@aws-sdk/client-securityhub 3.350.0 → 3.352.0

package/dist-types/models/models_2.d.ts

@@ -1,7 +1,245 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client";
-import { AccountDetails, ActionTarget, AdminAccount, AssociationStatus, AutoEnableStandards } from "./models_0";
-import { AwsSecurityFinding, AwsSecurityFindingFilters, AwsSecurityFindingIdentifier, RecordState, RelatedFinding, SeverityLabel, StandardsSubscription, VerificationState, WorkflowStatus } from "./models_1";
+import { AccountDetails, ActionTarget, AdminAccount, AssociationStatus, AutoEnableStandards, AutomationRulesAction, AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, NoteUpdate, RelatedFinding, RuleStatus, SeverityUpdate, VerificationState, WorkflowUpdate } from "./models_0";
+import { AwsSecurityFinding, AwsSecurityFindingFilters, RecordState } from "./models_1";
 import { SecurityHubServiceException as __BaseException } from "./SecurityHubServiceException";
+/**
+ * @public
+ * <p>Identifies which finding to get the finding history for.</p>
+ */
+export interface AwsSecurityFindingIdentifier {
+    /**
+     * <p>The identifier of the finding that was specified by the finding provider.</p>
+     */
+    Id: string | undefined;
+    /**
+     * <p>The ARN generated by Security Hub that uniquely identifies a product that generates findings.
+     *          This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for
+     *          a custom integration.</p>
+     */
+    ProductArn: string | undefined;
+}
+/**
+ * @public
+ */
+export interface BatchDeleteAutomationRulesRequest {
+    /**
+     * <p>
+     *          A list of Amazon Resource Names (ARNs) for the rules that are to be deleted.
+     *       </p>
+     */
+    AutomationRulesArns: string[] | undefined;
+}
+/**
+ * @public
+ * <p>
+ *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
+ *          tells you which automation rules the request didn't process and why.
+ *       </p>
+ */
+export interface UnprocessedAutomationRule {
+    /**
+     * <p>
+     *          The Amazon Resource Name (ARN) for the unprocessed automation rule.
+     *       </p>
+     */
+    RuleArn?: string;
+    /**
+     * <p>
+     *          The error code associated with the unprocessed automation rule.
+     *       </p>
+     */
+    ErrorCode?: number;
+    /**
+     * <p>
+     *          An error message describing why a request didn't process a specific rule.
+     *       </p>
+     */
+    ErrorMessage?: string;
+}
+/**
+ * @public
+ */
+export interface BatchDeleteAutomationRulesResponse {
+    /**
+     * <p>
+     *          A list of properly processed rule ARNs.
+     *       </p>
+     */
+    ProcessedAutomationRules?: string[];
+    /**
+     * <p>
+     *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
+     *          tells you which automation rules the request didn't delete and why.
+     *       </p>
+     */
+    UnprocessedAutomationRules?: UnprocessedAutomationRule[];
+}
+/**
+ * @public
+ */
+export interface BatchDisableStandardsRequest {
+    /**
+     * <p>The ARNs of the standards subscriptions to disable.</p>
+     */
+    StandardsSubscriptionArns: string[] | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const StandardsStatus: {
+    readonly DELETING: "DELETING";
+    readonly FAILED: "FAILED";
+    readonly INCOMPLETE: "INCOMPLETE";
+    readonly PENDING: "PENDING";
+    readonly READY: "READY";
+};
+/**
+ * @public
+ */
+export type StandardsStatus = (typeof StandardsStatus)[keyof typeof StandardsStatus];
+/**
+ * @public
+ * @enum
+ */
+export declare const StatusReasonCode: {
+    readonly INTERNAL_ERROR: "INTERNAL_ERROR";
+    readonly NO_AVAILABLE_CONFIGURATION_RECORDER: "NO_AVAILABLE_CONFIGURATION_RECORDER";
+};
+/**
+ * @public
+ */
+export type StatusReasonCode = (typeof StatusReasonCode)[keyof typeof StatusReasonCode];
+/**
+ * @public
+ * <p>The reason for the current status of a standard subscription.</p>
+ */
+export interface StandardsStatusReason {
+    /**
+     * <p>The reason code that represents the reason for the current status of a standard subscription.</p>
+     */
+    StatusReasonCode: StatusReasonCode | string | undefined;
+}
+/**
+ * @public
+ * <p>A resource that represents your subscription to a supported standard.</p>
