aws-sdk-securityhub 1.19.0 → 1.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/aws-sdk-securityhub.rb +7 -4
- data/lib/aws-sdk-securityhub/client.rb +131 -12
- data/lib/aws-sdk-securityhub/client_api.rb +39 -2
- data/lib/aws-sdk-securityhub/errors.rb +29 -7
- data/lib/aws-sdk-securityhub/resource.rb +7 -0
- data/lib/aws-sdk-securityhub/types.rb +378 -10
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 98d21ee5c0112ce618c87220b808944527e13cc4bc6d624d930c98cb104ed50a
|
4
|
+
data.tar.gz: 4bafb1029f1146dd3253fb81f5ddf2b49943696b7757fde1819dad80efab9edd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3f391b929675091bda7240694cc33404f1f318234822307a1f88b6415f5bcc684d6a98e8a38f9917b85c9c644d2486e8417681b65b0e286254994b4e7a356f29
|
7
|
+
data.tar.gz: 734d17159522d2bbffd21fe9e2b5a4f391af6f493ac86af225da9e2bb65b69563b5ad2a5e19171fb3cb5bfe14afc73db9ea88dc87609161b9aef8884715ad208
|
data/lib/aws-sdk-securityhub.rb
CHANGED
@@ -24,17 +24,20 @@ require_relative 'aws-sdk-securityhub/customizations'
|
|
24
24
|
# methods each accept a hash of request parameters and return a response
|
25
25
|
# structure.
|
26
26
|
#
|
27
|
+
# security_hub = Aws::SecurityHub::Client.new
|
28
|
+
# resp = security_hub.accept_invitation(params)
|
29
|
+
#
|
27
30
|
# See {Client} for more information.
|
28
31
|
#
|
29
32
|
# # Errors
|
30
33
|
#
|
31
|
-
# Errors returned from AWS SecurityHub
|
32
|
-
# extend {Errors::ServiceError}.
|
34
|
+
# Errors returned from AWS SecurityHub are defined in the
|
35
|
+
# {Errors} module and all extend {Errors::ServiceError}.
|
33
36
|
#
|
34
37
|
# begin
|
35
38
|
# # do stuff
|
36
39
|
# rescue Aws::SecurityHub::Errors::ServiceError
|
37
|
-
# # rescues all
|
40
|
+
# # rescues all AWS SecurityHub API errors
|
38
41
|
# end
|
39
42
|
#
|
40
43
|
# See {Errors} for more information.
|
@@ -42,6 +45,6 @@ require_relative 'aws-sdk-securityhub/customizations'
|
|
42
45
|
# @service
|
43
46
|
module Aws::SecurityHub
|
44
47
|
|
45
|
-
GEM_VERSION = '1.
|
48
|
+
GEM_VERSION = '1.21.0'
|
46
49
|
|
47
50
|
end
|
@@ -30,6 +30,18 @@ require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
|
30
30
|
Aws::Plugins::GlobalConfiguration.add_identifier(:securityhub)
