aws-sdk-securityhub 1.24.0 → 1.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-securityhub.rb +1 -1
- data/lib/aws-sdk-securityhub/client.rb +26 -8
- data/lib/aws-sdk-securityhub/client_api.rb +10 -0
- data/lib/aws-sdk-securityhub/types.rb +137 -64
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2cd946e32b69755d6befa63698342d383079fa365b0505bf5b0ce741d7940715
|
|
4
|
+
data.tar.gz: 195a3f28cad30da62ed67f9a3a4edfd8a13e31463131a0dfcc5b64fb12d34730
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 79f862ba77c2c887fdcb1e6487c6965084019c51d09b4a0d87f0f9dd2e8d1bc747e89f52a19336ee5d6db511b4a94ce47bd993fef25b0a1b1496d9a2f73a6216
|
|
7
|
+
data.tar.gz: 2e6379cdb8f9a058b1714dfc99ff8f64653623c57ffa1e821a3658d96a704ddc8f37a0874285ed462e4d1a307ebac1f097ebcc83b94e60f3c9079b32cacb54b5
|
data/lib/aws-sdk-securityhub.rb
CHANGED
|
@@ -493,6 +493,7 @@ module Aws::SecurityHub
|
|
|
493
493
|
# product: 1.0,
|
|
494
494
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
495
495
|
# normalized: 1,
|
|
496
|
+
# original: "NonEmptyString",
|
|
496
497
|
# },
|
|
497
498
|
# confidence: 1,
|
|
498
499
|
# criticality: 1,
|
|
@@ -943,6 +944,12 @@ module Aws::SecurityHub
|
|
|
943
944
|
# compliance: {
|
|
944
945
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
945
946
|
# related_requirements: ["NonEmptyString"],
|
|
947
|
+
# status_reasons: [
|
|
948
|
+
# {
|
|
949
|
+
# reason_code: "NonEmptyString", # required
|
|
950
|
+
# description: "NonEmptyString",
|
|
951
|
+
# },
|
|
952
|
+
# ],
|
|
946
953
|
# },
|
|
947
954
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
|
948
955
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
|
@@ -1800,7 +1807,7 @@ module Aws::SecurityHub
|
|
|
1800
1807
|
# Security Hub.
|
|
1801
1808
|
#
|
|
1802
1809
|
# If the account owner accepts the invitation, the account becomes a
|
|
1803
|
-
# member account in Security Hub
|
|
1810
|
+
# member account in Security Hub. A permissions policy is added that
|
|
1804
1811
|
# permits the master account to view the findings generated in the
|
|
1805
1812
|
# member account. When Security Hub is enabled in the invited account,
|
|
1806
1813
|
# findings start to be sent to both the member and master accounts.
|
|
@@ -2335,8 +2342,8 @@ module Aws::SecurityHub
|
|
|
2335
2342
|
# Enables the integration of a partner product with Security Hub.
|
|
2336
2343
|
# Integrated products send findings to Security Hub.
|
|
2337
2344
|
#
|
|
2338
|
-
# When you enable a product integration, a
|
|
2339
|
-
# permission for the product to send findings to Security Hub is
|
|
2345
|
+
# When you enable a product integration, a permissions policy that
|
|
2346
|
+
# grants permission for the product to send findings to Security Hub is
|
|
2340
2347
|
# applied.
|
|
2341
2348
|
#
|
|
2342
2349
|
# @option params [required, String] :product_arn
|
|
@@ -2373,9 +2380,16 @@ module Aws::SecurityHub
|
|
|
2373
2380
|
# integrated with Security Hub.
|
|
2374
2381
|
#
|
|
2375
2382
|
# When you use the `EnableSecurityHub` operation to enable Security Hub,
|
|
2376
|
-
# you also automatically enable the
|
|
2377
|
-
#
|
|
2378
|
-
#
|
|
2383
|
+
# you also automatically enable the following standards.
|
|
2384
|
+
#
|
|
2385
|
+
# * CIS AWS Foundations
|
|
2386
|
+
#
|
|
2387
|
+
# * AWS Foundational Security Best Practices
|
|
2388
|
+
#
|
|
2389
|
+
# You do not enable the Payment Card Industry Data Security Standard
|
|
2390
|
+
# (PCI DSS) standard.
|
|
2391
|
+
#
|
|
2392
|
+
# To not enable the automatically enabled standards, set
|
|
2379
2393
|
# `EnableDefaultStandards` to `false`.
|
|
2380
2394
|
#
|
|
2381
2395
|
# After you enable Security Hub, to enable a standard, use the `
|
|
@@ -2390,7 +2404,7 @@ module Aws::SecurityHub
|
|
|
2390
2404
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html
|
|
2391
2405
|
#
|
|
2392
2406
|
# @option params [Hash<String,String>] :tags
|
|
2393
|
-
# The tags to add to the
|
|
2407
|
+
# The tags to add to the hub resource when you enable Security Hub.
|
|
2394
2408
|
#
|
|
2395
2409
|
# @option params [Boolean] :enable_default_standards
|
|
2396
2410
|
# Whether to enable the security standards that Security Hub has
|
|
@@ -3083,6 +3097,7 @@ module Aws::SecurityHub
|
|
