aws-sdk-securityhub 1.22.0 → 1.23.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/aws-sdk-securityhub.rb +1 -1
- data/lib/aws-sdk-securityhub/client.rb +192 -1
- data/lib/aws-sdk-securityhub/client_api.rb +58 -0
- data/lib/aws-sdk-securityhub/types.rb +298 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 30f9432948141e40b7ffa3b8ec2e46961dbd576fc0be05339d9366cd89d55db0
|
4
|
+
data.tar.gz: 77269af12aa9be0bb09e45692521b3d03742f48957d53cb47d9ee39d80d8dd84
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3181280a3670c8984b53bece68f13d99aba9a7efe90ea00b9c18f8050c8e0bcf912672996f3cfedddb24c7078785171fc65c7d4ec1085e35d86d0b111fbe24c8
|
7
|
+
data.tar.gz: ee57bbffe585c0bc84ea4c8bdbc843cf09af6e68dadbe0ae0b0e383e5a032fac8d86dc6943083807684bd62f086fbaf8479f35c84bab8f089d48f255f2ea8648
|
data/lib/aws-sdk-securityhub.rb
CHANGED
@@ -437,6 +437,28 @@ module Aws::SecurityHub
|
|
437
437
|
# The maximum allowed size for a finding is 240 Kb. An error is returned
|
438
438
|
# for any finding larger than 240 Kb.
|
439
439
|
#
|
440
|
+
# After a finding is created, `BatchImportFindings` cannot be used to
|
441
|
+
# update the following finding fields and objects, which Security Hub
|
442
|
+
# customers use to manage their investigation workflow.
|
443
|
+
#
|
444
|
+
# * `Confidence`
|
445
|
+
#
|
446
|
+
# * `Criticality`
|
447
|
+
#
|
448
|
+
# * `Note`
|
449
|
+
#
|
450
|
+
# * `RelatedFindings`
|
451
|
+
#
|
452
|
+
# * `Severity`
|
453
|
+
#
|
454
|
+
# * `Types`
|
455
|
+
#
|
456
|
+
# * `UserDefinedFields`
|
457
|
+
#
|
458
|
+
# * `VerificationState`
|
459
|
+
#
|
460
|
+
# * `Workflow`
|
461
|
+
#
|
440
462
|
# @option params [required, Array<Types::AwsSecurityFinding>] :findings
|
441
463
|
# A list of findings to import. To successfully import a finding, it
|
442
464
|
# must follow the [AWS Security Finding Format][1]. Maximum of 100
|
@@ -961,6 +983,172 @@ module Aws::SecurityHub
|
|
961
983
|
req.send_request(options)