|
31
31
|
|
32
32
|
module Aws::SecurityHub
|
33
|
+
# An API client for SecurityHub. To construct a client, you need to configure a `:region` and `:credentials`.
|
34
|
+
#
|
35
|
+
# client = Aws::SecurityHub::Client.new(
|
36
|
+
# region: region_name,
|
37
|
+
# credentials: credentials,
|
38
|
+
# # ...
|
39
|
+
# )
|
40
|
+
#
|
41
|
+
# For details on configuring region and credentials see
|
42
|
+
# the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
|
43
|
+
#
|
44
|
+
# See {#initialize} for a full list of supported configuration options.
|
33
45
|
class Client < Seahorse::Client::Base
|
34
46
|
|
35
47
|
include Aws::ClientStubs
|
@@ -108,6 +120,12 @@ module Aws::SecurityHub
|
|
108
120
|
# When set to `true`, a thread polling for endpoints will be running in
|
109
121
|
# the background every 60 secs (default). Defaults to `false`.
|
110
122
|
#
|
123
|
+
# @option options [Boolean] :adaptive_retry_wait_to_fill (true)
|
124
|
+
# Used only in `adaptive` retry mode. When true, the request will sleep
|
125
|
+
# until there is sufficent client side capacity to retry the request.
|
126
|
+
# When false, the request will raise a `RetryCapacityNotAvailableError` and will
|
127
|
+
# not retry instead of sleeping.
|
128
|
+
#
|
111
129
|
# @option options [Boolean] :client_side_monitoring (false)
|
112
130
|
# When `true`, client-side metrics will be collected for all API requests from
|
113
131
|
# this client.
|
@@ -132,6 +150,10 @@ module Aws::SecurityHub
|
|
132
150
|
# When `true`, an attempt is made to coerce request parameters into
|
133
151
|
# the required types.
|
134
152
|
#
|
153
|
+
# @option options [Boolean] :correct_clock_skew (true)
|
154
|
+
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
155
|
+
# a clock skew correction and retry requests with skewed client clocks.
|
156
|
+
#
|
135
157
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
136
158
|
# Set to true to disable SDK automatically adding host prefix
|
137
159
|
# to default service endpoint when available.
|
@@ -166,15 +188,29 @@ module Aws::SecurityHub
|
|
166
188
|
# The Logger instance to send log messages to. If this option
|
167
189
|
# is not set, logging will be disabled.
|
168
190
|
#
|
191
|
+
# @option options [Integer] :max_attempts (3)
|
192
|
+
# An integer representing the maximum number attempts that will be made for
|
193
|
+
# a single request, including the initial attempt. For example,
|
194
|
+
# setting this value to 5 will result in a request being retried up to
|
195
|
+
# 4 times. Used in `standard` and `adaptive` retry modes.
|
196
|
+
#
|
169
197
|
# @option options [String] :profile ("default")
|
170
198
|
# Used when loading credentials from the shared credentials file
|
171
199
|
# at HOME/.aws/credentials. When not specified, 'default' is used.
|
172
200
|
#
|
201
|
+
# @option options [Proc] :retry_backoff
|
202
|
+
# A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
|
203
|
+
# This option is only used in the `legacy` retry mode.
|
204
|
+
#
|
173
205
|
# @option options [Float] :retry_base_delay (0.3)
|
174
|
-
# The base delay in seconds used by the default backoff function.
|
206
|
+
# The base delay in seconds used by the default backoff function. This option
|
207
|
+
# is only used in the `legacy` retry mode.
|
175
208
|
#
|
176
209
|
# @option options [Symbol] :retry_jitter (:none)
|
177
|
-
# A delay randomiser function used by the default backoff function.
|
210
|
+
# A delay randomiser function used by the default backoff function.
|
211
|
+
# Some predefined functions can be referenced by name - :none, :equal, :full,
|
212
|
+
# otherwise a Proc that takes and returns a number. This option is only used
|
213
|
+
# in the `legacy` retry mode.
|
178
214
|
#
|
179
215
|
# @see https://www.awsarchitectureblog.com/2015/03/backoff.html
|
180
216
|
#
|
@@ -182,11 +218,30 @@ module Aws::SecurityHub
|
|
182
218
|
# The maximum number of times to retry failed requests. Only
|
183
219
|
# ~ 500 level server errors and certain ~ 400 level client errors
|
184
220
|
# are retried. Generally, these are throttling errors, data
|
185
|
-
# checksum errors, networking errors, timeout errors
|
186
|
-
# errors from expired credentials.
|
221
|
+
# checksum errors, networking errors, timeout errors, auth errors,
|
222
|
+
# endpoint discovery, and errors from expired credentials.
|
223
|
+
# This option is only used in the `legacy` retry mode.
|
187
224
|
#
|
188
225
|
# @option options [Integer] :retry_max_delay (0)
|
189
|
-
# The maximum number of seconds to delay between retries (0 for no limit)
|
226
|
+
# The maximum number of seconds to delay between retries (0 for no limit)
|
227
|
+
# used by the default backoff function. This option is only used in the
|
228
|
+
# `legacy` retry mode.
|
229
|
+
#
|
230
|
+
# @option options [String] :retry_mode ("legacy")
|
231
|
+
# Specifies which retry algorithm to use. Values are:
|
232
|
+
#
|
233
|
+
# * `legacy` - The pre-existing retry behavior. This is default value if
|
234
|
+
# no retry mode is provided.
|
235
|
+
#
|
236
|
+
# * `standard` - A standardized set of retry rules across the AWS SDKs.
|
237
|
+
# This includes support for retry quotas, which limit the number of
|
238
|
+
# unsuccessful retries a client can make.
|
239
|
+
#
|
240
|
+
# * `adaptive` - An experimental retry mode that includes all the
|
241
|
+
# functionality of `standard` mode along with automatic client side
|
242
|
+
# throttling. This is a provisional mode that may change behavior
|
243
|
+
# in the future.
|
244
|
+
#
|
190
245
|
#
|
191
246
|
# @option options [String] :secret_access_key
|
192
247
|
#
|
@@ -209,16 +264,16 @@ module Aws::SecurityHub
|
|
209
264
|
# requests through. Formatted like 'http://proxy.com:123'.
|
210
265
|
#
|
211
266
|
# @option options [Float] :http_open_timeout (15) The number of
|
212
|
-
# seconds to wait when opening a HTTP session before
|
267
|
+
# seconds to wait when opening a HTTP session before raising a
|
213
268
|
# `Timeout::Error`.
|
214
269
|
#
|
215
270
|
# @option options [Integer] :http_read_timeout (60) The default
|
216
271
|
# number of seconds to wait for response data. This value can
|
217
272
|
# safely be set
|
218
|
-
# per-request on the session
|
273
|
+
# per-request on the session yielded by {#session_for}.
|
219
274
|
#
|
220
275
|
# @option options [Float] :http_idle_timeout (5) The number of
|
221
|
-
# seconds a connection is allowed to sit
|
276
|
+
# seconds a connection is allowed to sit idle before it is
|
222
277
|
# considered stale. Stale connections are closed and removed
|
223
278
|
# from the pool before making a request.
|
224
279
|
#
|
@@ -227,7 +282,7 @@ module Aws::SecurityHub
|
|
227
282
|
# request body. This option has no effect unless the request has
|
228
283
|
# "Expect" header set to "100-continue". Defaults to `nil` which
|
229
284
|
# disables this behaviour. This value can safely be set per
|
230
|
-
# request on the session
|
285
|
+
# request on the session yielded by {#session_for}.
|
231
286
|
#
|
232
287
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
233
288
|
# HTTP debug output will be sent to the `:logger`.
|
@@ -415,7 +470,8 @@ module Aws::SecurityHub
|
|
415
470
|
# updated_at: "NonEmptyString", # required
|
416
471
|
# severity: { # required
|
417
472
|
# product: 1.0,
|
418
|
-
#
|
473
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
474
|
+
# normalized: 1,
|
419
475
|
# },
|
420
476
|
# confidence: 1,
|
421
477
|
# criticality: 1,
|
@@ -680,6 +736,25 @@ module Aws::SecurityHub
|
|
680
736
|
# aws_s3_bucket: {
|
681
737
|
# owner_id: "NonEmptyString",
|
682
738
|
# owner_name: "NonEmptyString",
|
739
|
+
# created_at: "NonEmptyString",
|
740
|
+
# server_side_encryption_configuration: {
|
741
|
+
# rules: [
|
742
|
+
# {
|
743
|
+
# apply_server_side_encryption_by_default: {
|
744
|
+
# sse_algorithm: "NonEmptyString",
|
745
|
+
# kms_master_key_id: "NonEmptyString",
|
746
|
+
# },
|
747
|
+
# },
|
748
|
+
# ],
|
749
|
+
# },
|
750
