions; end
|
21821
21943
|
end
|
21822
21944
|
|
21945
|
+
# Provides details about the association between an Security Hub
|
21946
|
+
# configuration and a target account, organizational unit, or the root.
|
21947
|
+
# An association can exist between a target and a configuration policy,
|
21948
|
+
# or between a target and self-managed behavior.
|
21949
|
+
#
|
21950
|
+
# @!attribute [rw] target
|
21951
|
+
# The target account, organizational unit, or the root.
|
21952
|
+
# @return [Types::Target]
|
21953
|
+
#
|
21954
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociation AWS API Documentation
|
21955
|
+
#
|
21956
|
+
class ConfigurationPolicyAssociation < Struct.new(
|
21957
|
+
:target)
|
21958
|
+
SENSITIVE = []
|
21959
|
+
include Aws::Structure
|
21960
|
+
end
|
21961
|
+
|
21962
|
+
# An object that contains the details of a configuration policy
|
21963
|
+
# association that’s returned in a `ListConfigurationPolicyAssociations`
|
21964
|
+
# request.
|
21965
|
+
#
|
21966
|
+
# @!attribute [rw] configuration_policy_id
|
21967
|
+
# The universally unique identifier (UUID) of the configuration
|
21968
|
+
# policy.
|
21969
|
+
# @return [String]
|
21970
|
+
#
|
21971
|
+
# @!attribute [rw] target_id
|
21972
|
+
# The identifier of the target account, organizational unit, or the
|
21973
|
+
# root.
|
21974
|
+
# @return [String]
|
21975
|
+
#
|
21976
|
+
# @!attribute [rw] target_type
|
21977
|
+
# Specifies whether the target is an Amazon Web Services account,
|
21978
|
+
# organizational unit, or the root.
|
21979
|
+
# @return [String]
|
21980
|
+
#
|
21981
|
+
# @!attribute [rw] association_type
|
21982
|
+
# Indicates whether the association between the specified target and
|
21983
|
+
# the configuration was directly applied by the Security Hub delegated
|
21984
|
+
# administrator or inherited from a parent.
|
21985
|
+
# @return [String]
|
21986
|
+
#
|
21987
|
+
# @!attribute [rw] updated_at
|
21988
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
21989
|
+
# configuration policy association was last updated.
|
21990
|
+
# @return [Time]
|
21991
|
+
#
|
21992
|
+
# @!attribute [rw] association_status
|
21993
|
+
# The current status of the association between the specified target
|
21994
|
+
# and the configuration.
|
21995
|
+
# @return [String]
|
21996
|
+
#
|
21997
|
+
# @!attribute [rw] association_status_message
|
21998
|
+
# The explanation for a `FAILED` value for `AssociationStatus`.
|
21999
|
+
# @return [String]
|
22000
|
+
#
|
22001
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociationSummary AWS API Documentation
|
22002
|
+
#
|
22003
|
+
class ConfigurationPolicyAssociationSummary < Struct.new(
|
22004
|
+
:configuration_policy_id,
|
22005
|
+
:target_id,
|
22006
|
+
:target_type,
|
22007
|
+
:association_type,
|
22008
|
+
:updated_at,
|
22009
|
+
:association_status,
|
22010
|
+
:association_status_message)
|
22011
|
+
SENSITIVE = []
|
22012
|
+
include Aws::Structure
|
22013
|
+
end
|
22014
|
+
|
22015
|
+
# An object that contains the details of an Security Hub configuration
|
22016
|
+
# policy that’s returned in a `ListConfigurationPolicies` request.
|
22017
|
+
#
|
22018
|
+
# @!attribute [rw] arn
|
22019
|
+
# The Amazon Resource Name (ARN) of the configuration policy.
|
22020
|
+
# @return [String]
|
22021
|
+
#
|
22022
|
+
# @!attribute [rw] id
|
22023
|
+
# The universally unique identifier (UUID) of the configuration
|
22024
|
+
# policy.
|
22025
|
+
# @return [String]
|
22026
|
+
#
|
22027
|
+
# @!attribute [rw] name
|
22028
|
+
# The name of the configuration policy.
|
22029
|
+
# @return [String]
|
22030
|
+
#
|
22031
|
+
# @!attribute [rw] description
|
22032
|
+
# The description of the configuration policy.
|
22033
|
+
# @return [String]
|
22034
|
+
#
|
22035
|
+
# @!attribute [rw] updated_at
|
22036
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22037
|
+
# configuration policy was last updated.
|
22038
|
+
# @return [Time]
|
22039
|
+
#
|
22040
|
+
# @!attribute [rw] service_enabled
|
22041
|
+
# Indicates whether the service that the configuration policy applies
|
22042
|
+
# to is enabled in the policy.
|
22043
|
+
# @return [Boolean]
|
22044
|
+
#
|
22045
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicySummary AWS API Documentation
|
22046
|
+
#
|
22047
|
+
class ConfigurationPolicySummary < Struct.new(
|
22048
|
+
:arn,
|
22049
|
+
:id,
|
22050
|
+
:name,
|
22051
|
+
:description,
|
22052
|
+
:updated_at,
|
22053
|
+
:service_enabled)
|
22054
|
+
SENSITIVE = []
