RubyGems - aws-sdk-securityhub - Versions diffs - 1.22.0 → 1.23.0 - Mend

aws-sdk-securityhub 1.22.0 → 1.23.0

Files changed (6) hide show

checksums.yaml +5 -5
data/lib/aws-sdk-securityhub.rb +1 -1
data/lib/aws-sdk-securityhub/client.rb +192 -1
data/lib/aws-sdk-securityhub/client_api.rb +58 -0
data/lib/aws-sdk-securityhub/types.rb +298 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 89f10debc69f9443f604043c3bfe512c45784151
-  data.tar.gz: fc09834716b14aadba3f2b416496d6054dff5714
+SHA256:
+  metadata.gz: 30f9432948141e40b7ffa3b8ec2e46961dbd576fc0be05339d9366cd89d55db0
+  data.tar.gz: 77269af12aa9be0bb09e45692521b3d03742f48957d53cb47d9ee39d80d8dd84
 SHA512:
-  metadata.gz: e4238c3da0ef80dc573aee20252fae605ac77deb5bc42334cb912afe85428ec91a4e861eb4094b7bd55e358b853a93c2ec149fc948b4166b914938063f5134f0
-  data.tar.gz: 2693d46141e62f894df2271cee291abda14bef53941989613049bd51a0b41f10706d986b024539cd35b6b876e62f8c4fdbd989457308cf3b0f86e233403f0cb7
+  metadata.gz: 3181280a3670c8984b53bece68f13d99aba9a7efe90ea00b9c18f8050c8e0bcf912672996f3cfedddb24c7078785171fc65c7d4ec1085e35d86d0b111fbe24c8
+  data.tar.gz: ee57bbffe585c0bc84ea4c8bdbc843cf09af6e68dadbe0ae0b0e383e5a032fac8d86dc6943083807684bd62f086fbaf8479f35c84bab8f089d48f255f2ea8648

data/lib/aws-sdk-securityhub.rb CHANGED Viewed

@@ -45,6 +45,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @service
 module Aws::SecurityHub
-  GEM_VERSION = '1.22.0'
+  GEM_VERSION = '1.23.0'
 end

data/lib/aws-sdk-securityhub/client.rb CHANGED Viewed

@@ -437,6 +437,28 @@ module Aws::SecurityHub
     # The maximum allowed size for a finding is 240 Kb. An error is returned
     # for any finding larger than 240 Kb.
     #
+    # After a finding is created, `BatchImportFindings` cannot be used to
+    # update the following finding fields and objects, which Security Hub
+    # customers use to manage their investigation workflow.
+    #
+    # * `Confidence`
+    #
+    # * `Criticality`
+    #
+    # * `Note`
+    #
+    # * `RelatedFindings`
+    #
+    # * `Severity`
+    #
+    # * `Types`
+    #
+    # * `UserDefinedFields`
+    #
+    # * `VerificationState`
+    #
+    # * `Workflow`
+    #
     # @option params [required, Array<Types::AwsSecurityFinding>] :findings
     #   A list of findings to import. To successfully import a finding, it
     #   must follow the [AWS Security Finding Format][1]. Maximum of 100
@@ -961,6 +983,172 @@ module Aws::SecurityHub
       req.send_request(options)
     end
+    # Used by Security Hub customers to update information about their
+    # investigation into a finding. Requested by master accounts or member
+    # accounts. Master accounts can update findings for their account and
+    # their member accounts. Member accounts can update findings for their
+    # account.
+    #
+    # Updates from `BatchUpdateFindings` do not affect the value of
+    # `UpdatedAt` for a finding.
+    #
+    # Master accounts can use `BatchUpdateFindings` to update the following
+    # finding fields and objects.
+    #
+    # * `Confidence`
+    #
+    # * `Criticality`
+    #
+    # * `Note`
+    #
+    # * `RelatedFindings`
+    #
+    # * `Severity`
+    #
+    # * `Types`
+    #
+    # * `UserDefinedFields`
+    #
+    # * `VerificationState`
+    #
+    # * `Workflow`
+    #
+    # Member accounts can only use `BatchUpdateFindings` to update the Note
+    # object.
