aws-sdk-securityhub 1.19.0 → 1.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8123d830053ce4ae388751581ca42f81b0c16862
-  data.tar.gz: 697f9a9a1e0b65bc836f253320d6ec7acead78d7
+SHA256:
+  metadata.gz: 98d21ee5c0112ce618c87220b808944527e13cc4bc6d624d930c98cb104ed50a
+  data.tar.gz: 4bafb1029f1146dd3253fb81f5ddf2b49943696b7757fde1819dad80efab9edd
 SHA512:
-  metadata.gz: 5c9793f9a927033fca58dbaf26814f966b368a2210e32c6b02447011e34b18bcf347a9207025fc736b49416cc809e7cb667f6e2adb5637d200cd8ffea8e13f5a
-  data.tar.gz: 06a9b115b410bdbdf891757846ba8e9d5ed987e6adef35f2036fa2fc833aa0770638fa506598ae3d91f9003c11a8e82efa9fc780a6b1feb389279dde630f3e4a
+  metadata.gz: 3f391b929675091bda7240694cc33404f1f318234822307a1f88b6415f5bcc684d6a98e8a38f9917b85c9c644d2486e8417681b65b0e286254994b4e7a356f29
+  data.tar.gz: 734d17159522d2bbffd21fe9e2b5a4f391af6f493ac86af225da9e2bb65b69563b5ad2a5e19171fb3cb5bfe14afc73db9ea88dc87609161b9aef8884715ad208

data/lib/aws-sdk-securityhub.rb

@@ -24,17 +24,20 @@ require_relative 'aws-sdk-securityhub/customizations'
 # methods each accept a hash of request parameters and return a response
 # structure.
 #
+#     security_hub = Aws::SecurityHub::Client.new
+#     resp = security_hub.accept_invitation(params)
+#
 # See {Client} for more information.
 #
 # # Errors
 #
-# Errors returned from AWS SecurityHub all
-# extend {Errors::ServiceError}.
+# Errors returned from AWS SecurityHub are defined in the
+# {Errors} module and all extend {Errors::ServiceError}.
 #
 #     begin
 #       # do stuff
 #     rescue Aws::SecurityHub::Errors::ServiceError
-#       # rescues all service API errors
+#       # rescues all AWS SecurityHub API errors
 #     end
 #
 # See {Errors} for more information.
@@ -42,6 +45,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @service
 module Aws::SecurityHub
 
-  GEM_VERSION = '1.19.0'
+  GEM_VERSION = '1.21.0'
 
 end

data/lib/aws-sdk-securityhub/client.rb

@@ -30,6 +30,18 @@ require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 Aws::Plugins::GlobalConfiguration.add_identifier(:securityhub)
 
 module Aws::SecurityHub
+  # An API client for SecurityHub.  To construct a client, you need to configure a `:region` and `:credentials`.
+  #
+  #     client = Aws::SecurityHub::Client.new(
+  #       region: region_name,
+  #       credentials: credentials,
+  #       # ...
+  #     )
+  #
+  # For details on configuring region and credentials see
+  # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
+  #
+  # See {#initialize} for a full list of supported configuration options.
   class Client < Seahorse::Client::Base
 