|
22055
|
+
include Aws::Structure
|
22056
|
+
end
|
22057
|
+
|
21823
22058
|
# Container details related to a finding.
|
21824
22059
|
#
|
21825
22060
|
# @!attribute [rw] container_runtime
|
@@ -21931,7 +22166,7 @@ module Aws::SecurityHub
|
|
21931
22166
|
end
|
21932
22167
|
|
21933
22168
|
# @!attribute [rw] tags
|
21934
|
-
# User-defined tags
|
22169
|
+
# User-defined tags associated with an automation rule.
|
21935
22170
|
# @return [Hash<String,String>]
|
21936
22171
|
#
|
21937
22172
|
# @!attribute [rw] rule_status
|
@@ -22010,6 +22245,102 @@ module Aws::SecurityHub
|
|
22010
22245
|
include Aws::Structure
|
22011
22246
|
end
|
22012
22247
|
|
22248
|
+
# @!attribute [rw] name
|
22249
|
+
# The name of the configuration policy.
|
22250
|
+
# @return [String]
|
22251
|
+
#
|
22252
|
+
# @!attribute [rw] description
|
22253
|
+
# The description of the configuration policy.
|
22254
|
+
# @return [String]
|
22255
|
+
#
|
22256
|
+
# @!attribute [rw] configuration_policy
|
22257
|
+
# An object that defines how Security Hub is configured. It includes
|
22258
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
22259
|
+
# security standards, a list of enabled or disabled security controls,
|
22260
|
+
# and a list of custom parameter values for specified controls. If you
|
22261
|
+
# provide a list of security controls that are enabled in the
|
22262
|
+
# configuration policy, Security Hub disables all other controls
|
22263
|
+
# (including newly released controls). If you provide a list of
|
22264
|
+
# security controls that are disabled in the configuration policy,
|
22265
|
+
# Security Hub enables all other controls (including newly released
|
22266
|
+
# controls).
|
22267
|
+
# @return [Types::Policy]
|
22268
|
+
#
|
22269
|
+
# @!attribute [rw] tags
|
22270
|
+
# User-defined tags associated with a configuration policy. For more
|
22271
|
+
# information, see [Tagging Security Hub resources][1] in the
|
22272
|
+
# *Security Hub user guide*.
|
22273
|
+
#
|
22274
|
+
#
|
22275
|
+
#
|
22276
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
|
22277
|
+
# @return [Hash<String,String>]
|
22278
|
+
#
|
22279
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyRequest AWS API Documentation
|
22280
|
+
#
|
22281
|
+
class CreateConfigurationPolicyRequest < Struct.new(
|
22282
|
+
:name,
|
22283
|
+
:description,
|
22284
|
+
:configuration_policy,
|
22285
|
+
:tags)
|
22286
|
+
SENSITIVE = []
|
22287
|
+
include Aws::Structure
|
22288
|
+
end
|
22289
|
+
|
22290
|
+
# @!attribute [rw] arn
|
22291
|
+
# The Amazon Resource Name (ARN) of the configuration policy.
|
22292
|
+
# @return [String]
|
22293
|
+
#
|
22294
|
+
# @!attribute [rw] id
|
22295
|
+
# The universally unique identifier (UUID) of the configuration
|
22296
|
+
# policy.
|
22297
|
+
# @return [String]
|
22298
|
+
#
|
22299
|
+
# @!attribute [rw] name
|
22300
|
+
# The name of the configuration policy.
|
22301
|
+
# @return [String]
|
22302
|
+
#
|
22303
|
+
# @!attribute [rw] description
|
22304
|
+
# The description of the configuration policy.
|
22305
|
+
# @return [String]
|
22306
|
+
#
|
22307
|
+
# @!attribute [rw] updated_at
|
22308
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22309
|
+
# configuration policy was last updated.
|
22310
|
+
# @return [Time]
|
22311
|
+
#
|
22312
|
+
# @!attribute [rw] created_at
|
22313
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
22314
|
+
# configuration policy was created.
|
22315
|
+
# @return [Time]
|
22316
|
+
#
|
22317
|
+
# @!attribute [rw] configuration_policy
|
22318
|
+
# An object that defines how Security Hub is configured. It includes
|
22319
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
22320
|
+
# security standards, a list of enabled or disabled security controls,
|
22321
|
+
# and a list of custom parameter values for specified controls. If the
|
22322
|
+
# request included a list of security controls that are enabled in the
|
22323
|
+
# configuration policy, Security Hub disables all other controls
|
22324
|
+
# (including newly released controls). If the request included a list
|
22325
|
+
# of security controls that are disabled in the configuration policy,
|
22326
|
+
# Security Hub enables all other controls (including newly released
|
22327
|
+
# controls).
|
22328
|
+
# @return [Types::Policy]
|
22329
|
+
#
|
22330
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyResponse AWS API Documentation
|
22331
|
+
#
|
22332
|
+
class CreateConfigurationPolicyResponse < Struct.new(
|
22333
|
+
:arn,
|
22334
|
+
:id,
|
22335
|
+
:name,
|
22336
|
+
:description,
|
22337
|
+
:updated_at,
|
22338
|
+
:created_at,
|
22339
|
+
:configuration_policy)
|
22340
|
+
SENSITIVE = []
|
22341
|
+
include Aws::Structure
|
22342
|
+
end
|
22343
|
+
|
22013
22344
|
# @!attribute [rw] region_linking_mode
|
22014
22345
|
# Indicates whether to aggregate findings from all of the available
|
22015
22346
|
# Regions in the current partition. Also determines whether to
|
@@ -22372,6 +22703,23 @@ module Aws::SecurityHub
|
|
22372
22703
|
include Aws::Structure
|
22373
22704
|
end
|
22374
22705
|
|
22706
|
+
# @!attribute [rw] identifier
|
22707
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
22708
|
+
# (UUID) of the configuration policy.
|
22709
|
+
# @return [String]
|
22710
|
+
#
|
22711
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyRequest AWS API Documentation
|
22712
|
+
#
|
22713
|
+
class DeleteConfigurationPolicyRequest < Struct.new(
|
22714
|
+
:identifier)
|
22715
|
+
SENSITIVE = []
|
22716
|
+
include Aws::Structure
|
22717
|
+
end
|
22718
|
+
|
22719
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyResponse AWS API Documentation
