aws-sdk-securityhub 1.19.0 → 1.21.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +5 -5
  2. data/lib/aws-sdk-securityhub.rb +7 -4
  3. data/lib/aws-sdk-securityhub/client.rb +131 -12
  4. data/lib/aws-sdk-securityhub/client_api.rb +39 -2
  5. data/lib/aws-sdk-securityhub/errors.rb +29 -7
  6. data/lib/aws-sdk-securityhub/resource.rb +7 -0
  7. data/lib/aws-sdk-securityhub/types.rb +378 -10
  8. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 8123d830053ce4ae388751581ca42f81b0c16862
4
- data.tar.gz: 697f9a9a1e0b65bc836f253320d6ec7acead78d7
2
+ SHA256:
3
+ metadata.gz: 98d21ee5c0112ce618c87220b808944527e13cc4bc6d624d930c98cb104ed50a
4
+ data.tar.gz: 4bafb1029f1146dd3253fb81f5ddf2b49943696b7757fde1819dad80efab9edd
5
5
  SHA512:
6
- metadata.gz: 5c9793f9a927033fca58dbaf26814f966b368a2210e32c6b02447011e34b18bcf347a9207025fc736b49416cc809e7cb667f6e2adb5637d200cd8ffea8e13f5a
7
- data.tar.gz: 06a9b115b410bdbdf891757846ba8e9d5ed987e6adef35f2036fa2fc833aa0770638fa506598ae3d91f9003c11a8e82efa9fc780a6b1feb389279dde630f3e4a
6
+ metadata.gz: 3f391b929675091bda7240694cc33404f1f318234822307a1f88b6415f5bcc684d6a98e8a38f9917b85c9c644d2486e8417681b65b0e286254994b4e7a356f29
7
+ data.tar.gz: 734d17159522d2bbffd21fe9e2b5a4f391af6f493ac86af225da9e2bb65b69563b5ad2a5e19171fb3cb5bfe14afc73db9ea88dc87609161b9aef8884715ad208
data/lib/aws-sdk-securityhub.rb CHANGED
@@ -24,17 +24,20 @@ require_relative 'aws-sdk-securityhub/customizations'
24
24
  # methods each accept a hash of request parameters and return a response
25
25
  # structure.
26
26
  #
27
+ # security_hub = Aws::SecurityHub::Client.new
28
+ # resp = security_hub.accept_invitation(params)
29
+ #
27
30
  # See {Client} for more information.
28
31
  #
29
32
  # # Errors
30
33
  #
31
- # Errors returned from AWS SecurityHub all
32
- # extend {Errors::ServiceError}.
34
+ # Errors returned from AWS SecurityHub are defined in the
35
+ # {Errors} module and all extend {Errors::ServiceError}.
33
36
  #
34
37
  # begin
35
38
  # # do stuff
36
39
  # rescue Aws::SecurityHub::Errors::ServiceError
37
- # # rescues all service API errors
40
+ # # rescues all AWS SecurityHub API errors
38
41
  # end
39
42
  #
40
43
  # See {Errors} for more information.
@@ -42,6 +45,6 @@ require_relative 'aws-sdk-securityhub/customizations'
42
45
  # @service
43
46
  module Aws::SecurityHub
44
47
 
45
- GEM_VERSION = '1.19.0'
48
+ GEM_VERSION = '1.21.0'
46
49
 
47
50
  end
data/lib/aws-sdk-securityhub/client.rb CHANGED
@@ -30,6 +30,18 @@ require 'aws-sdk-core/plugins/protocols/rest_json.rb'
30
30
  Aws::Plugins::GlobalConfiguration.add_identifier(:securityhub)
31
31
 
32
32
  module Aws::SecurityHub
33
+ # An API client for SecurityHub. To construct a client, you need to configure a `:region` and `:credentials`.
34
+ #
35
+ # client = Aws::SecurityHub::Client.new(
36
+ # region: region_name,
37
+ # credentials: credentials,
38
+ # # ...
39
+ # )
40
+ #
41
+ # For details on configuring region and credentials see
42
+ # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
43
+ #
44
+ # See {#initialize} for a full list of supported configuration options.
33
45
  class Client < Seahorse::Client::Base
34
46
 