|
962
984
|
end
|
963
985
|
|
986
|
+
# Used by Security Hub customers to update information about their
|
987
|
+
# investigation into a finding. Requested by master accounts or member
|
988
|
+
# accounts. Master accounts can update findings for their account and
|
989
|
+
# their member accounts. Member accounts can update findings for their
|
990
|
+
# account.
|
991
|
+
#
|
992
|
+
# Updates from `BatchUpdateFindings` do not affect the value of
|
993
|
+
# `UpdatedAt` for a finding.
|
994
|
+
#
|
995
|
+
# Master accounts can use `BatchUpdateFindings` to update the following
|
996
|
+
# finding fields and objects.
|
997
|
+
#
|
998
|
+
# * `Confidence`
|
999
|
+
#
|
1000
|
+
# * `Criticality`
|
1001
|
+
#
|
1002
|
+
# * `Note`
|
1003
|
+
#
|
1004
|
+
# * `RelatedFindings`
|
1005
|
+
#
|
1006
|
+
# * `Severity`
|
1007
|
+
#
|
1008
|
+
# * `Types`
|
1009
|
+
#
|
1010
|
+
# * `UserDefinedFields`
|
1011
|
+
#
|
1012
|
+
# * `VerificationState`
|
1013
|
+
#
|
1014
|
+
# * `Workflow`
|
1015
|
+
#
|
1016
|
+
# Member accounts can only use `BatchUpdateFindings` to update the Note
|
1017
|
+
# object.
|
1018
|
+
#
|
1019
|
+
# @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
|
1020
|
+
# The list of findings to update. `BatchUpdateFindings` can be used to
|
1021
|
+
# update up to 100 findings at a time.
|
1022
|
+
#
|
1023
|
+
# For each finding, the list provides the finding identifier and the ARN
|
1024
|
+
# of the finding provider.
|
1025
|
+
#
|
1026
|
+
# @option params [Types::NoteUpdate] :note
|
1027
|
+
# The updated note.
|
1028
|
+
#
|
1029
|
+
# @option params [Types::SeverityUpdate] :severity
|
1030
|
+
# Used to update the finding severity.
|
1031
|
+
#
|
1032
|
+
# @option params [String] :verification_state
|
1033
|
+
# Indicates the veracity of a finding.
|
1034
|
+
#
|
1035
|
+
# The available values for `VerificationState` are as follows.
|
1036
|
+
#
|
1037
|
+
# * `UNKNOWN` – The default disposition of a security finding
|
1038
|
+
#
|
1039
|
+
# * `TRUE_POSITIVE` – The security finding is confirmed
|
1040
|
+
#
|
1041
|
+
# * `FALSE_POSITIVE` – The security finding was determined to be a false
|
1042
|
+
# alarm
|
1043
|
+
#
|
1044
|
+
# * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
|
1045
|
+
# finding doesn't pose any threat, is expected, or both
|
1046
|
+
#
|
1047
|
+
# @option params [Integer] :confidence
|
1048
|
+
# The updated value for the finding confidence. Confidence is defined as
|
1049
|
+
# the likelihood that a finding accurately identifies the behavior or
|
1050
|
+
# issue that it was intended to identify.
|
1051
|
+
#
|
1052
|
+
# Confidence is scored on a 0-100 basis using a ratio scale, where 0
|
1053
|
+
# means zero percent confidence and 100 means 100 percent confidence.
|
1054
|
+
#
|
1055
|
+
# @option params [Integer] :criticality
|
1056
|
+
# The updated value for the level of importance assigned to the
|
1057
|
+
# resources associated with the findings.
|
1058
|
+
#
|
1059
|
+
# A score of 0 means that the underlying resources have no criticality,
|
1060
|
+
# and a score of 100 is reserved for the most critical resources.
|
1061
|
+
#
|
1062
|
+
# @option params [Array<String>] :types
|
1063
|
+
# One or more finding types in the format of
|
1064
|
+
# namespace/category/classifier that classify a finding.
|
1065
|
+
#
|
1066
|
+
# Valid namespace values are as follows.
|
1067
|
+
#
|
1068
|
+
# * Software and Configuration Checks
|
1069
|
+
#
|
1070
|
+
# * TTPs
|
1071
|
+
#
|
1072
|
+
# * Effects
|
1073
|
+
#
|
1074
|
+
# * Unusual Behaviors
|
1075
|
+
#
|
1076
|
+
# * Sensitive Data Identifications
|
1077
|
+
#
|
1078
|
+
# @option params [Hash<String,String>] :user_defined_fields
|
1079
|
+
# A list of name/value string pairs associated with the finding. These
|
1080
|
+
# are custom, user-defined fields added to a finding.
|
1081
|
+
#
|
1082
|
+
# @option params [Types::WorkflowUpdate] :workflow
|
1083
|
+
# Used to update the workflow status of a finding.
|
1084
|
+
#
|
1085
|
+
# The workflow status indicates the progress of the investigation into
|
1086
|
+
# the finding.
|
1087
|
+
#
|
1088
|
+
# @option params [Array<Types::RelatedFinding>] :related_findings
|
1089
|
+
# A list of findings that are related to the updated findings.
|
1090
|
+
#
|
1091
|
+
# @return [Types::BatchUpdateFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1092
|
+
#
|
1093
|
+
# * {Types::BatchUpdateFindingsResponse#processed_findings #processed_findings} => Array<Types::AwsSecurityFindingIdentifier>
|
1094
|
+
# * {Types::BatchUpdateFindingsResponse#unprocessed_findings #unprocessed_findings} => Array<Types::BatchUpdateFindingsUnprocessedFinding>
|
1095
|
+
#
|
1096
|
+
# @example Request syntax with placeholder values
|
1097
|
+
#
|
1098
|
+
# resp = client.batch_update_findings({
|
1099
|
+
# finding_identifiers: [ # required
|
1100
|
+
# {
|
1101
|
+
# id: "NonEmptyString", # required
|
1102
|
+
# product_arn: "NonEmptyString", # required
|
1103
|
+
# },
|
1104
|
+
# ],
|
1105
|
+
# note: {
|
1106
|
+
# text: "NonEmptyString", # required
|
1107
|
+
# updated_by: "NonEmptyString", # required
|
1108
|
+
# },
|
1109
|
+
# severity: {
|
1110
|
+
# normalized: 1,
|
1111
|
+
# product: 1.0,
|
1112
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
1113
|
+
# },
|
1114
|
+
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
1115
|
+
# confidence: 1,
|
1116
|
+
# criticality: 1,
|
1117
|
+
# types: ["NonEmptyString"],
|
1118
|
+
# user_defined_fields: {
|
1119
|
+
# "NonEmptyString" => "NonEmptyString",
|
1120
|
+
# },
|
1121
|
+
# workflow: {
|
1122
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
1123
|
+
# },
|
1124
|
+
# related_findings: [
|
1125
|
+
# {
|
1126
|
+
# product_arn: "NonEmptyString", # required
|
1127
|
+
# id: "NonEmptyString", # required
|
1128
|
+
# },
|
1129
|
+
# ],
|
1130
|
+
# })
|
1131
|
+
#
|
1132
|
+
# @example Response structure
|
1133
|
+
#
|
1134
|
+
# resp.processed_findings #=> Array
|
1135
|
+
# resp.processed_findings[0].id #=> String
|
1136
|
+
# resp.processed_findings[0].product_arn #=> String
|
1137
|
+
# resp.unprocessed_findings #=> Array
|
1138
|
+
# resp.unprocessed_findings[0].finding_identifier.id #=> String
|
1139
|
+
# resp.unprocessed_findings[0].finding_identifier.product_arn #=> String
|
1140
|
+
# resp.unprocessed_findings[0].error_code #=> String
|
1141
|
+
# resp.unprocessed_findings[0].error_message #=> String
|
1142
|
+
#
|
1143
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindings AWS API Documentation
|
1144
|
+
#
|
1145
|
+
# @overload batch_update_findings(params = {})
|
1146
|
+
# @param [Hash] params ({})
|
1147
|
+
def batch_update_findings(params = {}, options = {})
|
1148
|
+
req = build_request(:batch_update_findings, params)
|
1149
|
+
req.send_request(options)