+    #
+    # @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
+    #   The list of findings to update. `BatchUpdateFindings` can be used to
+    #   update up to 100 findings at a time.
+    #
+    #   For each finding, the list provides the finding identifier and the ARN
+    #   of the finding provider.
+    #
+    # @option params [Types::NoteUpdate] :note
+    #   The updated note.
+    #
+    # @option params [Types::SeverityUpdate] :severity
+    #   Used to update the finding severity.
+    #
+    # @option params [String] :verification_state
+    #   Indicates the veracity of a finding.
+    #
+    #   The available values for `VerificationState` are as follows.
+    #
+    #   * `UNKNOWN` – The default disposition of a security finding
+    #
+    #   * `TRUE_POSITIVE` – The security finding is confirmed
+    #
+    #   * `FALSE_POSITIVE` – The security finding was determined to be a false
+    #     alarm
+    #
+    #   * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
+    #     finding doesn't pose any threat, is expected, or both
+    #
+    # @option params [Integer] :confidence
+    #   The updated value for the finding confidence. Confidence is defined as
+    #   the likelihood that a finding accurately identifies the behavior or
+    #   issue that it was intended to identify.
+    #
+    #   Confidence is scored on a 0-100 basis using a ratio scale, where 0
+    #   means zero percent confidence and 100 means 100 percent confidence.
+    #
+    # @option params [Integer] :criticality
+    #   The updated value for the level of importance assigned to the
+    #   resources associated with the findings.
+    #
+    #   A score of 0 means that the underlying resources have no criticality,
+    #   and a score of 100 is reserved for the most critical resources.
+    #
+    # @option params [Array<String>] :types
+    #   One or more finding types in the format of
+    #   namespace/category/classifier that classify a finding.
+    #
+    #   Valid namespace values are as follows.
+    #
+    #   * Software and Configuration Checks
+    #
+    #   * TTPs
+    #
+    #   * Effects
+    #
+    #   * Unusual Behaviors
+    #
+    #   * Sensitive Data Identifications
+    #
+    # @option params [Hash<String,String>] :user_defined_fields
+    #   A list of name/value string pairs associated with the finding. These
+    #   are custom, user-defined fields added to a finding.
+    #
+    # @option params [Types::WorkflowUpdate] :workflow
+    #   Used to update the workflow status of a finding.
+    #
+    #   The workflow status indicates the progress of the investigation into
+    #   the finding.
+    #
+    # @option params [Array<Types::RelatedFinding>] :related_findings
+    #   A list of findings that are related to the updated findings.
+    #
+    # @return [Types::BatchUpdateFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchUpdateFindingsResponse#processed_findings #processed_findings} => Array&lt;Types::AwsSecurityFindingIdentifier&gt;
+    #   * {Types::BatchUpdateFindingsResponse#unprocessed_findings #unprocessed_findings} => Array&lt;Types::BatchUpdateFindingsUnprocessedFinding&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_update_findings({
+    #     finding_identifiers: [ # required
+    #       {
+    #         id: "NonEmptyString", # required
+    #         product_arn: "NonEmptyString", # required
+    #       },
+    #     ],
+    #     note: {
+    #       text: "NonEmptyString", # required
+    #       updated_by: "NonEmptyString", # required
+    #     },
+    #     severity: {
+    #       normalized: 1,
+    #       product: 1.0,
+    #       label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #     },
+    #     verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
+    #     confidence: 1,
+    #     criticality: 1,
+    #     types: ["NonEmptyString"],
+    #     user_defined_fields: {
+    #       "NonEmptyString" => "NonEmptyString",
+    #     },
+    #     workflow: {
+    #       status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #     },
+    #     related_findings: [
+    #       {
+    #         product_arn: "NonEmptyString", # required
+    #         id: "NonEmptyString", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.processed_findings #=> Array
+    #   resp.processed_findings[0].id #=> String
+    #   resp.processed_findings[0].product_arn #=> String
+    #   resp.unprocessed_findings #=> Array
+    #   resp.unprocessed_findings[0].finding_identifier.id #=> String
+    #   resp.unprocessed_findings[0].finding_identifier.product_arn #=> String
+    #   resp.unprocessed_findings[0].error_code #=> String
+    #   resp.unprocessed_findings[0].error_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindings AWS API Documentation
+    #
+    # @overload batch_update_findings(params = {})
+    # @param [Hash] params ({})
+    def batch_update_findings(params = {}, options = {})
+      req = build_request(:batch_update_findings, params)
+      req.send_request(options)