35
47
  include Aws::ClientStubs
@@ -108,6 +120,12 @@ module Aws::SecurityHub
108
120
  # When set to `true`, a thread polling for endpoints will be running in
109
121
  # the background every 60 secs (default). Defaults to `false`.
110
122
  #
123
+ # @option options [Boolean] :adaptive_retry_wait_to_fill (true)
124
+ # Used only in `adaptive` retry mode. When true, the request will sleep
125
+ # until there is sufficent client side capacity to retry the request.
126
+ # When false, the request will raise a `RetryCapacityNotAvailableError` and will
127
+ # not retry instead of sleeping.
128
+ #
111
129
  # @option options [Boolean] :client_side_monitoring (false)
112
130
  # When `true`, client-side metrics will be collected for all API requests from
113
131
  # this client.
@@ -132,6 +150,10 @@ module Aws::SecurityHub
132
150
  # When `true`, an attempt is made to coerce request parameters into
133
151
  # the required types.
134
152
  #
153
+ # @option options [Boolean] :correct_clock_skew (true)
154
+ # Used only in `standard` and adaptive retry modes. Specifies whether to apply
155
+ # a clock skew correction and retry requests with skewed client clocks.
156
+ #
135
157
  # @option options [Boolean] :disable_host_prefix_injection (false)
136
158
  # Set to true to disable SDK automatically adding host prefix
137
159
  # to default service endpoint when available.
@@ -166,15 +188,29 @@ module Aws::SecurityHub
166
188
  # The Logger instance to send log messages to. If this option
167
189
  # is not set, logging will be disabled.
168
190
  #
191
+ # @option options [Integer] :max_attempts (3)
192
+ # An integer representing the maximum number attempts that will be made for
193
+ # a single request, including the initial attempt. For example,
194
+ # setting this value to 5 will result in a request being retried up to
195
+ # 4 times. Used in `standard` and `adaptive` retry modes.
196
+ #
169
197
  # @option options [String] :profile ("default")
170
198
  # Used when loading credentials from the shared credentials file
171
199
  # at HOME/.aws/credentials. When not specified, 'default' is used.
172
200
  #
201
+ # @option options [Proc] :retry_backoff
202
+ # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
203
+ # This option is only used in the `legacy` retry mode.
204
+ #
173
205
  # @option options [Float] :retry_base_delay (0.3)
174
- # The base delay in seconds used by the default backoff function.
206
+ # The base delay in seconds used by the default backoff function. This option
207
+ # is only used in the `legacy` retry mode.
175
208
  #
176
209
  # @option options [Symbol] :retry_jitter (:none)
177
- # A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
210
+ # A delay randomiser function used by the default backoff function.
211
+ # Some predefined functions can be referenced by name - :none, :equal, :full,
212
+ # otherwise a Proc that takes and returns a number. This option is only used
213
+ # in the `legacy` retry mode.
178
214
  #
179
215
  # @see https://www.awsarchitectureblog.com/2015/03/backoff.html
180
216
  #
@@ -182,11 +218,30 @@ module Aws::SecurityHub
182
218
  # The maximum number of times to retry failed requests. Only
183
219
  # ~ 500 level server errors and certain ~ 400 level client errors
184
220
  # are retried. Generally, these are throttling errors, data
185
- # checksum errors, networking errors, timeout errors and auth
186
- # errors from expired credentials.
221
+ # checksum errors, networking errors, timeout errors, auth errors,
222
+ # endpoint discovery, and errors from expired credentials.
223
+ # This option is only used in the `legacy` retry mode.
187
224
  #
188
225
  # @option options [Integer] :retry_max_delay (0)
189
- # The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
226
+ # The maximum number of seconds to delay between retries (0 for no limit)
227
+ # used by the default backoff function. This option is only used in the
228
+ # `legacy` retry mode.
229
+ #
230
+ # @option options [String] :retry_mode ("legacy")
231
+ # Specifies which retry algorithm to use. Values are:
232
+ #
233
+ # * `legacy` - The pre-existing retry behavior. This is default value if
234
+ # no retry mode is provided.
235
+ #
236
+ # * `standard` - A standardized set of retry rules across the AWS SDKs.
237
+ # This includes support for retry quotas, which limit the number of
238
+ # unsuccessful retries a client can make.
239
+ #
240
+ # * `adaptive` - An experimental retry mode that includes all the
241
+ # functionality of `standard` mode along with automatic client side
242
+ # throttling. This is a provisional mode that may change behavior
243
+ # in the future.
244
+ #
190
245
  #
191
246
  # @option options [String] :secret_access_key
192
247
  #
@@ -209,16 +264,16 @@ module Aws::SecurityHub
209
264
  # requests through. Formatted like 'http://proxy.com:123'.
210
265
  #
211
266
  # @option options [Float] :http_open_timeout (15) The number of
212
- # seconds to wait when opening a HTTP session before rasing a
267
+ # seconds to wait when opening a HTTP session before raising a
213
268
  # `Timeout::Error`.
214
269
  #
215
270
  # @option options [Integer] :http_read_timeout (60) The default
216
271
  # number of seconds to wait for response data. This value can
217
272
  # safely be set
218
- # per-request on the session yeidled by {#session_for}.
273
+ # per-request on the session yielded by {#session_for}.
219
274
  #
220
275
  # @option options [Float] :http_idle_timeout (5) The number of
221
- # seconds a connection is allowed to sit idble before it is
276
+ # seconds a connection is allowed to sit idle before it is
222
277
  # considered stale. Stale connections are closed and removed
223
278
  # from the pool before making a request.
224
279
  #
@@ -227,7 +282,7 @@ module Aws::SecurityHub
227
282
  # request body. This option has no effect unless the request has
228
283
  # "Expect" header set to "100-continue". Defaults to `nil` which
229
284
  # disables this behaviour. This value can safely be set per
230
- # request on the session yeidled by {#session_for}.
285
+ # request on the session yielded by {#session_for}.
231
286
  #
232
287
  # @option options [Boolean] :http_wire_trace (false) When `true`,
233
288
  # HTTP debug output will be sent to the `:logger`.
@@ -415,7 +470,8 @@ module Aws::SecurityHub
415
470
  # updated_at: "NonEmptyString", # required
416
471
  # severity: { # required
417
472
  # product: 1.0,
418
- # normalized: 1, # required
473
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
474
+ # normalized: 1,
419
475
  # },
420
476
  # confidence: 1,
421
477
  # criticality: 1,
@@ -680,6 +736,25 @@ module Aws::SecurityHub
680
736
  # aws_s3_bucket: {
681
737
  # owner_id: "NonEmptyString",
682
738
  # owner_name: "NonEmptyString",
739
+ # created_at: "NonEmptyString",
740
+ # server_side_encryption_configuration: {
741
+ # rules: [
742
+ # {
743
+ # apply_server_side_encryption_by_default: {
744
+ # sse_algorithm: "NonEmptyString",
745
+ # kms_master_key_id: "NonEmptyString",
746
+ # },
747
+ # },
748
+ # ],
749
+ # },
750
+ # },
751
+ # aws_s3_object: {
752
+ # last_modified: "NonEmptyString",
753
+ # etag: "NonEmptyString",
754
+ # version_id: "NonEmptyString",
755
+ # content_type: "NonEmptyString",
756
+ # server_side_encryption: "NonEmptyString",
757
+ # ssekms_key_id: "NonEmptyString",
683
758
  # },
684
759
  # aws_iam_access_key: {
685
760
  # user_name: "NonEmptyString",
@@ -850,6 +925,9 @@ module Aws::SecurityHub
850
925
  # },
851
926
  # verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
852
927
  # workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
928
+ # workflow: {
929
+ # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
930
+ # },
853
931
  # record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
854
932
  # related_findings: [
855
933
  # {
@@ -1453,6 +1531,12 @@ module Aws::SecurityHub
1453
1531
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
1454
1532
  # },
1455
1533
  # ],
1534
+ # workflow_status: [
1535
+ # {
1536
+ # value: "NonEmptyString",
1537
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
1538
+ # },
1539
+ # ],
1456
1540
  # record_state: [
1457
1541
  # {
1458
1542
  # value: "NonEmptyString",
@@ -2707,6 +2791,12 @@ module Aws::SecurityHub
2707
2791
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
2708
2792
  # },
2709
2793
  # ],
2794
+ # workflow_status: [
2795
+ # {
2796
+ # value: "NonEmptyString",
2797
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
2798
+ # },
2799
+ # ],
2710
2800
  # record_state: [
2711
2801
  # {
2712
2802
  # value: "NonEmptyString",
@@ -2778,6 +2868,7 @@ module Aws::SecurityHub
2778
2868
  # resp.findings[0].created_at #=> String
2779
2869
  # resp.findings[0].updated_at #=> String
2780
2870
  # resp.findings[0].severity.product #=> Float
2871
+ # resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
2781
2872
  # resp.findings[0].severity.normalized #=> Integer
2782
2873
  # resp.findings[0].confidence #=> Integer
2783
2874
  # resp.findings[0].criticality #=> Integer
@@ -2952,6 +3043,16 @@ module Aws::SecurityHub
2952
3043
  # resp.findings[0].resources[0].details.aws_elasticsearch_domain.vpc_options.vpc_id #=> String
2953
3044
  # resp.findings[0].resources[0].details.aws_s3_bucket.owner_id #=> String
2954
3045
  # resp.findings[0].resources[0].details.aws_s3_bucket.owner_name #=> String
3046
+ # resp.findings[0].resources[0].details.aws_s3_bucket.created_at #=> String
3047
+ # resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules #=> Array
3048
+ # resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.sse_algorithm #=> String
3049
+ # resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.kms_master_key_id #=> String
3050
+ # resp.findings[0].resources[0].details.aws_s3_object.last_modified #=> String
3051
+ # resp.findings[0].resources[0].details.aws_s3_object.etag #=> String
3052
+ # resp.findings[0].resources[0].details.aws_s3_object.version_id #=> String
3053
+ # resp.findings[0].resources[0].details.aws_s3_object.content_type #=> String
3054
+ # resp.findings[0].resources[0].details.aws_s3_object.server_side_encryption #=> String
3055
+ # resp.findings[0].resources[0].details.aws_s3_object.ssekms_key_id #=> String
2955
3056
  # resp.findings[0].resources[0].details.aws_iam_access_key.user_name #=> String
2956
3057
  # resp.findings[0].resources[0].details.aws_iam_access_key.status #=> String, one of "Active", "Inactive"
2957
3058
  # resp.findings[0].resources[0].details.aws_iam_access_key.created_at #=> String
@@ -3062,6 +3163,7 @@ module Aws::SecurityHub
3062
3163
  # resp.findings[0].compliance.related_requirements[0] #=> String
3063
3164
  # resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
3064
3165
  # resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
3166
+ # resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
3065
3167
  # resp.findings[0].record_state #=> String, one of "ACTIVE", "ARCHIVED"
3066
3168
  # resp.findings[0].related_findings #=> Array
3067
3169
  # resp.findings[0].related_findings[0].product_arn #=> String
@@ -3116,7 +3218,9 @@ module Aws::SecurityHub
3116
3218
  # Lists and describes insights for the specified insight ARNs.
3117
3219
  #
3118
3220
  # @option params [Array<String>] :insight_arns
3119
- # The ARNs of the insights to describe.
3221
+ # The ARNs of the insights to describe. If you do not provide any
3222
+ # insight ARNs, then `GetInsights` returns all of your custom insights.
3223
+ # It does not return any managed insights.
3120
3224
  #
3121
3225
  # @option params [String] :next_token
3122
3226
  # The token that is required for pagination. On your first call to the
@@ -3401,6 +3505,9 @@ module Aws::SecurityHub
3401
3505
  # resp.insights[0].filters.workflow_state #=> Array
3402
3506
  # resp.insights[0].filters.workflow_state[0].value #=> String
3403
3507
  # resp.insights[0].filters.workflow_state[0].comparison #=> String, one of "EQUALS", "PREFIX"
3508
+ # resp.insights[0].filters.workflow_status #=> Array
3509
+ # resp.insights[0].filters.workflow_status[0].value #=> String
3510
+ # resp.insights[0].filters.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX"
3404
3511
  # resp.insights[0].filters.record_state #=> Array
3405
3512
  # resp.insights[0].filters.record_state[0].value #=> String
3406
3513
  # resp.insights[0].filters.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX"
@@ -4341,6 +4448,12 @@ module Aws::SecurityHub
4341
4448
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
4342
4449
  # },
4343
4450
  # ],
4451
+ # workflow_status: [
4452
+ # {
4453
+ # value: "NonEmptyString",
4454
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
4455
+ # },
4456
+ # ],
4344
4457
  # record_state: [
4345
4458
  # {
4346
4459
  # value: "NonEmptyString",
@@ -4928,6 +5041,12 @@ module Aws::SecurityHub
4928
5041
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
4929
5042
  # },
4930
5043
  # ],
5044
+ # workflow_status: [
5045
+ # {
5046
+ # value: "NonEmptyString",
5047
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
5048
+ # },
5049
+ # ],
4931
5050
  # record_state: [
4932
5051
  # {
4933
5052
  # value: "NonEmptyString",
@@ -5031,7 +5150,7 @@ module Aws::SecurityHub
5031
5150
  params: params,
5032
5151
  config: config)
5033
5152
  context[:gem_name] = 'aws-sdk-securityhub'
5034
- context[:gem_version] = '1.19.0'
5153
+ context[:gem_version] = '1.21.0'
5035
5154
  Seahorse::Client::Request.new(handlers, context)
5036
5155
  end
5037
5156
 