+ */
+export interface StandardsSubscription {
+    /**
+     * <p>The ARN of a resource that represents your subscription to a supported standard.</p>
+     */
+    StandardsSubscriptionArn: string | undefined;
+    /**
+     * <p>The ARN of a standard.</p>
+     */
+    StandardsArn: string | undefined;
+    /**
+     * <p>A key-value pair of input for the standard.</p>
+     */
+    StandardsInput: Record<string, string> | undefined;
+    /**
+     * <p>The status of the standard subscription.</p>
+     *          <p>The status values are as follows:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>PENDING</code> - Standard is in the process of being enabled.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READY</code> - Standard is enabled.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>INCOMPLETE</code> - Standard could not be enabled completely. Some controls may not be available.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DELETING</code> - Standard is in the process of being disabled.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>FAILED</code> - Standard could not be disabled.</p>
+     *             </li>
+     *          </ul>
+     */
+    StandardsStatus: StandardsStatus | string | undefined;
+    /**
+     * <p>The reason for the current status.</p>
+     */
+    StandardsStatusReason?: StandardsStatusReason;
+}
+/**
+ * @public
+ */
+export interface BatchDisableStandardsResponse {
+    /**
+     * <p>The details of the standards subscriptions that were disabled.</p>
+     */
+    StandardsSubscriptions?: StandardsSubscription[];
+}
+/**
+ * @public
+ * <p>The standard that you want to enable.</p>
+ */
+export interface StandardsSubscriptionRequest {
+    /**
+     * <p>The ARN of the standard that you want to enable. To view the list of available standards
+     *          and their ARNs, use the <code>DescribeStandards</code> operation.</p>
+     */
+    StandardsArn: string | undefined;
+    /**
+     * <p>A key-value pair of input for the standard.</p>
+     */
+    StandardsInput?: Record<string, string>;
+}
+/**
+ * @public
+ */
+export interface BatchEnableStandardsRequest {
+    /**
+     * <p>The list of standards checks to enable.</p>
+     */
+    StandardsSubscriptionRequests: StandardsSubscriptionRequest[] | undefined;
+}
+/**
+ * @public
+ */
+export interface BatchEnableStandardsResponse {
+    /**
+     * <p>The details of the standards subscriptions that were enabled.</p>
+     */
+    StandardsSubscriptions?: StandardsSubscription[];
+}
+/**
+ * @public
+ */
+export interface BatchGetAutomationRulesRequest {
+    /**
+     * <p>
+     *          A list of rule ARNs to get details for.
+     *       </p>
+     */
+    AutomationRulesArns: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface BatchGetAutomationRulesResponse {
+    /**
+     * <p>
+     *          A list of rule details for the provided rule ARNs.
+     *       </p>
+     */
+    Rules?: AutomationRulesConfig[];
+    /**
+     * <p>
+     *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
+     *          tells you which automation rules the request didn't retrieve and why.
+     *       </p>
+     */
+    UnprocessedAutomationRules?: UnprocessedAutomationRule[];
+}
 /**
  * @public
  */
@@ -343,129 +581,98 @@ export interface BatchImportFindingsResponse {
 }
 /**
  * @public
- * <p>The updated note.</p>
+ * <p>
+ *          Specifies the parameters to update in an existing automation rule.
+ *       </p>
  */
-export interface NoteUpdate {
+export interface UpdateAutomationRulesRequestItem {
     /**
-     * <p>The updated note text.</p>
+     * <p>
+     *          The Amazon Resource Name (ARN) for the rule.
+     *       </p>
      */
-    Text: string | undefined;
+    RuleArn: string | undefined;
     /**
-     * <p>The principal that updated the note.</p>
+     * <p>
+     *          Whether the rule is active after it is created. If
+     *          this parameter is equal to <code>ENABLED</code>, Security Hub will apply the rule to findings
+     *          and finding updates after the rule is created. To change the value of this
+     *          parameter after creating a rule, use <code>BatchUpdateAutomationRules</code>.