+    end
     # Creates a custom action target in Security Hub.
     #
     # You can use custom actions on findings and insights in Security Hub to
@@ -3959,6 +4147,9 @@ module Aws::SecurityHub
       req.send_request(options)
     end
+    # `UpdateFindings` is deprecated. Instead of `UpdateFindings`, use
+    # `BatchUpdateFindings`.
+    #
     # Updates the `Note` and `RecordState` of the Security Hub-aggregated
     # findings that the filter attributes specify. Any member account that
     # can view the finding also sees the update to the finding.
@@ -5183,7 +5374,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.22.0'
+      context[:gem_version] = '1.23.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-securityhub/client_api.rb CHANGED Viewed

@@ -85,6 +85,8 @@ module Aws::SecurityHub
     AwsS3ObjectDetails = Shapes::StructureShape.new(name: 'AwsS3ObjectDetails')
     AwsSecurityFinding = Shapes::StructureShape.new(name: 'AwsSecurityFinding')
     AwsSecurityFindingFilters = Shapes::StructureShape.new(name: 'AwsSecurityFindingFilters')
+    AwsSecurityFindingIdentifier = Shapes::StructureShape.new(name: 'AwsSecurityFindingIdentifier')
+    AwsSecurityFindingIdentifierList = Shapes::ListShape.new(name: 'AwsSecurityFindingIdentifierList')
     AwsSecurityFindingList = Shapes::ListShape.new(name: 'AwsSecurityFindingList')
     AwsSnsTopicDetails = Shapes::StructureShape.new(name: 'AwsSnsTopicDetails')
     AwsSnsTopicSubscription = Shapes::StructureShape.new(name: 'AwsSnsTopicSubscription')
@@ -99,6 +101,10 @@ module Aws::SecurityHub
     BatchEnableStandardsResponse = Shapes::StructureShape.new(name: 'BatchEnableStandardsResponse')
     BatchImportFindingsRequest = Shapes::StructureShape.new(name: 'BatchImportFindingsRequest')
     BatchImportFindingsResponse = Shapes::StructureShape.new(name: 'BatchImportFindingsResponse')
+    BatchUpdateFindingsRequest = Shapes::StructureShape.new(name: 'BatchUpdateFindingsRequest')
+    BatchUpdateFindingsResponse = Shapes::StructureShape.new(name: 'BatchUpdateFindingsResponse')
+    BatchUpdateFindingsUnprocessedFinding = Shapes::StructureShape.new(name: 'BatchUpdateFindingsUnprocessedFinding')
+    BatchUpdateFindingsUnprocessedFindingsList = Shapes::ListShape.new(name: 'BatchUpdateFindingsUnprocessedFindingsList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CategoryList = Shapes::ListShape.new(name: 'CategoryList')
     Compliance = Shapes::StructureShape.new(name: 'Compliance')
@@ -218,6 +224,7 @@ module Aws::SecurityHub
     Product = Shapes::StructureShape.new(name: 'Product')
     ProductSubscriptionArnList = Shapes::ListShape.new(name: 'ProductSubscriptionArnList')
     ProductsList = Shapes::ListShape.new(name: 'ProductsList')
+    RatioScale = Shapes::IntegerShape.new(name: 'RatioScale')
     Recommendation = Shapes::StructureShape.new(name: 'Recommendation')
     RecordState = Shapes::StringShape.new(name: 'RecordState')
     RelatedFinding = Shapes::StructureShape.new(name: 'RelatedFinding')
@@ -236,6 +243,7 @@ module Aws::SecurityHub
     Severity = Shapes::StructureShape.new(name: 'Severity')
     SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
     SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
+    SeverityUpdate = Shapes::StructureShape.new(name: 'SeverityUpdate')
     SortCriteria = Shapes::ListShape.new(name: 'SortCriteria')
     SortCriterion = Shapes::StructureShape.new(name: 'SortCriterion')
     SortOrder = Shapes::StringShape.new(name: 'SortOrder')
@@ -284,6 +292,7 @@ module Aws::SecurityHub
     Workflow = Shapes::StructureShape.new(name: 'Workflow')
     WorkflowState = Shapes::StringShape.new(name: 'WorkflowState')
     WorkflowStatus = Shapes::StringShape.new(name: 'WorkflowStatus')
+    WorkflowUpdate = Shapes::StructureShape.new(name: 'WorkflowUpdate')
     AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "MasterId"))
     AcceptInvitationRequest.add_member(:invitation_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InvitationId"))
@@ -753,6 +762,12 @@ module Aws::SecurityHub