data/lib/aws-sdk-securityhub/client_api.rb CHANGED
@@ -78,6 +78,11 @@ module Aws::SecurityHub
78
78
  AwsRdsDbInstanceVpcSecurityGroup = Shapes::StructureShape.new(name: 'AwsRdsDbInstanceVpcSecurityGroup')
79
79
  AwsRdsDbInstanceVpcSecurityGroups = Shapes::ListShape.new(name: 'AwsRdsDbInstanceVpcSecurityGroups')
80
80
  AwsS3BucketDetails = Shapes::StructureShape.new(name: 'AwsS3BucketDetails')
81
+ AwsS3BucketServerSideEncryptionByDefault = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionByDefault')
82
+ AwsS3BucketServerSideEncryptionConfiguration = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionConfiguration')
83
+ AwsS3BucketServerSideEncryptionRule = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionRule')
84
+ AwsS3BucketServerSideEncryptionRules = Shapes::ListShape.new(name: 'AwsS3BucketServerSideEncryptionRules')
85
+ AwsS3ObjectDetails = Shapes::StructureShape.new(name: 'AwsS3ObjectDetails')
81
86
  AwsSecurityFinding = Shapes::StructureShape.new(name: 'AwsSecurityFinding')
82
87
  AwsSecurityFindingFilters = Shapes::StructureShape.new(name: 'AwsSecurityFindingFilters')
83
88
  AwsSecurityFindingList = Shapes::ListShape.new(name: 'AwsSecurityFindingList')
@@ -229,6 +234,7 @@ module Aws::SecurityHub
229
234
  ResultList = Shapes::ListShape.new(name: 'ResultList')
230
235
  SecurityGroups = Shapes::ListShape.new(name: 'SecurityGroups')
231
236
  Severity = Shapes::StructureShape.new(name: 'Severity')
237
+ SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
232
238
  SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
233
239
  SortCriteria = Shapes::ListShape.new(name: 'SortCriteria')
234
240
  SortCriterion = Shapes::StructureShape.new(name: 'SortCriterion')
@@ -275,7 +281,9 @@ module Aws::SecurityHub
275
281
  WafExcludedRule = Shapes::StructureShape.new(name: 'WafExcludedRule')
276
282
  WafExcludedRuleList = Shapes::ListShape.new(name: 'WafExcludedRuleList')
277
283
  WafOverrideAction = Shapes::StructureShape.new(name: 'WafOverrideAction')
284
+ Workflow = Shapes::StructureShape.new(name: 'Workflow')
278
285
  WorkflowState = Shapes::StringShape.new(name: 'WorkflowState')
286
+ WorkflowStatus = Shapes::StringShape.new(name: 'WorkflowStatus')
279
287
 
280
288
  AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "MasterId"))
281
289
  AcceptInvitationRequest.add_member(:invitation_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InvitationId"))
@@ -602,8 +610,30 @@ module Aws::SecurityHub
602
610
 