|
22720
|
+
#
|
22721
|
+
class DeleteConfigurationPolicyResponse < Aws::EmptyStructure; end
|
22722
|
+
|
22375
22723
|
# @!attribute [rw] finding_aggregator_arn
|
22376
22724
|
# The ARN of the finding aggregator to delete. To obtain the ARN, use
|
22377
22725
|
# `ListFindingAggregators`.
|
@@ -22578,11 +22926,19 @@ module Aws::SecurityHub
|
|
22578
22926
|
class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
|
22579
22927
|
|
22580
22928
|
# @!attribute [rw] auto_enable
|
22581
|
-
# Whether to automatically enable Security Hub
|
22582
|
-
# organization.
|
22583
|
-
#
|
22584
|
-
# If set to `true`, then Security Hub is enabled
|
22585
|
-
# set to false
|
22929
|
+
# Whether to automatically enable Security Hub in new member accounts
|
22930
|
+
# when they join the organization.
|
22931
|
+
#
|
22932
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
22933
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
22934
|
+
# accounts automatically. The default value is `false`.
|
22935
|
+
#
|
22936
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
22937
|
+
# then this field is set to `false` and can't be changed in the home
|
22938
|
+
# Region and linked Regions. However, in that case, the delegated
|
22939
|
+
# administrator can create a configuration policy in which Security
|
22940
|
+
# Hub is enabled and associate the policy with new organization
|
22941
|
+
# accounts.
|
22586
22942
|
# @return [Boolean]
|
22587
22943
|
#
|
22588
22944
|
# @!attribute [rw] member_account_limit_reached
|
@@ -22592,26 +22948,37 @@ module Aws::SecurityHub
|
|
22592
22948
|
#
|
22593
22949
|
# @!attribute [rw] auto_enable_standards
|
22594
22950
|
# Whether to automatically enable Security Hub [default standards][1]
|
22595
|
-
#
|
22596
|
-
#
|
22597
|
-
# The default value of this parameter is equal to `DEFAULT`.
|
22951
|
+
# in new member accounts when they join the organization.
|
22598
22952
|
#
|
22599
22953
|
# If equal to `DEFAULT`, then Security Hub default standards are
|
22600
22954
|
# automatically enabled for new member accounts. If equal to `NONE`,
|
22601
22955
|
# then default standards are not automatically enabled for new member
|
22602
|
-
# accounts.
|
22956
|
+
# accounts. The default value of this parameter is equal to `DEFAULT`.
|
22957
|
+
#
|
22958
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
22959
|
+
# then this field is set to `NONE` and can't be changed in the home
|
22960
|
+
# Region and linked Regions. However, in that case, the delegated
|
22961
|
+
# administrator can create a configuration policy in which specific
|
22962
|
+
# security standards are enabled and associate the policy with new
|
22963
|
+
# organization accounts.
|
22603
22964
|
#
|
22604
22965
|
#
|
22605
22966
|
#
|
22606
22967
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
22607
22968
|
# @return [String]
|
22608
22969
|
#
|
22970
|
+
# @!attribute [rw] organization_configuration
|
22971
|
+
# Provides information about the way an organization is configured in
|
22972
|
+
# Security Hub.
|
22973
|
+
# @return [Types::OrganizationConfiguration]
|
22974
|
+
#
|
22609
22975
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
|
22610
22976
|
#
|
22611
22977
|
class DescribeOrganizationConfigurationResponse < Struct.new(
|
22612
22978
|
:auto_enable,
|
22613
22979
|
:member_account_limit_reached,
|
22614
|
-
:auto_enable_standards
|
22980
|
+
:auto_enable_standards,
|
22981
|
+
:organization_configuration)
|
22615
22982
|
SENSITIVE = []
|
22616
22983
|
include Aws::Structure
|
22617
22984
|
end
|
@@ -23430,6 +23797,133 @@ module Aws::SecurityHub
|
|
23430
23797
|
include Aws::Structure
|
23431
23798
|
end
|
23432
23799
|
|
23800
|
+
# @!attribute [rw] target
|
23801
|
+
# The target account ID, organizational unit ID, or the root ID to
|
23802
|
+
# retrieve the association for.
|
23803
|
+
# @return [Types::Target]
|
23804
|
+
#
|
23805
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationRequest AWS API Documentation
|
23806
|
+
#
|
23807
|
+
class GetConfigurationPolicyAssociationRequest < Struct.new(
|
23808
|
+
:target)
|
23809
|
+
SENSITIVE = []
|
23810
|
+
include Aws::Structure
|
23811
|
+
end
|
23812
|
+
|
23813
|
+
# @!attribute [rw] configuration_policy_id
|
23814
|
+
# The universally unique identifier (UUID) of a configuration policy.
|
23815
|
+
# For self-managed behavior, the value is `SELF_MANAGED_SECURITY_HUB`.
|
23816
|
+
# @return [String]
|
23817
|
+
#
|
23818
|
+
# @!attribute [rw] target_id
|
23819
|
+
# The target account ID, organizational unit ID, or the root ID for
|
23820
|
+
# which the association is retrieved.
|
23821
|
+
# @return [String]
|
23822
|
+
#
|
23823
|
+
# @!attribute [rw] target_type
|
23824
|
+
# Specifies whether the target is an Amazon Web Services account,
|
23825
|
+
# organizational unit, or the organization root.
|
23826
|
+
# @return [String]
|
23827
|
+
#
|
23828
|
+
# @!attribute [rw] association_type
|
23829
|
+
# Indicates whether the association between the specified target and
|
23830
|
+
# the configuration was directly applied by the Security Hub delegated
|
23831
|
+
# administrator or inherited from a parent.
|
23832
|
+
# @return [String]
|
23833
|
+
#
|
23834
|
+
# @!attribute [rw] updated_at
|
23835
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23836
|
+
# configuration policy association was last updated.
|
23837
|
+
# @return [Time]
|
23838
|
+
#
|
23839
|
+
# @!attribute [rw] association_status
|
23840
|
+
# The current status of the association between the specified target
|
23841
|
+
# and the configuration.
|
23842
|
+
# @return [String]
|
23843
|
+
#
|
23844
|
+
# @!attribute [rw] association_status_message
|
23845
|
+
# The explanation for a `FAILED` value for `AssociationStatus`.
|
23846
|
+
# @return [String]
|
23847
|
+
#
|
23848
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationResponse AWS API Documentation
|
23849
|
+
#
|
23850
|
+
class GetConfigurationPolicyAssociationResponse < Struct.new(
|
23851
|
+
:configuration_policy_id,
|
23852
|
+
:target_id,
|
23853
|
+
:target_type,
|
23854
|
+
:association_type,
|
23855
|
+
:updated_at,
|
23856
|
+
:association_status,
|
23857
|
+
:association_status_message)
|
23858
|
+
SENSITIVE = []
|
23859
|
+
include Aws::Structure
|
23860
|
+
end
|
23861
|
+
|
23862
|
+
# @!attribute [rw] identifier
|
23863
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
23864
|
+
# (UUID) of the configuration policy.
|
23865
|
+
# @return [String]
|
23866
|
+
#
|
23867
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyRequest AWS API Documentation
|
23868
|
+
#
|
23869
|
+
class GetConfigurationPolicyRequest < Struct.new(
|
23870
|
+
:identifier)
|
23871
|
+
SENSITIVE = []
|
23872
|
+
include Aws::Structure
|
23873
|
+
end
|
23874
|
+
|
23875
|
+
# @!attribute [rw] arn
|
23876
|
+
# The ARN of the configuration policy.
|
23877
|
+
# @return [String]
|
23878
|
+
#
|
23879
|
+
# @!attribute [rw] id
|
23880
|
+
# The UUID of the configuration policy.
|
23881
|
+
# @return [String]
|
23882
|
+
#
|
23883
|
+
# @!attribute [rw] name
|
23884
|
+
# The name of the configuration policy.
|
23885
|
+
# @return [String]
|
23886
|
+
#
|
23887
|
+
# @!attribute [rw] description
|
23888
|
+
# The description of the configuration policy.
|
23889
|
+
# @return [String]
|
23890
|
+
#
|
23891
|
+
# @!attribute [rw] updated_at
|
23892
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23893
|
+
# configuration policy was last updated.
|
23894
|
+
# @return [Time]
|
23895
|
+
#
|
23896
|
+
# @!attribute [rw] created_at
|
23897
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
23898
|
+
# configuration policy was created.
|
23899
|
+
# @return [Time]
|
23900
|
+
#
|
23901
|
+
# @!attribute [rw] configuration_policy
|
23902
|
+
# An object that defines how Security Hub is configured. It includes
|
23903
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
23904
|
+
# security standards, a list of enabled or disabled security controls,
|
23905
|
+
# and a list of custom parameter values for specified controls. If the
|
23906
|
+
# policy includes a list of security controls that are enabled,
|
23907
|
+
# Security Hub disables all other controls (including newly released
|
23908
|
+
# controls). If the policy includes a list of security controls that
|
23909
|
+
# are disabled, Security Hub enables all other controls (including
|
23910
|
+
# newly released controls).
|
23911
|
+
# @return [Types::Policy]
|
23912
|
+
#
|
23913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyResponse AWS API Documentation
|
23914
|
+
#
|
23915
|
+
class GetConfigurationPolicyResponse < Struct.new(
|
23916
|
+
:arn,
|
23917
|
+
:id,
|
23918
|
+
:name,
|
23919
|
+
:description,
|
23920
|
+
:updated_at,
|
23921
|
+
:created_at,
|
23922
|
+
:configuration_policy)
|
23923
|
+
SENSITIVE = []