     include Aws::ClientStubs
@@ -108,6 +120,12 @@ module Aws::SecurityHub
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
     #
+    #   @option options [Boolean] :adaptive_retry_wait_to_fill (true)
+    #     Used only in `adaptive` retry mode.  When true, the request will sleep
+    #     until there is sufficent client side capacity to retry the request.
+    #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
+    #     not retry instead of sleeping.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -132,6 +150,10 @@ module Aws::SecurityHub
     #     When `true`, an attempt is made to coerce request parameters into
     #     the required types.
     #
+    #   @option options [Boolean] :correct_clock_skew (true)
+    #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
+    #     a clock skew correction and retry requests with skewed client clocks.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -166,15 +188,29 @@ module Aws::SecurityHub
     #     The Logger instance to send log messages to.  If this option
     #     is not set, logging will be disabled.
     #
+    #   @option options [Integer] :max_attempts (3)
+    #     An integer representing the maximum number attempts that will be made for
+    #     a single request, including the initial attempt.  For example,
+    #     setting this value to 5 will result in a request being retried up to
+    #     4 times. Used in `standard` and `adaptive` retry modes.
+    #
     #   @option options [String] :profile ("default")
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Proc] :retry_backoff
+    #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
+    #     This option is only used in the `legacy` retry mode.
+    #
     #   @option options [Float] :retry_base_delay (0.3)
-    #     The base delay in seconds used by the default backoff function.
+    #     The base delay in seconds used by the default backoff function. This option
+    #     is only used in the `legacy` retry mode.
     #
     #   @option options [Symbol] :retry_jitter (:none)
-    #     A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
+    #     A delay randomiser function used by the default backoff function.
+    #     Some predefined functions can be referenced by name - :none, :equal, :full,
+    #     otherwise a Proc that takes and returns a number. This option is only used
+    #     in the `legacy` retry mode.
     #
     #     @see https://www.awsarchitectureblog.com/2015/03/backoff.html
     #
@@ -182,11 +218,30 @@ module Aws::SecurityHub
     #     The maximum number of times to retry failed requests.  Only
     #     ~ 500 level server errors and certain ~ 400 level client errors
     #     are retried.  Generally, these are throttling errors, data
-    #     checksum errors, networking errors, timeout errors and auth
-    #     errors from expired credentials.
+    #     checksum errors, networking errors, timeout errors, auth errors,
+    #     endpoint discovery, and errors from expired credentials.
+    #     This option is only used in the `legacy` retry mode.
     #
     #   @option options [Integer] :retry_max_delay (0)
-    #     The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
+    #     The maximum number of seconds to delay between retries (0 for no limit)
+    #     used by the default backoff function. This option is only used in the
+    #     `legacy` retry mode.
+    #
+    #   @option options [String] :retry_mode ("legacy")
+    #     Specifies which retry algorithm to use. Values are:
+    #
+    #     * `legacy` - The pre-existing retry behavior.  This is default value if
+    #       no retry mode is provided.
+    #
+    #     * `standard` - A standardized set of retry rules across the AWS SDKs.
+    #       This includes support for retry quotas, which limit the number of
+    #       unsuccessful retries a client can make.
+    #
+    #     * `adaptive` - An experimental retry mode that includes all the
+    #       functionality of `standard` mode along with automatic client side
+    #       throttling.  This is a provisional mode that may change behavior
+    #       in the future.
+    #
     #
     #   @option options [String] :secret_access_key
     #
@@ -209,16 +264,16 @@ module Aws::SecurityHub
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
     #   @option options [Float] :http_open_timeout (15) The number of
-    #     seconds to wait when opening a HTTP session before rasing a
+    #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
     #   @option options [Integer] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set
-    #     per-request on the session yeidled by {#session_for}.
+    #     per-request on the session yielded by {#session_for}.
     #
     #   @option options [Float] :http_idle_timeout (5) The number of
-    #     seconds a connection is allowed to sit idble before it is
+    #     seconds a connection is allowed to sit idle before it is
     #     considered stale.  Stale connections are closed and removed
     #     from the pool before making a request.
     #
@@ -227,7 +282,7 @@ module Aws::SecurityHub
     #     request body.  This option has no effect unless the request has
     #     "Expect" header set to "100-continue".  Defaults to `nil` which
     #     disables this behaviour.  This value can safely be set per
-    #     request on the session yeidled by {#session_for}.
+    #     request on the session yielded by {#session_for}.
     #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
@@ -415,7 +470,8 @@ module Aws::SecurityHub
     #         updated_at: "NonEmptyString", # required
     #         severity: { # required
     #           product: 1.0,
-    #           normalized: 1, # required
+    #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #           normalized: 1,
     #         },
     #         confidence: 1,
     #         criticality: 1,
@@ -680,6 +736,25 @@ module Aws::SecurityHub
     #               aws_s3_bucket: {
     #                 owner_id: "NonEmptyString",
     #                 owner_name: "NonEmptyString",
+    #                 created_at: "NonEmptyString",
+    #                 server_side_encryption_configuration: {
+    #                   rules: [
+    #                     {
+    #                       apply_server_side_encryption_by_default: {
+    #                         sse_algorithm: "NonEmptyString",
+    #                         kms_master_key_id: "NonEmptyString",
+    #                       },
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #               aws_s3_object: {
+    #                 last_modified: "NonEmptyString",
+    #                 etag: "NonEmptyString",
+    #                 version_id: "NonEmptyString",
+    #                 content_type: "NonEmptyString",
+    #                 server_side_encryption: "NonEmptyString",
+    #                 ssekms_key_id: "NonEmptyString",
     #               },
     #               aws_iam_access_key: {
     #                 user_name: "NonEmptyString",
@@ -850,6 +925,9 @@ module Aws::SecurityHub
     #         },
     #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #         workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
+    #         workflow: {
+    #           status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #         },