603
611
  AwsS3BucketDetails.add_member(:owner_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "OwnerId"))
604
612
  AwsS3BucketDetails.add_member(:owner_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "OwnerName"))
613
+ AwsS3BucketDetails.add_member(:created_at, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "CreatedAt"))
614
+ AwsS3BucketDetails.add_member(:server_side_encryption_configuration, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionConfiguration, location_name: "ServerSideEncryptionConfiguration"))
605
615
  AwsS3BucketDetails.struct_class = Types::AwsS3BucketDetails
606
616
 
617
+ AwsS3BucketServerSideEncryptionByDefault.add_member(:sse_algorithm, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SSEAlgorithm"))
618
+ AwsS3BucketServerSideEncryptionByDefault.add_member(:kms_master_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KMSMasterKeyID"))
619
+ AwsS3BucketServerSideEncryptionByDefault.struct_class = Types::AwsS3BucketServerSideEncryptionByDefault
620
+
621
+ AwsS3BucketServerSideEncryptionConfiguration.add_member(:rules, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionRules, location_name: "Rules"))
622
+ AwsS3BucketServerSideEncryptionConfiguration.struct_class = Types::AwsS3BucketServerSideEncryptionConfiguration
623
+
624
+ AwsS3BucketServerSideEncryptionRule.add_member(:apply_server_side_encryption_by_default, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionByDefault, location_name: "ApplyServerSideEncryptionByDefault"))
625
+ AwsS3BucketServerSideEncryptionRule.struct_class = Types::AwsS3BucketServerSideEncryptionRule
626
+
627
+ AwsS3BucketServerSideEncryptionRules.member = Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionRule)
628
+
629
+ AwsS3ObjectDetails.add_member(:last_modified, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "LastModified"))
630
+ AwsS3ObjectDetails.add_member(:etag, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ETag"))
631
+ AwsS3ObjectDetails.add_member(:version_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "VersionId"))
632
+ AwsS3ObjectDetails.add_member(:content_type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ContentType"))
633
+ AwsS3ObjectDetails.add_member(:server_side_encryption, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ServerSideEncryption"))
634
+ AwsS3ObjectDetails.add_member(:ssekms_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SSEKMSKeyId"))
635
+ AwsS3ObjectDetails.struct_class = Types::AwsS3ObjectDetails
636
+
607
637
  AwsSecurityFinding.add_member(:schema_version, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "SchemaVersion"))
608
638
  AwsSecurityFinding.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
609
639
  AwsSecurityFinding.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ProductArn"))
@@ -630,7 +660,8 @@ module Aws::SecurityHub
630
660
  AwsSecurityFinding.add_member(:resources, Shapes::ShapeRef.new(shape: ResourceList, required: true, location_name: "Resources"))
631
661
  AwsSecurityFinding.add_member(:compliance, Shapes::ShapeRef.new(shape: Compliance, location_name: "Compliance"))
632
662
  AwsSecurityFinding.add_member(:verification_state, Shapes::ShapeRef.new(shape: VerificationState, location_name: "VerificationState"))
633
- AwsSecurityFinding.add_member(:workflow_state, Shapes::ShapeRef.new(shape: WorkflowState, location_name: "WorkflowState"))
663
+ AwsSecurityFinding.add_member(:workflow_state, Shapes::ShapeRef.new(shape: WorkflowState, deprecated: true, location_name: "WorkflowState"))
664
+ AwsSecurityFinding.add_member(:workflow, Shapes::ShapeRef.new(shape: Workflow, location_name: "Workflow"))
634
665
  AwsSecurityFinding.add_member(:record_state, Shapes::ShapeRef.new(shape: RecordState, location_name: "RecordState"))
635
666
  AwsSecurityFinding.add_member(:related_findings, Shapes::ShapeRef.new(shape: RelatedFindingList, location_name: "RelatedFindings"))
636
667
  AwsSecurityFinding.add_member(:note, Shapes::ShapeRef.new(shape: Note, location_name: "Note"))
@@ -712,6 +743,7 @@ module Aws::SecurityHub
712
743
  AwsSecurityFindingFilters.add_member(:compliance_status, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ComplianceStatus"))
713
744
  AwsSecurityFindingFilters.add_member(:verification_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "VerificationState"))
714
745
  AwsSecurityFindingFilters.add_member(:workflow_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "WorkflowState"))
746
+ AwsSecurityFindingFilters.add_member(:workflow_status, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "WorkflowStatus"))
715
747
  AwsSecurityFindingFilters.add_member(:record_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RecordState"))
716
748
  AwsSecurityFindingFilters.add_member(:related_findings_product_arn, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RelatedFindingsProductArn"))
717
749
  AwsSecurityFindingFilters.add_member(:related_findings_id, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RelatedFindingsId"))
@@ -1193,6 +1225,7 @@ module Aws::SecurityHub
1193
1225
  ResourceDetails.add_member(:aws_elbv_2_load_balancer, Shapes::ShapeRef.new(shape: AwsElbv2LoadBalancerDetails, location_name: "AwsElbv2LoadBalancer"))
1194
1226
  ResourceDetails.add_member(:aws_elasticsearch_domain, Shapes::ShapeRef.new(shape: AwsElasticsearchDomainDetails, location_name: "AwsElasticsearchDomain"))
1195
1227
  ResourceDetails.add_member(:aws_s3_bucket, Shapes::ShapeRef.new(shape: AwsS3BucketDetails, location_name: "AwsS3Bucket"))
1228
+ ResourceDetails.add_member(:aws_s3_object, Shapes::ShapeRef.new(shape: AwsS3ObjectDetails, location_name: "AwsS3Object"))
1196
1229
  ResourceDetails.add_member(:aws_iam_access_key, Shapes::ShapeRef.new(shape: AwsIamAccessKeyDetails, location_name: "AwsIamAccessKey"))
1197
1230
  ResourceDetails.add_member(:aws_iam_role, Shapes::ShapeRef.new(shape: AwsIamRoleDetails, location_name: "AwsIamRole"))
1198
1231
  ResourceDetails.add_member(:aws_kms_key, Shapes::ShapeRef.new(shape: AwsKmsKeyDetails, location_name: "AwsKmsKey"))
@@ -1221,7 +1254,8 @@ module Aws::SecurityHub
1221
1254
  SecurityGroups.member = Shapes::ShapeRef.new(shape: NonEmptyString)
1222
1255
 
1223
1256
  Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
1224
- Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "Normalized"))
1257
+ Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
1258
+ Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
1225
1259
  Severity.struct_class = Types::Severity
1226
1260
 
1227
1261
  SortCriteria.member = Shapes::ShapeRef.new(shape: SortCriterion)
@@ -1347,6 +1381,9 @@ module Aws::SecurityHub
1347
1381
  WafOverrideAction.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
1348
1382
  WafOverrideAction.struct_class = Types::WafOverrideAction
1349
1383
 
1384
+ Workflow.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
1385
+ Workflow.struct_class = Types::Workflow
1386
+
1350
1387
 
