npm - @aws-sdk/client-securityhub - Versions diffs - 3.370.0 → 3.378.0 - Mend

@aws-sdk/client-securityhub 3.370.0 → 3.378.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist-cjs/models/models_0.js +4 -0
package/dist-cjs/protocols/Aws_restJson1.js +2 -0
package/dist-es/models/models_0.js +4 -0
package/dist-es/protocols/Aws_restJson1.js +2 -0
package/dist-types/commands/BatchGetAutomationRulesCommand.d.ts +8 -8
package/dist-types/commands/BatchImportFindingsCommand.d.ts +19 -0
package/dist-types/commands/BatchUpdateAutomationRulesCommand.d.ts +8 -8
package/dist-types/commands/CreateAutomationRuleCommand.d.ts +8 -8
package/dist-types/commands/CreateInsightCommand.d.ts +9 -9
package/dist-types/commands/GetFindingsCommand.d.ts +28 -9
package/dist-types/commands/GetInsightsCommand.d.ts +9 -9
package/dist-types/commands/UpdateFindingsCommand.d.ts +9 -9
package/dist-types/commands/UpdateInsightCommand.d.ts +9 -9
package/dist-types/models/models_0.d.ts +199 -183
package/dist-types/models/models_1.d.ts +147 -779
package/dist-types/models/models_2.d.ts +785 -10
package/dist-types/ts3.4/models/models_0.d.ts +20 -19
package/dist-types/ts3.4/models/models_1.d.ts +28 -159
package/dist-types/ts3.4/models/models_2.d.ts +172 -2
package/package.json +35 -35

package/dist-types/models/models_2.d.ts CHANGED Viewed

@@ -1,7 +1,785 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { AccountDetails, ActionTarget, AdminAccount, AssociationStatus, AutoEnableStandards, AutomationRulesAction, AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, NoteUpdate, RelatedFinding, RuleStatus, SeverityUpdate, VerificationState, WorkflowUpdate } from "./models_0";
-import { AwsSecurityFinding, AwsSecurityFindingFilters, RecordState } from "./models_1";
+import { AccountDetails, Action, ActionTarget, AdminAccount, AssociationStatus, AutoEnableStandards, AutomationRulesAction, AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, DateFilter, MapFilter, NoteUpdate, NumberFilter, RelatedFinding, RuleStatus, SeverityUpdate, StringFilter, VerificationState, WorkflowUpdate } from "./models_0";
+import { Compliance, FindingProviderFields, Malware, Network, NetworkPathComponent, Note, PatchSummary, ProcessDetails, RecordState, Remediation, Resource, Severity, Threat, ThreatIntelIndicator, Vulnerability, Workflow, WorkflowState } from "./models_1";
 import { SecurityHubServiceException as __BaseException } from "./SecurityHubServiceException";
+/**
+ * @public
+ * <p>Provides a consistent format for Security Hub findings.
+ *          <code>AwsSecurityFinding</code> format allows you to share findings between Amazon Web Services
+ *          security services and third-party solutions.</p>
+ *          <note>
+ *             <p>A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party
+ *             solutions and standards checks.</p>
+ *          </note>
+ */
+export interface AwsSecurityFinding {
+    /**
+     * <p>The schema version that a finding is formatted for.</p>
+     */
+    SchemaVersion: string | undefined;
+    /**
+     * <p>The security findings provider-specific identifier for a finding.</p>
+     */
+    Id: string | undefined;
+    /**
+     * <p>The ARN generated by Security Hub that uniquely identifies a product that generates findings.