|
1150
|
+
end
|
1151
|
+
|
964
1152
|
# Creates a custom action target in Security Hub.
|
965
1153
|
#
|
966
1154
|
# You can use custom actions on findings and insights in Security Hub to
|
@@ -3959,6 +4147,9 @@ module Aws::SecurityHub
|
|
3959
4147
|
req.send_request(options)
|
3960
4148
|
end
|
3961
4149
|
|
4150
|
+
# `UpdateFindings` is deprecated. Instead of `UpdateFindings`, use
|
4151
|
+
# `BatchUpdateFindings`.
|
4152
|
+
#
|
3962
4153
|
# Updates the `Note` and `RecordState` of the Security Hub-aggregated
|
3963
4154
|
# findings that the filter attributes specify. Any member account that
|
3964
4155
|
# can view the finding also sees the update to the finding.
|
@@ -5183,7 +5374,7 @@ module Aws::SecurityHub
|
|
5183
5374
|
params: params,
|
5184
5375
|
config: config)
|
5185
5376
|
context[:gem_name] = 'aws-sdk-securityhub'
|
5186
|
-
context[:gem_version] = '1.
|
5377
|
+
context[:gem_version] = '1.23.0'
|
5187
5378
|
Seahorse::Client::Request.new(handlers, context)
|
5188
5379
|
end
|
5189
5380
|
|
@@ -85,6 +85,8 @@ module Aws::SecurityHub
|
|
85
85
|
AwsS3ObjectDetails = Shapes::StructureShape.new(name: 'AwsS3ObjectDetails')
|
86
86
|
AwsSecurityFinding = Shapes::StructureShape.new(name: 'AwsSecurityFinding')
|
87
87
|
AwsSecurityFindingFilters = Shapes::StructureShape.new(name: 'AwsSecurityFindingFilters')
|
88
|
+
AwsSecurityFindingIdentifier = Shapes::StructureShape.new(name: 'AwsSecurityFindingIdentifier')
|
89
|
+
AwsSecurityFindingIdentifierList = Shapes::ListShape.new(name: 'AwsSecurityFindingIdentifierList')
|
88
90
|
AwsSecurityFindingList = Shapes::ListShape.new(name: 'AwsSecurityFindingList')
|
89
91
|
AwsSnsTopicDetails = Shapes::StructureShape.new(name: 'AwsSnsTopicDetails')
|
90
92
|
AwsSnsTopicSubscription = Shapes::StructureShape.new(name: 'AwsSnsTopicSubscription')
|
@@ -99,6 +101,10 @@ module Aws::SecurityHub
|
|
99
101
|
BatchEnableStandardsResponse = Shapes::StructureShape.new(name: 'BatchEnableStandardsResponse')
|
100
102
|
BatchImportFindingsRequest = Shapes::StructureShape.new(name: 'BatchImportFindingsRequest')
|
101
103
|
BatchImportFindingsResponse = Shapes::StructureShape.new(name: 'BatchImportFindingsResponse')
|
104
|
+
BatchUpdateFindingsRequest = Shapes::StructureShape.new(name: 'BatchUpdateFindingsRequest')
|
105
|
+
BatchUpdateFindingsResponse = Shapes::StructureShape.new(name: 'BatchUpdateFindingsResponse')
|
106
|
+
BatchUpdateFindingsUnprocessedFinding = Shapes::StructureShape.new(name: 'BatchUpdateFindingsUnprocessedFinding')
|
107
|
+
BatchUpdateFindingsUnprocessedFindingsList = Shapes::ListShape.new(name: 'BatchUpdateFindingsUnprocessedFindingsList')
|
102
108
|
Boolean = Shapes::BooleanShape.new(name: 'Boolean')
|
103
109
|
CategoryList = Shapes::ListShape.new(name: 'CategoryList')
|
104
110
|
Compliance = Shapes::StructureShape.new(name: 'Compliance')
|
@@ -218,6 +224,7 @@ module Aws::SecurityHub
|
|
218
224
|
Product = Shapes::StructureShape.new(name: 'Product')
|
219
225
|
ProductSubscriptionArnList = Shapes::ListShape.new(name: 'ProductSubscriptionArnList')
|
220
226
|
ProductsList = Shapes::ListShape.new(name: 'ProductsList')
|
227
|
+
RatioScale = Shapes::IntegerShape.new(name: 'RatioScale')
|
221
228
|
Recommendation = Shapes::StructureShape.new(name: 'Recommendation')
|
222
229
|
RecordState = Shapes::StringShape.new(name: 'RecordState')
|
223
230
|
RelatedFinding = Shapes::StructureShape.new(name: 'RelatedFinding')
|
@@ -236,6 +243,7 @@ module Aws::SecurityHub
|
|
236
243
|
Severity = Shapes::StructureShape.new(name: 'Severity')
|
237
244
|
SeverityLabel = Shapes::StringShape.new(name: 'SeverityLabel')
|
238
245
|
SeverityRating = Shapes::StringShape.new(name: 'SeverityRating')
|
246
|
+
SeverityUpdate = Shapes::StructureShape.new(name: 'SeverityUpdate')
|
239
247
|
SortCriteria = Shapes::ListShape.new(name: 'SortCriteria')
|
240
248
|
SortCriterion = Shapes::StructureShape.new(name: 'SortCriterion')
|
241
249
|
SortOrder = Shapes::StringShape.new(name: 'SortOrder')
|
@@ -284,6 +292,7 @@ module Aws::SecurityHub
|
|
284
292
|
Workflow = Shapes::StructureShape.new(name: 'Workflow')
|
285
293
|
WorkflowState = Shapes::StringShape.new(name: 'WorkflowState')
|
286
294
|
WorkflowStatus = Shapes::StringShape.new(name: 'WorkflowStatus')
|
295
|
+
WorkflowUpdate = Shapes::StructureShape.new(name: 'WorkflowUpdate')
|
287
296
|
|
288
297
|
AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "MasterId"))
|
289
298
|
AcceptInvitationRequest.add_member(:invitation_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InvitationId"))
|
@@ -753,6 +762,12 @@ module Aws::SecurityHub
|
|
753
762
|
AwsSecurityFindingFilters.add_member(:keyword, Shapes::ShapeRef.new(shape: KeywordFilterList, location_name: "Keyword"))
|
754
763
|
AwsSecurityFindingFilters.struct_class = Types::AwsSecurityFindingFilters
|
755
764
|
|
765
|
+
AwsSecurityFindingIdentifier.add_member(:id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Id"))
|
766
|
+
AwsSecurityFindingIdentifier.add_member(:product_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ProductArn"))
|
767
|
+
AwsSecurityFindingIdentifier.struct_class = Types::AwsSecurityFindingIdentifier
|
768
|
+
|
769
|
+
AwsSecurityFindingIdentifierList.member = Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifier)
|
770
|
+
|
756
771
|
AwsSecurityFindingList.member = Shapes::ShapeRef.new(shape: AwsSecurityFinding)
|
757
772
|
|
758
773
|