1351
1388
  # @api private
1352
1389
  API = Seahorse::Model::Api.new.tap do |api|
data/lib/aws-sdk-securityhub/errors.rb CHANGED
@@ -6,6 +6,35 @@
6
6
  # WARNING ABOUT GENERATED CODE
7
7
 
8
8
  module Aws::SecurityHub
9
+
10
+ # When SecurityHub returns an error response, the Ruby SDK constructs and raises an error.
11
+ # These errors all extend Aws::SecurityHub::Errors::ServiceError < {Aws::Errors::ServiceError}
12
+ #
13
+ # You can rescue all SecurityHub errors using ServiceError:
14
+ #
15
+ # begin
16
+ # # do stuff
17
+ # rescue Aws::SecurityHub::Errors::ServiceError
18
+ # # rescues all SecurityHub API errors
19
+ # end
20
+ #
21
+ #
22
+ # ## Request Context
23
+ # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
24
+ # information about the request that generated the error.
25
+ # See {Seahorse::Client::RequestContext} for more information.
26
+ #
27
+ # ## Error Classes
28
+ # * {AccessDeniedException}
29
+ # * {InternalException}
30
+ # * {InvalidAccessException}
31
+ # * {InvalidInputException}
32
+ # * {LimitExceededException}
33
+ # * {ResourceConflictException}
34
+ # * {ResourceNotFoundException}
35
+ #
36
+ # Additionally, error classes are dynamically generated for service errors based on the error code
37
+ # if they are not defined above.
9
38
  module Errors
10
39
 
11
40
  extend Aws::Errors::DynamicErrors
@@ -28,7 +57,6 @@ module Aws::SecurityHub
28
57
  def code
29
58
  @code || @data[:code]
30
59
  end
31
-
32
60
  end
33
61
 
34
62
  class InternalException < ServiceError
@@ -49,7 +77,6 @@ module Aws::SecurityHub
49
77
  def code
50
78
  @code || @data[:code]
51
79
  end
52
-
53
80
  end
54
81
 
55
82
  class InvalidAccessException < ServiceError
@@ -70,7 +97,6 @@ module Aws::SecurityHub
70
97
  def code
71
98
  @code || @data[:code]
72
99
  end
73
-
74
100
  end
75
101
 
76
102
  class InvalidInputException < ServiceError
@@ -91,7 +117,6 @@ module Aws::SecurityHub
91
117
  def code
92
118
  @code || @data[:code]
93
119
  end
94
-
95
120
  end
96
121
 
97
122
  class LimitExceededException < ServiceError
@@ -112,7 +137,6 @@ module Aws::SecurityHub
112
137
  def code
113
138
  @code || @data[:code]
114
139
  end
115
-
116
140
  end
117
141
 
118
142
  class ResourceConflictException < ServiceError
@@ -133,7 +157,6 @@ module Aws::SecurityHub
133
157
  def code
134
158
  @code || @data[:code]
135
159
  end
136
-
137
160
  end
138
161
 
139
162
  class ResourceNotFoundException < ServiceError
@@ -154,7 +177,6 @@ module Aws::SecurityHub
154
177
  def code
155
178
  @code || @data[:code]
156
179
  end
157
-
158
180
  end
159
181
 
160
182
  end
data/lib/aws-sdk-securityhub/resource.rb CHANGED
@@ -6,6 +6,13 @@
6
6
  # WARNING ABOUT GENERATED CODE
7
7
 
8
8
  module Aws::SecurityHub
9
+ # This class provides a resource oriented interface for SecurityHub.
10
+ # To create a resource object:
11
+ # resource = Aws::SecurityHub::Resource.new(region: 'us-west-2')
12
+ # You can supply a client object with custom configuration that will be used for all resource operations.
13
+ # If you do not pass +:client+, a default client will be constructed.
14
+ # client = Aws::SecurityHub::Client.new(region: 'us-west-2')
15
+ # resource = Aws::SecurityHub::Resource.new(client: client)
9
16
  class Resource
10
17
 