|
+
# },
|
751
|
+
# aws_s3_object: {
|
752
|
+
# last_modified: "NonEmptyString",
|
753
|
+
# etag: "NonEmptyString",
|
754
|
+
# version_id: "NonEmptyString",
|
755
|
+
# content_type: "NonEmptyString",
|
756
|
+
# server_side_encryption: "NonEmptyString",
|
757
|
+
# ssekms_key_id: "NonEmptyString",
|
683
758
|
# },
|
684
759
|
# aws_iam_access_key: {
|
685
760
|
# user_name: "NonEmptyString",
|
@@ -850,6 +925,9 @@ module Aws::SecurityHub
|
|
850
925
|
# },
|
851
926
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
852
927
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
928
|
+
# workflow: {
|
929
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
930
|
+
# },
|
853
931
|
# record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
|
854
932
|
# related_findings: [
|
855
933
|
# {
|
@@ -1453,6 +1531,12 @@ module Aws::SecurityHub
|
|
1453
1531
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
1454
1532
|
# },
|
1455
1533
|
# ],
|
1534
|
+
# workflow_status: [
|
1535
|
+
# {
|
1536
|
+
# value: "NonEmptyString",
|
1537
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
1538
|
+
# },
|
1539
|
+
# ],
|
1456
1540
|
# record_state: [
|
1457
1541
|
# {
|
1458
1542
|
# value: "NonEmptyString",
|
@@ -2707,6 +2791,12 @@ module Aws::SecurityHub
|
|
2707
2791
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
2708
2792
|
# },
|
2709
2793
|
# ],
|
2794
|
+
# workflow_status: [
|
2795
|
+
# {
|
2796
|
+
# value: "NonEmptyString",
|
2797
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
2798
|
+
# },
|
2799
|
+
# ],
|
2710
2800
|
# record_state: [
|
2711
2801
|
# {
|
2712
2802
|
# value: "NonEmptyString",
|
@@ -2778,6 +2868,7 @@ module Aws::SecurityHub
|
|
2778
2868
|
# resp.findings[0].created_at #=> String
|
2779
2869
|
# resp.findings[0].updated_at #=> String
|
2780
2870
|
# resp.findings[0].severity.product #=> Float
|
2871
|
+
# resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
2781
2872
|
# resp.findings[0].severity.normalized #=> Integer
|
2782
2873
|
# resp.findings[0].confidence #=> Integer
|
2783
2874
|
# resp.findings[0].criticality #=> Integer
|
@@ -2952,6 +3043,16 @@ module Aws::SecurityHub
|
|
2952
3043
|
# resp.findings[0].resources[0].details.aws_elasticsearch_domain.vpc_options.vpc_id #=> String
|
2953
3044
|
# resp.findings[0].resources[0].details.aws_s3_bucket.owner_id #=> String
|
2954
3045
|
# resp.findings[0].resources[0].details.aws_s3_bucket.owner_name #=> String
|
3046
|
+
# resp.findings[0].resources[0].details.aws_s3_bucket.created_at #=> String
|
3047
|
+
# resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules #=> Array
|
3048
|
+
# resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.sse_algorithm #=> String
|
3049
|
+
# resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.kms_master_key_id #=> String
|
3050
|
+
# resp.findings[0].resources[0].details.aws_s3_object.last_modified #=> String
|
3051
|
+
# resp.findings[0].resources[0].details.aws_s3_object.etag #=> String
|
3052
|
+
# resp.findings[0].resources[0].details.aws_s3_object.version_id #=> String
|
3053
|
+
# resp.findings[0].resources[0].details.aws_s3_object.content_type #=> String
|
3054
|
+
# resp.findings[0].resources[0].details.aws_s3_object.server_side_encryption #=> String
|
3055
|
+
# resp.findings[0].resources[0].details.aws_s3_object.ssekms_key_id #=> String
|
2955
3056
|
# resp.findings[0].resources[0].details.aws_iam_access_key.user_name #=> String
|
2956
3057
|
# resp.findings[0].resources[0].details.aws_iam_access_key.status #=> String, one of "Active", "Inactive"
|
2957
3058
|
# resp.findings[0].resources[0].details.aws_iam_access_key.created_at #=> String
|
@@ -3062,6 +3163,7 @@ module Aws::SecurityHub
|
|
3062
3163
|
# resp.findings[0].compliance.related_requirements[0] #=> String
|
3063
3164
|
# resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
|
3064
3165
|
# resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
|
3166
|
+
# resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
|
3065
3167
|
# resp.findings[0].record_state #=> String, one of "ACTIVE", "ARCHIVED"
|
3066
3168
|
# resp.findings[0].related_findings #=> Array
|
3067
3169
|
# resp.findings[0].related_findings[0].product_arn #=> String
|
@@ -3116,7 +3218,9 @@ module Aws::SecurityHub
|
|
3116
3218
|
# Lists and describes insights for the specified insight ARNs.
|
3117
3219
|
#
|
3118
3220
|
# @option params [Array<String>] :insight_arns
|
3119
|
-
# The ARNs of the insights to describe.
|
3221
|
+
# The ARNs of the insights to describe. If you do not provide any
|
3222
|
+
# insight ARNs, then `GetInsights` returns all of your custom insights.
|
3223
|
+
# It does not return any managed insights.
|
3120
3224
|
#
|
3121
3225
|
# @option params [String] :next_token
|
3122
3226
|
# The token that is required for pagination. On your first call to the
|
@@ -3401,6 +3505,9 @@ module Aws::SecurityHub
|
|
3401
3505
|
# resp.insights[0].filters.workflow_state #=> Array
|
3402
3506
|
# resp.insights[0].filters.workflow_state[0].value #=> String
|
3403
3507
|
# resp.insights[0].filters.workflow_state[0].comparison #=> String, one of "EQUALS", "PREFIX"
|
3508
|
+
# resp.insights[0].filters.workflow_status #=> Array
|
3509
|
+
# resp.insights[0].filters.workflow_status[0].value #=> String
|
3510
|
+
# resp.insights[0].filters.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX"
|
3404
3511
|
# resp.insights[0].filters.record_state #=> Array
|
3405
3512
|
# resp.insights[0].filters.record_state[0].value #=> String
|
3406
3513
|
# resp.insights[0].filters.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX"
|
@@ -4341,6 +4448,12 @@ module Aws::SecurityHub
|
|
4341
4448
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
4342
4449
|
# },
|
4343
4450
|
# ],
|
4451
|
+
# workflow_status: [
|
4452
|
+
# {
|
4453
|
+
# value: "NonEmptyString",
|
4454
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
4455
|
+
# },
|
4456
|
+
# ],
|
4344
4457
|
# record_state: [
|
4345
4458
|
# {
|
4346
4459
|
# value: "NonEmptyString",
|
@@ -4928,6 +5041,12 @@ module Aws::SecurityHub
|
|
4928
5041
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
4929
5042
|
# },
|
4930
5043
|
# ],
|
5044
|
+
# workflow_status: [
|
5045
|
+
# {
|
5046
|
+
# value: "NonEmptyString",
|
5047
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
5048
|
+
# },
|
5049
|
+
# ],
|
4931
5050
|
# record_state: [
|
4932
5051
|
# {
|
4933
5052
|
# value: "NonEmptyString",
|
@@ -5031,7 +5150,7 @@ module Aws::SecurityHub
|
|
5031
5150
|
params: params,
|
5032
5151
|
config: config)
|
5033
5152
|
context[:gem_name] = 'aws-sdk-securityhub'
|
5034
|
-
context[:gem_version] = '1.
|
5153
|
+
context[:gem_version] = '1.21.0'
|
5035
5154
|
Seahorse::Client::Request.new(handlers, context)
|
5036
5155
|
end
|
5037
5156
|
|
@@ -78,6 +78,11 @@ module Aws::SecurityHub
|
|
78
78
|
AwsRdsDbInstanceVpcSecurityGroup = Shapes::StructureShape.new(name: 'AwsRdsDbInstanceVpcSecurityGroup')
|
79
79
|
AwsRdsDbInstanceVpcSecurityGroups = Shapes::ListShape.new(name: 'AwsRdsDbInstanceVpcSecurityGroups')
|
80
80
|
AwsS3BucketDetails = Shapes::StructureShape.new(name: 'AwsS3BucketDetails')
|
81
|
+
AwsS3BucketServerSideEncryptionByDefault = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionByDefault')
|
82
|
+
AwsS3BucketServerSideEncryptionConfiguration = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionConfiguration')
|
83
|
+
AwsS3BucketServerSideEncryptionRule = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionRule')
|
84
|
+
AwsS3BucketServerSideEncryptionRules = Shapes::ListShape.new(name: 'AwsS3BucketServerSideEncryptionRules')
|
85
|
+
AwsS3ObjectDetails = Shapes::StructureShape.new(name: 'AwsS3ObjectDetails')
|
81
86
|
AwsSecurityFinding = Shapes::StructureShape.new(name: 'AwsSecurityFinding')
|
82
87
|
AwsSecurityFindingFilters = Shapes::StructureShape.new(name: 'AwsSecurityFindingFilters')
|
83
88
|
AwsSecurityFindingList = Shapes::ListShape.new(name: 'AwsSecurityFindingList')
|
@@ -229,6 +234,7 @@ module Aws::SecurityHub
|
|
229
234