AwsSnsTopicDetails.add_member(:kms_master_key_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "KmsMasterKeyId"))
|
@@ -809,6 +824,29 @@ module Aws::SecurityHub
|
|
809
824
|
BatchImportFindingsResponse.add_member(:failed_findings, Shapes::ShapeRef.new(shape: ImportFindingsErrorList, location_name: "FailedFindings"))
|
810
825
|
BatchImportFindingsResponse.struct_class = Types::BatchImportFindingsResponse
|
811
826
|
|
827
|
+
BatchUpdateFindingsRequest.add_member(:finding_identifiers, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifierList, required: true, location_name: "FindingIdentifiers"))
|
828
|
+
BatchUpdateFindingsRequest.add_member(:note, Shapes::ShapeRef.new(shape: NoteUpdate, location_name: "Note"))
|
829
|
+
BatchUpdateFindingsRequest.add_member(:severity, Shapes::ShapeRef.new(shape: SeverityUpdate, location_name: "Severity"))
|
830
|
+
BatchUpdateFindingsRequest.add_member(:verification_state, Shapes::ShapeRef.new(shape: VerificationState, location_name: "VerificationState"))
|
831
|
+
BatchUpdateFindingsRequest.add_member(:confidence, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Confidence"))
|
832
|
+
BatchUpdateFindingsRequest.add_member(:criticality, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Criticality"))
|
833
|
+
BatchUpdateFindingsRequest.add_member(:types, Shapes::ShapeRef.new(shape: TypeList, location_name: "Types"))
|
834
|
+
BatchUpdateFindingsRequest.add_member(:user_defined_fields, Shapes::ShapeRef.new(shape: FieldMap, location_name: "UserDefinedFields"))
|
835
|
+
BatchUpdateFindingsRequest.add_member(:workflow, Shapes::ShapeRef.new(shape: WorkflowUpdate, location_name: "Workflow"))
|
836
|
+
BatchUpdateFindingsRequest.add_member(:related_findings, Shapes::ShapeRef.new(shape: RelatedFindingList, location_name: "RelatedFindings"))
|
837
|
+
BatchUpdateFindingsRequest.struct_class = Types::BatchUpdateFindingsRequest
|
838
|
+
|
839
|
+
BatchUpdateFindingsResponse.add_member(:processed_findings, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifierList, required: true, location_name: "ProcessedFindings"))
|
840
|
+
BatchUpdateFindingsResponse.add_member(:unprocessed_findings, Shapes::ShapeRef.new(shape: BatchUpdateFindingsUnprocessedFindingsList, required: true, location_name: "UnprocessedFindings"))
|
841
|
+
BatchUpdateFindingsResponse.struct_class = Types::BatchUpdateFindingsResponse
|
842
|
+
|
843
|
+
BatchUpdateFindingsUnprocessedFinding.add_member(:finding_identifier, Shapes::ShapeRef.new(shape: AwsSecurityFindingIdentifier, required: true, location_name: "FindingIdentifier"))
|
844
|
+
BatchUpdateFindingsUnprocessedFinding.add_member(:error_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ErrorCode"))
|
845
|
+
BatchUpdateFindingsUnprocessedFinding.add_member(:error_message, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ErrorMessage"))
|
846
|
+
BatchUpdateFindingsUnprocessedFinding.struct_class = Types::BatchUpdateFindingsUnprocessedFinding
|
847
|
+
|
848
|
+
BatchUpdateFindingsUnprocessedFindingsList.member = Shapes::ShapeRef.new(shape: BatchUpdateFindingsUnprocessedFinding)
|
849
|
+
|
812
850
|
CategoryList.member = Shapes::ShapeRef.new(shape: NonEmptyString)
|
813
851
|
|
814
852
|
Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
|
@@ -1259,6 +1297,11 @@ module Aws::SecurityHub
|
|
1259
1297
|
Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
|
1260
1298
|
Severity.struct_class = Types::Severity
|
1261
1299
|
|
1300
|
+
SeverityUpdate.add_member(:normalized, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Normalized"))
|
1301
|
+
SeverityUpdate.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
|
1302
|
+
SeverityUpdate.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
|
1303
|
+
SeverityUpdate.struct_class = Types::SeverityUpdate
|
1304
|
+
|
1262
1305
|
SortCriteria.member = Shapes::ShapeRef.new(shape: SortCriterion)
|
1263
1306
|
|
1264
1307
|
SortCriterion.add_member(:field, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Field"))
|
@@ -1386,6 +1429,9 @@ module Aws::SecurityHub
|
|
1386
1429
|
Workflow.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
|
1387
1430
|
Workflow.struct_class = Types::Workflow
|
1388
1431
|
|
1432
|
+
WorkflowUpdate.add_member(:status, Shapes::ShapeRef.new(shape: WorkflowStatus, location_name: "Status"))
|
1433
|
+
WorkflowUpdate.struct_class = Types::WorkflowUpdate
|
1434
|
+
|
1389
1435
|
|
1390
1436
|
# @api private
|
1391
1437
|
API = Seahorse::Model::Api.new.tap do |api|
|
@@ -1453,6 +1499,18 @@ module Aws::SecurityHub
|
|
1453
1499
|
o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
|
1454
1500
|
end)
|
1455
1501
|
|
1502
|
+
api.add_operation(:batch_update_findings, Seahorse::Model::Operation.new.tap do |o|
|
1503
|
+
o.name = "BatchUpdateFindings"
|
1504
|
+
o.http_method = "PATCH"
|
1505
|
+
o.http_request_uri = "/findings/batchupdate"
|
1506
|
+
o.input = Shapes::ShapeRef.new(shape: BatchUpdateFindingsRequest)
|
1507
|
+
o.output = Shapes::ShapeRef.new(shape: BatchUpdateFindingsResponse)
|
1508
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalException)
|
1509
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
|
1510
|
+
o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
|
1511
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
|
1512
|
+
end)
|
1513
|
+
|
1456
1514
|
api.add_operation(:create_action_target, Seahorse::Model::Operation.new.tap do |o|
|
1457
1515
|
o.name = "CreateActionTarget"
|
1458
1516
|
o.http_method = "POST"