+     *       </p>
      */
-    UpdatedBy: string | undefined;
-}
-/**
- * @public
- * <p>Updates to the severity information for a finding.</p>
- */
-export interface SeverityUpdate {
+    RuleStatus?: RuleStatus | string;
     /**
-     * <p>The normalized severity for the finding. This attribute is to be deprecated in favor of
-     *             <code>Label</code>.</p>
-     *          <p>If you provide <code>Normalized</code> and do not provide <code>Label</code>,
-     *             <code>Label</code> is set automatically as follows.</p>
-     *          <ul>
-     *             <li>
-     *                <p>0 - <code>INFORMATIONAL</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>1–39 - <code>LOW</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>40–69 - <code>MEDIUM</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>70–89 - <code>HIGH</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>90–100 - <code>CRITICAL</code>
-     *                </p>
-     *             </li>
-     *          </ul>
+     * <p> An integer ranging from 1 to 1000 that represents the order in which the rule action is
+     *          applied to findings. Security Hub applies rules with lower values for this parameter
+     *          first. </p>
      */
-    Normalized?: number;
+    RuleOrder?: number;
     /**
-     * <p>The native severity as defined by the Amazon Web Services service or integrated partner product that
-     *          generated the finding.</p>
+     * <p>
+     *          A description of the rule.
+     *       </p>
      */
-    Product?: number;
+    Description?: string;
     /**
-     * <p>The severity value of the finding. The allowed values are the following.</p>
-     *          <ul>
-     *             <li>
-     *                <p>
-     *                   <code>INFORMATIONAL</code> - No issue was found.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>LOW</code> - The issue does not require action on its own.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>MEDIUM</code> - The issue must be addressed but not urgently.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>HIGH</code> - The issue must be addressed as a priority.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>CRITICAL</code> - The issue must be remediated immediately to avoid it
-     *                escalating.</p>
-     *             </li>
-     *          </ul>
+     * <p>
+     *          The name of the rule.
+     *       </p>
+     */
+    RuleName?: string;
+    /**
+     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful
+     *             when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this
+     *             field is set to <code>true</code> for a rule, Security Hub applies the rule action to a finding that matches
+     *             the rule criteria and won't evaluate other rules for the finding.
+   The default value of this field is <code>false</code>.
+     *         </p>
      */
-    Label?: SeverityLabel | string;
+    IsTerminal?: boolean;
+    /**
+     * <p>
+     *          A set of ASFF finding field attributes and corresponding expected values that
+     *          Security Hub uses to filter findings. If a finding matches the conditions specified in
+     *          this parameter, Security Hub applies the rule action to the finding.
+     *       </p>
+     */
+    Criteria?: AutomationRulesFindingFilters;
+    /**
+     * <p>
+     *          One or more actions to update finding fields if a finding matches the conditions
+     *          specified in <code>Criteria</code>.
+     *       </p>
+     */
+    Actions?: AutomationRulesAction[];
 }
 /**
  * @public
- * <p>Used to update information about the investigation into the finding.</p>
  */
-export interface WorkflowUpdate {
+export interface BatchUpdateAutomationRulesRequest {
     /**
-     * <p>The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to <code>SUPPRESSED</code> or <code>RESOLVED</code> does not prevent a new finding for the same issue.</p>
-     *          <p>The allowed values are the following.</p>
-     *          <ul>
-     *             <li>
-     *                <p>
-     *                   <code>NEW</code> - The initial state of a finding, before it is reviewed.</p>
-     *                <p>Security Hub also resets <code>WorkFlowStatus</code> from <code>NOTIFIED</code> or
-     *                   <code>RESOLVED</code> to <code>NEW</code> in the following cases:</p>
-     *                <ul>
-     *                   <li>
-     *                      <p>The record state changes from <code>ARCHIVED</code> to
-     *                      <code>ACTIVE</code>.</p>
-     *                   </li>
-     *                   <li>
-     *                      <p>The compliance status changes from <code>PASSED</code> to either
-     *                         <code>WARNING</code>, <code>FAILED</code>, or
-     *                      <code>NOT_AVAILABLE</code>.</p>
-     *                   </li>
-     *                </ul>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>NOTIFIED</code> - Indicates that you notified the resource owner about the
-     *                security issue. Used when the initial reviewer is not the resource owner, and needs
-     *                intervention from the resource owner.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>RESOLVED</code> - The finding was reviewed and remediated and is now
-     *                considered resolved.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>SUPPRESSED</code> - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.</p>
-     *             </li>
-     *          </ul>
+     * <p>
+     *          An array of ARNs for the rules that are to be updated. Optionally, you can also include
+     *          <code>RuleStatus</code> and <code>RuleOrder</code>.