     #         record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
     #         related_findings: [
     #           {
@@ -1453,6 +1531,12 @@ module Aws::SecurityHub
     #           comparison: "EQUALS", # accepts EQUALS, PREFIX
     #         },
     #       ],
+    #       workflow_status: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #         },
+    #       ],
     #       record_state: [
     #         {
     #           value: "NonEmptyString",
@@ -2707,6 +2791,12 @@ module Aws::SecurityHub
     #           comparison: "EQUALS", # accepts EQUALS, PREFIX
     #         },
     #       ],
+    #       workflow_status: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #         },
+    #       ],
     #       record_state: [
     #         {
     #           value: "NonEmptyString",
@@ -2778,6 +2868,7 @@ module Aws::SecurityHub
     #   resp.findings[0].created_at #=> String
     #   resp.findings[0].updated_at #=> String
     #   resp.findings[0].severity.product #=> Float
+    #   resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
     #   resp.findings[0].severity.normalized #=> Integer
     #   resp.findings[0].confidence #=> Integer
     #   resp.findings[0].criticality #=> Integer
@@ -2952,6 +3043,16 @@ module Aws::SecurityHub
     #   resp.findings[0].resources[0].details.aws_elasticsearch_domain.vpc_options.vpc_id #=> String
     #   resp.findings[0].resources[0].details.aws_s3_bucket.owner_id #=> String
     #   resp.findings[0].resources[0].details.aws_s3_bucket.owner_name #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_bucket.created_at #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules #=> Array
+    #   resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.sse_algorithm #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.kms_master_key_id #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_object.last_modified #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_object.etag #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_object.version_id #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_object.content_type #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_object.server_side_encryption #=> String
+    #   resp.findings[0].resources[0].details.aws_s3_object.ssekms_key_id #=> String
     #   resp.findings[0].resources[0].details.aws_iam_access_key.user_name #=> String
     #   resp.findings[0].resources[0].details.aws_iam_access_key.status #=> String, one of "Active", "Inactive"
     #   resp.findings[0].resources[0].details.aws_iam_access_key.created_at #=> String
@@ -3062,6 +3163,7 @@ module Aws::SecurityHub
     #   resp.findings[0].compliance.related_requirements[0] #=> String
     #   resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
     #   resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
+    #   resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
     #   resp.findings[0].record_state #=> String, one of "ACTIVE", "ARCHIVED"
     #   resp.findings[0].related_findings #=> Array
     #   resp.findings[0].related_findings[0].product_arn #=> String
@@ -3116,7 +3218,9 @@ module Aws::SecurityHub
     # Lists and describes insights for the specified insight ARNs.
     #
     # @option params [Array<String>] :insight_arns
-    #   The ARNs of the insights to describe.
+    #   The ARNs of the insights to describe. If you do not provide any
+    #   insight ARNs, then `GetInsights` returns all of your custom insights.
+    #   It does not return any managed insights.
     #
     # @option params [String] :next_token
     #   The token that is required for pagination. On your first call to the
@@ -3401,6 +3505,9 @@ module Aws::SecurityHub
     #   resp.insights[0].filters.workflow_state #=> Array
     #   resp.insights[0].filters.workflow_state[0].value #=> String
     #   resp.insights[0].filters.workflow_state[0].comparison #=> String, one of "EQUALS", "PREFIX"
+    #   resp.insights[0].filters.workflow_status #=> Array
+    #   resp.insights[0].filters.workflow_status[0].value #=> String
+    #   resp.insights[0].filters.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX"
     #   resp.insights[0].filters.record_state #=> Array
     #   resp.insights[0].filters.record_state[0].value #=> String
     #   resp.insights[0].filters.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX"
@@ -4341,6 +4448,12 @@ module Aws::SecurityHub
     #           comparison: "EQUALS", # accepts EQUALS, PREFIX
     #         },
     #       ],
+    #       workflow_status: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #         },
+    #       ],
     #       record_state: [
     #         {
     #           value: "NonEmptyString",
@@ -4928,6 +5041,12 @@ module Aws::SecurityHub
     #           comparison: "EQUALS", # accepts EQUALS, PREFIX
     #         },
     #       ],
+    #       workflow_status: [
+    #         {
+    #           value: "NonEmptyString",
+    #           comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #         },
+    #       ],
     #       record_state: [
     #         {
     #           value: "NonEmptyString",
@@ -5031,7 +5150,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.19.0'
+      context[:gem_version] = '1.21.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -78,6 +78,11 @@ module Aws::SecurityHub
     AwsRdsDbInstanceVpcSecurityGroup = Shapes::StructureShape.new(name: 'AwsRdsDbInstanceVpcSecurityGroup')
     AwsRdsDbInstanceVpcSecurityGroups = Shapes::ListShape.new(name: 'AwsRdsDbInstanceVpcSecurityGroups')
     AwsS3BucketDetails = Shapes::StructureShape.new(name: 'AwsS3BucketDetails')
+    AwsS3BucketServerSideEncryptionByDefault = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionByDefault')
+    AwsS3BucketServerSideEncryptionConfiguration = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionConfiguration')
+    AwsS3BucketServerSideEncryptionRule = Shapes::StructureShape.new(name: 'AwsS3BucketServerSideEncryptionRule')
+    AwsS3BucketServerSideEncryptionRules = Shapes::ListShape.new(name: 'AwsS3BucketServerSideEncryptionRules')
+    AwsS3ObjectDetails = Shapes::StructureShape.new(name: 'AwsS3ObjectDetails')
     AwsSecurityFinding = Shapes::StructureShape.new(name: 'AwsSecurityFinding')
     AwsSecurityFindingFilters = Shapes::StructureShape.new(name: 'AwsSecurityFindingFilters')
     AwsSecurityFindingList = Shapes::ListShape.new(name: 'AwsSecurityFindingList')
@@ -229,6 +234,7 @@ module Aws::SecurityHub
     ResultList = Shapes::ListShape.new(name: 'ResultList')
     SecurityGroups = Shapes::ListShape.new(name: 'SecurityGroups')
     Severity = Shapes::StructureShape.new(name: 'Severity')
+    SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
     SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
     SortCriteria = Shapes::ListShape.new(name: 'SortCriteria')
     SortCriterion = Shapes::StructureShape.new(name: 'SortCriterion')
@@ -275,7 +281,9 @@ module Aws::SecurityHub
     WafExcludedRule = Shapes::StructureShape.new(name: 'WafExcludedRule')
     WafExcludedRuleList = Shapes::ListShape.new(name: 'WafExcludedRuleList')
     WafOverrideAction = Shapes::StructureShape.new(name: 'WafOverrideAction')
+    Workflow = Shapes::StructureShape.new(name: 'Workflow')
     WorkflowState = Shapes::StringShape.new(name: 'WorkflowState')
+    WorkflowStatus = Shapes::StringShape.new(name: 'WorkflowStatus')
 
     AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "MasterId"))
     AcceptInvitationRequest.add_member(:invitation_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InvitationId"))
@@ -602,8 +610,30 @@ module Aws::SecurityHub
 
     AwsS3BucketDetails.add_member(:owner_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "OwnerId"))
     AwsS3BucketDetails.add_member(:owner_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "OwnerName"))
+    AwsS3BucketDetails.add_member(:created_at, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "CreatedAt"))
+    AwsS3BucketDetails.add_member(:server_side_encryption_configuration, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionConfiguration, location_name: "ServerSideEncryptionConfiguration"))
     AwsS3BucketDetails.struct_class = Types::AwsS3BucketDetails
 
+    AwsS3BucketServerSideEncryptionByDefault.add_member(:sse_algorithm, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SSEAlgorithm"))
+    AwsS3BucketServerSideEncryptionByDefault.add_member(:kms_master_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KMSMasterKeyID"))
+    AwsS3BucketServerSideEncryptionByDefault.struct_class = Types::AwsS3BucketServerSideEncryptionByDefault
+
+    AwsS3BucketServerSideEncryptionConfiguration.add_member(:rules, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionRules, location_name: "Rules"))
+    AwsS3BucketServerSideEncryptionConfiguration.struct_class = Types::AwsS3BucketServerSideEncryptionConfiguration
+
+    AwsS3BucketServerSideEncryptionRule.add_member(:apply_server_side_encryption_by_default, Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionByDefault, location_name: "ApplyServerSideEncryptionByDefault"))
+    AwsS3BucketServerSideEncryptionRule.struct_class = Types::AwsS3BucketServerSideEncryptionRule
+
+    AwsS3BucketServerSideEncryptionRules.member = Shapes::ShapeRef.new(shape: AwsS3BucketServerSideEncryptionRule)
+
+    AwsS3ObjectDetails.add_member(:last_modified, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "LastModified"))
+    AwsS3ObjectDetails.add_member(:etag, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ETag"))
+    AwsS3ObjectDetails.add_member(:version_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "VersionId"))
+    AwsS3ObjectDetails.add_member(:content_type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ContentType"))
+    AwsS3ObjectDetails.add_member(:server_side_encryption, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ServerSideEncryption"))
+    AwsS3ObjectDetails.add_member(:ssekms_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SSEKMSKeyId"))
+    AwsS3ObjectDetails.struct_class = Types::AwsS3ObjectDetails
+
     AwsSecurityFinding.add_member(:schema_version, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "SchemaVersion"))
     AwsSecurityFinding.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
     AwsSecurityFinding.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ProductArn"))
@@ -630,7 +660,8 @@ module Aws::SecurityHub
     AwsSecurityFinding.add_member(:resources, Shapes::ShapeRef.new(shape: ResourceList, required: true, location_name: "Resources"))
     AwsSecurityFinding.add_member(:compliance, Shapes::ShapeRef.new(shape: Compliance, location_name: "Compliance"))
     AwsSecurityFinding.add_member(:verification_state, Shapes::ShapeRef.new(shape: VerificationState, location_name: "VerificationState"))
-    AwsSecurityFinding.add_member(:workflow_state, Shapes::ShapeRef.new(shape: WorkflowState, location_name: "WorkflowState"))
+    AwsSecurityFinding.add_member(:workflow_state, Shapes::ShapeRef.new(shape: WorkflowState, deprecated: true, location_name: "WorkflowState"))
+    AwsSecurityFinding.add_member(:workflow, Shapes::ShapeRef.new(shape: Workflow, location_name: "Workflow"))
     AwsSecurityFinding.add_member(:record_state, Shapes::ShapeRef.new(shape: RecordState, location_name: "RecordState"))
     AwsSecurityFinding.add_member(:related_findings, Shapes::ShapeRef.new(shape: RelatedFindingList, location_name: "RelatedFindings"))
     AwsSecurityFinding.add_member(:note, Shapes::ShapeRef.new(shape: Note, location_name: "Note"))
@@ -712,6 +743,7 @@ module Aws::SecurityHub
     AwsSecurityFindingFilters.add_member(:compliance_status, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "ComplianceStatus"))
     AwsSecurityFindingFilters.add_member(:verification_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "VerificationState"))
     AwsSecurityFindingFilters.add_member(:workflow_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "WorkflowState"))
+    AwsSecurityFindingFilters.add_member(:workflow_status, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "WorkflowStatus"))
     AwsSecurityFindingFilters.add_member(:record_state, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RecordState"))
     AwsSecurityFindingFilters.add_member(:related_findings_product_arn, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RelatedFindingsProductArn"))
     AwsSecurityFindingFilters.add_member(:related_findings_id, Shapes::ShapeRef.new(shape: StringFilterList, location_name: "RelatedFindingsId"))
@@ -1193,6 +1225,7 @@ module Aws::SecurityHub
     ResourceDetails.add_member(:aws_elbv_2_load_balancer, Shapes::ShapeRef.new(shape: AwsElbv2LoadBalancerDetails, location_name: "AwsElbv2LoadBalancer"))
     ResourceDetails.add_member(:aws_elasticsearch_domain, Shapes::ShapeRef.new(shape: AwsElasticsearchDomainDetails, location_name: "AwsElasticsearchDomain"))
     ResourceDetails.add_member(:aws_s3_bucket, Shapes::ShapeRef.new(shape: AwsS3BucketDetails, location_name: "AwsS3Bucket"))
+    ResourceDetails.add_member(:aws_s3_object, Shapes::ShapeRef.new(shape: AwsS3ObjectDetails, location_name: "AwsS3Object"))
     ResourceDetails.add_member(:aws_iam_access_key, Shapes::ShapeRef.new(shape: AwsIamAccessKeyDetails, location_name: "AwsIamAccessKey"))
     ResourceDetails.add_member(:aws_iam_role, Shapes::ShapeRef.new(shape: AwsIamRoleDetails, location_name: "AwsIamRole"))
     ResourceDetails.add_member(:aws_kms_key, Shapes::ShapeRef.new(shape: AwsKmsKeyDetails, location_name: "AwsKmsKey"))
@@ -1221,7 +1254,8 @@ module Aws::SecurityHub
     SecurityGroups.member = Shapes::ShapeRef.new(shape: NonEmptyString)
 
     Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
-    Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "Normalized"))
+    Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
+    Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
     Severity.struct_class = Types::Severity
 
     SortCriteria.member = Shapes::ShapeRef.new(shape: SortCriterion)
@@ -1347,6 +1381,9 @@ module Aws::SecurityHub
     WafOverrideAction.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
     WafOverrideAction.struct_class = Types::WafOverrideAction
 
+    Workflow.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
+    Workflow.struct_class = Types::Workflow
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|

data/lib/aws-sdk-securityhub/errors.rb

@@ -6,6 +6,35 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::SecurityHub
+
+  # When SecurityHub returns an error response, the Ruby SDK constructs and raises an error.
+  # These errors all extend Aws::SecurityHub::Errors::ServiceError < {Aws::Errors::ServiceError}
+  #
+  # You can rescue all SecurityHub errors using ServiceError:
+  #
+  #     begin
+  #       # do stuff
+  #     rescue Aws::SecurityHub::Errors::ServiceError
+  #       # rescues all SecurityHub API errors
+  #     end
+  #
+  #
+  # ## Request Context
+  # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
+  # information about the request that generated the error.
+  # See {Seahorse::Client::RequestContext} for more information.
+  #
+  # ## Error Classes
+  # * {AccessDeniedException}
+  # * {InternalException}
+  # * {InvalidAccessException}
+  # * {InvalidInputException}
+  # * {LimitExceededException}
+  # * {ResourceConflictException}
+  # * {ResourceNotFoundException}
+  #
+  # Additionally, error classes are dynamically generated for service errors based on the error code
+  # if they are not defined above.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -28,7 +57,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
     class InternalException < ServiceError
@@ -49,7 +77,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
     class InvalidAccessException < ServiceError
@@ -70,7 +97,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
     class InvalidInputException < ServiceError
@@ -91,7 +117,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
     class LimitExceededException < ServiceError
@@ -112,7 +137,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
     class ResourceConflictException < ServiceError
@@ -133,7 +157,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
     class ResourceNotFoundException < ServiceError
@@ -154,7 +177,6 @@ module Aws::SecurityHub
       def code
         @code || @data[:code]
       end
-
     end
 
   end

data/lib/aws-sdk-securityhub/resource.rb

@@ -6,6 +6,13 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::SecurityHub
+  # This class provides a resource oriented interface for SecurityHub.
+  # To create a resource object:
+  #     resource = Aws::SecurityHub::Resource.new(region: 'us-west-2')
+  # You can supply a client object with custom configuration that will be used for all resource operations.
+  # If you do not pass +:client+, a default client will be constructed.
+  #     client = Aws::SecurityHub::Client.new(region: 'us-west-2')
+  #     resource = Aws::SecurityHub::Resource.new(client: client)
   class Resource
 