|
@@ -4237,6 +4237,36 @@ module Aws::SecurityHub
|
|
4237
4237
|
include Aws::Structure
|
4238
4238
|
end
|
4239
4239
|
|
4240
|
+
# Identifies a finding to update using `BatchUpdateFindings`.
|
4241
|
+
#
|
4242
|
+
# @note When making an API call, you may pass AwsSecurityFindingIdentifier
|
4243
|
+
# data as a hash:
|
4244
|
+
#
|
4245
|
+
# {
|
4246
|
+
# id: "NonEmptyString", # required
|
4247
|
+
# product_arn: "NonEmptyString", # required
|
4248
|
+
# }
|
4249
|
+
#
|
4250
|
+
# @!attribute [rw] id
|
4251
|
+
# The identifier of the finding that was specified by the finding
|
4252
|
+
# provider.
|
4253
|
+
# @return [String]
|
4254
|
+
#
|
4255
|
+
# @!attribute [rw] product_arn
|
4256
|
+
# The ARN generated by Security Hub that uniquely identifies a product
|
4257
|
+
# that generates findings. This can be the ARN for a third-party
|
4258
|
+
# product that is integrated with Security Hub, or the ARN for a
|
4259
|
+
# custom integration.
|
4260
|
+
# @return [String]
|
4261
|
+
#
|
4262
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingIdentifier AWS API Documentation
|
4263
|
+
#
|
4264
|
+
class AwsSecurityFindingIdentifier < Struct.new(
|
4265
|
+
:id,
|
4266
|
+
:product_arn)