|
ResultList = Shapes::ListShape.new(name: 'ResultList')
|
230
235
|
SecurityGroups = Shapes::ListShape.new(name: 'SecurityGroups')
|
231
236
|
Severity = Shapes::StructureShape.new(name: 'Severity')
|
237
|
+
SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
|
232
238
|
SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
|
233
239
|
SortCriteria = Shapes::ListShape.new(name: 'SortCriteria')
|
234
240
|
SortCriterion = Shapes::StructureShape.new(name: 'SortCriterion')
|
@@ -275,7 +281,9 @@ module Aws::SecurityHub
|
|
275
281
|
WafExcludedRule = Shapes::StructureShape.new(name: 'WafExcludedRule')
|
276
282
|
WafExcludedRuleList = Shapes::ListShape.new(name: 'WafExcludedRuleList')
|
277
283
|
WafOverrideAction = Shapes::StructureShape.new(name: 'WafOverrideAction')
|
284
|
+
Workflow = Shapes::StructureShape.new(name: 'Workflow')
|
278
285
|
WorkflowState = Shapes::StringShape.new(name: 'WorkflowState')
|
286
|
+
WorkflowStatus = Shapes::StringShape.new(name: 'WorkflowStatus')
|
279
287
|
|
280
288
|
AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "MasterId"))
|
281
289
|
AcceptInvitationRequest.add_member(:invitation_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InvitationId"))
|
@@ -602,8 +610,30 @@ module Aws::SecurityHub
|
|
602
610
|
|
603
611
|
AwsS3BucketDetails.add_member(:owner_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "OwnerId"))
|
604
612
|
AwsS3BucketDetails.add_member(:owner_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "OwnerName"))
|
613
|
+
AwsS3BucketDetails.add_member(:created_at, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "CreatedAt"))
|
614
|
+
AwsS3BucketDetails.add_member(:server_side_encryption_configuration, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionConfiguration, location_name: "ServerSideEncryptionConfiguration"))
|
605
615
|
AwsS3BucketDetails.struct_class = Types::AwsS3BucketDetails
|
606
616
|
|
617
|
+
AwsS3BucketServerSideEncryptionByDefault.add_member(:sse_algorithm, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SSEAlgorithm"))
|
618
|
+
AwsS3BucketServerSideEncryptionByDefault.add_member(:kms_master_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KMSMasterKeyID"))
|
619
|
+
AwsS3BucketServerSideEncryptionByDefault.struct_class = Types::AwsS3BucketServerSideEncryptionByDefault
|
620
|
+
|
621
|
+
AwsS3BucketServerSideEncryptionConfiguration.add_member(:rules, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionRules, location_name: "Rules"))
|
622
|
+
AwsS3BucketServerSideEncryptionConfiguration.struct_class = Types::AwsS3BucketServerSideEncryptionConfiguration
|
623
|
+
|
624
|
+
AwsS3BucketServerSideEncryptionRule.add_member(:apply_server_side_encryption_by_default, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionByDefault, location_name: "ApplyServerSideEncryptionByDefault"))
|
625
|
+
AwsS3BucketServerSideEncryptionRule.struct_class = Types::AwsS3BucketServerSideEncryptionRule
|
626
|
+
|
627
|
+
AwsS3BucketServerSideEncryptionRules.member = Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionRule)
|
628
|
+
|
629
|
+
AwsS3ObjectDetails.add_member(:last_modified, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "LastModified"))
|
630
|
+
AwsS3ObjectDetails.add_member(:etag, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ETag"))
|
631
|
+
AwsS3ObjectDetails.add_member(:version_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "VersionId"))
|
632
|
+
AwsS3ObjectDetails.add_member(:content_type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ContentType"))
|
633
|
+
AwsS3ObjectDetails.add_member(:server_side_encryption, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ServerSideEncryption"))
|
634
|
+
AwsS3ObjectDetails.add_member(:ssekms_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SSEKMSKeyId"))
|
635
|
+
AwsS3ObjectDetails.struct_class = Types::AwsS3ObjectDetails
|
636
|
+
|
607
637
|
AwsSecurityFinding.add_member(:schema_version, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "SchemaVersion"))
|
608
638
|
AwsSecurityFinding.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
|
609
639
|
AwsSecurityFinding.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ProductArn"))
|
@@ -630,7 +660,8 @@ module Aws::SecurityHub
|
|
630
660
|
AwsSecurityFinding.add_member(:resources, Shapes::ShapeRef.new(shape: ResourceList, required: true, location_name: "Resources"))
|
631
661
|
AwsSecurityFinding.add_member(:compliance, Shapes::ShapeRef.new(shape: Compliance, location_name: "Compliance"))
|
632
662
|
AwsSecurityFinding.add_member(:verification_state, Shapes::ShapeRef.new(shape: VerificationState, location_name: "VerificationState"))
|
633
|
-
AwsSecurityFinding.add_member(:workflow_state, Shapes::ShapeRef.new(shape: WorkflowState, location_name: "WorkflowState"))
|
663
|
+
AwsSecurityFinding.add_member(:workflow_state, Shapes::ShapeRef.new(shape: WorkflowState, deprecated: true, location_name: "WorkflowState"))
|
664
|
+
AwsSecurityFinding.add_member(:workflow, Shapes::ShapeRef.new(shape: Workflow, location_name: "Workflow"))
|
634
665
|
AwsSecurityFinding.add_member(:record_state, Shapes::ShapeRef.new(shape: RecordState, location_name: "RecordState"))
|
635
666
|
AwsSecurityFinding.add_member(:related_findings, Shapes::ShapeRef.new(shape: RelatedFindingList, location_name: "RelatedFindings"))
|
636
667
|
AwsSecurityFinding.add_member(:note, Shapes::ShapeRef.new(shape: Note, location_name: "Note"))
|
@@ -712,6 +743,7 @@ module Aws::SecurityHub
|
|
712
743
|
AwsSecurityFindingFilters.add_member(:compliance_status, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ComplianceStatus"))
|
713
744
|
AwsSecurityFindingFilters.add_member(:verification_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "VerificationState"))
|
714
745
|
AwsSecurityFindingFilters.add_member(:workflow_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "WorkflowState"))
|
746
|
+
AwsSecurityFindingFilters.add_member(:workflow_status, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "WorkflowStatus"))
|
715
747
|
AwsSecurityFindingFilters.add_member(:record_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RecordState"))
|
716
748
|
AwsSecurityFindingFilters.add_member(:related_findings_product_arn, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RelatedFindingsProductArn"))
|
717
749
|
AwsSecurityFindingFilters.add_member(:related_findings_id, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RelatedFindingsId"))
|
@@ -1193,6 +1225,7 @@ module Aws::SecurityHub
|
|
1193
1225
|
ResourceDetails.add_member(:aws_elbv_2_load_balancer, Shapes::ShapeRef.new(shape: AwsElbv2LoadBalancerDetails, location_name: "AwsElbv2LoadBalancer"))
|
1194
1226
|
ResourceDetails.add_member(:aws_elasticsearch_domain, Shapes::ShapeRef.new(shape: AwsElasticsearchDomainDetails, location_name: "AwsElasticsearchDomain"))
|
1195
1227
|
ResourceDetails.add_member(:aws_s3_bucket, Shapes::ShapeRef.new(shape: AwsS3BucketDetails, location_name: "AwsS3Bucket"))
|
1228
|
+
ResourceDetails.add_member(:aws_s3_object, Shapes::ShapeRef.new(shape: AwsS3ObjectDetails, location_name: "AwsS3Object"))
|
1196
1229
|
ResourceDetails.add_member(:aws_iam_access_key, Shapes::ShapeRef.new(shape: AwsIamAccessKeyDetails, location_name: "AwsIamAccessKey"))
|
1197
1230
|
ResourceDetails.add_member(:aws_iam_role, Shapes::ShapeRef.new(shape: AwsIamRoleDetails, location_name: "AwsIamRole"))
|
1198
1231
|
ResourceDetails.add_member(:aws_kms_key, Shapes::ShapeRef.new(shape: AwsKmsKeyDetails, location_name: "AwsKmsKey"))
|
@@ -1221,7 +1254,8 @@ module Aws::SecurityHub
|
|
1221
1254
|
SecurityGroups.member = Shapes::ShapeRef.new(shape: NonEmptyString)
|
1222
1255
|
|
1223
1256
|
Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
|
1224
|
-
Severity.add_member(:
|
1257
|
+
Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
|
1258
|
+
Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
|
1225
1259
|
Severity.struct_class = Types::Severity
|
1226
1260
|
|
1227
1261
|
SortCriteria.member = Shapes::ShapeRef.new(shape: SortCriterion)