|
3083
3097
|
# resp.findings[0].severity.product #=> Float
|
|
3084
3098
|
# resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
|
3085
3099
|
# resp.findings[0].severity.normalized #=> Integer
|
|
3100
|
+
# resp.findings[0].severity.original #=> String
|
|
3086
3101
|
# resp.findings[0].confidence #=> Integer
|
|
3087
3102
|
# resp.findings[0].criticality #=> Integer
|
|
3088
3103
|
# resp.findings[0].title #=> String
|
|
@@ -3374,6 +3389,9 @@ module Aws::SecurityHub
|
|
|
3374
3389
|
# resp.findings[0].compliance.status #=> String, one of "PASSED", "WARNING", "FAILED", "NOT_AVAILABLE"
|
|
3375
3390
|
# resp.findings[0].compliance.related_requirements #=> Array
|
|
3376
3391
|
# resp.findings[0].compliance.related_requirements[0] #=> String
|
|
3392
|
+
# resp.findings[0].compliance.status_reasons #=> Array
|
|
3393
|
+
# resp.findings[0].compliance.status_reasons[0].reason_code #=> String
|
|
3394
|
+
# resp.findings[0].compliance.status_reasons[0].description #=> String
|
|
3377
3395
|
# resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
|
|
3378
3396
|
# resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
|
|
3379
3397
|
# resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
|
|
@@ -5374,7 +5392,7 @@ module Aws::SecurityHub
|
|
|
5374
5392
|
params: params,
|
|
5375
5393
|
config: config)
|
|
5376
5394
|
context[:gem_name] = 'aws-sdk-securityhub'
|
|
5377
|
-
context[:gem_version] = '1.
|
|
5395
|
+
context[:gem_version] = '1.25.0'
|
|
5378
5396
|
Seahorse::Client::Request.new(handlers, context)
|
|
5379
5397
|
end
|
|
5380
5398
|
|
|
@@ -258,6 +258,8 @@ module Aws::SecurityHub
|
|
|
258
258
|
StandardsSubscriptionRequest = Shapes::StructureShape.new(name: 'StandardsSubscriptionRequest')
|
|
259
259
|
StandardsSubscriptionRequests = Shapes::ListShape.new(name: 'StandardsSubscriptionRequests')
|
|
260
260
|
StandardsSubscriptions = Shapes::ListShape.new(name: 'StandardsSubscriptions')
|
|
261
|
+
StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
|
|
262
|
+
StatusReasonsList = Shapes::ListShape.new(name: 'StatusReasonsList')
|
|
261
263
|
StringFilter = Shapes::StructureShape.new(name: 'StringFilter')
|
|
262
264
|
StringFilterComparison = Shapes::StringShape.new(name: 'StringFilterComparison')
|
|
263
265
|
StringFilterList = Shapes::ListShape.new(name: 'StringFilterList')
|
|
@@ -851,6 +853,7 @@ module Aws::SecurityHub
|
|
|
851
853
|
|
|
852
854
|
Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
|
|
853
855
|
Compliance.add_member(:related_requirements, Shapes::ShapeRef.new(shape: RelatedRequirementsList, location_name: "RelatedRequirements"))
|
|
856
|
+
Compliance.add_member(:status_reasons, Shapes::ShapeRef.new(shape: StatusReasonsList, location_name: "StatusReasons"))
|
|
854
857
|
Compliance.struct_class = Types::Compliance
|
|
855
858
|
|
|
856
859
|
ContainerDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
|
|
@@ -1295,6 +1298,7 @@ module Aws::SecurityHub
|
|
|
1295
1298
|
Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
|
|
1296
1299
|
Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
|
|
1297
1300
|
Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
|
|
1301
|
+
Severity.add_member(:original, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Original"))
|
|
1298
1302
|
Severity.struct_class = Types::Severity
|
|
1299
1303
|
|
|
1300
1304
|
SeverityUpdate.add_member(:normalized, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Normalized"))
|
|
@@ -1349,6 +1353,12 @@ module Aws::SecurityHub
|
|
|
1349
1353
|
|
|
1350
1354
|
StandardsSubscriptions.member = Shapes::ShapeRef.new(shape: StandardsSubscription)
|
|
1351
1355
|
|
|
1356
|
+
StatusReason.add_member(:reason_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ReasonCode"))
|
|
1357
|
+
StatusReason.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
|
|
1358
|
+
StatusReason.struct_class = Types::StatusReason
|
|
1359
|
+
|
|
1360
|
+
StatusReasonsList.member = Shapes::ShapeRef.new(shape: StatusReason)
|
|
1361
|
+
|
|
1352
1362
|
StringFilter.add_member(:value, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Value"))
|
|
1353
1363
|
StringFilter.add_member(:comparison, Shapes::ShapeRef.new(shape: StringFilterComparison, location_name: "Comparison"))