+     *       </p>
      */
-    Status?: WorkflowStatus | string;
+    UpdateAutomationRulesRequestItems: UpdateAutomationRulesRequestItem[] | undefined;
+}
+/**
+ * @public
+ */
+export interface BatchUpdateAutomationRulesResponse {
+    /**
+     * <p>
+     *          A list of properly processed rule ARNs.
+     *       </p>
+     */
+    ProcessedAutomationRules?: string[];
+    /**
+     * <p>
+     *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
+     *          tells you which automation rules the request didn't update and why.
+     *       </p>
+     */
+    UnprocessedAutomationRules?: UnprocessedAutomationRule[];
 }
 /**
  * @public
@@ -782,6 +989,78 @@ export declare class ResourceConflictException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<ResourceConflictException, __BaseException>);
 }
+/**
+ * @public
+ */
+export interface CreateAutomationRuleRequest {
+    /**
+     * <p>
+     *             User-defined tags that help you label the purpose of a rule.
+     *         </p>
+     */
+    Tags?: Record<string, string>;
+    /**
+     * <p>
+     *          Whether the rule is active after it is created. If
+     *          this parameter is equal to <code>Enabled</code>, Security Hub will apply the rule to findings
+     *          and finding updates after the rule is created. To change the value of this
+     *          parameter after creating a rule, use <code>BatchUpdateAutomationRules</code>.
+     *       </p>
+     */
+    RuleStatus?: RuleStatus | string;
+    /**
+     * <p>An integer ranging from 1 to 1000 that represents the order in which the rule action is
+     *          applied to findings. Security Hub applies rules with lower values for this parameter
+     *          first. </p>
+     */
+    RuleOrder: number | undefined;
+    /**
+     * <p>
+     *          The name of the rule.
+     *       </p>
+     */
+    RuleName: string | undefined;
+    /**
+     * <p>
+     *          A description of the rule.
+     *       </p>
+     */
+    Description: string | undefined;
+    /**
+     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
+     *             matches the criteria for multiple rules, and each rule has different actions. If the value of this field is
+     *             set to <code>true</code> for a rule, Security Hub applies the rule action to a finding that matches
+     *             the rule criteria and won't evaluate other rules for the finding. The default value of this field is <code>false</code>.
+     *         </p>
+     */
+    IsTerminal?: boolean;
+    /**
+     * <p>
+     *          A set of ASFF finding field attributes and corresponding expected values that
+     *          Security Hub uses to filter findings. If a finding matches the conditions specified in
+     *          this parameter, Security Hub applies the rule action to the finding.
+     *       </p>
+     */
+    Criteria: AutomationRulesFindingFilters | undefined;
+    /**
+     * <p>
+     *          One or more actions to update finding fields if a finding matches the conditions
+     *          specified in <code>Criteria</code>.
+     *       </p>
+     */
+    Actions: AutomationRulesAction[] | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateAutomationRuleResponse {
+    /**
+     * <p>
+     *          The Amazon Resource Name (ARN) of the automation rule that you created.
+     *       </p>
+     */
+    RuleArn?: string;
+}
 /**
  * @public
  */
@@ -2169,6 +2448,42 @@ export interface InviteMembersResponse {
      */
     UnprocessedAccounts?: Result[];
 }
+/**
+ * @public
+ */
+export interface ListAutomationRulesRequest {
+    /**
+     * <p>
+     *          A token to specify where to start paginating the response. This is the <code>NextToken</code>
+     *          from a previously truncated response. On your first call to the <code>ListAutomationRules</code>
+     *          API, set the value of this parameter to <code>NULL</code>.
+     *       </p>
+     */
+    NextToken?: string;
+    /**
+     * <p> The maximum number of rules to return in the response. This currently ranges from 1 to
+     *          100. </p>
+     */
+    MaxResults?: number;
+}
+/**
+ * @public
+ */
+export interface ListAutomationRulesResponse {
+    /**
+     * <p>
+     *          Metadata for rules in the calling account. The response includes rules with a
+     *          <code>RuleStatus</code> of <code>ENABLED</code> and <code>DISABLED</code>.
+     *       </p>
+     */
+    AutomationRulesMetadata?: AutomationRulesMetadata[];
+    /**
+     * <p>
+     *          A pagination token for the response.
+     *       </p>
+     */
+    NextToken?: string;
+}
 /**
  * @public
  */