|
@@ -1347,6 +1381,9 @@ module Aws::SecurityHub
|
|
1347
1381
|
WafOverrideAction.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
|
1348
1382
|
WafOverrideAction.struct_class = Types::WafOverrideAction
|
1349
1383
|
|
1384
|
+
Workflow.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
|
1385
|
+
Workflow.struct_class = Types::Workflow
|
1386
|
+
|
1350
1387
|
|
1351
1388
|
# @api private
|
1352
1389
|
API = Seahorse::Model::Api.new.tap do |api|
|
@@ -6,6 +6,35 @@
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
7
7
|
|
8
8
|
module Aws::SecurityHub
|
9
|
+
|
10
|
+
# When SecurityHub returns an error response, the Ruby SDK constructs and raises an error.
|
11
|
+
# These errors all extend Aws::SecurityHub::Errors::ServiceError < {Aws::Errors::ServiceError}
|
12
|
+
#
|
13
|
+
# You can rescue all SecurityHub errors using ServiceError:
|
14
|
+
#
|
15
|
+
# begin
|
16
|
+
# # do stuff
|
17
|
+
# rescue Aws::SecurityHub::Errors::ServiceError
|
18
|
+
# # rescues all SecurityHub API errors
|
19
|
+
# end
|
20
|
+
#
|
21
|
+
#
|
22
|
+
# ## Request Context
|
23
|
+
# ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
|
24
|
+
# information about the request that generated the error.
|
25
|
+
# See {Seahorse::Client::RequestContext} for more information.
|
26
|
+
#
|
27
|
+
# ## Error Classes
|
28
|
+
# * {AccessDeniedException}
|
29
|
+
# * {InternalException}
|
30
|
+
# * {InvalidAccessException}
|
31
|
+
# * {InvalidInputException}
|
32
|
+
# * {LimitExceededException}
|
33
|
+
# * {ResourceConflictException}
|
34
|
+
# * {ResourceNotFoundException}
|
35
|
+
#
|
36
|
+
# Additionally, error classes are dynamically generated for service errors based on the error code
|
37
|
+
# if they are not defined above.
|
9
38
|
module Errors
|
10
39
|
|
11
40
|
extend Aws::Errors::DynamicErrors
|
@@ -28,7 +57,6 @@ module Aws::SecurityHub
|
|
28
57
|
def code
|
29
58
|
@code || @data[:code]
|
30
59
|
end
|
31
|
-
|
32
60
|
end
|
33
61
|
|
34
62
|
class InternalException < ServiceError
|
@@ -49,7 +77,6 @@ module Aws::SecurityHub
|
|
49
77
|
def code
|
50
78
|
@code || @data[:code]
|
51
79
|
end
|
52
|
-
|
53
80
|
end
|
54
81
|
|
55
82
|
class InvalidAccessException < ServiceError
|
@@ -70,7 +97,6 @@ module Aws::SecurityHub
|
|
70
97
|
def code
|
71
98
|
@code || @data[:code]
|
72
99
|
end
|
73
|
-
|
74
100
|
end
|
75
101
|
|
76
102
|
class InvalidInputException < ServiceError
|
@@ -91,7 +117,6 @@ module Aws::SecurityHub
|
|
91
117
|
def code
|
92
118
|
@code || @data[:code]
|
93
119
|
end
|
94
|
-
|
95
120
|
end
|
96
121
|
|
97
122
|
class LimitExceededException < ServiceError
|
@@ -112,7 +137,6 @@ module Aws::SecurityHub
|
|
112
137
|
def code
|
113
138
|
@code || @data[:code]
|
114
139
|
end
|
115
|
-
|
116
140
|
end
|
117
141
|
|
118
142
|
class ResourceConflictException < ServiceError
|
@@ -133,7 +157,6 @@ module Aws::SecurityHub
|
|
133
157
|
def code
|
134
158
|
@code || @data[:code]
|
135
159
|
end
|
136
|
-
|
137
160
|
end
|
138
161
|
|
139
162
|
class ResourceNotFoundException < ServiceError
|
@@ -154,7 +177,6 @@ module Aws::SecurityHub
|
|
154
177
|
def code
|
155
178
|
@code || @data[:code]
|
156
179
|
end
|
157
|
-
|
158
180
|
end
|
159
181
|
|
160
182
|
end
|
@@ -6,6 +6,13 @@
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
7
7
|
|
8
8
|
module Aws::SecurityHub
|
9
|
+
# This class provides a resource oriented interface for SecurityHub.
|
10
|
+
# To create a resource object:
|
11
|
+
# resource = Aws::SecurityHub::Resource.new(region: 'us-west-2')
|
12
|
+
# You can supply a client object with custom configuration that will be used for all resource operations.
|
13
|
+
# If you do not pass +:client+, a default client will be constructed.
|
14
|
+
# client = Aws::SecurityHub::Client.new(region: 'us-west-2')
|
15
|
+
# resource = Aws::SecurityHub::Resource.new(client: client)
|
9
16
|
class Resource
|
10
17
|
|
11
18
|
# @param options ({})
|
@@ -2311,6 +2311,17 @@ module Aws::SecurityHub
|
|
2311
2311
|
# {
|
2312
2312
|
# owner_id: "NonEmptyString",
|
2313
2313
|
# owner_name: "NonEmptyString",
|
2314
|
+
# created_at: "NonEmptyString",
|
2315
|
+
# server_side_encryption_configuration: {
|
2316
|
+
# rules: [
|
2317
|
+
# {
|
2318
|
+
# apply_server_side_encryption_by_default: {
|
2319
|
+
# sse_algorithm: "NonEmptyString",
|
2320
|
+
# kms_master_key_id: "NonEmptyString",
|
2321
|
+
# },
|
2322
|
+
# },
|
2323
|
+
# ],
|
2324
|
+
# },
|
2314
2325
|
# }
|
2315
2326
|
#
|
2316
2327
|
# @!attribute [rw] owner_id
|
@@ -2321,11 +2332,156 @@ module Aws::SecurityHub
|
|
2321
2332
|
# The display name of the owner of the S3 bucket.
|
2322
2333
|
# @return [String]
|
2323
2334
|
#
|
2335
|
+
# @!attribute [rw] created_at
|
2336
|
+
# The date and time when the S3 bucket was created.
|
2337
|
+
# @return [String]
|
2338
|
+
#
|
2339
|
+
# @!attribute [rw] server_side_encryption_configuration
|
2340
|
+
# The encryption rules that are applied to the S3 bucket.
|
2341
|
+
# @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
|
2342
|
+
#
|
2324
2343
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
|
2325
2344
|
#
|
2326
2345
|
class AwsS3BucketDetails < Struct.new(
|
2327
2346
|
:owner_id,
|
2328
|
-
:owner_name
|
2347
|
+
:owner_name,
|
2348
|
+
:created_at,
|
2349
|
+
:server_side_encryption_configuration)
|
2350
|
+
include Aws::Structure
|
2351
|
+
end
|
2352
|
+
|
2353
|
+
# Specifies the default server-side encryption to apply to new objects
|
2354
|
+
# in the bucket.
|
2355
|
+
#
|
2356
|
+
# @note When making an API call, you may pass AwsS3BucketServerSideEncryptionByDefault
|
2357
|
+
# data as a hash:
|
2358
|
+
#
|
2359
|
+
# {
|
2360
|
+
# sse_algorithm: "NonEmptyString",
|
2361
|
+
# kms_master_key_id: "NonEmptyString",
|
2362
|
+
# }
|
2363
|
+
#
|
2364
|
+
# @!attribute [rw] sse_algorithm
|
2365
|
+
# Server-side encryption algorithm to use for the default encryption.
|
2366
|
+
# @return [String]
|
2367
|
+
#
|
2368
|
+
# @!attribute [rw] kms_master_key_id
|
2369
|
+
# AWS KMS customer master key (CMK) ID to use for the default
|
2370
|
+
# encryption.
|
2371
|
+
# @return [String]
|
2372
|
+
#
|
2373
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionByDefault AWS API Documentation
|
2374
|
+
#
|
2375
|
+
class AwsS3BucketServerSideEncryptionByDefault < Struct.new(
|
2376
|
+
:sse_algorithm,
|
2377
|
+
:kms_master_key_id)
|
2378
|
+
include Aws::Structure
|
2379
|
+
end
|
2380
|
+
|
2381
|
+
# The encryption configuration for the S3 bucket.
|
2382
|
+
#
|
2383
|
+
# @note When making an API call, you may pass AwsS3BucketServerSideEncryptionConfiguration
|
2384
|
+
# data as a hash:
|
2385
|
+
#
|
2386
|
+
# {
|
2387
|
+
# rules: [
|
2388
|
+
# {
|
2389
|
+
# apply_server_side_encryption_by_default: {
|
2390
|
+
# sse_algorithm: "NonEmptyString",
|
2391
|
+
# kms_master_key_id: "NonEmptyString",
|
2392
|
+
# },
|
2393
|
+
# },
|
2394
|
+
# ],
|
2395
|
+
# }
|
2396
|
+
#
|
2397
|
+
# @!attribute [rw] rules
|
2398
|
+
# The encryption rules that are applied to the S3 bucket.
|
2399
|
+
# @return [Array<Types::AwsS3BucketServerSideEncryptionRule>]
|
2400
|
+
#
|
2401
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionConfiguration AWS API Documentation
|
2402
|
+
#
|
2403
|
+
class AwsS3BucketServerSideEncryptionConfiguration < Struct.new(
|
2404
|
+
:rules)