|
23924
|
+
include Aws::Structure
|
23925
|
+
end
|
23926
|
+
|
23433
23927
|
# @!attribute [rw] standards_subscription_arns
|
23434
23928
|
# The list of the standards subscription ARNs for the standards to
|
23435
23929
|
# retrieve.
|
@@ -24299,6 +24793,117 @@ module Aws::SecurityHub
|
|
24299
24793
|
include Aws::Structure
|
24300
24794
|
end
|
24301
24795
|
|
24796
|
+
# @!attribute [rw] next_token
|
24797
|
+
# The NextToken value that's returned from a previous paginated
|
24798
|
+
# `ListConfigurationPolicies` request where `MaxResults` was used but
|
24799
|
+
# the results exceeded the value of that parameter. Pagination
|
24800
|
+
# continues from the `MaxResults` was used but the results exceeded
|
24801
|
+
# the value of that parameter. Pagination continues from the end of
|
24802
|
+
# the previous response that returned the `NextToken` value. This
|
24803
|
+
# value is `null` when there are no more results to return.
|
24804
|
+
# @return [String]
|
24805
|
+
#
|
24806
|
+
# @!attribute [rw] max_results
|
24807
|
+
# The maximum number of results that's returned by
|
24808
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
24809
|
+
# parameter is used, `ListConfigurationPolicies` returns the specified
|
24810
|
+
# number of results in a single page and a `NextToken` response
|
24811
|
+
# element. You can see the remaining results of the initial request by
|
24812
|
+
# sending another `ListConfigurationPolicies` request with the
|
24813
|
+
# returned `NextToken` value. A valid range for `MaxResults` is
|
24814
|
+
# between 1 and 100.
|
24815
|
+
# @return [Integer]
|
24816
|
+
#
|
24817
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesRequest AWS API Documentation
|
24818
|
+
#
|
24819
|
+
class ListConfigurationPoliciesRequest < Struct.new(
|
24820
|
+
:next_token,
|
24821
|
+
:max_results)
|
24822
|
+
SENSITIVE = []
|
24823
|
+
include Aws::Structure
|
24824
|
+
end
|
24825
|
+
|
24826
|
+
# @!attribute [rw] configuration_policy_summaries
|
24827
|
+
# Provides metadata for each of your configuration policies.
|
24828
|
+
# @return [Array<Types::ConfigurationPolicySummary>]
|
24829
|
+
#
|
24830
|
+
# @!attribute [rw] next_token
|
24831
|
+
# The `NextToken` value to include in the next
|
24832
|
+
# `ListConfigurationPolicies` request. When the results of a
|
24833
|
+
# `ListConfigurationPolicies` request exceed `MaxResults`, this value
|
24834
|
+
# can be used to retrieve the next page of results. This value is
|
24835
|
+
# `null` when there are no more results to return.
|
24836
|
+
# @return [String]
|
24837
|
+
#
|
24838
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesResponse AWS API Documentation
|
24839
|
+
#
|
24840
|
+
class ListConfigurationPoliciesResponse < Struct.new(
|
24841
|
+
:configuration_policy_summaries,
|
24842
|
+
:next_token)
|
24843
|
+
SENSITIVE = []
|
24844
|
+
include Aws::Structure
|
24845
|
+
end
|
24846
|
+
|
24847
|
+
# @!attribute [rw] next_token
|
24848
|
+
# The `NextToken` value that's returned from a previous paginated
|
24849
|
+
# `ListConfigurationPolicyAssociations` request where `MaxResults` was
|
24850
|
+
# used but the results exceeded the value of that parameter.
|
24851
|
+
# Pagination continues from the end of the previous response that
|
24852
|
+
# returned the `NextToken` value. This value is `null` when there are
|
24853
|
+
# no more results to return.
|
24854
|
+
# @return [String]
|
24855
|
+
#
|
24856
|
+
# @!attribute [rw] max_results
|
24857
|
+
# The maximum number of results that's returned by
|
24858
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
24859
|
+
# parameter is used, `ListConfigurationPolicyAssociations` returns the
|
24860
|
+
# specified number of results in a single page and a `NextToken`
|
24861
|
+
# response element. You can see the remaining results of the initial
|
24862
|
+
# request by sending another `ListConfigurationPolicyAssociations`
|
24863
|
+
# request with the returned `NextToken` value. A valid range for
|
24864
|
+
# `MaxResults` is between 1 and 100.
|
24865
|
+
# @return [Integer]
|
24866
|
+
#
|
24867
|
+
# @!attribute [rw] filters
|
24868
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
24869
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
24870
|
+
# universally unique identifier (UUID) of a configuration,
|
24871
|
+
# `AssociationType`, or `AssociationStatus`.
|
24872
|
+
# @return [Types::AssociationFilters]
|
24873
|
+
#
|
24874
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsRequest AWS API Documentation
|
24875
|
+
#
|
24876
|
+
class ListConfigurationPolicyAssociationsRequest < Struct.new(
|
24877
|
+
:next_token,
|
24878
|
+
:max_results,
|
24879
|
+
:filters)
|
24880
|
+
SENSITIVE = []
|
24881
|
+
include Aws::Structure
|
24882
|
+
end
|
24883
|
+
|
24884
|
+
# @!attribute [rw] configuration_policy_association_summaries
|
24885
|
+
# An object that contains the details of each configuration policy
|
24886
|
+
# association that’s returned in a
|
24887
|
+
# `ListConfigurationPolicyAssociations` request.
|
24888
|
+
# @return [Array<Types::ConfigurationPolicyAssociationSummary>]
|
24889
|
+
#
|
24890
|
+
# @!attribute [rw] next_token
|
24891
|
+
# The `NextToken` value to include in the next
|
24892
|
+
# `ListConfigurationPolicyAssociations` request. When the results of a
|
24893
|
+
# `ListConfigurationPolicyAssociations` request exceed `MaxResults`,
|
24894
|
+
# this value can be used to retrieve the next page of results. This
|
24895
|
+
# value is `null` when there are no more results to return.
|
24896
|
+
# @return [String]
|
24897
|
+
#
|
24898
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsResponse AWS API Documentation
|
24899
|
+
#
|
24900
|
+
class ListConfigurationPolicyAssociationsResponse < Struct.new(
|
24901
|
+
:configuration_policy_association_summaries,
|
24902
|
+
:next_token)
|
24903
|
+
SENSITIVE = []