+     *          This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for
+     *          a custom integration.</p>
+     */
+    ProductArn: string | undefined;
+    /**
+     * <p>The name of the product that generated the finding.</p>
+     *          <p>Security Hub populates this attribute automatically for each finding. You cannot update this attribute with <code>BatchImportFindings</code> or <code>BatchUpdateFindings</code>. The exception to this is a custom integration.</p>
+     *          <p>When you use the Security Hub console or API to filter findings by product name, you use this attribute.</p>
+     */
+    ProductName?: string;
+    /**
+     * <p>The name of the company for the product that generated the finding.</p>
+     *          <p>Security Hub populates this attribute automatically for each finding. You cannot update this attribute with <code>BatchImportFindings</code> or <code>BatchUpdateFindings</code>. The exception to this is a custom integration.</p>
+     *          <p>When you use the Security Hub console or API to filter findings by company name, you use this attribute.</p>
+     */
+    CompanyName?: string;
+    /**
+     * <p>The Region from which the finding was generated.</p>
+     *          <p>Security Hub populates this attribute automatically for each finding. You cannot update it using <code>BatchImportFindings</code> or <code>BatchUpdateFindings</code>.</p>
+     */
+    Region?: string;
+    /**
+     * <p>The identifier for the solution-specific component (a discrete unit of logic) that
+     *          generated a finding. In various security findings providers' solutions, this generator can
+     *          be called a rule, a check, a detector, a plugin, etc. </p>
+     */
+    GeneratorId: string | undefined;
+    /**
+     * <p>The Amazon Web Services account ID that a finding is generated in.</p>
+     */
+    AwsAccountId: string | undefined;
+    /**
+     * <p>One or more finding types in the format of <code>namespace/category/classifier</code>
+     *          that classify a finding.</p>
+     *          <p>Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual
+     *          Behaviors | Sensitive Data Identifications</p>
+     */
+    Types?: string[];
+    /**
+     * <p>Indicates when the security findings provider first observed the potential security
+     *          issue that a finding captured.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
+     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
+     */
+    FirstObservedAt?: string;
+    /**
+     * <p>Indicates when the security findings provider most recently observed the potential
+     *          security issue that a finding captured.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
+     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
+     */
+    LastObservedAt?: string;
+    /**
+     * <p>Indicates when the security findings provider created the potential security issue that
+     *          a finding captured.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
+     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
+     */
+    CreatedAt: string | undefined;
+    /**
+     * <p>Indicates when the security findings provider last updated the finding record.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
+     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
+     */
+    UpdatedAt: string | undefined;
+    /**
+     * <p>A finding's severity.</p>
+     */
+    Severity?: Severity;
+    /**
+     * <p>A finding's confidence. Confidence is defined as the likelihood that a finding
+     *          accurately identifies the behavior or issue that it was intended to identify.</p>
+     *          <p>Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent
+     *          confidence and 100 means 100 percent confidence.</p>
+     */
+    Confidence?: number;
+    /**
+     * <p>The level of importance assigned to the resources associated with the finding.</p>
+     *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
+     *          is reserved for the most critical resources.</p>
+     */
+    Criticality?: number;
+    /**
+     * <p>A finding's title.</p>
+     *          <note>
+     *             <p>In this release, <code>Title</code> is a required property.</p>
+     *          </note>
+     */
+    Title: string | undefined;
+    /**
+     * <p>A finding's description.</p>
+     *          <note>
+     *             <p>In this release, <code>Description</code> is a required property.</p>
+     *          </note>
+     */
+    Description: string | undefined;
+    /**
+     * <p>A data type that describes the remediation options for a finding.</p>
+     */
+    Remediation?: Remediation;
+    /**
+     * <p>A URL that links to a page about the current finding in the security findings provider's
+     *          solution.</p>
+     */
+    SourceUrl?: string;
+    /**
+     * <p>A data type where security findings providers can include additional solution-specific
+     *          details that aren't part of the defined <code>AwsSecurityFinding</code> format.</p>
+     *          <p>Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.</p>
+     */
+    ProductFields?: Record<string, string>;
+    /**
+     * <p>A list of name/value string pairs associated with the finding. These are custom,
+     *          user-defined fields added to a finding. </p>
+     */
+    UserDefinedFields?: Record<string, string>;
+    /**
+     * <p>A list of malware related to a finding.</p>
+     */
+    Malware?: Malware[];
+    /**
+     * <p>The details of network-related information about a finding.</p>
+     */
+    Network?: Network;
+    /**
+     * <p>Provides information about a network path that is relevant to a finding. Each entry
+     *          under <code>NetworkPath</code> represents a component of that path.</p>
+     */
+    NetworkPath?: NetworkPathComponent[];
+    /**
+     * <p>The details of process-related information about a finding.</p>
+     */
+    Process?: ProcessDetails;
+    /**
+     * <p>Details about the threat detected in a security finding and the file paths that were affected by the threat.