|
4267
|
+
include Aws::Structure
|
4268
|
+
end
|
4269
|
+
|
4240
4270
|
# A wrapper type for the topic's Amazon Resource Name (ARN).
|
4241
4271
|
#
|
4242
4272
|
# @note When making an API call, you may pass AwsSnsTopicDetails
|
@@ -5087,6 +5117,182 @@ module Aws::SecurityHub
|
|
5087
5117
|
include Aws::Structure
|
5088
5118
|
end
|
5089
5119
|
|
5120
|
+
# @note When making an API call, you may pass BatchUpdateFindingsRequest
|
5121
|
+
# data as a hash:
|
5122
|
+
#
|
5123
|
+
# {
|
5124
|
+
# finding_identifiers: [ # required
|
5125
|
+
# {
|
5126
|
+
# id: "NonEmptyString", # required
|
5127
|
+
# product_arn: "NonEmptyString", # required
|
5128
|
+
# },
|
5129
|
+
# ],
|
5130
|
+
# note: {
|
5131
|
+
# text: "NonEmptyString", # required
|
5132
|
+
# updated_by: "NonEmptyString", # required
|
5133
|
+
# },
|
5134
|
+
# severity: {
|
5135
|
+
# normalized: 1,
|
5136
|
+
# product: 1.0,
|
5137
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
5138
|
+
# },
|
5139
|
+
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
5140
|
+
# confidence: 1,
|
5141
|
+
# criticality: 1,
|
5142
|
+
# types: ["NonEmptyString"],
|
5143
|
+
# user_defined_fields: {
|
5144
|
+
# "NonEmptyString" => "NonEmptyString",
|
5145
|
+
# },
|
5146
|
+
# workflow: {
|
5147
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
5148
|
+
# },
|
5149
|
+
# related_findings: [
|
5150
|
+
# {
|
5151
|
+
# product_arn: "NonEmptyString", # required
|
5152
|
+
# id: "NonEmptyString", # required
|
5153
|
+
# },
|
5154
|
+
# ],
|
5155
|
+
# }
|
5156
|
+
#
|
5157
|
+
# @!attribute [rw] finding_identifiers
|
5158
|
+
# The list of findings to update. `BatchUpdateFindings` can be used to
|
5159
|
+
# update up to 100 findings at a time.
|
5160
|
+
#
|
5161
|
+
# For each finding, the list provides the finding identifier and the
|
5162
|
+
# ARN of the finding provider.
|
5163
|
+
# @return [Array<Types::AwsSecurityFindingIdentifier>]
|
5164
|
+
#
|
5165
|
+
# @!attribute [rw] note
|
5166
|
+
# The updated note.
|
5167
|
+
# @return [Types::NoteUpdate]
|
5168
|
+
#
|
5169
|
+
# @!attribute [rw] severity
|
5170
|
+
# Used to update the finding severity.
|
5171
|
+
# @return [Types::SeverityUpdate]
|
5172
|
+
#
|
5173
|
+
# @!attribute [rw] verification_state
|
5174
|
+
# Indicates the veracity of a finding.
|
5175
|
+
#
|
5176
|
+
# The available values for `VerificationState` are as follows.
|
5177
|
+
#
|
5178
|
+
# * `UNKNOWN` – The default disposition of a security finding
|
5179
|
+
#
|
5180
|
+
# * `TRUE_POSITIVE` – The security finding is confirmed
|
5181
|
+
#
|
5182
|
+
# * `FALSE_POSITIVE` – The security finding was determined to be a
|
5183
|
+
# false alarm
|
5184
|
+
#
|
5185
|
+
# * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the
|
5186
|
+
# finding doesn't pose any threat, is expected, or both
|
5187
|
+
# @return [String]
|
5188
|
+
#
|
5189
|
+
# @!attribute [rw] confidence
|
5190
|
+
# The updated value for the finding confidence. Confidence is defined
|
5191
|
+
# as the likelihood that a finding accurately identifies the behavior
|
5192
|
+
# or issue that it was intended to identify.
|
5193
|
+
#
|
5194
|
+
# Confidence is scored on a 0-100 basis using a ratio scale, where 0
|
5195
|
+
# means zero percent confidence and 100 means 100 percent confidence.
|
5196
|
+
# @return [Integer]
|
5197
|
+
#
|
5198
|
+
# @!attribute [rw] criticality
|
5199
|
+
# The updated value for the level of importance assigned to the
|
5200
|
+