     # @param options ({})

data/lib/aws-sdk-securityhub/types.rb

@@ -2311,6 +2311,17 @@ module Aws::SecurityHub
     #       {
     #         owner_id: "NonEmptyString",
     #         owner_name: "NonEmptyString",
+    #         created_at: "NonEmptyString",
+    #         server_side_encryption_configuration: {
+    #           rules: [
+    #             {
+    #               apply_server_side_encryption_by_default: {
+    #                 sse_algorithm: "NonEmptyString",
+    #                 kms_master_key_id: "NonEmptyString",
+    #               },
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] owner_id
@@ -2321,11 +2332,156 @@ module Aws::SecurityHub
     #   The display name of the owner of the S3 bucket.
     #   @return [String]
     #
+    # @!attribute [rw] created_at
+    #   The date and time when the S3 bucket was created.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_side_encryption_configuration
+    #   The encryption rules that are applied to the S3 bucket.
+    #   @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
     #
     class AwsS3BucketDetails < Struct.new(
       :owner_id,
-      :owner_name)
+      :owner_name,
+      :created_at,
+      :server_side_encryption_configuration)
+      include Aws::Structure
+    end
+
+    # Specifies the default server-side encryption to apply to new objects
+    # in the bucket.
+    #
+    # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionByDefault
+    #   data as a hash:
+    #
+    #       {
+    #         sse_algorithm: "NonEmptyString",
+    #         kms_master_key_id: "NonEmptyString",
+    #       }
+    #
+    # @!attribute [rw] sse_algorithm
+    #   Server-side encryption algorithm to use for the default encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_master_key_id
+    #   AWS KMS customer master key (CMK) ID to use for the default
+    #   encryption.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionByDefault AWS API Documentation
+    #
+    class AwsS3BucketServerSideEncryptionByDefault < Struct.new(
+      :sse_algorithm,
+      :kms_master_key_id)
+      include Aws::Structure
+    end
+
+    # The encryption configuration for the S3 bucket.
+    #
+    # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         rules: [
+    #           {
+    #             apply_server_side_encryption_by_default: {
+    #               sse_algorithm: "NonEmptyString",
+    #               kms_master_key_id: "NonEmptyString",
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] rules
+    #   The encryption rules that are applied to the S3 bucket.
+    #   @return [Array<Types::AwsS3BucketServerSideEncryptionRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionConfiguration AWS API Documentation
+    #
+    class AwsS3BucketServerSideEncryptionConfiguration < Struct.new(
+      :rules)
+      include Aws::Structure
+    end
+
+    # An encryption rule to apply to the S3 bucket.
+    #
+    # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionRule
+    #   data as a hash:
+    #
+    #       {
+    #         apply_server_side_encryption_by_default: {
+    #           sse_algorithm: "NonEmptyString",
+    #           kms_master_key_id: "NonEmptyString",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] apply_server_side_encryption_by_default
+    #   Specifies the default server-side encryption to apply to new objects
+    #   in the bucket. If a `PUT` Object request doesn't specify any
+    #   server-side encryption, this default encryption is applied.
+    #   @return [Types::AwsS3BucketServerSideEncryptionByDefault]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionRule AWS API Documentation
+    #
+    class AwsS3BucketServerSideEncryptionRule < Struct.new(
+      :apply_server_side_encryption_by_default)
+      include Aws::Structure
+    end
+
+    # Details about an AWS S3 object.
+    #
+    # @note When making an API call, you may pass AwsS3ObjectDetails
+    #   data as a hash:
+    #
+    #       {
+    #         last_modified: "NonEmptyString",
+    #         etag: "NonEmptyString",
+    #         version_id: "NonEmptyString",
+    #         content_type: "NonEmptyString",
+    #         server_side_encryption: "NonEmptyString",
+    #         ssekms_key_id: "NonEmptyString",
+    #       }
+    #
+    # @!attribute [rw] last_modified
+    #   The date and time when the object was last modified.
+    #   @return [String]
+    #
+    # @!attribute [rw] etag
+    #   The opaque identifier assigned by a web server to a specific version
+    #   of a resource found at a URL.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_id
+    #   The version of the object.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_type
+    #   A standard MIME type describing the format of the object data.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_side_encryption
+    #   If the object is stored using server-side encryption, the value of
+    #   the server-side encryption algorithm used when storing this object
+    #   in Amazon S3.
+    #   @return [String]
+    #
+    # @!attribute [rw] ssekms_key_id
+    #   The identifier of the AWS Key Management Service (AWS KMS) symmetric
+    #   customer managed customer master key (CMK) that was used for the
+    #   object.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3ObjectDetails AWS API Documentation
+    #
+    class AwsS3ObjectDetails < Struct.new(
+      :last_modified,
+      :etag,
+      :version_id,
+      :content_type,
+      :server_side_encryption,
+      :ssekms_key_id)
       include Aws::Structure
     end
 