+     *       </p>
+     */
+    Threats?: Threat[];
+    /**
+     * <p>Threat intelligence details related to a finding.</p>
+     */
+    ThreatIntelIndicators?: ThreatIntelIndicator[];
+    /**
+     * <p>A set of resource data types that describe the resources that the finding refers
+     *          to.</p>
+     */
+    Resources: Resource[] | undefined;
+    /**
+     * <p>This data type is exclusive to findings that are generated as the result of a check run
+     *          against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations.
+     *          Contains security standard-related finding details.</p>
+     */
+    Compliance?: Compliance;
+    /**
+     * <p>Indicates the veracity of a finding. </p>
+     */
+    VerificationState?: VerificationState | string;
+    /**
+     * @deprecated
+     *
+     * <p>The workflow state of a finding. </p>
+     */
+    WorkflowState?: WorkflowState | string;
+    /**
+     * <p>Provides information about the status of the investigation into a finding.</p>
+     */
+    Workflow?: Workflow;
+    /**
+     * <p>The record state of a finding.</p>
+     */
+    RecordState?: RecordState | string;
+    /**
+     * <p>A list of related findings.</p>
+     */
+    RelatedFindings?: RelatedFinding[];
+    /**
+     * <p>A user-defined note added to a finding.</p>
+     */
+    Note?: Note;
+    /**
+     * <p>Provides a list of vulnerabilities associated with the findings.</p>
+     */
+    Vulnerabilities?: Vulnerability[];
+    /**
+     * <p>Provides an overview of the patch compliance status for an instance against a selected
+     *          compliance standard.</p>
+     */
+    PatchSummary?: PatchSummary;
+    /**
+     * <p>Provides details about an action that affects or that was taken on a resource.</p>
+     */
+    Action?: Action;
+    /**
+     * <p>In a <code>BatchImportFindings</code> request, finding providers use <code>FindingProviderFields</code> to provide and update their own values for confidence, criticality, related findings, severity, and types.</p>
+     */
+    FindingProviderFields?: FindingProviderFields;
+    /**
+     * <p>Indicates whether the finding is a sample finding.</p>
+     */
+    Sample?: boolean;
+}
+/**
+ * @public
+ * <p>A keyword filter for querying findings.</p>
+ */
+export interface KeywordFilter {
+    /**
+     * <p>A value for the keyword.</p>
+     */
+    Value?: string;
+}
+/**
+ * @public
+ * <p>The IP filter for querying findings.</p>
+ */
+export interface IpFilter {
+    /**
+     * <p>A finding's CIDR value.</p>
+     */
+    Cidr?: string;
+}
+/**
+ * @public
+ * <p>Boolean filter for querying findings.</p>
+ */
+export interface BooleanFilter {
+    /**
+     * <p>The value of the boolean.</p>
+     */
+    Value?: boolean;
+}
+/**
+ * @public
+ * <p>A collection of attributes that are applied to all active Security Hub-aggregated findings and
+ *          that result in a subset of findings that are included in this insight.</p>
+ *          <p>You can filter by up to 10 finding attributes. For each attribute, you can provide up to
+ *          20 filter values.</p>
+ */
+export interface AwsSecurityFindingFilters {
+    /**
+     * <p>The ARN generated by Security Hub that uniquely identifies a third-party company
+     *          (security findings provider) after this provider's product (solution that generates
+     *          findings) is registered with Security Hub.</p>
+     */
+    ProductArn?: StringFilter[];
+    /**
+     * <p>The Amazon Web Services account ID that a finding is generated in.</p>
+     */
+    AwsAccountId?: StringFilter[];
+    /**
+     * <p>The security findings provider-specific identifier for a finding.</p>
+     */
+    Id?: StringFilter[];
+    /**
+     * <p>The identifier for the solution-specific component (a discrete unit of logic) that
+     *          generated a finding. In various security findings providers' solutions, this generator can
+     *          be called a rule, a check, a detector, a plugin, etc.</p>
+     */
+    GeneratorId?: StringFilter[];
+    /**