|
24904
|
+
include Aws::Structure
|
24905
|
+
end
|
24906
|
+
|
24302
24907
|
# @!attribute [rw] next_token
|
24303
24908
|
# The token that is required for pagination. On your first call to the
|
24304
24909
|
# `ListEnabledProductsForImport` operation, set the value of this
|
@@ -25177,6 +25782,53 @@ module Aws::SecurityHub
|
|
25177
25782
|
include Aws::Structure
|
25178
25783
|
end
|
25179
25784
|
|
25785
|
+
# Provides information about the way an organization is configured in
|
25786
|
+
# Security Hub.
|
25787
|
+
#
|
25788
|
+
# @!attribute [rw] configuration_type
|
25789
|
+
# Indicates whether the organization uses local or central
|
25790
|
+
# configuration.
|
25791
|
+
#
|
25792
|
+
# If you use local configuration, the Security Hub delegated
|
25793
|
+
# administrator can set `AutoEnable` to `true` and
|
25794
|
+
# `AutoEnableStandards` to `DEFAULT`. This automatically enables
|
25795
|
+
# Security Hub and default security standards in new organization
|
25796
|
+
# accounts. These new account settings must be set separately in each
|
25797
|
+
# Amazon Web Services Region, and settings may be different in each
|
25798
|
+
# Region.
|
25799
|
+
#
|
25800
|
+
# If you use central configuration, the delegated administrator can
|
25801
|
+
# create configuration policies. Configuration policies can be used to
|
25802
|
+
# configure Security Hub, security standards, and security controls in
|
25803
|
+
# multiple accounts and Regions. If you want new organization accounts
|
25804
|
+
# to use a specific configuration, you can create a configuration
|
25805
|
+
# policy and associate it with the root or specific organizational
|
25806
|
+
# units (OUs). New accounts will inherit the policy from the root or
|
25807
|
+
# their assigned OU.
|
25808
|
+
# @return [String]
|
25809
|
+
#
|
25810
|
+
# @!attribute [rw] status
|
25811
|
+
# Describes whether central configuration could be enabled as the
|
25812
|
+
# `ConfigurationType` for the organization. If your
|
25813
|
+
# `ConfigurationType` is local configuration, then the value of
|
25814
|
+
# `Status` is always `ENABLED`.
|
25815
|
+
# @return [String]
|
25816
|
+
#
|
25817
|
+
# @!attribute [rw] status_message
|
25818
|
+
# Provides an explanation if the value of `Status` is equal to
|
25819
|
+
# `FAILED` when `ConfigurationType` is equal to `CENTRAL`.
|
25820
|
+
# @return [String]
|
25821
|
+
#
|
25822
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/OrganizationConfiguration AWS API Documentation
|
25823
|
+
#
|
25824
|
+
class OrganizationConfiguration < Struct.new(
|
25825
|
+
:configuration_type,
|
25826
|
+
:status,
|
25827
|
+
:status_message)
|
25828
|
+
SENSITIVE = []
|
25829
|
+
include Aws::Structure
|
25830
|
+
end
|
25831
|
+
|
25180
25832
|
# An occurrence of sensitive data in an Adobe Portable Document Format
|
25181
25833
|
# (PDF) file.
|
25182
25834
|
#
|
@@ -25404,6 +26056,37 @@ module Aws::SecurityHub
|
|
25404
26056
|
include Aws::Structure
|
25405
26057
|
end
|
25406
26058
|
|
26059
|
+
# An object that defines how Security Hub is configured. It includes
|
26060
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
26061
|
+
# security standards, a list of enabled or disabled security controls,
|
26062
|
+
# and a list of custom parameter values for specified controls. If you
|
26063
|
+
# provide a list of security controls that are enabled in the
|
26064
|
+
# configuration policy, Security Hub disables all other controls
|
26065
|
+
# (including newly released controls). If you provide a list of security
|
26066
|
+
# controls that are disabled in the configuration policy, Security Hub
|
26067
|
+
# enables all other controls (including newly released controls).
|
26068
|
+
#
|
26069
|
+
# @note Policy is a union - when making an API calls you must set exactly one of the members.
|
26070
|
+
#
|
26071
|
+
# @note Policy is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Policy corresponding to the set member.
|
26072
|
+
#
|
26073
|
+
# @!attribute [rw] security_hub
|
26074
|
+
# The Amazon Web Service that the configuration policy applies to.
|
26075
|
+
# @return [Types::SecurityHubPolicy]
|
26076
|
+
#
|
26077
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Policy AWS API Documentation
|
26078
|
+
#
|
26079
|
+
class Policy < Struct.new(
|
26080
|
+
:security_hub,
|
26081
|
+
:unknown)
|
26082
|
+
SENSITIVE = []
|
26083
|
+
include Aws::Structure
|
26084
|
+
include Aws::Structure::Union
|
26085
|
+
|
26086
|
+
class SecurityHub < Policy; end
|
26087
|
+
class Unknown < Policy; end
|
26088
|
+
end
|
26089
|
+
|
25407
26090
|
# Provided if `ActionType` is `PORT_PROBE`. It provides details about
|
25408
26091
|
# the attempted port probe that was detected.
|
25409
26092
|
#
|
@@ -25788,6 +26471,15 @@ module Aws::SecurityHub
|
|
25788
26471
|
# Additional details about the resource related to a finding.
|
25789
26472
|
# @return [Types::ResourceDetails]
|
25790
26473
|
#
|
26474
|
+
# @!attribute [rw] application_name
|
26475
|
+
# The name of the application that is related to a finding.
|
26476
|
+
# @return [String]
|
26477
|
+
#
|
26478
|
+
# @!attribute [rw] application_arn
|
26479
|
+
# The Amazon Resource Name (ARN) of the application that is related to
|
26480
|
+
# a finding.
|
26481
|
+
# @return [String]
|
26482
|
+
#
|
25791
26483
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Resource AWS API Documentation
|
25792
26484
|
#
|
25793
26485
|
class Resource < Struct.new(
|
@@ -25798,7 +26490,9 @@ module Aws::SecurityHub
|
|
25798
26490
|
:resource_role,
|
25799
26491
|
:tags,
|
25800
26492
|
:data_classification,
|
25801
|
-
:details
|
26493
|
+
:details,
|
26494
|
+
:application_name,
|
26495
|
+
:application_arn)
|
25802
26496
|
SENSITIVE = []
|
25803
26497
|
include Aws::Structure
|
25804
26498
|
end
|
@@ -27057,6 +27751,27 @@ module Aws::SecurityHub
|
|
27057
27751
|
include Aws::Structure
|
27058
27752
|
end
|
27059
27753
|
|
27754
|
+
# A list of security controls and control parameter values that are
|
27755
|
+
# included in a configuration policy.
|
27756
|
+
#
|
27757
|
+
# @!attribute [rw] security_control_id
|
27758
|
+
# The ID of the security control.
|
27759
|
+
# @return [String]
|
27760
|
+
#
|
27761
|
+
# @!attribute [rw] parameters
|
27762
|
+
# An object that specifies parameter values for a control in a
|
27763
|
+
# configuration policy.
|
27764
|
+
# @return [Hash<String,Types::ParameterConfiguration>]
|
27765
|
+
#
|
27766
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlCustomParameter AWS API Documentation
|
27767
|
+
#
|
27768
|
+
class SecurityControlCustomParameter < Struct.new(
|
27769
|
+
:security_control_id,
|
27770
|
+
:parameters)
|
27771
|
+
SENSITIVE = []