11
18
  # @param options ({})
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -2311,6 +2311,17 @@ module Aws::SecurityHub
2311
2311
  # {
2312
2312
  # owner_id: "NonEmptyString",
2313
2313
  # owner_name: "NonEmptyString",
2314
+ # created_at: "NonEmptyString",
2315
+ # server_side_encryption_configuration: {
2316
+ # rules: [
2317
+ # {
2318
+ # apply_server_side_encryption_by_default: {
2319
+ # sse_algorithm: "NonEmptyString",
2320
+ # kms_master_key_id: "NonEmptyString",
2321
+ # },
2322
+ # },
2323
+ # ],
2324
+ # },
2314
2325
  # }
2315
2326
  #
2316
2327
  # @!attribute [rw] owner_id
@@ -2321,11 +2332,156 @@ module Aws::SecurityHub
2321
2332
  # The display name of the owner of the S3 bucket.
2322
2333
  # @return [String]
2323
2334
  #
2335
+ # @!attribute [rw] created_at
2336
+ # The date and time when the S3 bucket was created.
2337
+ # @return [String]
2338
+ #
2339
+ # @!attribute [rw] server_side_encryption_configuration
2340
+ # The encryption rules that are applied to the S3 bucket.
2341
+ # @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
2342
+ #
2324
2343
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
2325
2344
  #
2326
2345
  class AwsS3BucketDetails < Struct.new(
2327
2346
  :owner_id,
2328
- :owner_name)
2347
+ :owner_name,
2348
+ :created_at,
2349
+ :server_side_encryption_configuration)
2350
+ include Aws::Structure
2351
+ end
2352
+
2353
+ # Specifies the default server-side encryption to apply to new objects
2354
+ # in the bucket.
2355
+ #
2356
+ # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionByDefault
2357
+ # data as a hash:
2358
+ #
2359
+ # {
2360
+ # sse_algorithm: "NonEmptyString",
2361
+ # kms_master_key_id: "NonEmptyString",
2362
+ # }
2363
+ #
2364
+ # @!attribute [rw] sse_algorithm
2365
+ # Server-side encryption algorithm to use for the default encryption.
2366
+ # @return [String]
2367
+ #
2368
+ # @!attribute [rw] kms_master_key_id
2369
+ # AWS KMS customer master key (CMK) ID to use for the default
2370
+ # encryption.
2371
+ # @return [String]
2372
+ #
2373
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionByDefault AWS API Documentation
2374
+ #
2375
+ class AwsS3BucketServerSideEncryptionByDefault < Struct.new(
2376
+ :sse_algorithm,
2377
+ :kms_master_key_id)
2378
+ include Aws::Structure
2379
+ end
2380
+
2381
+ # The encryption configuration for the S3 bucket.
2382
+ #
2383
+ # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionConfiguration
2384
+ # data as a hash:
2385
+ #
2386
+ # {
2387
+ # rules: [
2388
+ # {
2389
+ # apply_server_side_encryption_by_default: {
2390
+ # sse_algorithm: "NonEmptyString",
2391
+ # kms_master_key_id: "NonEmptyString",
2392
+ # },
2393
+ # },
2394
+ # ],
2395
+ # }
2396
+ #
2397
+ # @!attribute [rw] rules
2398
+ # The encryption rules that are applied to the S3 bucket.
2399
+ # @return [Array<Types::AwsS3BucketServerSideEncryptionRule>]
2400
+ #
2401
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionConfiguration AWS API Documentation
2402
+ #
2403
+ class AwsS3BucketServerSideEncryptionConfiguration < Struct.new(
2404
+ :rules)
2405
+ include Aws::Structure
2406
+ end
2407
+
2408
+ # An encryption rule to apply to the S3 bucket.
2409
+ #
2410
+ # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionRule
2411
+ # data as a hash:
2412
+ #
2413
+ # {
2414
+ # apply_server_side_encryption_by_default: {
2415
+ # sse_algorithm: "NonEmptyString",
2416
+ # kms_master_key_id: "NonEmptyString",
2417
+ # },
2418
+ # }
2419
+ #
2420
+ # @!attribute [rw] apply_server_side_encryption_by_default
2421
+ # Specifies the default server-side encryption to apply to new objects
2422
+ # in the bucket. If a `PUT` Object request doesn't specify any
2423
+ # server-side encryption, this default encryption is applied.
2424
+ # @return [Types::AwsS3BucketServerSideEncryptionByDefault]
2425
+ #
2426
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionRule AWS API Documentation
2427
+ #
2428
+ class AwsS3BucketServerSideEncryptionRule < Struct.new(
2429
+ :apply_server_side_encryption_by_default)
2430
+ include Aws::Structure
2431
+ end
2432
+
2433
+ # Details about an AWS S3 object.
2434
+ #
2435
+ # @note When making an API call, you may pass AwsS3ObjectDetails
2436
+ # data as a hash:
2437
+ #
2438
+ # {
2439
+ # last_modified: "NonEmptyString",
2440
+ # etag: "NonEmptyString",
2441
+ # version_id: "NonEmptyString",
2442
+ # content_type: "NonEmptyString",
2443
+ # server_side_encryption: "NonEmptyString",
2444
+ # ssekms_key_id: "NonEmptyString",
2445
+ # }
2446
+ #
2447
+ # @!attribute [rw] last_modified
2448
+ # The date and time when the object was last modified.
2449
+ # @return [String]
2450
+ #
2451
+ # @!attribute [rw] etag
2452
+ # The opaque identifier assigned by a web server to a specific version
2453
+ # of a resource found at a URL.
2454
+ # @return [String]
2455
+ #
2456
+ # @!attribute [rw] version_id
2457
+ # The version of the object.
2458
+ # @return [String]
2459
+ #
2460
+ # @!attribute [rw] content_type
2461
+ # A standard MIME type describing the format of the object data.
2462
+ # @return [String]
2463
+ #
2464
+ # @!attribute [rw] server_side_encryption
2465
+ # If the object is stored using server-side encryption, the value of
2466
+ # the server-side encryption algorithm used when storing this object
2467
+ # in Amazon S3.
2468
+ # @return [String]
2469
+ #
2470
+ # @!attribute [rw] ssekms_key_id
2471
+ # The identifier of the AWS Key Management Service (AWS KMS) symmetric
2472
+ # customer managed customer master key (CMK) that was used for the
2473
+ # object.
2474
+ # @return [String]
2475
+ #
2476
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3ObjectDetails AWS API Documentation
2477
+ #
2478
+ class AwsS3ObjectDetails < Struct.new(
2479
+ :last_modified,
2480
+ :etag,
2481
+ :version_id,
2482
+ :content_type,
2483
+ :server_side_encryption,
2484
+ :ssekms_key_id)
2329
2485
  include Aws::Structure
2330
2486
  end
2331
2487
 