+     * <p>The Region from which the finding was generated.</p>
+     */
+    Region?: StringFilter[];
+    /**
+     * <p>A finding type in the format of <code>namespace/category/classifier</code> that
+     *          classifies a finding.</p>
+     */
+    Type?: StringFilter[];
+    /**
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider first
+     *          observed the potential security issue that a finding captured.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    FirstObservedAt?: DateFilter[];
+    /**
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider most
+     *          recently observed the potential security issue that a finding captured.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    LastObservedAt?: DateFilter[];
+    /**
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider
+     *          captured the potential security issue that a finding captured.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    CreatedAt?: DateFilter[];
+    /**
+     * <p>An ISO8601-formatted timestamp that indicates when the security findings provider last
+     *          updated the finding record. </p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    UpdatedAt?: DateFilter[];
+    /**
+     * @deprecated
+     *
+     * <p>The native severity as defined by the security findings provider's solution that
+     *          generated the finding.</p>
+     */
+    SeverityProduct?: NumberFilter[];
+    /**
+     * @deprecated
+     *
+     * <p>The normalized severity of a finding.</p>
+     */
+    SeverityNormalized?: NumberFilter[];
+    /**
+     * <p>The label of a finding's severity.</p>
+     */
+    SeverityLabel?: StringFilter[];
+    /**
+     * <p>A finding's confidence. Confidence is defined as the likelihood that a finding
+     *          accurately identifies the behavior or issue that it was intended to identify.</p>
+     *          <p>Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent
+     *          confidence and 100 means 100 percent confidence.</p>
+     */
+    Confidence?: NumberFilter[];
+    /**
+     * <p>The level of importance assigned to the resources associated with the finding.</p>
+     *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
+     *          is reserved for the most critical resources.</p>
+     */
+    Criticality?: NumberFilter[];
+    /**
+     * <p>A finding's title.</p>
+     */
+    Title?: StringFilter[];
+    /**
+     * <p>A finding's description.</p>
+     */
+    Description?: StringFilter[];
+    /**
+     * <p>The recommendation of what to do about the issue described in a finding.</p>
+     */
+    RecommendationText?: StringFilter[];
+    /**
+     * <p>A URL that links to a page about the current finding in the security findings provider's
+     *          solution.</p>
+     */
+    SourceUrl?: StringFilter[];
+    /**
+     * <p>A data type where security findings providers can include additional solution-specific
+     *          details that aren't part of the defined <code>AwsSecurityFinding</code> format.</p>
+     */
+    ProductFields?: MapFilter[];
+    /**
+     * <p>The name of the solution (product) that generates findings.</p>
+     */
+    ProductName?: StringFilter[];
+    /**
+     * <p>The name of the findings provider (company) that owns the solution (product) that
+     *          generates findings.</p>
+     */
+    CompanyName?: StringFilter[];
+    /**
+     * <p>A list of name/value string pairs associated with the finding. These are custom,
+     *          user-defined fields added to a finding. </p>
+     */
+    UserDefinedFields?: MapFilter[];
+    /**
+     * <p>The name of the malware that was observed.</p>
+     */
+    MalwareName?: StringFilter[];
+    /**
+     * <p>The type of the malware that was observed.</p>
+     */
+    MalwareType?: StringFilter[];
+    /**
+     * <p>The filesystem path of the malware that was observed.</p>
+     */
+    MalwarePath?: StringFilter[];
+    /**
+     * <p>The state of the malware that was observed.</p>
+     */
+    MalwareState?: StringFilter[];
+    /**
+     * <p>Indicates the direction of network traffic associated with a finding.</p>