|
27772
|
+
include Aws::Structure
|
27773
|
+
end
|
27774
|
+
|
27060
27775
|
# Provides metadata for a security control, including its unique
|
27061
27776
|
# standard-agnostic identifier, title, description, severity,
|
27062
27777
|
# availability in Amazon Web Services Regions, and a link to remediation
|
@@ -27149,6 +27864,73 @@ module Aws::SecurityHub
|
|
27149
27864
|
include Aws::Structure
|
27150
27865
|
end
|
27151
27866
|
|
27867
|
+
# An object that defines which security controls are enabled in an
|
27868
|
+
# Security Hub configuration policy. The enablement status of a control
|
27869
|
+
# is aligned across all of the enabled standards in an account.
|
27870
|
+
#
|
27871
|
+
# @!attribute [rw] enabled_security_control_identifiers
|
27872
|
+
# A list of security controls that are enabled in the configuration
|
27873
|
+
# policy. Security Hub disables all other controls (including newly
|
27874
|
+
# released controls) other than the listed controls.
|
27875
|
+
# @return [Array<String>]
|
27876
|
+
#
|
27877
|
+
# @!attribute [rw] disabled_security_control_identifiers
|
27878
|
+
# A list of security controls that are disabled in the configuration
|
27879
|
+
# policy. Security Hub enables all other controls (including newly
|
27880
|
+
# released controls) other than the listed controls.
|
27881
|
+
# @return [Array<String>]
|
27882
|
+
#
|
27883
|
+
# @!attribute [rw] security_control_custom_parameters
|
27884
|
+
# A list of security controls and control parameter values that are
|
27885
|
+
# included in a configuration policy.
|
27886
|
+
# @return [Array<Types::SecurityControlCustomParameter>]
|
27887
|
+
#
|
27888
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlsConfiguration AWS API Documentation
|
27889
|
+
#
|
27890
|
+
class SecurityControlsConfiguration < Struct.new(
|
27891
|
+
:enabled_security_control_identifiers,
|
27892
|
+
:disabled_security_control_identifiers,
|
27893
|
+
:security_control_custom_parameters)
|
27894
|
+
SENSITIVE = []
|
27895
|
+
include Aws::Structure
|
27896
|
+
end
|
27897
|
+
|
27898
|
+
# An object that defines how Security Hub is configured. The
|
27899
|
+
# configuration policy includes whether Security Hub is enabled or
|
27900
|
+
# disabled, a list of enabled security standards, a list of enabled or
|
27901
|
+
# disabled security controls, and a list of custom parameter values for
|
27902
|
+
# specified controls. If you provide a list of security controls that
|
27903
|
+
# are enabled in the configuration policy, Security Hub disables all
|
27904
|
+
# other controls (including newly released controls). If you provide a
|
27905
|
+
# list of security controls that are disabled in the configuration
|
27906
|
+
# policy, Security Hub enables all other controls (including newly
|
27907
|
+
# released controls).
|
27908
|
+
#
|
27909
|
+
# @!attribute [rw] service_enabled
|
27910
|
+
# Indicates whether Security Hub is enabled in the policy.
|
27911
|
+
# @return [Boolean]
|
27912
|
+
#
|
27913
|
+
# @!attribute [rw] enabled_standard_identifiers
|
27914
|
+
# A list that defines which security standards are enabled in the
|
27915
|
+
# configuration policy.
|
27916
|
+
# @return [Array<String>]
|
27917
|
+
#
|
27918
|
+
# @!attribute [rw] security_controls_configuration
|
27919
|
+
# An object that defines which security controls are enabled in the
|
27920
|
+
# configuration policy. The enablement status of a control is aligned
|
27921
|
+
# across all of the enabled standards in an account.
|
27922
|
+
# @return [Types::SecurityControlsConfiguration]
|
27923
|
+
#
|
27924
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityHubPolicy AWS API Documentation
|
27925
|
+
#
|
27926
|
+
class SecurityHubPolicy < Struct.new(
|
27927
|
+
:service_enabled,
|
27928
|
+
:enabled_standard_identifiers,
|
27929
|
+
:security_controls_configuration)
|
27930
|
+
SENSITIVE = []
|
27931
|
+
include Aws::Structure
|
27932
|
+
end
|
27933
|
+
|
27152
27934
|
# The list of detected instances of sensitive data.
|
27153
27935
|
#
|
27154
27936
|
# @!attribute [rw] count
|
@@ -27666,7 +28448,7 @@ module Aws::SecurityHub
|
|
27666
28448
|
# @return [Time]
|
27667
28449
|
#
|
27668
28450
|
# @!attribute [rw] updated_reason
|
27669
|
-
# The reason for updating
|
28451
|
+
# The reason for updating a control's enablement status in a
|
27670
28452
|
# specified standard.
|
27671
28453
|
# @return [String]
|
27672
28454
|
#
|
@@ -27839,6 +28621,96 @@ module Aws::SecurityHub
|
|
27839
28621
|
include Aws::Structure
|
27840
28622
|
end
|
27841
28623
|
|
28624
|
+
# @!attribute [rw] configuration_policy_identifier
|
28625
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
28626
|
+
# (UUID) of the configuration policy.
|
28627
|
+
# @return [String]
|
28628
|
+
#
|
28629
|
+
# @!attribute [rw] target
|
28630
|
+
# The identifier of the target account, organizational unit, or the
|
28631
|
+
# root to associate with the specified configuration.
|
28632
|
+
# @return [Types::Target]
|
28633
|
+
#
|
28634
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationRequest AWS API Documentation
|
28635
|
+
#
|
28636
|
+
class StartConfigurationPolicyAssociationRequest < Struct.new(
|
28637
|
+
:configuration_policy_identifier,
|
28638
|
+
:target)
|
28639
|
+
SENSITIVE = []