|
|
1354
1364
|
StringFilter.struct_class = Types::StringFilter
|
|
@@ -245,8 +245,8 @@ module Aws::SecurityHub
|
|
|
245
245
|
end
|
|
246
246
|
|
|
247
247
|
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
|
248
|
-
# example, a web server), Amazon MediaStore, or other server
|
|
249
|
-
# CloudFront gets your files.
|
|
248
|
+
# example, a web server), Amazon Elemental MediaStore, or other server
|
|
249
|
+
# from which CloudFront gets your files.
|
|
250
250
|
#
|
|
251
251
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
|
|
252
252
|
# data as a hash:
|
|
@@ -425,13 +425,13 @@ module Aws::SecurityHub
|
|
|
425
425
|
# @!attribute [rw] type
|
|
426
426
|
# The type of build environment to use for related builds.
|
|
427
427
|
#
|
|
428
|
-
# The environment type `ARM_CONTAINER` is available only in
|
|
428
|
+
# The environment type `ARM_CONTAINER` is available only in Regions US
|
|
429
429
|
# East (N. Virginia), US East (Ohio), US West (Oregon), Europe
|
|
430
430
|
# (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific
|
|
431
431
|
# (Sydney), and Europe (Frankfurt).
|
|
432
432
|
#
|
|
433
433
|
# The environment type `LINUX_CONTAINER` with compute type
|
|
434
|
-
# build.general1.2xlarge is available only in
|
|
434
|
+
# build.general1.2xlarge is available only in Regions US East (N.
|
|
435
435
|
# Virginia), US East (N. Virginia), US West (Oregon), Canada
|
|
436
436
|
# (Central), Europe (Ireland), Europe (London), Europe (Frankfurt),
|
|
437
437
|
# Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
|
|
@@ -439,10 +439,10 @@ module Aws::SecurityHub
|
|
|
439
439
|
# (Ningxia).
|
|
440
440
|
#
|
|
441
441
|
# The environment type `LINUX_GPU_CONTAINER` is available only in
|
|
442
|
-
#
|
|
442
|
+
# Regions US East (N. Virginia), US East (N. Virginia), US West
|
|
443
443
|
# (Oregon), Canada (Central), Europe (Ireland), Europe (London),
|
|
444
444
|
# Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
|
|
445
|
-
# Pacific (Singapore), Asia Pacific (Sydney)
|
|
445
|
+
# Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and
|
|
446
446
|
# China (Ningxia).
|
|
447
447
|
#
|
|
448
448
|
# Valid values: `WINDOWS_CONTAINER` \| `LINUX_CONTAINER` \|
|
|
@@ -539,8 +539,8 @@ module Aws::SecurityHub
|
|
|
539
539
|
# source action instead of this value.
|
|
540
540
|
#
|
|
541
541
|
# * For source code in an AWS CodeCommit repository, the HTTPS clone
|
|
542
|
-
# URL to the repository that contains the source code and the
|
|
543
|
-
#
|
|
542
|
+
# URL to the repository that contains the source code and the build
|
|
543
|
+
# spec file (for example,
|
|
544
544
|
# `https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name`
|
|
545
545
|
# ).
|
|
546
546
|
#
|
|
@@ -553,10 +553,10 @@ module Aws::SecurityHub
|
|
|
553
553
|
# example, `bucket-name/path/to/source-code/folder/`).
|
|
554
554
|
#
|
|
555
555
|
# * For source code in a GitHub repository, the HTTPS clone URL to the
|
|
556
|
-
# repository that contains the source and the
|
|
556
|
+
# repository that contains the source and the build spec file.
|
|
557
557
|
#
|
|
558
558
|
# * For source code in a Bitbucket repository, the HTTPS clone URL to
|
|
559
|
-
# the repository that contains the source and the
|
|
559
|
+
# the repository that contains the source and the build spec file.
|
|
560
560
|
# @return [String]
|
|
561
561
|
#
|
|
562
562
|
# @!attribute [rw] git_clone_depth
|
|
@@ -1035,9 +1035,9 @@ module Aws::SecurityHub
|
|
|
1035
1035
|
# }
|
|
1036
1036
|
#
|
|
1037
1037
|
# @!attribute [rw] cidr_ip
|
|
1038
|
-
# The IPv4 CIDR range. You can
|
|
1039
|
-
#
|
|
1040
|
-
#
|
|
1038
|
+
# The IPv4 CIDR range. You can specify either a CIDR range or a source
|
|
1039
|
+
# security group, but not both. To specify a single IPv4 address, use
|
|
1040
|
+
# the /32 prefix length.
|
|
1041
1041
|
# @return [String]
|
|
1042
1042
|
#
|
|
1043
1043
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpRange AWS API Documentation
|
|
@@ -1057,9 +1057,9 @@ module Aws::SecurityHub
|
|
|
1057
1057
|
# }
|
|
1058
1058
|
#
|
|
1059
1059
|
# @!attribute [rw] cidr_ipv_6
|
|
1060
|
-
# The IPv6 CIDR range. You can
|
|
1061
|
-
#
|
|
1062
|
-
#
|
|
1060
|
+
# The IPv6 CIDR range. You can specify either a CIDR range or a source
|
|
1061
|
+
# security group, but not both. To specify a single IPv6 address, use
|
|
1062
|
+
# the /128 prefix length.
|
|
1063
1063
|
# @return [String]
|
|
1064
1064
|
#
|
|
1065
1065
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpv6Range AWS API Documentation