+     */
+    NetworkDirection?: StringFilter[];
+    /**
+     * <p>The protocol of network-related information about a finding.</p>
+     */
+    NetworkProtocol?: StringFilter[];
+    /**
+     * <p>The source IPv4 address of network-related information about a finding.</p>
+     */
+    NetworkSourceIpV4?: IpFilter[];
+    /**
+     * <p>The source IPv6 address of network-related information about a finding.</p>
+     */
+    NetworkSourceIpV6?: IpFilter[];
+    /**
+     * <p>The source port of network-related information about a finding.</p>
+     */
+    NetworkSourcePort?: NumberFilter[];
+    /**
+     * <p>The source domain of network-related information about a finding.</p>
+     */
+    NetworkSourceDomain?: StringFilter[];
+    /**
+     * <p>The source media access control (MAC) address of network-related information about a
+     *          finding.</p>
+     */
+    NetworkSourceMac?: StringFilter[];
+    /**
+     * <p>The destination IPv4 address of network-related information about a finding.</p>
+     */
+    NetworkDestinationIpV4?: IpFilter[];
+    /**
+     * <p>The destination IPv6 address of network-related information about a finding.</p>
+     */
+    NetworkDestinationIpV6?: IpFilter[];
+    /**
+     * <p>The destination port of network-related information about a finding.</p>
+     */
+    NetworkDestinationPort?: NumberFilter[];
+    /**
+     * <p>The destination domain of network-related information about a finding.</p>
+     */
+    NetworkDestinationDomain?: StringFilter[];
+    /**
+     * <p>The name of the process.</p>
+     */
+    ProcessName?: StringFilter[];
+    /**
+     * <p>The path to the process executable.</p>
+     */
+    ProcessPath?: StringFilter[];
+    /**
+     * <p>The process ID.</p>
+     */
+    ProcessPid?: NumberFilter[];
+    /**
+     * <p>The parent process ID. This field accepts positive integers between <code>O</code> and <code>2147483647</code>.</p>
+     */
+    ProcessParentPid?: NumberFilter[];
+    /**
+     * <p>A timestamp that identifies when the process was launched.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    ProcessLaunchedAt?: DateFilter[];
+    /**
+     * <p>A timestamp that identifies when the process was terminated.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    ProcessTerminatedAt?: DateFilter[];
+    /**
+     * <p>The type of a threat intelligence indicator.</p>
+     */
+    ThreatIntelIndicatorType?: StringFilter[];
+    /**
+     * <p>The value of a threat intelligence indicator.</p>
+     */
+    ThreatIntelIndicatorValue?: StringFilter[];
+    /**
+     * <p>The category of a threat intelligence indicator.</p>
+     */
+    ThreatIntelIndicatorCategory?: StringFilter[];
+    /**
+     * <p>A timestamp that identifies the last observation of a threat intelligence indicator.</p>
+     */
+    ThreatIntelIndicatorLastObservedAt?: DateFilter[];
+    /**
+     * <p>The source of the threat intelligence.</p>
+     */
+    ThreatIntelIndicatorSource?: StringFilter[];
+    /**
+     * <p>The URL for more details from the source of the threat intelligence.</p>
+     */
+    ThreatIntelIndicatorSourceUrl?: StringFilter[];
+    /**
+     * <p>Specifies the type of the resource that details are provided for.</p>
+     */
+    ResourceType?: StringFilter[];
+    /**
+     * <p>The canonical identifier for the given resource type.</p>
+     */
+    ResourceId?: StringFilter[];
+    /**
+     * <p>The canonical Amazon Web Services partition name that the Region is assigned to.</p>
+     */
+    ResourcePartition?: StringFilter[];
+    /**
+     * <p>The canonical Amazon Web Services external Region name where this resource is located.</p>
+     */
+    ResourceRegion?: StringFilter[];
+    /**
+     * <p>A list of Amazon Web Services tags associated with a resource at the time the finding was
+     *          processed.</p>
+     */
+    ResourceTags?: MapFilter[];
+    /**
+     * <p>The instance type of the instance.</p>
+     */
+    ResourceAwsEc2InstanceType?: StringFilter[];
+    /**