|
28640
|
+
include Aws::Structure
|
28641
|
+
end
|
28642
|
+
|
28643
|
+
# @!attribute [rw] configuration_policy_id
|
28644
|
+
# The UUID of the configuration policy.
|
28645
|
+
# @return [String]
|
28646
|
+
#
|
28647
|
+
# @!attribute [rw] target_id
|
28648
|
+
# The identifier of the target account, organizational unit, or the
|
28649
|
+
# organization root with which the configuration is associated.
|
28650
|
+
# @return [String]
|
28651
|
+
#
|
28652
|
+
# @!attribute [rw] target_type
|
28653
|
+
# Indicates whether the target is an Amazon Web Services account,
|
28654
|
+
# organizational unit, or the organization root.
|
28655
|
+
# @return [String]
|
28656
|
+
#
|
28657
|
+
# @!attribute [rw] association_type
|
28658
|
+
# Indicates whether the association between the specified target and
|
28659
|
+
# the configuration was directly applied by the Security Hub delegated
|
28660
|
+
# administrator or inherited from a parent.
|
28661
|
+
# @return [String]
|
28662
|
+
#
|
28663
|
+
# @!attribute [rw] updated_at
|
28664
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
28665
|
+
# configuration policy association was last updated.
|
28666
|
+
# @return [Time]
|
28667
|
+
#
|
28668
|
+
# @!attribute [rw] association_status
|
28669
|
+
# The current status of the association between the specified target
|
28670
|
+
# and the configuration.
|
28671
|
+
# @return [String]
|
28672
|
+
#
|
28673
|
+
# @!attribute [rw] association_status_message
|
28674
|
+
# An explanation for a `FAILED` value for `AssociationStatus`.
|
28675
|
+
# @return [String]
|
28676
|
+
#
|
28677
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationResponse AWS API Documentation
|
28678
|
+
#
|
28679
|
+
class StartConfigurationPolicyAssociationResponse < Struct.new(
|
28680
|
+
:configuration_policy_id,
|
28681
|
+
:target_id,
|
28682
|
+
:target_type,
|
28683
|
+
:association_type,
|
28684
|
+
:updated_at,
|
28685
|
+
:association_status,
|
28686
|
+
:association_status_message)
|
28687
|
+
SENSITIVE = []
|
28688
|
+
include Aws::Structure
|
28689
|
+
end
|
28690
|
+
|
28691
|
+
# @!attribute [rw] target
|
28692
|
+
# The identifier of the target account, organizational unit, or the
|
28693
|
+
# root to disassociate from the specified configuration.
|
28694
|
+
# @return [Types::Target]
|
28695
|
+
#
|
28696
|
+
# @!attribute [rw] configuration_policy_identifier
|
28697
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
28698
|
+
# (UUID) of the configuration policy.
|
28699
|
+
# @return [String]
|
28700
|
+
#
|
28701
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationRequest AWS API Documentation
|
28702
|
+
#
|
28703
|
+
class StartConfigurationPolicyDisassociationRequest < Struct.new(
|
28704
|
+
:target,
|
28705
|
+
:configuration_policy_identifier)
|
28706
|
+
SENSITIVE = []
|
28707
|
+
include Aws::Structure
|
28708
|
+
end
|
28709
|
+
|
28710
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationResponse AWS API Documentation
|
28711
|
+
#
|
28712
|
+
class StartConfigurationPolicyDisassociationResponse < Aws::EmptyStructure; end
|
28713
|
+
|
27842
28714
|
# The definition of a custom action that can be used for stateless
|
27843
28715
|
# packet handling.
|
27844
28716
|
#
|
@@ -28097,6 +28969,43 @@ module Aws::SecurityHub
|
|
28097
28969
|
#
|
28098
28970
|
class TagResourceResponse < Aws::EmptyStructure; end
|
28099
28971
|
|
28972
|
+
# The target account, organizational unit, or the root that is
|
28973
|
+
# associated with an Security Hub configuration. The configuration can
|
28974
|
+
# be a configuration policy or self-managed behavior.
|
28975
|
+
#
|
28976
|
+
# @note Target is a union - when making an API calls you must set exactly one of the members.
|
28977
|
+
#
|
28978
|
+
# @note Target is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Target corresponding to the set member.
|
28979
|
+
#
|
28980
|
+
# @!attribute [rw] account_id
|
28981
|
+
# The Amazon Web Services account ID of the target account.
|
28982
|
+
# @return [String]
|
28983
|
+
#
|
28984
|
+
# @!attribute [rw] organizational_unit_id
|
28985
|
+
# The organizational unit ID of the target organizational unit.
|
28986
|
+
# @return [String]
|
28987
|
+
#
|
28988
|
+
# @!attribute [rw] root_id
|
28989
|
+
# The ID of the organization root.
|
28990
|
+
# @return [String]
|
28991
|
+
#
|
28992
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Target AWS API Documentation
|
28993
|
+
#
|
28994
|
+
class Target < Struct.new(
|
28995
|
+
:account_id,
|
28996
|
+
:organizational_unit_id,
|
28997
|
+
:root_id,
|
28998
|
+
:unknown)
|
28999
|
+
SENSITIVE = []
|
29000
|
+
include Aws::Structure
|
29001
|
+
include Aws::Structure::Union
|
29002
|
+
|
29003
|
+
class AccountId < Target; end
|
29004
|
+
class OrganizationalUnitId < Target; end
|
29005
|
+
class RootId < Target; end
|
29006
|
+
class Unknown < Target; end
|
29007
|
+
end
|
29008
|
+
|
28100
29009
|
# Provides information about the threat detected in a security finding
|
28101
29010
|
# and the file paths that were affected by the threat.
|
28102
29011
|
#
|
@@ -28205,6 +29114,37 @@ module Aws::SecurityHub
|
|
28205
29114
|
include Aws::Structure
|
28206
29115
|
end
|
28207
29116
|
|
29117
|
+
# An array of configuration policy associations, one for each
|
29118
|
+
# configuration policy association identifier, that was specified in a
|
29119
|
+
# `BatchGetConfigurationPolicyAssociations` request but couldn’t be
|
29120
|
+
# processed due to an error.
|
29121
|
+
#
|
29122
|
+
# @!attribute [rw] configuration_policy_association_identifiers
|
29123
|
+
# Configuration policy association identifiers that were specified in
|
29124
|
+
# a `BatchGetConfigurationPolicyAssociations` request but couldn’t be
|
29125
|
+
# processed due to an error.
|
29126
|
+
# @return [Types::ConfigurationPolicyAssociation]
|
29127
|
+
#
|
29128
|
+
# @!attribute [rw] error_code
|
29129
|
+
# An HTTP status code that identifies why the configuration policy
|
29130
|
+
# association failed.
|
29131
|
+
# @return [String]
|
29132
|
+
#
|
29133
|
+
# @!attribute [rw] error_reason
|
29134
|
+
# A string that identifies why the configuration policy association
|
29135
|
+
# failed.
|
29136
|
+
# @return [String]
|
29137
|
+
#
|
29138
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedConfigurationPolicyAssociation AWS API Documentation
|
29139
|
+
#
|
29140
|
+
class UnprocessedConfigurationPolicyAssociation < Struct.new(
|
29141
|
+
:configuration_policy_association_identifiers,
|
29142
|
+
:error_code,
|
29143
|
+
:error_reason)
|
29144
|
+
SENSITIVE = []