@@ -2356,7 +2512,8 @@ module Aws::SecurityHub
     #         updated_at: "NonEmptyString", # required
     #         severity: { # required
     #           product: 1.0,
-    #           normalized: 1, # required
+    #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #           normalized: 1,
     #         },
     #         confidence: 1,
     #         criticality: 1,
@@ -2621,6 +2778,25 @@ module Aws::SecurityHub
     #               aws_s3_bucket: {
     #                 owner_id: "NonEmptyString",
     #                 owner_name: "NonEmptyString",
+    #                 created_at: "NonEmptyString",
+    #                 server_side_encryption_configuration: {
+    #                   rules: [
+    #                     {
+    #                       apply_server_side_encryption_by_default: {
+    #                         sse_algorithm: "NonEmptyString",
+    #                         kms_master_key_id: "NonEmptyString",
+    #                       },
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #               aws_s3_object: {
+    #                 last_modified: "NonEmptyString",
+    #                 etag: "NonEmptyString",
+    #                 version_id: "NonEmptyString",
+    #                 content_type: "NonEmptyString",
+    #                 server_side_encryption: "NonEmptyString",
+    #                 ssekms_key_id: "NonEmptyString",
     #               },
     #               aws_iam_access_key: {
     #                 user_name: "NonEmptyString",
@@ -2791,6 +2967,9 @@ module Aws::SecurityHub
     #         },
     #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #         workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
+    #         workflow: {
+    #           status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #         },
     #         record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
     #         related_findings: [
     #           {
@@ -2814,10 +2993,10 @@ module Aws::SecurityHub
     #   @return [String]
     #
     # @!attribute [rw] product_arn
-    #   The ARN generated by Security Hub that uniquely identifies a
-    #   third-party company (security-findings provider) after this
-    #   provider's product (solution that generates findings) is registered
-    #   with Security Hub.
+    #   The ARN generated by Security Hub that uniquely identifies a product
+    #   that generates findings. This can be the ARN for a third-party
+    #   product that is integrated with Security Hub, or the ARN for a
+    #   custom integration.
     #   @return [String]
     #
     # @!attribute [rw] generator_id
@@ -2957,6 +3136,11 @@ module Aws::SecurityHub
     #   The workflow state of a finding.
     #   @return [String]
     #
+    # @!attribute [rw] workflow
+    #   Provides information about the status of the investigation into a
+    #   finding.
+    #   @return [Types::Workflow]
+    #
     # @!attribute [rw] record_state
     #   The record state of a finding.
     #   @return [String]
@@ -2999,6 +3183,7 @@ module Aws::SecurityHub
       :compliance,
       :verification_state,
       :workflow_state,
+      :workflow,
       :record_state,
       :related_findings,
       :note)
@@ -3515,6 +3700,12 @@ module Aws::SecurityHub
     #             comparison: "EQUALS", # accepts EQUALS, PREFIX
     #           },
     #         ],
+    #         workflow_status: [
+    #           {
+    #             value: "NonEmptyString",
+    #             comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #           },
+    #         ],
     #         record_state: [
     #           {
     #             value: "NonEmptyString",
@@ -3910,6 +4101,24 @@ module Aws::SecurityHub
     #   The workflow state of a finding.
     #   @return [Array<Types::StringFilter>]
     #
+    # @!attribute [rw] workflow_status
+    #   The status of the investigation into a finding. Allowed values are
+    #   the following.
+    #
+    #   * `NEW` - The initial state of a finding, before it is reviewed.
+    #
+    #   * `NOTIFIED` - Indicates that the resource owner has been notified
+    #     about the security issue. Used when the initial reviewer is not
+    #     the resource owner, and needs intervention from the resource
+    #     owner.
+    #
+    #   * `SUPPRESSED` - The finding will not be reviewed again and will not
+    #     be acted upon.
+    #
+    #   * `RESOLVED` - The finding was reviewed and remediated and is now
+    #     considered resolved.
+    #   @return [Array<Types::StringFilter>]
+    #
     # @!attribute [rw] record_state
     #   The updated record state for the finding.
     #   @return [Array<Types::StringFilter>]
@@ -4017,6 +4226,7 @@ module Aws::SecurityHub
       :compliance_status,
       :verification_state,
       :workflow_state,
+      :workflow_status,
       :record_state,
       :related_findings_product_arn,
       :related_findings_id,
@@ -4365,7 +4575,8 @@ module Aws::SecurityHub
     #             updated_at: "NonEmptyString", # required
     #             severity: { # required
     #               product: 1.0,
-    #               normalized: 1, # required
+    #               label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #               normalized: 1,
     #             },
     #             confidence: 1,
     #             criticality: 1,
@@ -4630,6 +4841,25 @@ module Aws::SecurityHub
     #                   aws_s3_bucket: {
     #                     owner_id: "NonEmptyString",
     #                     owner_name: "NonEmptyString",
+    #                     created_at: "NonEmptyString",
+    #                     server_side_encryption_configuration: {
+    #                       rules: [
+    #                         {
+    #                           apply_server_side_encryption_by_default: {
+    #                             sse_algorithm: "NonEmptyString",
+    #                             kms_master_key_id: "NonEmptyString",
+    #                           },
+    #                         },
+    #                       ],
+    #                     },
+    #                   },
+    #                   aws_s3_object: {
+    #                     last_modified: "NonEmptyString",
+    #                     etag: "NonEmptyString",
+    #                     version_id: "NonEmptyString",
+    #                     content_type: "NonEmptyString",
+    #                     server_side_encryption: "NonEmptyString",
+    #                     ssekms_key_id: "NonEmptyString",
     #                   },
     #                   aws_iam_access_key: {
     #                     user_name: "NonEmptyString",
@@ -4800,6 +5030,9 @@ module Aws::SecurityHub
     #             },
     #             verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #             workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
+    #             workflow: {
+    #               status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #             },
     #             record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
     #             related_findings: [
     #               {
@@ -5487,6 +5720,12 @@ module Aws::SecurityHub
     #               comparison: "EQUALS", # accepts EQUALS, PREFIX
     #             },
     #           ],
+    #           workflow_status: [
+    #             {
+    #               value: "NonEmptyString",
+    #               comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #             },
+    #           ],
     #           record_state: [
     #             {
     #               value: "NonEmptyString",
@@ -6733,6 +6972,12 @@ module Aws::SecurityHub
     #               comparison: "EQUALS", # accepts EQUALS, PREFIX
     #             },