|
2405
|
+
include Aws::Structure
|
2406
|
+
end
|
2407
|
+
|
2408
|
+
# An encryption rule to apply to the S3 bucket.
|
2409
|
+
#
|
2410
|
+
# @note When making an API call, you may pass AwsS3BucketServerSideEncryptionRule
|
2411
|
+
# data as a hash:
|
2412
|
+
#
|
2413
|
+
# {
|
2414
|
+
# apply_server_side_encryption_by_default: {
|
2415
|
+
# sse_algorithm: "NonEmptyString",
|
2416
|
+
# kms_master_key_id: "NonEmptyString",
|
2417
|
+
# },
|
2418
|
+
# }
|
2419
|
+
#
|
2420
|
+
# @!attribute [rw] apply_server_side_encryption_by_default
|
2421
|
+
# Specifies the default server-side encryption to apply to new objects
|
2422
|
+
# in the bucket. If a `PUT` Object request doesn't specify any
|
2423
|
+
# server-side encryption, this default encryption is applied.
|
2424
|
+
# @return [Types::AwsS3BucketServerSideEncryptionByDefault]
|
2425
|
+
#
|
2426
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionRule AWS API Documentation
|
2427
|
+
#
|
2428
|
+
class AwsS3BucketServerSideEncryptionRule < Struct.new(
|
2429
|
+
:apply_server_side_encryption_by_default)
|
2430
|
+
include Aws::Structure
|
2431
|
+
end
|
2432
|
+
|
2433
|
+
# Details about an AWS S3 object.
|
2434
|
+
#
|
2435
|
+
# @note When making an API call, you may pass AwsS3ObjectDetails
|
2436
|
+
# data as a hash:
|
2437
|
+
#
|
2438
|
+
# {
|
2439
|
+
# last_modified: "NonEmptyString",
|
2440
|
+
# etag: "NonEmptyString",
|
2441
|
+
# version_id: "NonEmptyString",
|
2442
|
+
# content_type: "NonEmptyString",
|
2443
|
+
# server_side_encryption: "NonEmptyString",
|
2444
|
+
# ssekms_key_id: "NonEmptyString",
|
2445
|
+
# }
|
2446
|
+
#
|
2447
|
+
# @!attribute [rw] last_modified
|
2448
|
+
# The date and time when the object was last modified.
|
2449
|
+
# @return [String]
|
2450
|
+
#
|
2451
|
+
# @!attribute [rw] etag
|
2452
|
+
# The opaque identifier assigned by a web server to a specific version
|
2453
|
+
# of a resource found at a URL.
|
2454
|
+
# @return [String]
|
2455
|
+
#
|
2456
|
+
# @!attribute [rw] version_id
|
2457
|
+
# The version of the object.
|
2458
|
+
# @return [String]
|
2459
|
+
#
|
2460
|
+
# @!attribute [rw] content_type
|
2461
|
+
# A standard MIME type describing the format of the object data.
|
2462
|
+
# @return [String]
|
2463
|
+
#
|
2464
|
+
# @!attribute [rw] server_side_encryption
|
2465
|
+
# If the object is stored using server-side encryption, the value of
|
2466
|
+
# the server-side encryption algorithm used when storing this object
|
2467
|
+
# in Amazon S3.
|
2468
|
+
# @return [String]
|
2469
|
+
#
|
2470
|
+
# @!attribute [rw] ssekms_key_id
|
2471
|
+
# The identifier of the AWS Key Management Service (AWS KMS) symmetric
|
2472
|
+
# customer managed customer master key (CMK) that was used for the
|
2473
|
+
# object.
|
2474
|
+
# @return [String]
|
2475
|
+
#
|
2476
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3ObjectDetails AWS API Documentation
|
2477
|
+
#
|
2478
|
+
class AwsS3ObjectDetails < Struct.new(
|
2479
|
+
:last_modified,
|
2480
|
+
:etag,
|
2481
|
+
:version_id,
|
2482
|
+
:content_type,
|
2483
|
+
:server_side_encryption,
|
2484
|
+
:ssekms_key_id)
|
2329
2485
|
include Aws::Structure
|
2330
2486
|
end
|
2331
2487
|
|
@@ -2356,7 +2512,8 @@ module Aws::SecurityHub
|
|
2356
2512
|
# updated_at: "NonEmptyString", # required
|
2357
2513
|
# severity: { # required
|
2358
2514
|
# product: 1.0,
|
2359
|
-
#
|
2515
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
2516
|
+
# normalized: 1,
|
2360
2517
|
# },
|
2361
2518
|
# confidence: 1,
|
2362
2519
|
# criticality: 1,
|
@@ -2621,6 +2778,25 @@ module Aws::SecurityHub
|
|
2621
2778
|
# aws_s3_bucket: {
|
2622
2779
|
# owner_id: "NonEmptyString",
|
2623
2780
|
# owner_name: "NonEmptyString",
|
2781
|
+
# created_at: "NonEmptyString",
|
2782
|
+
# server_side_encryption_configuration: {
|
2783
|
+
# rules: [
|
2784
|
+
# {
|
2785
|
+
# apply_server_side_encryption_by_default: {
|
2786
|
+
# sse_algorithm: "NonEmptyString",
|
2787
|
+
# kms_master_key_id: "NonEmptyString",
|
2788
|
+
# },
|
2789
|
+
# },
|
2790
|
+
# ],
|
2791
|
+
# },
|
2792
|
+
# },
|
2793
|
+
# aws_s3_object: {
|
2794
|
+
# last_modified: "NonEmptyString",
|
2795
|
+
# etag: "NonEmptyString",
|
2796
|
+
# version_id: "NonEmptyString",
|
2797
|
+
# content_type: "NonEmptyString",
|
2798
|
+
# server_side_encryption: "NonEmptyString",
|
2799
|
+
# ssekms_key_id: "NonEmptyString",
|
2624
2800
|
# },
|
2625
2801
|
# aws_iam_access_key: {
|
2626
2802
|
# user_name: "NonEmptyString",
|
@@ -2791,6 +2967,9 @@ module Aws::SecurityHub
|
|
2791
2967
|
# },
|
2792
2968
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
2793
2969
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
2970
|
+
# workflow: {
|
2971
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
2972
|
+
# },
|
2794
2973
|
# record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
|
2795
2974
|
# related_findings: [
|
2796
2975
|
# {
|
@@ -2814,10 +2993,10 @@ module Aws::SecurityHub
|
|
2814
2993
|
# @return [String]
|
2815
2994
|
#
|
2816
2995
|
# @!attribute [rw] product_arn
|
2817
|
-
# The ARN generated by Security Hub that uniquely identifies a
|
2818
|
-
#
|
2819
|
-
#
|
2820
|
-
#
|
2996
|
+
# The ARN generated by Security Hub that uniquely identifies a product
|
2997
|
+
# that generates findings. This can be the ARN for a third-party
|
2998
|
+
# product that is integrated with Security Hub, or the ARN for a
|
2999
|
+
# custom integration.
|
2821
3000
|
# @return [String]
|
2822
3001
|
#
|
2823
3002
|
# @!attribute [rw] generator_id
|
@@ -2957,6 +3136,11 @@ module Aws::SecurityHub
|
|
2957
3136
|
# The workflow state of a finding.
|
2958
3137
|
# @return [String]
|
2959
3138
|
#
|
3139
|
+
# @!attribute [rw] workflow
|
3140
|
+
# Provides information about the status of the investigation into a
|
3141
|
+
# finding.
|
3142
|
+
# @return [Types::Workflow]
|
3143
|
+
#
|
2960
3144
|
# @!attribute [rw] record_state
|
2961
3145
|
# The record state of a finding.
|
2962
3146
|
# @return [String]
|
@@ -2999,6 +3183,7 @@ module Aws::SecurityHub
|
|
2999
3183
|
:compliance,
|
3000
3184
|
:verification_state,
|
3001
3185
|
:workflow_state,
|
3186
|
+
:workflow,
|
3002
3187
|
:record_state,
|
3003
3188
|
:related_findings,
|
3004
3189
|
:note)