+     * <p>The Amazon Machine Image (AMI) ID of the instance.</p>
+     */
+    ResourceAwsEc2InstanceImageId?: StringFilter[];
+    /**
+     * <p>The IPv4 addresses associated with the instance.</p>
+     */
+    ResourceAwsEc2InstanceIpV4Addresses?: IpFilter[];
+    /**
+     * <p>The IPv6 addresses associated with the instance.</p>
+     */
+    ResourceAwsEc2InstanceIpV6Addresses?: IpFilter[];
+    /**
+     * <p>The key name associated with the instance.</p>
+     */
+    ResourceAwsEc2InstanceKeyName?: StringFilter[];
+    /**
+     * <p>The IAM profile ARN of the instance.</p>
+     */
+    ResourceAwsEc2InstanceIamInstanceProfileArn?: StringFilter[];
+    /**
+     * <p>The identifier of the VPC that the instance was launched in.</p>
+     */
+    ResourceAwsEc2InstanceVpcId?: StringFilter[];
+    /**
+     * <p>The identifier of the subnet that the instance was launched in.</p>
+     */
+    ResourceAwsEc2InstanceSubnetId?: StringFilter[];
+    /**
+     * <p>The date and time the instance was launched.</p>
+     */
+    ResourceAwsEc2InstanceLaunchedAt?: DateFilter[];
+    /**
+     * <p>The canonical user ID of the owner of the S3 bucket.</p>
+     */
+    ResourceAwsS3BucketOwnerId?: StringFilter[];
+    /**
+     * <p>The display name of the owner of the S3 bucket.</p>
+     */
+    ResourceAwsS3BucketOwnerName?: StringFilter[];
+    /**
+     * @deprecated
+     *
+     * <p>The user associated with the IAM access key related to a finding.</p>
+     */
+    ResourceAwsIamAccessKeyUserName?: StringFilter[];
+    /**
+     * <p>The name of the principal that is associated with an IAM access key.</p>
+     */
+    ResourceAwsIamAccessKeyPrincipalName?: StringFilter[];
+    /**
+     * <p>The status of the IAM access key related to a finding.</p>
+     */
+    ResourceAwsIamAccessKeyStatus?: StringFilter[];
+    /**
+     * <p>The creation date/time of the IAM access key related to a finding.</p>
+     */
+    ResourceAwsIamAccessKeyCreatedAt?: DateFilter[];
+    /**
+     * <p>The name of an IAM user.</p>
+     */
+    ResourceAwsIamUserUserName?: StringFilter[];
+    /**
+     * <p>The name of the container related to a finding.</p>
+     */
+    ResourceContainerName?: StringFilter[];
+    /**
+     * <p>The identifier of the image related to a finding.</p>
+     */
+    ResourceContainerImageId?: StringFilter[];
+    /**
+     * <p>The name of the image related to a finding.</p>
+     */
+    ResourceContainerImageName?: StringFilter[];
+    /**
+     * <p>A timestamp that identifies when the container was started.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    ResourceContainerLaunchedAt?: DateFilter[];
+    /**
+     * <p>The details of a resource that doesn't have a specific subfield for the resource type
+     *          defined.</p>
+     */
+    ResourceDetailsOther?: MapFilter[];
+    /**
+     * <p>Exclusive to findings that are generated as the result of a check run against a specific
+     *          rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security
+     *          standard-related finding details.</p>
+     */
+    ComplianceStatus?: StringFilter[];
+    /**
+     * <p>The veracity of a finding.</p>
+     */
+    VerificationState?: StringFilter[];
+    /**
+     * <p>The workflow state of a finding.</p>
+     *          <p>Note that this field is deprecated. To search for a finding based on its workflow
+     *          status, use <code>WorkflowStatus</code>.</p>
+     */
+    WorkflowState?: StringFilter[];
+    /**
+     * <p>The status of the investigation into a finding. Allowed values are the following.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>NEW</code> - The initial state of a finding, before it is reviewed.</p>
+     *                <p>Security Hub also resets the workflow status from <code>NOTIFIED</code> or
+     *                   <code>RESOLVED</code> to <code>NEW</code> in the following cases:</p>
+     *                <ul>
+     *                   <li>
+     *                      <p>
+     *                         <code>RecordState</code> changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p>