@@ -2356,7 +2512,8 @@ module Aws::SecurityHub
2356
2512
  # updated_at: "NonEmptyString", # required
2357
2513
  # severity: { # required
2358
2514
  # product: 1.0,
2359
- # normalized: 1, # required
2515
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
2516
+ # normalized: 1,
2360
2517
  # },
2361
2518
  # confidence: 1,
2362
2519
  # criticality: 1,
@@ -2621,6 +2778,25 @@ module Aws::SecurityHub
2621
2778
  # aws_s3_bucket: {
2622
2779
  # owner_id: "NonEmptyString",
2623
2780
  # owner_name: "NonEmptyString",
2781
+ # created_at: "NonEmptyString",
2782
+ # server_side_encryption_configuration: {
2783
+ # rules: [
2784
+ # {
2785
+ # apply_server_side_encryption_by_default: {
2786
+ # sse_algorithm: "NonEmptyString",
2787
+ # kms_master_key_id: "NonEmptyString",
2788
+ # },
2789
+ # },
2790
+ # ],
2791
+ # },
2792
+ # },
2793
+ # aws_s3_object: {
2794
+ # last_modified: "NonEmptyString",
2795
+ # etag: "NonEmptyString",
2796
+ # version_id: "NonEmptyString",
2797
+ # content_type: "NonEmptyString",
2798
+ # server_side_encryption: "NonEmptyString",
2799
+ # ssekms_key_id: "NonEmptyString",
2624
2800
  # },
2625
2801
  # aws_iam_access_key: {
2626
2802
  # user_name: "NonEmptyString",
@@ -2791,6 +2967,9 @@ module Aws::SecurityHub
2791
2967
  # },
2792
2968
  # verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
2793
2969
  # workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
2970
+ # workflow: {
2971
+ # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
2972
+ # },
2794
2973
  # record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
2795
2974
  # related_findings: [
2796
2975
  # {
@@ -2814,10 +2993,10 @@ module Aws::SecurityHub
2814
2993
  # @return [String]
2815
2994
  #
2816
2995
  # @!attribute [rw] product_arn
2817
- # The ARN generated by Security Hub that uniquely identifies a
2818
- # third-party company (security-findings provider) after this
2819
- # provider's product (solution that generates findings) is registered
2820
- # with Security Hub.
2996
+ # The ARN generated by Security Hub that uniquely identifies a product
2997
+ # that generates findings. This can be the ARN for a third-party
2998
+ # product that is integrated with Security Hub, or the ARN for a
2999
+ # custom integration.
2821
3000
  # @return [String]
2822
3001
  #
2823
3002
  # @!attribute [rw] generator_id
@@ -2957,6 +3136,11 @@ module Aws::SecurityHub
2957
3136
  # The workflow state of a finding.
2958
3137
  # @return [String]
2959
3138
  #
3139
+ # @!attribute [rw] workflow
3140
+ # Provides information about the status of the investigation into a
3141
+ # finding.
3142
+ # @return [Types::Workflow]
3143
+ #
2960
3144
  # @!attribute [rw] record_state
2961
3145
  # The record state of a finding.
2962
3146
  # @return [String]
@@ -2999,6 +3183,7 @@ module Aws::SecurityHub
2999
3183
  :compliance,
3000
3184
  :verification_state,
3001
3185
  :workflow_state,
3186
+ :workflow,
3002
3187
  :record_state,
3003
3188
  :related_findings,
3004
3189
  :note)
@@ -3515,6 +3700,12 @@ module Aws::SecurityHub
3515
3700
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
3516
3701
  # },
3517
3702
  # ],
3703
+ # workflow_status: [
3704
+ # {
3705
+ # value: "NonEmptyString",
3706
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
3707
+ # },
3708
+ # ],
3518
3709
  # record_state: [
3519
3710
  # {
3520
3711
  # value: "NonEmptyString",
@@ -3910,6 +4101,24 @@ module Aws::SecurityHub
3910
4101
  # The workflow state of a finding.
3911
4102
  # @return [Array<Types::StringFilter>]
3912
4103
  #
4104
+ # @!attribute [rw] workflow_status
4105
+ # The status of the investigation into a finding. Allowed values are
4106
+ # the following.
4107
+ #
4108
+ # * `NEW` - The initial state of a finding, before it is reviewed.
4109
+ #
4110
+ # * `NOTIFIED` - Indicates that the resource owner has been notified
4111
+ # about the security issue. Used when the initial reviewer is not
4112
+ # the resource owner, and needs intervention from the resource
4113
+ # owner.
4114
+ #
4115
+ # * `SUPPRESSED` - The finding will not be reviewed again and will not
4116
+ # be acted upon.
4117
+ #
4118
+ # * `RESOLVED` - The finding was reviewed and remediated and is now
4119
+ # considered resolved.
4120
+ # @return [Array<Types::StringFilter>]
4121
+ #
3913
4122
  # @!attribute [rw] record_state
3914
4123
  # The updated record state for the finding.
3915
4124
  # @return [Array<Types::StringFilter>]
@@ -4017,6 +4226,7 @@ module Aws::SecurityHub
4017
4226
  :compliance_status,
4018
4227
  :verification_state,
4019
4228
  :workflow_state,
4229
+ :workflow_status,
4020
4230
  :record_state,
4021
4231
  :related_findings_product_arn,
4022
4232
  :related_findings_id,
@@ -4365,7 +4575,8 @@ module Aws::SecurityHub
4365
4575
  # updated_at: "NonEmptyString", # required
4366
4576
  # severity: { # required
4367
4577
  # product: 1.0,
4368
- # normalized: 1, # required
4578
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
4579
+ # normalized: 1,
4369
4580
  # },
4370
4581
  # confidence: 1,
4371
4582
  # criticality: 1,
@@ -4630,6 +4841,25 @@ module Aws::SecurityHub
4630
4841
  # aws_s3_bucket: {
4631
4842
  # owner_id: "NonEmptyString",
4632
4843
  # owner_name: "NonEmptyString",
4844
+ # created_at: "NonEmptyString",
4845
+ # server_side_encryption_configuration: {
4846
+ # rules: [
4847
+ # {
4848
+ # apply_server_side_encryption_by_default: {
4849
+ # sse_algorithm: "NonEmptyString",
4850
+ # kms_master_key_id: "NonEmptyString",
4851
+ # },
4852
+ # },
4853
+ # ],
4854
+ # },
4855
+ # },
4856
+ # aws_s3_object: {
4857
+ # last_modified: "NonEmptyString",
4858
+ # etag: "NonEmptyString",
4859
+ # version_id: "NonEmptyString",
4860
+ # content_type: "NonEmptyString",
4861
+ # server_side_encryption: "NonEmptyString",
4862
+ # ssekms_key_id: "NonEmptyString",
4633
4863
  # },
4634
4864
  # aws_iam_access_key: {
4635
4865
  # user_name: "NonEmptyString",
@@ -4800,6 +5030,9 @@ module Aws::SecurityHub
4800
5030
  # },
4801
5031
  # verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
4802
5032
  # workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
5033
+ # workflow: {
5034
+ # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
5035
+ # },
4803
5036
  # record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
4804
5037
  # related_findings: [
4805
5038
  # {
@@ -5487,6 +5720,12 @@ module Aws::SecurityHub
5487
5720
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
5488
5721
  # },
5489
5722
  # ],
5723
+ # workflow_status: [
5724
+ # {
5725
+ # value: "NonEmptyString",
5726
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
5727
+ # },
5728
+ # ],
5490
5729
  # record_state: [
5491
5730
  # {
5492
5731
  # value: "NonEmptyString",
@@ -6733,6 +6972,12 @@ module Aws::SecurityHub
6733
6972
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
6734
6973
  # },
6735
6974
  # ],
6975
+ # workflow_status: [
6976
+ # {
6977
+ # value: "NonEmptyString",
6978
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
6979
+ # },
6980
+ # ],
6736
6981
  # record_state: [
6737
6982
  # {
6738
6983
  # value: "NonEmptyString",
@@ -6876,7 +7121,9 @@ module Aws::SecurityHub
6876
7121
  # }
6877
7122
  #
6878
7123
  # @!attribute [rw] insight_arns
6879
- # The ARNs of the insights to describe.
7124
+ # The ARNs of the insights to describe. If you do not provide any
7125
+ # insight ARNs, then `GetInsights` returns all of your custom
7126
+ # insights. It does not return any managed insights.
6880
7127
  # @return [Array<String>]
6881
7128
  #
6882
7129
  # @!attribute [rw] next_token
@@ -8170,6 +8417,25 @@ module Aws::SecurityHub
8170
8417
  # aws_s3_bucket: {
8171
8418
  # owner_id: "NonEmptyString",
8172
8419
  # owner_name: "NonEmptyString",
8420
+ # created_at: "NonEmptyString",
8421
+ # server_side_encryption_configuration: {
8422
+ # rules: [
8423
+ # {
8424
+ # apply_server_side_encryption_by_default: {
8425
+ # sse_algorithm: "NonEmptyString",
8426
+ # kms_master_key_id: "NonEmptyString",
8427
+ # },
8428
+ # },
8429
+ # ],
8430
+ # },
8431
+ # },
8432
+ # aws_s3_object: {
8433
+ # last_modified: "NonEmptyString",
8434
+ # etag: "NonEmptyString",
8435
+ # version_id: "NonEmptyString",
8436
+ # content_type: "NonEmptyString",
8437
+ # server_side_encryption: "NonEmptyString",
8438
+ # ssekms_key_id: "NonEmptyString",
8173
8439
  # },
8174
8440
  # aws_iam_access_key: {
8175
8441
  # user_name: "NonEmptyString",
@@ -8609,6 +8875,25 @@ module Aws::SecurityHub
8609
8875
  # aws_s3_bucket: {
8610
8876
  # owner_id: "NonEmptyString",
8611
8877
  # owner_name: "NonEmptyString",
8878
+ # created_at: "NonEmptyString",
8879
+ # server_side_encryption_configuration: {
8880
+ # rules: [
8881
+ # {
8882
+ # apply_server_side_encryption_by_default: {
8883
+ # sse_algorithm: "NonEmptyString",
8884
+ # kms_master_key_id: "NonEmptyString",
8885
+ # },
8886
+ # },
8887
+ # ],
8888
+ # },
8889
+ # },
8890
+ # aws_s3_object: {
8891
+ # last_modified: "NonEmptyString",
8892
+ # etag: "NonEmptyString",
8893
+ # version_id: "NonEmptyString",
8894
+ # content_type: "NonEmptyString",
8895
+ # server_side_encryption: "NonEmptyString",
8896
+ # ssekms_key_id: "NonEmptyString",
8612
8897
  # },
8613
8898
  # aws_iam_access_key: {
8614
8899
  # user_name: "NonEmptyString",
@@ -8804,6 +9089,10 @@ module Aws::SecurityHub
8804
9089
  # Details about an Amazon S3 Bucket related to a finding.
8805
9090
  # @return [Types::AwsS3BucketDetails]
8806
9091
  #
9092
+ # @!attribute [rw] aws_s3_object
9093
+ # Details about an Amazon S3 object related to a finding.
9094
+ # @return [Types::AwsS3ObjectDetails]
9095
+ #
8807
9096
  # @!attribute [rw] aws_iam_access_key
8808
9097
  # Details about an IAM access key related to a finding.
8809
9098
  # @return [Types::AwsIamAccessKeyDetails]
@@ -8869,6 +9158,7 @@ module Aws::SecurityHub
8869
9158
  :aws_elbv_2_load_balancer,
8870
9159
  :aws_elasticsearch_domain,
8871
9160
  :aws_s3_bucket,
9161
+ :aws_s3_object,
8872
9162
  :aws_iam_access_key,
8873
9163
  :aws_iam_role,
8874
9164
  :aws_kms_key,
@@ -8925,7 +9215,8 @@ module Aws::SecurityHub
8925
9215
  #
8926
9216
  # {
8927
9217
  # product: 1.0,
8928
- # normalized: 1, # required
9218
+ # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
9219
+ # normalized: 1,
8929
9220
  # }
8930
9221
  #
8931
9222
  # @!attribute [rw] product
@@ -8933,14 +9224,45 @@ module Aws::SecurityHub
8933
9224
  # partner product that generated the finding.
8934
9225
  # @return [Float]
8935
9226
  #
9227
+ # @!attribute [rw] label
9228
+ # The severity value of the finding. The allowed values are the
9229
+ # following.
9230
+ #
9231
+ # * `INFORMATIONAL` - No issue was found.
9232
+ #
9233
+ # * `LOW` - The issue does not require action on its own.
9234
+ #
9235
+ # * `MEDIUM` - The issue must be addressed but not urgently.
9236
+ #
9237
+ # * `HIGH` - The issue must be addressed as a priority.
9238
+ #
9239
+ # * `CRITICAL` - The issue must be remediated immediately to avoid it
9240
+ # escalating.
9241
+ # @return [String]
9242
+ #
8936
9243
  # @!attribute [rw] normalized
8937
- # The normalized severity of a finding.
9244
+ # Deprecated. This attribute is being deprecated. Instead of providing
9245
+ # `Normalized`, provide `Label`.
9246
+ #
9247
+ # If you provide `Normalized` and do not provide `Label`, `Label` is
9248
+ # set automatically as follows.
9249
+ #
9250
+ # * 0 - `INFORMATIONAL`
9251
+ #
9252
+ # * 1–39 - `LOW`
9253
+ #
9254
+ # * 40–69 - `MEDIUM`
9255
+ #
9256
+ # * 70–89 - `HIGH`
9257
+ #
9258
+ # * 90–100 - `CRITICAL`
8938
9259
  # @return [Integer]
8939
9260
  #
8940
9261
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
8941
9262
  #
8942
9263
  class Severity < Struct.new(
8943
9264
  :product,
9265
+ :label,
8944
9266
  :normalized)
8945
9267
  include Aws::Structure
8946
9268
  end
@@ -9799,6 +10121,12 @@ module Aws::SecurityHub
9799
10121
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
9800
10122
  # },
9801
10123
  # ],
10124
+ # workflow_status: [
10125
+ # {
10126
+ # value: "NonEmptyString",
10127
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
10128
+ # },
10129
+ # ],
9802
10130
  # record_state: [
9803
10131
  # {
9804
10132
  # value: "NonEmptyString",
@@ -10387,6 +10715,12 @@ module Aws::SecurityHub
10387
10715
  # comparison: "EQUALS", # accepts EQUALS, PREFIX
10388
10716
  # },
10389
10717
  # ],
10718
+ # workflow_status: [
10719
+ # {
10720
+ # value: "NonEmptyString",
10721
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX
10722
+ # },
10723
+ # ],
10390
10724
  # record_state: [
10391
10725
  # {
10392
10726
  # value: "NonEmptyString",
@@ -10578,5 +10912,39 @@ module Aws::SecurityHub
10578
10912
  include Aws::Structure
10579
10913
  end
10580
10914
 