     AwsSecurityFindingFilters.add_member(:keyword, Shapes::ShapeRef.new(shape: KeywordFilterList, location_name: "Keyword"))
     AwsSecurityFindingFilters.struct_class = Types::AwsSecurityFindingFilters
+    AwsSecurityFindingIdentifier.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
+    AwsSecurityFindingIdentifier.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ProductArn"))
+    AwsSecurityFindingIdentifier.struct_class = Types::AwsSecurityFindingIdentifier
+    AwsSecurityFindingIdentifierList.member = Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifier)
     AwsSecurityFindingList.member = Shapes::ShapeRef.new(shape: AwsSecurityFinding)
     AwsSnsTopicDetails.add_member(:kms_master_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KmsMasterKeyId"))
@@ -809,6 +824,29 @@ module Aws::SecurityHub
     BatchImportFindingsResponse.add_member(:failed_findings, Shapes::ShapeRef.new(shape: ImportFindingsErrorList, location_name: "FailedFindings"))
     BatchImportFindingsResponse.struct_class = Types::BatchImportFindingsResponse
+    BatchUpdateFindingsRequest.add_member(:finding_identifiers, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifierList, required: true, location_name: "FindingIdentifiers"))
+    BatchUpdateFindingsRequest.add_member(:note, Shapes::ShapeRef.new(shape: NoteUpdate, location_name: "Note"))
+    BatchUpdateFindingsRequest.add_member(:severity, Shapes::ShapeRef.new(shape: SeverityUpdate, location_name: "Severity"))
+    BatchUpdateFindingsRequest.add_member(:verification_state, Shapes::ShapeRef.new(shape: VerificationState, location_name: "VerificationState"))
+    BatchUpdateFindingsRequest.add_member(:confidence, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Confidence"))
+    BatchUpdateFindingsRequest.add_member(:criticality, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Criticality"))
+    BatchUpdateFindingsRequest.add_member(:types, Shapes::ShapeRef.new(shape: TypeList, location_name: "Types"))
+    BatchUpdateFindingsRequest.add_member(:user_defined_fields, Shapes::ShapeRef.new(shape: FieldMap, location_name: "UserDefinedFields"))
+    BatchUpdateFindingsRequest.add_member(:workflow, Shapes::ShapeRef.new(shape: WorkflowUpdate, location_name: "Workflow"))
+    BatchUpdateFindingsRequest.add_member(:related_findings, Shapes::ShapeRef.new(shape: RelatedFindingList, location_name: "RelatedFindings"))
+    BatchUpdateFindingsRequest.struct_class = Types::BatchUpdateFindingsRequest
+    BatchUpdateFindingsResponse.add_member(:processed_findings, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifierList, required: true, location_name: "ProcessedFindings"))
+    BatchUpdateFindingsResponse.add_member(:unprocessed_findings, Shapes::ShapeRef.new(shape: BatchUpdateFindingsUnprocessedFindingsList, required: true, location_name: "UnprocessedFindings"))
+    BatchUpdateFindingsResponse.struct_class = Types::BatchUpdateFindingsResponse
+    BatchUpdateFindingsUnprocessedFinding.add_member(:finding_identifier, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifier, required: true, location_name: "FindingIdentifier"))
+    BatchUpdateFindingsUnprocessedFinding.add_member(:error_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ErrorCode"))
+    BatchUpdateFindingsUnprocessedFinding.add_member(:error_message, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ErrorMessage"))
+    BatchUpdateFindingsUnprocessedFinding.struct_class = Types::BatchUpdateFindingsUnprocessedFinding
+    BatchUpdateFindingsUnprocessedFindingsList.member = Shapes::ShapeRef.new(shape: BatchUpdateFindingsUnprocessedFinding)
     CategoryList.member = Shapes::ShapeRef.new(shape: NonEmptyString)
     Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
@@ -1259,6 +1297,11 @@ module Aws::SecurityHub
     Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
     Severity.struct_class = Types::Severity
+    SeverityUpdate.add_member(:normalized, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Normalized"))
+    SeverityUpdate.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