+     *                   </li>
+     *                   <li>
+     *                      <p>
+     *                         <code>Compliance.Status</code> changes from <code>PASSED</code> to either <code>WARNING</code>,
+     *                         <code>FAILED</code>, or <code>NOT_AVAILABLE</code>.</p>
+     *                   </li>
+     *                </ul>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>NOTIFIED</code> - Indicates that the resource owner has been notified about
+     *                the security issue. Used when the initial reviewer is not the resource owner, and
+     *                needs intervention from the resource owner.</p>
+     *                <p>If one of the following occurs, the workflow status is changed automatically from
+     *                <code>NOTIFIED</code> to <code>NEW</code>:</p>
+     *                <ul>
+     *                   <li>
+     *                      <p>
+     *                         <code>RecordState</code> changes from <code>ARCHIVED</code> to
+     *                      <code>ACTIVE</code>.</p>
+     *                   </li>
+     *                   <li>
+     *                      <p>
+     *                         <code>Compliance.Status</code> changes from <code>PASSED</code> to <code>FAILED</code>,
+     *                      <code>WARNING</code>, or <code>NOT_AVAILABLE</code>.</p>
+     *                   </li>
+     *                </ul>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>SUPPRESSED</code> - Indicates that you reviewed the finding and do not believe that any action is
+     *                needed.</p>
+     *                <p>The workflow status of a <code>SUPPRESSED</code> finding does not change if
+     *                <code>RecordState</code> changes from <code>ARCHIVED</code> to
+     *                <code>ACTIVE</code>.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>RESOLVED</code> - The finding was reviewed and remediated and is now
+     *                considered resolved. </p>
+     *                <p>The finding remains <code>RESOLVED</code> unless one of the following occurs:</p>
+     *                <ul>
+     *                   <li>
+     *                      <p>
+     *                         <code>RecordState</code> changes from <code>ARCHIVED</code> to
+     *                      <code>ACTIVE</code>.</p>
+     *                   </li>
+     *                   <li>
+     *                      <p>
+     *                         <code>Compliance.Status</code> changes from <code>PASSED</code> to <code>FAILED</code>,
+     *                      <code>WARNING</code>, or <code>NOT_AVAILABLE</code>.</p>
+     *                   </li>
+     *                </ul>
+     *                <p>In those cases, the workflow status is automatically reset to <code>NEW</code>.</p>
+     *                <p>For findings from controls, if <code>Compliance.Status</code> is <code>PASSED</code>,
+     *                then Security Hub automatically sets the workflow status to <code>RESOLVED</code>.</p>
+     *             </li>
+     *          </ul>
+     */
+    WorkflowStatus?: StringFilter[];
+    /**
+     * <p>The updated record state for the finding.</p>
+     */
+    RecordState?: StringFilter[];
+    /**
+     * <p>The ARN of the solution that generated a related finding.</p>
+     */
+    RelatedFindingsProductArn?: StringFilter[];
+    /**
+     * <p>The solution-generated identifier for a related finding.</p>
+     */
+    RelatedFindingsId?: StringFilter[];
+    /**
+     * <p>The text of a note.</p>
+     */
+    NoteText?: StringFilter[];
+    /**
+     * <p>The timestamp of when the note was updated.</p>
+     */
+    NoteUpdatedAt?: DateFilter[];
+    /**
+     * <p>The principal that created a note.</p>
+     */
+    NoteUpdatedBy?: StringFilter[];
+    /**
+     * @deprecated
+     *
+     * <p>A keyword for a finding.</p>
+     */
+    Keyword?: KeywordFilter[];
+    /**
+     * <p>The finding provider value for the finding confidence. Confidence is defined as the likelihood