|
|
@@ -1990,7 +1990,7 @@ module Aws::SecurityHub
|
|
|
1990
1990
|
# @return [Integer]
|
|
1991
1991
|
#
|
|
1992
1992
|
# @!attribute [rw] compatible_runtimes
|
|
1993
|
-
# The layer's compatible runtimes. Maximum number of
|
|
1993
|
+
# The layer's compatible runtimes. Maximum number of five items.
|
|
1994
1994
|
#
|
|
1995
1995
|
# Valid values: `nodejs10.x` \| `nodejs12.x` \| `java8` \| `java11` \|
|
|
1996
1996
|
# `python2.7` \| `python3.6` \| `python3.7` \| `python3.8` \|
|
|
@@ -2038,14 +2038,14 @@ module Aws::SecurityHub
|
|
|
2038
2038
|
# DB instance. The `Status` property returns one of the following
|
|
2039
2039
|
# values:
|
|
2040
2040
|
#
|
|
2041
|
-
# * `ACTIVE` -
|
|
2041
|
+
# * `ACTIVE` - The IAM role ARN is associated with the DB instance and
|
|
2042
2042
|
# can be used to access other AWS services on your behalf.
|
|
2043
2043
|
#
|
|
2044
|
-
# * `PENDING` -
|
|
2044
|
+
# * `PENDING` - The IAM role ARN is being associated with the DB
|
|
2045
2045
|
# instance.
|
|
2046
2046
|
#
|
|
2047
|
-
# * `INVALID` -
|
|
2048
|
-
#
|
|
2047
|
+
# * `INVALID` - The IAM role ARN is associated with the DB instance.
|
|
2048
|
+
# But the DB instance is unable to assume the IAM role in order to
|
|
2049
2049
|
# access other AWS services on your behalf.
|
|
2050
2050
|
# @return [String]
|
|
2051
2051
|
#
|
|
@@ -2419,7 +2419,7 @@ module Aws::SecurityHub
|
|
|
2419
2419
|
#
|
|
2420
2420
|
# @!attribute [rw] apply_server_side_encryption_by_default
|
|
2421
2421
|
# Specifies the default server-side encryption to apply to new objects
|
|
2422
|
-
# in the bucket. If a `PUT`
|
|
2422
|
+
# in the bucket. If a `PUT` object request doesn't specify any
|
|
2423
2423
|
# server-side encryption, this default encryption is applied.
|
|
2424
2424
|
# @return [Types::AwsS3BucketServerSideEncryptionByDefault]
|
|
2425
2425
|
#
|
|
@@ -2430,7 +2430,7 @@ module Aws::SecurityHub
|
|
|
2430
2430
|
include Aws::Structure
|
|
2431
2431
|
end
|
|
2432
2432
|
|
|
2433
|
-
# Details about an
|
|
2433
|
+
# Details about an Amazon S3 object.
|
|
2434
2434
|
#
|
|
2435
2435
|
# @note When making an API call, you may pass AwsS3ObjectDetails
|
|
2436
2436
|
# data as a hash:
|
|
@@ -2514,6 +2514,7 @@ module Aws::SecurityHub
|
|
|
2514
2514
|
# product: 1.0,
|
|
2515
2515
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
2516
2516
|
# normalized: 1,
|
|
2517
|
+
# original: "NonEmptyString",
|
|
2517
2518
|
# },
|
|
2518
2519
|
# confidence: 1,
|
|
2519
2520
|
# criticality: 1,
|
|
@@ -2964,6 +2965,12 @@ module Aws::SecurityHub
|
|
|
2964
2965
|
# compliance: {
|
|
2965
2966
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
2966
2967
|
# related_requirements: ["NonEmptyString"],
|
|
2968
|
+
# status_reasons: [
|
|
2969
|
+
# {
|
|
2970
|
+
# reason_code: "NonEmptyString", # required
|
|
2971
|
+
# description: "NonEmptyString",
|
|
2972
|
+
# },
|
|
2973
|
+
# ],
|
|
2967
2974
|
# },
|
|
2968
2975
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
|
2969
2976
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
|
@@ -3003,7 +3010,7 @@ module Aws::SecurityHub
|
|
|
3003
3010
|
# The identifier for the solution-specific component (a discrete unit
|
|
3004
3011
|
# of logic) that generated a finding. In various security-findings
|
|
3005
3012
|
# providers' solutions, this generator can be called a rule, a check,
|
|
3006
|
-
# a detector, a
|
|
3013
|
+
# a detector, a plugin, etc.
|
|
3007
3014
|
# @return [String]
|
|
3008
3015
|
#
|
|
3009
3016
|
# @!attribute [rw] aws_account_id
|
|
@@ -3772,7 +3779,7 @@ module Aws::SecurityHub
|
|
|
3772
3779
|
# The identifier for the solution-specific component (a discrete unit
|
|
3773
3780
|