|
29145
|
+
include Aws::Structure
|
29146
|
+
end
|
29147
|
+
|
28208
29148
|
# Provides details about a security control for which a response
|
28209
29149
|
# couldn't be returned.
|
28210
29150
|
#
|
@@ -28427,6 +29367,106 @@ module Aws::SecurityHub
|
|
28427
29367
|
include Aws::Structure
|
28428
29368
|
end
|
28429
29369
|
|
29370
|
+
# @!attribute [rw] identifier
|
29371
|
+
# The Amazon Resource Name (ARN) or universally unique identifier
|
29372
|
+
# (UUID) of the configuration policy.
|
29373
|
+
# @return [String]
|
29374
|
+
#
|
29375
|
+
# @!attribute [rw] name
|
29376
|
+
# The name of the configuration policy.
|
29377
|
+
# @return [String]
|
29378
|
+
#
|
29379
|
+
# @!attribute [rw] description
|
29380
|
+
# The description of the configuration policy.
|
29381
|
+
# @return [String]
|
29382
|
+
#
|
29383
|
+
# @!attribute [rw] updated_reason
|
29384
|
+
# The reason for updating the configuration policy.
|
29385
|
+
# @return [String]
|
29386
|
+
#
|
29387
|
+
# @!attribute [rw] configuration_policy
|
29388
|
+
# An object that defines how Security Hub is configured. It includes
|
29389
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
29390
|
+
# security standards, a list of enabled or disabled security controls,
|
29391
|
+
# and a list of custom parameter values for specified controls. If you
|
29392
|
+
# provide a list of security controls that are enabled in the
|
29393
|
+
# configuration policy, Security Hub disables all other controls
|
29394
|
+
# (including newly released controls). If you provide a list of
|
29395
|
+
# security controls that are disabled in the configuration policy,
|
29396
|
+
# Security Hub enables all other controls (including newly released
|
29397
|
+
# controls).
|
29398
|
+
#
|
29399
|
+
# When updating a configuration policy, provide a complete list of
|
29400
|
+
# standards that you want to enable and a complete list of controls
|
29401
|
+
# that you want to enable or disable. The updated configuration
|
29402
|
+
# replaces the current configuration.
|
29403
|
+
# @return [Types::Policy]
|
29404
|
+
#
|
29405
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyRequest AWS API Documentation
|
29406
|
+
#
|
29407
|
+
class UpdateConfigurationPolicyRequest < Struct.new(
|
29408
|
+
:identifier,
|
29409
|
+
:name,
|
29410
|
+
:description,
|
29411
|
+
:updated_reason,
|
29412
|
+
:configuration_policy)
|
29413
|
+
SENSITIVE = []
|
29414
|
+
include Aws::Structure
|
29415
|
+
end
|
29416
|
+
|
29417
|
+
# @!attribute [rw] arn
|
29418
|
+
# The ARN of the configuration policy.
|
29419
|
+
# @return [String]
|
29420
|
+
#
|
29421
|
+
# @!attribute [rw] id
|
29422
|
+
# The UUID of the configuration policy.
|
29423
|
+
# @return [String]
|
29424
|
+
#
|
29425
|
+
# @!attribute [rw] name
|
29426
|
+
# The name of the configuration policy.
|
29427
|
+
# @return [String]
|
29428
|
+
#
|
29429
|
+
# @!attribute [rw] description
|
29430
|
+
# The description of the configuration policy.
|
29431
|
+
# @return [String]
|
29432
|
+
#
|
29433
|
+
# @!attribute [rw] updated_at
|
29434
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
29435
|
+
# configuration policy was last updated.
|
29436
|
+
# @return [Time]
|
29437
|
+
#
|
29438
|
+
# @!attribute [rw] created_at
|
29439
|
+
# The date and time, in UTC and ISO 8601 format, that the
|
29440
|
+
# configuration policy was created.
|
29441
|
+
# @return [Time]
|
29442
|
+
#
|
29443
|
+
# @!attribute [rw] configuration_policy
|
29444
|
+
# An object that defines how Security Hub is configured. It includes
|
29445
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
29446
|
+
# security standards, a list of enabled or disabled security controls,
|
29447
|
+
# and a list of custom parameter values for specified controls. If the
|
29448
|
+
# request included a list of security controls that are enabled in the
|
29449
|
+
# configuration policy, Security Hub disables all other controls
|
29450
|
+
# (including newly released controls). If the request included a list
|
29451
|
+
# of security controls that are disabled in the configuration policy,
|
29452
|
+
# Security Hub enables all other controls (including newly released
|
29453
|
+
# controls).
|
29454
|
+
# @return [Types::Policy]
|
29455
|
+
#
|
29456
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyResponse AWS API Documentation
|
29457
|
+
#
|
29458
|
+
class UpdateConfigurationPolicyResponse < Struct.new(
|
29459
|
+
:arn,
|
29460
|
+
:id,
|
29461
|
+
:name,
|
29462
|
+
:description,
|
29463
|
+
:updated_at,
|
29464
|
+
:created_at,
|
29465
|
+
:configuration_policy)
|
29466
|
+
SENSITIVE = []
|
29467
|
+
include Aws::Structure
|
29468
|
+
end
|
29469
|
+
|
28430
29470
|
# @!attribute [rw] finding_aggregator_arn
|
28431
29471
|
# The ARN of the finding aggregator. To obtain the ARN, use
|
28432
29472
|
# `ListFindingAggregators`.
|
@@ -28567,37 +29607,55 @@ module Aws::SecurityHub
|
|
28567
29607
|
class UpdateInsightResponse < Aws::EmptyStructure; end
|
28568
29608
|
|
28569
29609
|
# @!attribute [rw] auto_enable
|
28570
|
-
# Whether to automatically enable Security Hub
|
28571
|
-
# organization.
|
28572
|
-
#
|
28573
|
-
#
|
28574
|
-
#
|
28575
|
-
#
|
28576
|
-
#
|
28577
|
-
# `
|
29610
|
+
# Whether to automatically enable Security Hub in new member accounts
|
29611
|
+
# when they join the organization.
|
29612
|
+
#
|
29613
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
29614
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
29615
|
+
# accounts automatically. The default value is `false`.
|
29616
|
+
#
|
29617
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
29618
|
+
# then this field is set to `false` and can't be changed in the home
|
29619
|
+
# Region and linked Regions. However, in that case, the delegated
|
29620
|
+
# administrator can create a configuration policy in which Security
|
29621
|
+
# Hub is enabled and associate the policy with new organization
|
29622
|
+
# accounts.
|
28578
29623
|
# @return [Boolean]
|
28579
29624
|
#
|
28580
29625
|
# @!attribute [rw] auto_enable_standards
|
28581
29626
|
# Whether to automatically enable Security Hub [default standards][1]
|
28582
|
-
#
|
29627
|
+
# in new member accounts when they join the organization.
|
28583
29628
|
#
|
28584
|
-
#
|
28585
|
-
# accounts are automatically enabled with default Security Hub
|
28586
|
-
# standards.
|
29629
|
+
# The default value of this parameter is equal to `DEFAULT`.
|
28587
29630
|
#
|
28588
|
-
#
|
28589
|
-
#
|
29631
|
+
# If equal to `DEFAULT`, then Security Hub default standards are
|
29632
|
+
# automatically enabled for new member accounts. If equal to `NONE`,
|
29633
|
+
# then default standards are not automatically enabled for new member
|
29634
|
+
# accounts.
|
29635
|
+
#
|
29636
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
29637
|
+
# then this field is set to `NONE` and can't be changed in the home
|
29638
|
+
# Region and linked Regions. However, in that case, the delegated
|
29639
|
+
# administrator can create a configuration policy in which specific
|
29640
|
+
# security standards are enabled and associate the policy with new
|
29641
|
+
# organization accounts.
|
28590
29642
|
#
|
28591
29643
|
#
|
28592
29644
|
#
|
28593
29645
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
28594
29646
|
# @return [String]
|
28595
29647
|
#
|
29648
|
+
# @!attribute [rw] organization_configuration
|
29649
|
+
# Provides information about the way an organization is configured in
|
29650
|
+
# Security Hub.
|
29651
|
+
# @return [Types::OrganizationConfiguration]
|
29652
|
+
#
|
28596
29653
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
|
28597
29654
|
#
|
28598
29655
|
class UpdateOrganizationConfigurationRequest < Struct.new(
|
28599
29656
|
:auto_enable,
|
28600
|
-
:auto_enable_standards
|
29657
|
+
:auto_enable_standards,
|
29658
|
+
:organization_configuration)
|
28601
29659
|
SENSITIVE = []
|
28602
29660
|
include Aws::Structure
|
28603
29661
|
end
|