     #           ],
+    #           workflow_status: [
+    #             {
+    #               value: "NonEmptyString",
+    #               comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #             },
+    #           ],
     #           record_state: [
     #             {
     #               value: "NonEmptyString",
@@ -6876,7 +7121,9 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] insight_arns
-    #   The ARNs of the insights to describe.
+    #   The ARNs of the insights to describe. If you do not provide any
+    #   insight ARNs, then `GetInsights` returns all of your custom
+    #   insights. It does not return any managed insights.
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_token
@@ -8170,6 +8417,25 @@ module Aws::SecurityHub
     #           aws_s3_bucket: {
     #             owner_id: "NonEmptyString",
     #             owner_name: "NonEmptyString",
+    #             created_at: "NonEmptyString",
+    #             server_side_encryption_configuration: {
+    #               rules: [
+    #                 {
+    #                   apply_server_side_encryption_by_default: {
+    #                     sse_algorithm: "NonEmptyString",
+    #                     kms_master_key_id: "NonEmptyString",
+    #                   },
+    #                 },
+    #               ],
+    #             },
+    #           },
+    #           aws_s3_object: {
+    #             last_modified: "NonEmptyString",
+    #             etag: "NonEmptyString",
+    #             version_id: "NonEmptyString",
+    #             content_type: "NonEmptyString",
+    #             server_side_encryption: "NonEmptyString",
+    #             ssekms_key_id: "NonEmptyString",
     #           },
     #           aws_iam_access_key: {
     #             user_name: "NonEmptyString",
@@ -8609,6 +8875,25 @@ module Aws::SecurityHub
     #         aws_s3_bucket: {
     #           owner_id: "NonEmptyString",
     #           owner_name: "NonEmptyString",
+    #           created_at: "NonEmptyString",
+    #           server_side_encryption_configuration: {
+    #             rules: [
+    #               {
+    #                 apply_server_side_encryption_by_default: {
+    #                   sse_algorithm: "NonEmptyString",
+    #                   kms_master_key_id: "NonEmptyString",
+    #                 },
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         aws_s3_object: {
+    #           last_modified: "NonEmptyString",
+    #           etag: "NonEmptyString",
+    #           version_id: "NonEmptyString",
+    #           content_type: "NonEmptyString",
+    #           server_side_encryption: "NonEmptyString",
+    #           ssekms_key_id: "NonEmptyString",
     #         },
     #         aws_iam_access_key: {
     #           user_name: "NonEmptyString",
@@ -8804,6 +9089,10 @@ module Aws::SecurityHub
     #   Details about an Amazon S3 Bucket related to a finding.
     #   @return [Types::AwsS3BucketDetails]
     #
+    # @!attribute [rw] aws_s3_object
+    #   Details about an Amazon S3 object related to a finding.
+    #   @return [Types::AwsS3ObjectDetails]
+    #
     # @!attribute [rw] aws_iam_access_key
     #   Details about an IAM access key related to a finding.
     #   @return [Types::AwsIamAccessKeyDetails]
@@ -8869,6 +9158,7 @@ module Aws::SecurityHub
       :aws_elbv_2_load_balancer,
       :aws_elasticsearch_domain,
       :aws_s3_bucket,
+      :aws_s3_object,
       :aws_iam_access_key,
       :aws_iam_role,
       :aws_kms_key,
@@ -8925,7 +9215,8 @@ module Aws::SecurityHub
     #
     #       {
     #         product: 1.0,
-    #         normalized: 1, # required
+    #         label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #         normalized: 1,
     #       }
     #
     # @!attribute [rw] product
@@ -8933,14 +9224,45 @@ module Aws::SecurityHub
     #   partner product that generated the finding.
     #   @return [Float]
     #
+    # @!attribute [rw] label
+    #   The severity value of the finding. The allowed values are the
+    #   following.
+    #
+    #   * `INFORMATIONAL` - No issue was found.
+    #
+    #   * `LOW` - The issue does not require action on its own.
+    #
+    #   * `MEDIUM` - The issue must be addressed but not urgently.
+    #
+    #   * `HIGH` - The issue must be addressed as a priority.
+    #
+    #   * `CRITICAL` - The issue must be remediated immediately to avoid it
+    #     escalating.
+    #   @return [String]
+    #
     # @!attribute [rw] normalized
-    #   The normalized severity of a finding.
+    #   Deprecated. This attribute is being deprecated. Instead of providing
+    #   `Normalized`, provide `Label`.
+    #
+    #   If you provide `Normalized` and do not provide `Label`, `Label` is
+    #   set automatically as follows.
+    #
+    #   * 0 - `INFORMATIONAL`
+    #
+    #   * 1–39 - `LOW`
+    #
+    #   * 40–69 - `MEDIUM`
+    #
+    #   * 70–89 - `HIGH`
+    #
+    #   * 90–100 - `CRITICAL`
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
     #
     class Severity < Struct.new(
       :product,
+      :label,
       :normalized)
       include Aws::Structure
     end
@@ -9799,6 +10121,12 @@ module Aws::SecurityHub
     #               comparison: "EQUALS", # accepts EQUALS, PREFIX
     #             },
     #           ],
+    #           workflow_status: [
+    #             {
+    #               value: "NonEmptyString",
+    #               comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #             },
+    #           ],
     #           record_state: [
     #             {
     #               value: "NonEmptyString",
@@ -10387,6 +10715,12 @@ module Aws::SecurityHub
     #               comparison: "EQUALS", # accepts EQUALS, PREFIX
     #             },
     #           ],
+    #           workflow_status: [
+    #             {
+    #               value: "NonEmptyString",
+    #               comparison: "EQUALS", # accepts EQUALS, PREFIX
+    #             },
+    #           ],
     #           record_state: [
     #             {
     #               value: "NonEmptyString",
@@ -10578,5 +10912,39 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides information about the status of the investigation into a
+    # finding.
+    #
+    # @note When making an API call, you may pass Workflow
+    #   data as a hash:
+    #
+    #       {
+    #         status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #       }
+    #
+    # @!attribute [rw] status
+    #   The status of the investigation into the finding. The allowed values
+    #   are the following.
+    #
+    #   * `NEW` - The initial state of a finding, before it is reviewed.
+    #
+    #   * `NOTIFIED` - Indicates that you notified the resource owner about
+    #     the security issue. Used when the initial reviewer is not the
+    #     resource owner, and needs intervention from the resource owner.
+    #
+    #   * `SUPPRESSED` - The finding will not be reviewed again and will not
+    #     be acted upon.
+    #
+    #   * `RESOLVED` - The finding was reviewed and remediated and is now
+    #     considered resolved.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Workflow AWS API Documentation
+    #
+    class Workflow < Struct.new(
+      :status)
+      include Aws::Structure
+    end
+
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityhub
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.21.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-26 00:00:00.000000000 Z
+date: 2020-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -80,8 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2.3
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - AWS SecurityHub