# of logic) that generated a finding. In various security-findings
|
|
3774
3781
|
# providers' solutions, this generator can be called a rule, a check,
|
|
3775
|
-
# a detector, a
|
|
3782
|
+
# a detector, a plugin, etc.
|
|
3776
3783
|
# @return [Array<Types::StringFilter>]
|
|
3777
3784
|
#
|
|
3778
3785
|
# @!attribute [rw] type
|
|
@@ -4285,7 +4292,7 @@ module Aws::SecurityHub
|
|
|
4285
4292
|
# }
|
|
4286
4293
|
#
|
|
4287
4294
|
# @!attribute [rw] kms_master_key_id
|
|
4288
|
-
# The ID of an AWS
|
|
4295
|
+
# The ID of an AWS managed customer master key (CMK) for Amazon SNS or
|
|
4289
4296
|
# a custom CMK.
|
|
4290
4297
|
# @return [String]
|
|
4291
4298
|
#
|
|
@@ -4357,7 +4364,7 @@ module Aws::SecurityHub
|
|
|
4357
4364
|
# @return [Integer]
|
|
4358
4365
|
#
|
|
4359
4366
|
# @!attribute [rw] kms_master_key_id
|
|
4360
|
-
# The ID of an AWS
|
|
4367
|
+
# The ID of an AWS managed customer master key (CMK) for Amazon SQS or
|
|
4361
4368
|
# a custom CMK.
|
|
4362
4369
|
# @return [String]
|
|
4363
4370
|
#
|
|
@@ -4416,7 +4423,7 @@ module Aws::SecurityHub
|
|
|
4416
4423
|
# @return [String]
|
|
4417
4424
|
#
|
|
4418
4425
|
# @!attribute [rw] default_action
|
|
4419
|
-
# The action to perform if none of the
|
|
4426
|
+
# The action to perform if none of the rules contained in the WebACL
|
|
4420
4427
|
# match.
|
|
4421
4428
|
# @return [String]
|
|
4422
4429
|
#
|
|
@@ -4463,7 +4470,7 @@ module Aws::SecurityHub
|
|
|
4463
4470
|
#
|
|
4464
4471
|
# @!attribute [rw] action
|
|
4465
4472
|
# Specifies the action that CloudFront or AWS WAF takes when a web
|
|
4466
|
-
# request matches the conditions in the
|
|
4473
|
+
# request matches the conditions in the rule.
|
|
4467
4474
|
# @return [Types::WafAction]
|
|
4468
4475
|
#
|
|
4469
4476
|
# @!attribute [rw] excluded_rules
|
|
@@ -4491,15 +4498,15 @@ module Aws::SecurityHub
|
|
|
4491
4498
|
# @return [Types::WafOverrideAction]
|
|
4492
4499
|
#
|
|
4493
4500
|
# @!attribute [rw] priority
|
|
4494
|
-
# Specifies the order in which the
|
|
4495
|
-
# Rules with a lower value for Priority are evaluated before
|
|
4501
|
+
# Specifies the order in which the rules in a WebACL are evaluated.
|
|
4502
|
+
# Rules with a lower value for `Priority` are evaluated before rules
|
|
4496
4503
|
# with a higher value. The value must be a unique integer. If you add
|
|
4497
|
-
# multiple
|
|
4504
|
+
# multiple rules to a WebACL, the values do not need to be
|
|
4498
4505
|
# consecutive.
|
|
4499
4506
|
# @return [Integer]
|
|
4500
4507
|
#
|
|
4501
4508
|
# @!attribute [rw] rule_id
|
|
4502
|
-
# The identifier for a
|
|
4509
|
+
# The identifier for a rule.
|
|
4503
4510
|
# @return [String]
|
|
4504
4511
|
#
|
|
4505
4512
|
# @!attribute [rw] type
|
|
@@ -4607,6 +4614,7 @@ module Aws::SecurityHub
|
|
|
4607
4614
|
# product: 1.0,
|
|
4608
4615
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
4609
4616
|
# normalized: 1,
|
|
4617
|
+
# original: "NonEmptyString",
|
|
4610
4618
|
# },
|
|
4611
4619
|
# confidence: 1,
|
|
4612
4620
|
# criticality: 1,
|
|
@@ -5057,6 +5065,12 @@ module Aws::SecurityHub
|
|
|
5057
5065
|
# compliance: {
|
|
5058
5066
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
5059
5067
|
# related_requirements: ["NonEmptyString"],
|
|
5068
|
+
# status_reasons: [
|
|
5069
|
+
# {
|
|
5070
|
+
# reason_code: "NonEmptyString", # required
|
|
5071
|
+
# description: "NonEmptyString",
|
|
5072
|
+
# },
|
|
5073
|
+
# ],
|
|
5060
5074
|
# },
|
|
5061
5075
|
# verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
|
|
5062
5076
|
# workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
|
|
@@ -5293,27 +5307,8 @@ module Aws::SecurityHub
|
|
|
5293
5307
|
include Aws::Structure
|
|
5294
5308