+     *          that a finding accurately identifies the behavior or issue that it was intended to
+     *          identify.</p>
+     *          <p>Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent
+     *          confidence and 100 means 100 percent confidence.</p>
+     */
+    FindingProviderFieldsConfidence?: NumberFilter[];
+    /**
+     * <p>The finding provider value for the level of importance assigned to the resources associated with
+     *          the findings.</p>
+     *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
+     *          is reserved for the most critical resources. </p>
+     */
+    FindingProviderFieldsCriticality?: NumberFilter[];
+    /**
+     * <p>The finding identifier of a related finding that is identified by the finding provider.</p>
+     */
+    FindingProviderFieldsRelatedFindingsId?: StringFilter[];
+    /**
+     * <p>The ARN of the solution that generated a related finding that is identified by the finding provider.</p>
+     */
+    FindingProviderFieldsRelatedFindingsProductArn?: StringFilter[];
+    /**
+     * <p>The finding provider value for the severity label.</p>
+     */
+    FindingProviderFieldsSeverityLabel?: StringFilter[];
+    /**
+     * <p>The finding provider's original value for the severity.</p>
+     */
+    FindingProviderFieldsSeverityOriginal?: StringFilter[];
+    /**
+     * <p>One or more finding types that the finding provider assigned to the finding. Uses the format of <code>namespace/category/classifier</code>
+     *          that classify a finding.</p>
+     *          <p>Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual
+     *          Behaviors | Sensitive Data Identifications</p>
+     */
+    FindingProviderFieldsTypes?: StringFilter[];
+    /**
+     * <p>Indicates whether or not sample findings are included in the filter results.</p>
+     */
+    Sample?: BooleanFilter[];
+    /**
+     * <p>
+     *          The unique identifier of a control across standards. Values for this field typically consist of an
+     *          Amazon Web Service and a number, such as APIGateway.5.
+     *       </p>
+     */
+    ComplianceSecurityControlId?: StringFilter[];
+    /**
+     * <p>
+     *          The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the
+     *          Amazon Resource Name (ARN) returned for a standard in the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html">DescribeStandards</a> API response.
+     *       </p>
+     */
+    ComplianceAssociatedStandardsId?: StringFilter[];
+}
 /**
  * @public
  * <p>Identifies which finding to get the finding history for.</p>
@@ -620,11 +1398,9 @@ export interface UpdateAutomationRulesRequestItem {
      */
     RuleName?: string;
     /**
-     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful
-     *             when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this
-     *             field is set to <code>true</code> for a rule, Security Hub applies the rule action to a finding that matches
-     *             the rule criteria and doesn't evaluate other rules for the finding.
-   The default value of this field is <code>false</code>.
+     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
+     *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
+     *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
      *         </p>
      */
     IsTerminal?: boolean;
@@ -1030,9 +1806,8 @@ export interface CreateAutomationRuleRequest {
     Description: string | undefined;
     /**
      * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
-     *             matches the criteria for multiple rules, and each rule has different actions. If the value of this field is
-     *             set to <code>true</code> for a rule, Security Hub applies the rule action to a finding that matches
-     *             the rule criteria and doesn't evaluate other rules for the finding. The default value of this field is <code>false</code>.
+     *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
+     *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
      *         </p>
      */
     IsTerminal?: boolean;