# resources associated with the findings.
|
5201
|
+
#
|
5202
|
+
# A score of 0 means that the underlying resources have no
|
5203
|
+
# criticality, and a score of 100 is reserved for the most critical
|
5204
|
+
# resources.
|
5205
|
+
# @return [Integer]
|
5206
|
+
#
|
5207
|
+
# @!attribute [rw] types
|
5208
|
+
# One or more finding types in the format of
|
5209
|
+
# namespace/category/classifier that classify a finding.
|
5210
|
+
#
|
5211
|
+
# Valid namespace values are as follows.
|
5212
|
+
#
|
5213
|
+
# * Software and Configuration Checks
|
5214
|
+
#
|
5215
|
+
# * TTPs
|
5216
|
+
#
|
5217
|
+
# * Effects
|
5218
|
+
#
|
5219
|
+
# * Unusual Behaviors
|
5220
|
+
#
|
5221
|
+
# * Sensitive Data Identifications
|
5222
|
+
# @return [Array<String>]
|
5223
|
+
#
|
5224
|
+
# @!attribute [rw] user_defined_fields
|
5225
|
+
# A list of name/value string pairs associated with the finding. These
|
5226
|
+
# are custom, user-defined fields added to a finding.
|
5227
|
+
# @return [Hash<String,String>]
|
5228
|
+
#
|
5229
|
+
# @!attribute [rw] workflow
|
5230
|
+
# Used to update the workflow status of a finding.
|
5231
|
+
#
|
5232
|
+
# The workflow status indicates the progress of the investigation into
|
5233
|
+
# the finding.
|
5234
|
+
# @return [Types::WorkflowUpdate]
|
5235
|
+
#
|
5236
|
+
# @!attribute [rw] related_findings
|
5237
|
+
# A list of findings that are related to the updated findings.
|
5238
|
+
# @return [Array<Types::RelatedFinding>]
|
5239
|
+
#
|
5240
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsRequest AWS API Documentation
|
5241
|
+
#
|
5242
|
+
class BatchUpdateFindingsRequest < Struct.new(
|
5243
|
+
:finding_identifiers,
|
5244
|
+
:note,
|
5245
|
+
:severity,
|
5246
|
+
:verification_state,
|
5247
|
+
:confidence,
|
5248
|
+
:criticality,
|
5249
|
+
:types,
|
5250
|
+
:user_defined_fields,
|
5251
|
+
:workflow,
|
5252
|
+
:related_findings)
|
5253
|
+
include Aws::Structure
|
5254
|
+
end
|
5255
|
+
|
5256
|
+
# @!attribute [rw] processed_findings
|
5257
|
+
# The list of findings that were updated successfully.
|
5258
|
+
# @return [Array<Types::AwsSecurityFindingIdentifier>]
|
5259
|
+
#
|
5260
|
+
# @!attribute [rw] unprocessed_findings
|
5261
|
+
# The list of findings that were not updated.
|
5262
|
+
# @return [Array<Types::BatchUpdateFindingsUnprocessedFinding>]
|
5263
|
+
#
|
5264
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsResponse AWS API Documentation
|
5265
|
+
#
|
5266
|
+
class BatchUpdateFindingsResponse < Struct.new(
|
5267
|
+
:processed_findings,
|
5268
|
+
:unprocessed_findings)
|
5269
|
+
include Aws::Structure
|
5270
|
+
end
|
5271
|
+
|
5272
|
+
# A finding from a `BatchUpdateFindings` request that Security Hub was
|
5273
|
+
# unable to update.
|
5274
|
+
#
|
5275
|
+
# @!attribute [rw] finding_identifier
|
5276
|
+
# The identifier of the finding that was not updated.
|
5277
|
+
# @return [Types::AwsSecurityFindingIdentifier]
|
5278
|
+
#
|
5279
|
+
# @!attribute [rw] error_code
|
5280
|
+
# The code associated with the error.
|
5281
|
+
# @return [String]
|
5282
|
+
#
|
5283
|
+
# @!attribute [rw] error_message
|
5284
|
+
# The message associated with the error.
|
5285
|
+
# @return [String]
|
5286
|
+
#
|
5287
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsUnprocessedFinding AWS API Documentation
|
5288
|
+
#
|
5289
|
+
class BatchUpdateFindingsUnprocessedFinding < Struct.new(
|
5290
|
+
:finding_identifier,
|
5291
|
+
:error_code,
|
5292
|
+
:error_message)