|
end
|
|
5295
5309
|
|
|
5296
|
-
#
|
|
5297
|
-
#
|
|
5298
|
-
# AWS Foundations. Contains security standard-related finding details.
|
|
5299
|
-
#
|
|
5300
|
-
# Values include the following:
|
|
5301
|
-
#
|
|
5302
|
-
# * Allowed values are the following:
|
|
5303
|
-
#
|
|
5304
|
-
# * `PASSED` - Standards check passed for all evaluated resources.
|
|
5305
|
-
#
|
|
5306
|
-
# * `WARNING` - Some information is missing or this check is not
|
|
5307
|
-
# supported given your configuration.
|
|
5308
|
-
#
|
|
5309
|
-
# * `FAILED` - Standards check failed for at least one evaluated
|
|
5310
|
-
# resource.
|
|
5311
|
-
#
|
|
5312
|
-
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
|
5313
|
-
# outage, API error, or because the result of the AWS Config
|
|
5314
|
-
# evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
|
|
5315
|
-
# result was ` NOT_APPLICABLE`, then after 3 days, Security Hub
|
|
5316
|
-
# automatically archives the finding.
|
|
5310
|
+
# Contains finding details that are specific to control-based findings.
|
|
5311
|
+
# Only returned for findings generated from controls.
|
|
5317
5312
|
#
|
|
5318
5313
|
# @note When making an API call, you may pass Compliance
|
|
5319
5314
|
# data as a hash:
|
|
@@ -5321,21 +5316,57 @@ module Aws::SecurityHub
|
|
|
5321
5316
|
# {
|
|
5322
5317
|
# status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
|
|
5323
5318
|
# related_requirements: ["NonEmptyString"],
|
|
5319
|
+
# status_reasons: [
|
|
5320
|
+
# {
|
|
5321
|
+
# reason_code: "NonEmptyString", # required
|
|
5322
|
+
# description: "NonEmptyString",
|
|
5323
|
+
# },
|
|
5324
|
+
# ],
|
|
5324
5325
|
# }
|
|
5325
5326
|
#
|
|
5326
5327
|
# @!attribute [rw] status
|
|
5327
5328
|
# The result of a standards check.
|
|
5329
|
+
#
|
|
5330
|
+
# The valid values for `Status` are as follows.
|
|
5331
|
+
#
|
|
5332
|
+
# * * `PASSED` - Standards check passed for all evaluated resources.
|
|
5333
|
+
#
|
|
5334
|
+
# * `WARNING` - Some information is missing or this check is not
|
|
5335
|
+
# supported for your configuration.
|
|
5336
|
+
#
|
|
5337
|
+
# * `FAILED` - Standards check failed for at least one evaluated
|
|
5338
|
+
# resource.
|
|
5339
|
+
#
|
|
5340
|
+
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
|
5341
|
+
# outage, API error, or because the result of the AWS Config
|
|
5342
|
+
# evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
|
|
5343
|
+
# result was `NOT_APPLICABLE`, then after 3 days, Security Hub
|
|
5344
|
+
# automatically archives the finding.
|
|
5328
5345
|
# @return [String]
|
|
5329
5346
|
#
|
|
5330
5347
|
# @!attribute [rw] related_requirements
|
|
5331
|
-
#
|
|
5348
|
+
# For a control, the industry or regulatory framework requirements
|
|
5349
|
+
# that are related to the control. The check for that control is
|
|
5350
|
+
# aligned with these requirements.
|
|
5332
5351
|
# @return [Array<String>]
|
|
5333
5352
|
#
|
|
5353
|
+
# @!attribute [rw] status_reasons
|
|
5354
|
+
# For findings generated from controls, a list of reasons behind the
|
|
5355
|
+
# value of `Status`. For the list of status reason codes and their
|
|
5356
|
+
# meanings, see [Standards-related information in the ASFF][1] in the
|
|
5357
|
+
# *AWS Security Hub User Guide*.
|
|
5358
|
+
#
|
|
5359
|
+
#
|
|
5360
|
+
#
|
|
5361
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
|
|
5362
|
+
# @return [Array<Types::StatusReason>]
|
|
5363
|
+
#
|
|
5334
5364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
|
|
5335
5365
|
#
|
|
5336
5366
|
class Compliance < Struct.new(
|
|
5337
5367
|
:status,
|
|
5338
|
-
:related_requirements
|
|
5368
|
+
:related_requirements,
|
|
5369
|
+
:status_reasons)