+    SeverityUpdate.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
+    SeverityUpdate.struct_class = Types::SeverityUpdate
     SortCriteria.member = Shapes::ShapeRef.new(shape: SortCriterion)
     SortCriterion.add_member(:field, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Field"))
@@ -1386,6 +1429,9 @@ module Aws::SecurityHub
     Workflow.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
     Workflow.struct_class = Types::Workflow
+    WorkflowUpdate.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
+    WorkflowUpdate.struct_class = Types::WorkflowUpdate
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -1453,6 +1499,18 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
       end)
+      api.add_operation(:batch_update_findings, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "BatchUpdateFindings"
+        o.http_method = "PATCH"
+        o.http_request_uri = "/findings/batchupdate"
+        o.input = Shapes::ShapeRef.new(shape: BatchUpdateFindingsRequest)
+        o.output = Shapes::ShapeRef.new(shape: BatchUpdateFindingsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+      end)
       api.add_operation(:create_action_target, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateActionTarget"
         o.http_method = "POST"

data/lib/aws-sdk-securityhub/types.rb CHANGED Viewed

@@ -4237,6 +4237,36 @@ module Aws::SecurityHub
       include Aws::Structure
     end
+    # Identifies a finding to update using `BatchUpdateFindings`.
+    #
+    # @note When making an API call, you may pass AwsSecurityFindingIdentifier
+    #   data as a hash:
+    #
+    #       {
+    #         id: "NonEmptyString", # required
+    #         product_arn: "NonEmptyString", # required
+    #       }
+    #
+    # @!attribute [rw] id
+    #   The identifier of the finding that was specified by the finding
+    #   provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] product_arn
+    #   The ARN generated by Security Hub that uniquely identifies a product
+    #   that generates findings. This can be the ARN for a third-party
+    #   product that is integrated with Security Hub, or the ARN for a
+    #   custom integration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingIdentifier AWS API Documentation
+    #
+    class AwsSecurityFindingIdentifier < Struct.new(
+      :id,
+      :product_arn)
+      include Aws::Structure
+    end
     # A wrapper type for the topic's Amazon Resource Name (ARN).
     #
     # @note When making an API call, you may pass AwsSnsTopicDetails
@@ -5087,6 +5117,182 @@ module Aws::SecurityHub
       include Aws::Structure
     end
+    # @note When making an API call, you may pass BatchUpdateFindingsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         finding_identifiers: [ # required
+    #           {
+    #             id: "NonEmptyString", # required
+    #             product_arn: "NonEmptyString", # required
+    #           },
+    #         ],
+    #         note: {
+    #           text: "NonEmptyString", # required
+    #           updated_by: "NonEmptyString", # required
+    #         },
+    #         severity: {
+    #           normalized: 1,
+    #           product: 1.0,
+    #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #         },
+    #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
+    #         confidence: 1,
+    #         criticality: 1,
+    #         types: ["NonEmptyString"],
+    #         user_defined_fields: {
+    #           "NonEmptyString" => "NonEmptyString",
+    #         },
+    #         workflow: {
+    #           status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #         },
+    #         related_findings: [
+    #           {
+    #             product_arn: "NonEmptyString", # required
+    #             id: "NonEmptyString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] finding_identifiers
+    #   The list of findings to update. `BatchUpdateFindings` can be used to
+    #   update up to 100 findings at a time.