|
5293
|
+
include Aws::Structure
|
5294
|
+
end
|
5295
|
+
|
5090
5296
|
# Exclusive to findings that are generated as the result of a check run
|
5091
5297
|
# against a specific rule in a supported security standard, such as CIS
|
5092
5298
|
# AWS Foundations. Contains security standard-related finding details.
|
@@ -9282,6 +9488,65 @@ module Aws::SecurityHub
|
|
9282
9488
|
include Aws::Structure
|
9283
9489
|
end
|
9284
9490
|
|
9491
|
+
# Updates to the severity information for a finding.
|
9492
|
+
#
|
9493
|
+
# @note When making an API call, you may pass SeverityUpdate
|
9494
|
+
# data as a hash:
|
9495
|
+
#
|
9496
|
+
# {
|
9497
|
+
# normalized: 1,
|
9498
|
+
# product: 1.0,
|
9499
|
+
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
9500
|
+
# }
|
9501
|
+
#
|
9502
|
+
# @!attribute [rw] normalized
|
9503
|
+
# The normalized severity for the finding. This attribute is to be
|
9504
|
+
# deprecated in favor of `Label`.
|
9505
|
+
#
|
9506
|
+
# If you provide `Normalized` and do not provide `Label`, `Label` is
|
9507
|
+
# set automatically as follows.
|
9508
|
+
#
|
9509
|
+
# * 0 - `INFORMATIONAL`
|
9510
|
+
#
|
9511
|
+
# * 1–39 - `LOW`
|
9512
|
+
#
|
9513
|
+
# * 40–69 - `MEDIUM`
|
9514
|
+
#
|
9515
|
+
# * 70–89 - `HIGH`
|
9516
|
+
#
|
9517
|
+
# * 90–100 - `CRITICAL`
|
9518
|
+
# @return [Integer]
|
9519
|
+
#
|
9520
|
+
# @!attribute [rw] product
|
9521
|
+
# The native severity as defined by the AWS service or integrated
|
9522
|
+
# partner product that generated the finding.
|
9523
|
+
# @return [Float]
|
9524
|
+
#
|
9525
|
+
# @!attribute [rw] label
|
9526
|
+
# The severity value of the finding. The allowed values are the
|
9527
|
+
# following.
|
9528
|
+
#
|
9529
|
+
# * `INFORMATIONAL` - No issue was found.
|
9530
|
+
#
|
9531
|
+
# * `LOW` - The issue does not require action on its own.
|
9532
|
+
#
|
9533
|
+
# * `MEDIUM` - The issue must be addressed but not urgently.
|
9534
|
+
#
|
9535
|
+
# * `HIGH` - The issue must be addressed as a priority.
|
9536
|
+
#
|
9537
|
+
# * `CRITICAL` - The issue must be remediated immediately to avoid it
|
9538
|
+
# escalating.
|
9539
|
+
# @return [String]
|
9540
|
+
#
|
9541
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SeverityUpdate AWS API Documentation
|
9542
|
+
#
|
9543
|
+
class SeverityUpdate < Struct.new(
|
9544
|
+
:normalized,
|
9545
|
+
:product,
|
9546
|
+
:label)
|
9547
|
+
include Aws::Structure
|
9548
|
+
end
|
9549
|
+
|
9285
9550
|
# A collection of finding attributes used to sort findings.
|
9286
9551
|
#
|
9287
9552
|
# @note When making an API call, you may pass SortCriterion
|
@@ -10972,5 +11237,38 @@ module Aws::SecurityHub
|
|
10972
11237
|
include Aws::Structure
|
10973
11238
|
end
|
10974
11239
|
|
11240
|
+
# Used to update information about the investigation into the finding.
|
11241
|
+
#
|
11242
|
+
# @note When making an API call, you may pass WorkflowUpdate
|
11243
|
+
# data as a hash:
|
11244
|
+
#
|
11245
|
+
# {
|
11246
|
+
# status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
|
11247
|
+
# }
|
11248
|
+
#
|
11249
|
+
# @!attribute [rw] status
|
11250
|
+
# The status of the investigation into the finding. The allowed values
|
11251
|
+
# are the following.
|
11252
|
+
#
|
11253
|
+
# * `NEW` - The initial state of a finding, before it is reviewed.
|
11254
|
+
#
|
11255
|
+
# * `NOTIFIED` - Indicates that you notified the resource owner about
|
11256
|
+
# the security issue. Used when the initial reviewer is not the
|
11257
|
+
# resource owner, and needs intervention from the resource owner.
|
11258
|
+
#
|
11259
|
+
# * `RESOLVED` - The finding was reviewed and remediated and is now
|
11260
|
+
# considered resolved.
|
11261
|
+
#
|
11262
|
+
# * `SUPPRESSED` - The finding will not be reviewed again and will not
|
11263
|
+
# be acted upon.
|
11264
|
+
# @return [String]
|
11265
|
+
#
|
11266
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WorkflowUpdate AWS API Documentation
|
11267
|
+
#
|
11268
|
+
class WorkflowUpdate < Struct.new(
|
11269
|
+
:status)
|
11270
|
+
include Aws::Structure
|
11271
|
+
end
|
11272
|
+
|
10975
11273
|
end
|
10976
11274
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-securityhub
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.23.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-04-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -81,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
81
81
|
version: '0'
|
82
82
|
requirements: []
|
83
83
|
rubyforge_project:
|
84
|
-
rubygems_version: 2.
|
84
|
+
rubygems_version: 2.7.6.2
|
85
85
|
signing_key:
|
86
86
|
specification_version: 4
|
87
87
|
summary: AWS SDK for Ruby - AWS SecurityHub
|