|
|
5339
5370
|
include Aws::Structure
|
|
5340
5371
|
end
|
|
5341
5372
|
|
|
@@ -6607,7 +6638,7 @@ module Aws::SecurityHub
|
|
|
6607
6638
|
# }
|
|
6608
6639
|
#
|
|
6609
6640
|
# @!attribute [rw] tags
|
|
6610
|
-
# The tags to add to the
|
|
6641
|
+
# The tags to add to the hub resource when you enable Security Hub.
|
|
6611
6642
|
# @return [Hash<String,String>]
|
|
6612
6643
|
#
|
|
6613
6644
|
# @!attribute [rw] enable_default_standards
|
|
@@ -9291,7 +9322,7 @@ module Aws::SecurityHub
|
|
|
9291
9322
|
# @return [Types::AwsEc2InstanceDetails]
|
|
9292
9323
|
#
|
|
9293
9324
|
# @!attribute [rw] aws_ec2_network_interface
|
|
9294
|
-
# Details for an
|
|
9325
|
+
# Details for an Amazon EC2 network interface.
|
|
9295
9326
|
# @return [Types::AwsEc2NetworkInterfaceDetails]
|
|
9296
9327
|
#
|
|
9297
9328
|
# @!attribute [rw] aws_ec2_security_group
|
|
@@ -9307,7 +9338,7 @@ module Aws::SecurityHub
|
|
|
9307
9338
|
# @return [Types::AwsElasticsearchDomainDetails]
|
|
9308
9339
|
#
|
|
9309
9340
|
# @!attribute [rw] aws_s3_bucket
|
|
9310
|
-
# Details about an Amazon S3
|
|
9341
|
+
# Details about an Amazon S3 bucket related to a finding.
|
|
9311
9342
|
# @return [Types::AwsS3BucketDetails]
|
|
9312
9343
|
#
|
|
9313
9344
|
# @!attribute [rw] aws_s3_object
|
|
@@ -9335,7 +9366,7 @@ module Aws::SecurityHub
|
|
|
9335
9366
|
# @return [Types::AwsLambdaLayerVersionDetails]
|
|
9336
9367
|
#
|
|
9337
9368
|
# @!attribute [rw] aws_rds_db_instance
|
|
9338
|
-
# Details for an RDS database instance.
|
|
9369
|
+
# Details for an Amazon RDS database instance.
|
|
9339
9370
|
# @return [Types::AwsRdsDbInstanceDetails]
|
|
9340
9371
|
#
|
|
9341
9372
|
# @!attribute [rw] aws_sns_topic
|
|
@@ -9438,9 +9469,13 @@ module Aws::SecurityHub
|
|
|
9438
9469
|
# product: 1.0,
|
|
9439
9470
|
# label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
|
|
9440
9471
|
# normalized: 1,
|
|
9472
|
+
# original: "NonEmptyString",
|
|
9441
9473
|
# }
|
|
9442
9474
|
#
|
|
9443
9475
|
# @!attribute [rw] product
|
|
9476
|
+
# Deprecated. This attribute is being deprecated. Instead of providing
|
|
9477
|
+
# `Product`, provide `Original`.
|
|
9478
|
+
#
|
|
9444
9479
|
# The native severity as defined by the AWS service or integrated
|
|
9445
9480
|
# partner product that generated the finding.
|
|
9446
9481
|
# @return [Float]
|
|
@@ -9479,12 +9514,18 @@ module Aws::SecurityHub
|
|
|
9479
9514
|
# * 90–100 - `CRITICAL`
|
|
9480
9515
|
# @return [Integer]
|
|
9481
9516
|
#
|
|
9517
|
+
# @!attribute [rw] original
|
|
9518
|
+
# The native severity from the finding product that generated the
|
|
9519
|
+
# finding.
|
|
9520
|
+
# @return [String]
|
|
9521
|
+
#
|
|
9482
9522
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
|
|
9483
9523
|
#
|
|
9484
9524
|
class Severity < Struct.new(
|
|
9485
9525
|
:product,
|
|
9486
9526
|
:label,
|
|
9487
|
-
:normalized
|
|
9527
|
+
:normalized,
|
|
9528
|
+
:original)
|
|
9488
9529
|
include Aws::Structure