|
@@ -3515,6 +3700,12 @@ module Aws::SecurityHub
|
|
3515
3700
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
3516
3701
|
# },
|
3517
3702
|
# ],
|
3703
|
+
# workflow_status: [
|
3704
|
+
# {
|
3705
|
+
# value: "NonEmptyString",
|
3706
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
3707
|
+
# },
|
3708
|
+
# ],
|
3518
3709
|
# record_state: [
|
3519
3710
|
# {
|
3520
3711
|
# value: "NonEmptyString",
|
@@ -3910,6 +4101,24 @@ module Aws::SecurityHub
|
|
3910
4101
|
# The workflow state of a finding.
|
3911
4102
|
# @return [Array<Types::StringFilter>]
|
3912
4103
|
#
|
4104
|
+
# @!attribute [rw] workflow_status
|
4105
|
+
# The status of the investigation into a finding. Allowed values are
|
4106
|
+
# the following.
|
4107
|
+
#
|
4108
|
+
# * `NEW` - The initial state of a finding, before it is reviewed.
|
4109
|
+
#
|
4110
|
+
# * `NOTIFIED` - Indicates that the resource owner has been notified
|
4111
|
+
# about the security issue. Used when the initial reviewer is not
|
4112
|
+
# the resource owner, and needs intervention from the resource
|
4113
|
+
# owner.
|
4114
|
+
#
|
4115
|
+
# * `SUPPRESSED` - The finding will not be reviewed again and will not
|
4116
|
+
# be acted upon.
|
4117
|
+
#
|
4118
|
+
# * `RESOLVED` - The finding was reviewed and remediated and is now
|
4119
|
+
# considered resolved.
|
4120
|
+
# @return [Array<Types::StringFilter>]
|
4121
|
+
#
|
3913
4122
|
# @!attribute [rw] record_state
|
3914
4123
|
# The updated record state for the finding.
|
3915
4124
|
# @return [Array<Types::StringFilter>]
|
@@ -4017,6 +4226,7 @@ module Aws::SecurityHub
|
|
4017
4226
|
:compliance_status,
|
4018
4227
|
:verification_state,
|
4019
4228
|
:workflow_state,
|
4229
|
+
:workflow_status,
|
4020
4230
|
:record_state,
|
4021
4231
|
:related_findings_product_arn,
|
4022
4232
|
:related_findings_id,
|
@@ -4365,7 +4575,8 @@ module Aws::SecurityHub
|
|
4365
4575
|
# updated_at: "NonEmptyString", # required
|
4366
4576
|
# severity: { # required
|
4367
4577
|
# product: 1.0,
|
4368
|
-
#
|
4578
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
4579
|
+
# normalized: 1,
|
4369
4580
|
# },
|
4370
4581
|
# confidence: 1,
|
4371
4582
|
# criticality: 1,
|
@@ -4630,6 +4841,25 @@ module Aws::SecurityHub
|
|
4630
4841
|
# aws_s3_bucket: {
|
4631
4842
|
# owner_id: "NonEmptyString",
|
4632
4843
|
# owner_name: "NonEmptyString",
|
4844
|
+
# created_at: "NonEmptyString",
|
4845
|
+
# server_side_encryption_configuration: {
|
4846
|
+
# rules: [
|
4847
|
+
# {
|
4848
|
+
# apply_server_side_encryption_by_default: {
|
4849
|
+
# sse_algorithm: "NonEmptyString",
|
4850
|
+
# kms_master_key_id: "NonEmptyString",
|
4851
|
+
# },
|
4852
|
+
# },
|
4853
|
+
# ],
|
4854
|
+
# },
|
4855
|
+
# },
|
4856
|
+
# aws_s3_object: {
|
4857
|
+
# last_modified: "NonEmptyString",
|
4858
|
+
# etag: "NonEmptyString",
|
4859
|
+
# version_id: "NonEmptyString",
|
4860
|
+
# content_type: "NonEmptyString",
|
4861
|
+
# server_side_encryption: "NonEmptyString",
|
4862
|
+
# ssekms_key_id: "NonEmptyString",
|
4633
4863
|
# },
|
4634
4864
|
# aws_iam_access_key: {
|
4635
4865
|
# user_name: "NonEmptyString",
|
@@ -4800,6 +5030,9 @@ module Aws::SecurityHub
|
|
4800
5030
|
# },
|
4801
5031
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
4802
5032
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
5033
|
+
# workflow: {
|
5034
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
5035
|
+
# },
|
4803
5036
|
# record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
|
4804
5037
|
# related_findings: [
|
4805
5038
|
# {
|
@@ -5487,6 +5720,12 @@ module Aws::SecurityHub
|
|
5487
5720
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
5488
5721
|
# },
|
5489
5722
|
# ],
|
5723
|
+
# workflow_status: [
|
5724
|
+
# {
|
5725
|
+
# value: "NonEmptyString",
|
5726
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
5727
|
+
# },
|
5728
|
+
# ],
|
5490
5729
|
# record_state: [
|
5491
5730
|
# {
|
5492
5731
|
# value: "NonEmptyString",
|
@@ -6733,6 +6972,12 @@ module Aws::SecurityHub
|
|
6733
6972
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
6734
6973
|
# },
|
6735
6974
|
# ],
|
6975
|
+
# workflow_status: [
|
6976
|
+
# {
|
6977
|
+
# value: "NonEmptyString",
|
6978
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
6979
|
+
# },
|
6980
|
+
# ],
|
6736
6981
|
# record_state: [
|
6737
6982
|
# {
|
6738
6983
|
# value: "NonEmptyString",
|
@@ -6876,7 +7121,9 @@ module Aws::SecurityHub
|
|
6876
7121
|
# }
|
6877
7122
|
#
|
6878
7123
|
# @!attribute [rw] insight_arns
|
6879
|
-
# The ARNs of the insights to describe.
|
7124
|
+
# The ARNs of the insights to describe. If you do not provide any
|
7125
|
+
# insight ARNs, then `GetInsights` returns all of your custom
|
7126
|
+
# insights. It does not return any managed insights.
|
6880
7127
|
# @return [Array<String>]
|
6881
7128
|
#
|
6882
7129
|
# @!attribute [rw] next_token
|
@@ -8170,6 +8417,25 @@ module Aws::SecurityHub
|
|
8170
8417
|
# aws_s3_bucket: {
|
8171
8418
|
# owner_id: "NonEmptyString",
|
8172
8419
|
# owner_name: "NonEmptyString",
|
8420
|
+
# created_at: "NonEmptyString",
|
8421
|
+
# server_side_encryption_configuration: {
|
8422
|
+
# rules: [
|
8423
|
+
# {
|
8424
|
+
# apply_server_side_encryption_by_default: {
|
8425
|
+
# sse_algorithm: "NonEmptyString",
|
8426
|
+
# kms_master_key_id: "NonEmptyString",
|
8427
|
+
# },
|
8428
|
+
# },
|
8429
|
+
# ],
|
8430
|
+
# },
|
8431
|
+
# },
|
8432
|
+
# aws_s3_object: {
|
8433
|
+
# last_modified: "NonEmptyString",
|
8434
|
+
# etag: "NonEmptyString",
|
8435
|
+
# version_id: "NonEmptyString",
|
8436
|
+
# content_type: "NonEmptyString",
|
8437
|
+
# server_side_encryption: "NonEmptyString",
|
8438
|
+
# ssekms_key_id: "NonEmptyString",
|
8173
8439
|
# },
|
8174
8440
|
# aws_iam_access_key: {
|
8175
8441
|
# user_name: "NonEmptyString",
|
@@ -8609,6 +8875,25 @@ module Aws::SecurityHub
|
|
8609
8875
|
# aws_s3_bucket: {
|
8610
8876
|
# owner_id: "NonEmptyString",
|
8611
8877
|
# owner_name: "NonEmptyString",
|
8878
|
+
# created_at: "NonEmptyString",
|
8879
|
+
# server_side_encryption_configuration: {
|
8880
|
+
# rules: [
|
8881
|
+
# {
|
8882
|
+
# apply_server_side_encryption_by_default: {
|