+    #
+    #   For each finding, the list provides the finding identifier and the
+    #   ARN of the finding provider.
+    #   @return [Array<Types::AwsSecurityFindingIdentifier>]
+    #
+    # @!attribute [rw] note
+    #   The updated note.
+    #   @return [Types::NoteUpdate]
+    #
+    # @!attribute [rw] severity
+    #   Used to update the finding severity.
+    #   @return [Types::SeverityUpdate]
+    #
+    # @!attribute [rw] verification_state
+    #   Indicates the veracity of a finding.
+    #
+    #   The available values for `VerificationState` are as follows.
+    #
+    #   * `UNKNOWN` – The default disposition of a security finding
+    #
+    #   * `TRUE_POSITIVE` – The security finding is confirmed
+    #
+    #   * `FALSE_POSITIVE` – The security finding was determined to be a
+    #     false alarm
+    #
+    #   * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
+    #     finding doesn't pose any threat, is expected, or both
+    #   @return [String]
+    #
+    # @!attribute [rw] confidence
+    #   The updated value for the finding confidence. Confidence is defined
+    #   as the likelihood that a finding accurately identifies the behavior
+    #   or issue that it was intended to identify.
+    #
+    #   Confidence is scored on a 0-100 basis using a ratio scale, where 0
+    #   means zero percent confidence and 100 means 100 percent confidence.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] criticality
+    #   The updated value for the level of importance assigned to the
+    #   resources associated with the findings.
+    #
+    #   A score of 0 means that the underlying resources have no
+    #   criticality, and a score of 100 is reserved for the most critical
+    #   resources.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] types
+    #   One or more finding types in the format of
+    #   namespace/category/classifier that classify a finding.
+    #
+    #   Valid namespace values are as follows.
+    #
+    #   * Software and Configuration Checks
+    #
+    #   * TTPs
+    #
+    #   * Effects
+    #
+    #   * Unusual Behaviors
+    #
+    #   * Sensitive Data Identifications
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] user_defined_fields
+    #   A list of name/value string pairs associated with the finding. These
+    #   are custom, user-defined fields added to a finding.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] workflow
+    #   Used to update the workflow status of a finding.
+    #
+    #   The workflow status indicates the progress of the investigation into
+    #   the finding.
+    #   @return [Types::WorkflowUpdate]
+    #
+    # @!attribute [rw] related_findings
+    #   A list of findings that are related to the updated findings.
+    #   @return [Array<Types::RelatedFinding>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsRequest AWS API Documentation
+    #
+    class BatchUpdateFindingsRequest < Struct.new(
+      :finding_identifiers,
+      :note,
+      :severity,
+      :verification_state,
+      :confidence,
+      :criticality,
+      :types,
+      :user_defined_fields,
+      :workflow,
+      :related_findings)
+      include Aws::Structure
+    end
+    # @!attribute [rw] processed_findings
+    #   The list of findings that were updated successfully.
+    #   @return [Array<Types::AwsSecurityFindingIdentifier>]
+    #
+    # @!attribute [rw] unprocessed_findings
+    #   The list of findings that were not updated.
+    #   @return [Array<Types::BatchUpdateFindingsUnprocessedFinding>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsResponse AWS API Documentation
+    #
+    class BatchUpdateFindingsResponse < Struct.new(
+      :processed_findings,
+      :unprocessed_findings)
+      include Aws::Structure
+    end
+    # A finding from a `BatchUpdateFindings` request that Security Hub was
+    # unable to update.
+    #
+    # @!attribute [rw] finding_identifier
+    #   The identifier of the finding that was not updated.