|
|
9489
9530
|
end
|
|
9490
9531
|
|
|
@@ -9734,6 +9775,38 @@ module Aws::SecurityHub
|
|
|
9734
9775
|
include Aws::Structure
|
|
9735
9776
|
end
|
|
9736
9777
|
|
|
9778
|
+
# Provides additional context for the value of `Compliance.Status`.
|
|
9779
|
+
#
|
|
9780
|
+
# @note When making an API call, you may pass StatusReason
|
|
9781
|
+
# data as a hash:
|
|
9782
|
+
#
|
|
9783
|
+
# {
|
|
9784
|
+
# reason_code: "NonEmptyString", # required
|
|
9785
|
+
# description: "NonEmptyString",
|
|
9786
|
+
# }
|
|
9787
|
+
#
|
|
9788
|
+
# @!attribute [rw] reason_code
|
|
9789
|
+
# A code that represents a reason for the control status. For the list
|
|
9790
|
+
# of status reason codes and their meanings, see [Standards-related
|
|
9791
|
+
# information in the ASFF][1] in the *AWS Security Hub User Guide*.
|
|
9792
|
+
#
|
|
9793
|
+
#
|
|
9794
|
+
#
|
|
9795
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
|
|
9796
|
+
# @return [String]
|
|
9797
|
+
#
|
|
9798
|
+
# @!attribute [rw] description
|
|
9799
|
+
# The corresponding description for the status reason code.
|
|
9800
|
+
# @return [String]
|
|
9801
|
+
#
|
|
9802
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatusReason AWS API Documentation
|
|
9803
|
+
#
|
|
9804
|
+
class StatusReason < Struct.new(
|
|
9805
|
+
:reason_code,
|
|
9806
|
+
:description)
|
|
9807
|
+
include Aws::Structure
|
|
9808
|
+
end
|
|
9809
|
+
|
|
9737
9810
|
# A string filter for querying findings.
|
|
9738
9811
|
#
|
|
9739
9812
|
# @note When making an API call, you may pass StringFilter
|
|
@@ -11127,7 +11200,7 @@ module Aws::SecurityHub
|
|
|
11127
11200
|
class UpdateStandardsControlResponse < Aws::EmptyStructure; end
|
|
11128
11201
|
|
|
11129
11202
|
# Details about the action that CloudFront or AWS WAF takes when a web
|
|
11130
|
-
# request matches the conditions in the
|
|
11203
|
+
# request matches the conditions in the rule.
|
|
11131
11204
|
#
|
|
11132
11205
|
# @note When making an API call, you may pass WafAction
|
|
11133
11206
|
# data as a hash:
|
|
@@ -11138,7 +11211,7 @@ module Aws::SecurityHub
|
|
|
11138
11211
|
#
|
|
11139
11212
|
# @!attribute [rw] type
|
|
11140
11213
|
# Specifies how you want AWS WAF to respond to requests that match the
|
|
11141
|
-
# settings in a
|
|
11214
|
+
# settings in a rule.
|
|
11142
11215
|
#
|
|
11143
11216
|
# Valid settings include the following:
|
|
11144
11217
|
#
|
|
@@ -11191,7 +11264,7 @@ module Aws::SecurityHub
|
|
|
11191
11264
|
#
|
|
11192
11265
|
# @!attribute [rw] type
|
|
11193
11266
|
# `COUNT` overrides the action specified by the individual rule within
|
|
11194
|
-
# a RuleGroup .
|
|
11267
|
+
# a `RuleGroup` .
|
|
11195
11268
|
#
|
|
11196
11269
|
# If set to `NONE`, the rule's action takes place.
|
|
11197
11270
|
# @return [String]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-securityhub
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.25.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|