10915
+ # Provides information about the status of the investigation into a
10916
+ # finding.
10917
+ #
10918
+ # @note When making an API call, you may pass Workflow
10919
+ # data as a hash:
10920
+ #
10921
+ # {
10922
+ # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
10923
+ # }
10924
+ #
10925
+ # @!attribute [rw] status
10926
+ # The status of the investigation into the finding. The allowed values
10927
+ # are the following.
10928
+ #
10929
+ # * `NEW` - The initial state of a finding, before it is reviewed.
10930
+ #
10931
+ # * `NOTIFIED` - Indicates that you notified the resource owner about
10932
+ # the security issue. Used when the initial reviewer is not the
10933
+ # resource owner, and needs intervention from the resource owner.
10934
+ #
10935
+ # * `SUPPRESSED` - The finding will not be reviewed again and will not
10936
+ # be acted upon.
10937
+ #
10938
+ # * `RESOLVED` - The finding was reviewed and remediated and is now
10939
+ # considered resolved.
10940
+ # @return [String]
10941
+ #
10942
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Workflow AWS API Documentation
10943
+ #
10944
+ class Workflow < Struct.new(
10945
+ :status)
10946
+ include Aws::Structure
10947
+ end
10948
+
10581
10949
  end
10582
10950
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-securityhub
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.19.0
4
+ version: 1.21.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-26 00:00:00.000000000 Z
11
+ date: 2020-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -80,8 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
80
80
  - !ruby/object:Gem::Version
81
81
  version: '0'
82
82
  requirements: []
83
- rubyforge_project:
84
- rubygems_version: 2.5.2.3
83
+ rubygems_version: 3.0.3
85
84
  signing_key:
86
85
  specification_version: 4
87
86
  summary: AWS SDK for Ruby - AWS SecurityHub