+    #   @return [Types::AwsSecurityFindingIdentifier]
+    #
+    # @!attribute [rw] error_code
+    #   The code associated with the error.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_message
+    #   The message associated with the error.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsUnprocessedFinding AWS API Documentation
+    #
+    class BatchUpdateFindingsUnprocessedFinding < Struct.new(
+      :finding_identifier,
+      :error_code,
+      :error_message)
+      include Aws::Structure
+    end
     # Exclusive to findings that are generated as the result of a check run
     # against a specific rule in a supported security standard, such as CIS
     # AWS Foundations. Contains security standard-related finding details.
@@ -9282,6 +9488,65 @@ module Aws::SecurityHub
       include Aws::Structure
     end
+    # Updates to the severity information for a finding.
+    #
+    # @note When making an API call, you may pass SeverityUpdate
+    #   data as a hash:
+    #
+    #       {
+    #         normalized: 1,
+    #         product: 1.0,
+    #         label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
+    #       }
+    #
+    # @!attribute [rw] normalized
+    #   The normalized severity for the finding. This attribute is to be
+    #   deprecated in favor of `Label`.
+    #
+    #   If you provide `Normalized` and do not provide `Label`, `Label` is
+    #   set automatically as follows.
+    #
+    #   * 0 - `INFORMATIONAL`
+    #
+    #   * 1–39 - `LOW`
+    #
+    #   * 40–69 - `MEDIUM`
+    #
+    #   * 70–89 - `HIGH`
+    #
+    #   * 90–100 - `CRITICAL`
+    #   @return [Integer]
+    #
+    # @!attribute [rw] product
+    #   The native severity as defined by the AWS service or integrated
+    #   partner product that generated the finding.
+    #   @return [Float]
+    #
+    # @!attribute [rw] label
+    #   The severity value of the finding. The allowed values are the
+    #   following.
+    #
+    #   * `INFORMATIONAL` - No issue was found.
+    #
+    #   * `LOW` - The issue does not require action on its own.
+    #
+    #   * `MEDIUM` - The issue must be addressed but not urgently.
+    #
+    #   * `HIGH` - The issue must be addressed as a priority.
+    #
+    #   * `CRITICAL` - The issue must be remediated immediately to avoid it
+    #     escalating.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SeverityUpdate AWS API Documentation
+    #
+    class SeverityUpdate < Struct.new(
+      :normalized,
+      :product,
+      :label)
+      include Aws::Structure
+    end
     # A collection of finding attributes used to sort findings.
     #
     # @note When making an API call, you may pass SortCriterion
@@ -10972,5 +11237,38 @@ module Aws::SecurityHub
       include Aws::Structure
     end
+    # Used to update information about the investigation into the finding.
+    #
+    # @note When making an API call, you may pass WorkflowUpdate
+    #   data as a hash:
+    #
+    #       {
+    #         status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
+    #       }
+    #
+    # @!attribute [rw] status
+    #   The status of the investigation into the finding. The allowed values
+    #   are the following.
+    #
+    #   * `NEW` - The initial state of a finding, before it is reviewed.
+    #
+    #   * `NOTIFIED` - Indicates that you notified the resource owner about
+    #     the security issue. Used when the initial reviewer is not the
+    #     resource owner, and needs intervention from the resource owner.
+    #
+    #   * `RESOLVED` - The finding was reviewed and remediated and is now
+    #     considered resolved.
+    #
+    #   * `SUPPRESSED` - The finding will not be reviewed again and will not
+    #     be acted upon.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WorkflowUpdate AWS API Documentation
+    #
+    class WorkflowUpdate < Struct.new(
+      :status)
+      include Aws::Structure
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityhub
 version: !ruby/object:Gem::Version
-  version: 1.22.0
+  version: 1.23.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-26 00:00:00.000000000 Z
+date: 2020-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -81,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2.3
+rubygems_version: 2.7.6.2
 signing_key:
 specification_version: 4
 summary: AWS SDK for Ruby - AWS SecurityHub