8883
|
+
# sse_algorithm: "NonEmptyString",
|
8884
|
+
# kms_master_key_id: "NonEmptyString",
|
8885
|
+
# },
|
8886
|
+
# },
|
8887
|
+
# ],
|
8888
|
+
# },
|
8889
|
+
# },
|
8890
|
+
# aws_s3_object: {
|
8891
|
+
# last_modified: "NonEmptyString",
|
8892
|
+
# etag: "NonEmptyString",
|
8893
|
+
# version_id: "NonEmptyString",
|
8894
|
+
# content_type: "NonEmptyString",
|
8895
|
+
# server_side_encryption: "NonEmptyString",
|
8896
|
+
# ssekms_key_id: "NonEmptyString",
|
8612
8897
|
# },
|
8613
8898
|
# aws_iam_access_key: {
|
8614
8899
|
# user_name: "NonEmptyString",
|
@@ -8804,6 +9089,10 @@ module Aws::SecurityHub
|
|
8804
9089
|
# Details about an Amazon S3 Bucket related to a finding.
|
8805
9090
|
# @return [Types::AwsS3BucketDetails]
|
8806
9091
|
#
|
9092
|
+
# @!attribute [rw] aws_s3_object
|
9093
|
+
# Details about an Amazon S3 object related to a finding.
|
9094
|
+
# @return [Types::AwsS3ObjectDetails]
|
9095
|
+
#
|
8807
9096
|
# @!attribute [rw] aws_iam_access_key
|
8808
9097
|
# Details about an IAM access key related to a finding.
|
8809
9098
|
# @return [Types::AwsIamAccessKeyDetails]
|
@@ -8869,6 +9158,7 @@ module Aws::SecurityHub
|
|
8869
9158
|
:aws_elbv_2_load_balancer,
|
8870
9159
|
:aws_elasticsearch_domain,
|
8871
9160
|
:aws_s3_bucket,
|
9161
|
+
:aws_s3_object,
|
8872
9162
|
:aws_iam_access_key,
|
8873
9163
|
:aws_iam_role,
|
8874
9164
|
:aws_kms_key,
|
@@ -8925,7 +9215,8 @@ module Aws::SecurityHub
|
|
8925
9215
|
#
|
8926
9216
|
# {
|
8927
9217
|
# product: 1.0,
|
8928
|
-
#
|
9218
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
9219
|
+
# normalized: 1,
|
8929
9220
|
# }
|
8930
9221
|
#
|
8931
9222
|
# @!attribute [rw] product
|
@@ -8933,14 +9224,45 @@ module Aws::SecurityHub
|
|
8933
9224
|
# partner product that generated the finding.
|
8934
9225
|
# @return [Float]
|
8935
9226
|
#
|
9227
|
+
# @!attribute [rw] label
|
9228
|
+
# The severity value of the finding. The allowed values are the
|
9229
|
+
# following.
|
9230
|
+
#
|
9231
|
+
# * `INFORMATIONAL` - No issue was found.
|
9232
|
+
#
|
9233
|
+
# * `LOW` - The issue does not require action on its own.
|
9234
|
+
#
|
9235
|
+
# * `MEDIUM` - The issue must be addressed but not urgently.
|
9236
|
+
#
|
9237
|
+
# * `HIGH` - The issue must be addressed as a priority.
|
9238
|
+
#
|
9239
|
+
# * `CRITICAL` - The issue must be remediated immediately to avoid it
|
9240
|
+
# escalating.
|
9241
|
+
# @return [String]
|
9242
|
+
#
|
8936
9243
|
# @!attribute [rw] normalized
|
8937
|
-
#
|
9244
|
+
# Deprecated. This attribute is being deprecated. Instead of providing
|
9245
|
+
# `Normalized`, provide `Label`.
|
9246
|
+
#
|
9247
|
+
# If you provide `Normalized` and do not provide `Label`, `Label` is
|
9248
|
+
# set automatically as follows.
|
9249
|
+
#
|
9250
|
+
# * 0 - `INFORMATIONAL`
|
9251
|
+
#
|
9252
|
+
# * 1–39 - `LOW`
|
9253
|
+
#
|
9254
|
+
# * 40–69 - `MEDIUM`
|
9255
|
+
#
|
9256
|
+
# * 70–89 - `HIGH`
|
9257
|
+
#
|
9258
|
+
# * 90–100 - `CRITICAL`
|
8938
9259
|
# @return [Integer]
|
8939
9260
|
#
|
8940
9261
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
|
8941
9262
|
#
|
8942
9263
|
class Severity < Struct.new(
|
8943
9264
|
:product,
|
9265
|
+
:label,
|
8944
9266
|
:normalized)
|
8945
9267
|
include Aws::Structure
|
8946
9268
|
end
|
@@ -9799,6 +10121,12 @@ module Aws::SecurityHub
|
|
9799
10121
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
9800
10122
|
# },
|
9801
10123
|
# ],
|
10124
|
+
# workflow_status: [
|
10125
|
+
# {
|
10126
|
+
# value: "NonEmptyString",
|
10127
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
10128
|
+
# },
|
10129
|
+
# ],
|
9802
10130
|
# record_state: [
|
9803
10131
|
# {
|
9804
10132
|
# value: "NonEmptyString",
|
@@ -10387,6 +10715,12 @@ module Aws::SecurityHub
|
|
10387
10715
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
10388
10716
|
# },
|
10389
10717
|
# ],
|
10718
|
+
# workflow_status: [
|
10719
|
+
# {
|
10720
|
+
# value: "NonEmptyString",
|
10721
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX
|
10722
|
+
# },
|
10723
|
+
# ],
|
10390
10724
|
# record_state: [
|
10391
10725
|
# {
|
10392
10726
|
# value: "NonEmptyString",
|
@@ -10578,5 +10912,39 @@ module Aws::SecurityHub
|
|
10578
10912
|
include Aws::Structure
|
10579
10913
|
end
|
10580
10914
|
|
10915
|
+
# Provides information about the status of the investigation into a
|
10916
|
+
# finding.
|
10917
|
+
#
|
10918
|
+
# @note When making an API call, you may pass Workflow
|
10919
|
+
# data as a hash:
|
10920
|
+
#
|
10921
|
+
# {
|
10922
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
10923
|
+
# }
|
10924
|
+
#
|
10925
|
+
# @!attribute [rw] status
|
10926
|
+
# The status of the investigation into the finding. The allowed values
|
10927
|
+
# are the following.
|
10928
|
+
#
|
10929
|
+
# * `NEW` - The initial state of a finding, before it is reviewed.
|
10930
|
+
#
|
10931
|
+
# * `NOTIFIED` - Indicates that you notified the resource owner about
|
10932
|
+
# the security issue. Used when the initial reviewer is not the
|
10933
|
+
# resource owner, and needs intervention from the resource owner.
|
10934
|
+
#
|
10935
|
+
# * `SUPPRESSED` - The finding will not be reviewed again and will not
|
10936
|
+
# be acted upon.
|
10937
|
+
#
|
10938
|
+
# * `RESOLVED` - The finding was reviewed and remediated and is now
|
10939
|
+
# considered resolved.
|
10940
|
+
# @return [String]
|
10941
|
+
#
|
10942
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Workflow AWS API Documentation
|
10943
|
+
#
|
10944
|
+
class Workflow < Struct.new(
|
10945
|
+
:status)
|
10946
|
+
include Aws::Structure
|
10947
|
+
end
|
10948
|
+
|
10581
10949
|
end
|
10582
10950
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-securityhub
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-03-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -80,8 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
80
80
|
- !ruby/object:Gem::Version
|
81
81
|
version: '0'
|
82
82
|
requirements: []
|
83
|
-
|
84
|
-
rubygems_version: 2.5.2.3
|
83
|
+
rubygems_version: 3.0.3
|
85
84
|
signing_key:
|
86
85
|
specification_version: 4
|
87
86
|
summary: AWS SDK for Ruby - AWS SecurityHub
|