@aws-sdk/client-securityhub 3.378.0 → 3.382.0

package/dist-types/models/models_2.d.ts

@@ -14,47 +14,56 @@ import { SecurityHubServiceException as __BaseException } from "./SecurityHubSer
  */
 export interface AwsSecurityFinding {
     /**
+     * @public
      * <p>The schema version that a finding is formatted for.</p>
      */
     SchemaVersion: string | undefined;
     /**
+     * @public
      * <p>The security findings provider-specific identifier for a finding.</p>
      */
     Id: string | undefined;
     /**
+     * @public
      * <p>The ARN generated by Security Hub that uniquely identifies a product that generates findings.
      *          This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for
      *          a custom integration.</p>
      */
     ProductArn: string | undefined;
     /**
+     * @public
      * <p>The name of the product that generated the finding.</p>
      *          <p>Security Hub populates this attribute automatically for each finding. You cannot update this attribute with <code>BatchImportFindings</code> or <code>BatchUpdateFindings</code>. The exception to this is a custom integration.</p>
      *          <p>When you use the Security Hub console or API to filter findings by product name, you use this attribute.</p>
      */
     ProductName?: string;
     /**
+     * @public
      * <p>The name of the company for the product that generated the finding.</p>
      *          <p>Security Hub populates this attribute automatically for each finding. You cannot update this attribute with <code>BatchImportFindings</code> or <code>BatchUpdateFindings</code>. The exception to this is a custom integration.</p>
      *          <p>When you use the Security Hub console or API to filter findings by company name, you use this attribute.</p>
      */
     CompanyName?: string;
     /**
+     * @public
      * <p>The Region from which the finding was generated.</p>
      *          <p>Security Hub populates this attribute automatically for each finding. You cannot update it using <code>BatchImportFindings</code> or <code>BatchUpdateFindings</code>.</p>
      */
     Region?: string;
     /**
+     * @public
      * <p>The identifier for the solution-specific component (a discrete unit of logic) that
      *          generated a finding. In various security findings providers' solutions, this generator can
      *          be called a rule, a check, a detector, a plugin, etc. </p>
      */
     GeneratorId: string | undefined;
     /**
+     * @public
      * <p>The Amazon Web Services account ID that a finding is generated in.</p>
      */
     AwsAccountId: string | undefined;
     /**
+     * @public
      * <p>One or more finding types in the format of <code>namespace/category/classifier</code>
      *          that classify a finding.</p>
      *          <p>Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual
@@ -62,6 +71,7 @@ export interface AwsSecurityFinding {
      */
     Types?: string[];
     /**
+     * @public
      * <p>Indicates when the security findings provider first observed the potential security
      *          issue that a finding captured.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
@@ -70,6 +80,7 @@ export interface AwsSecurityFinding {
      */
     FirstObservedAt?: string;
     /**
+     * @public
      * <p>Indicates when the security findings provider most recently observed the potential
      *          security issue that a finding captured.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
@@ -78,6 +89,7 @@ export interface AwsSecurityFinding {
      */
     LastObservedAt?: string;
     /**
+     * @public
      * <p>Indicates when the security findings provider created the potential security issue that
      *          a finding captured.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
@@ -86,6 +98,7 @@ export interface AwsSecurityFinding {
      */
     CreatedAt: string | undefined;
     /**
+     * @public
      * <p>Indicates when the security findings provider last updated the finding record.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
      *             Date/Time Format</a>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For example,
@@ -93,10 +106,12 @@ export interface AwsSecurityFinding {
      */
     UpdatedAt: string | undefined;
     /**
+     * @public
      * <p>A finding's severity.</p>
      */
     Severity?: Severity;
     /**
+     * @public
      * <p>A finding's confidence. Confidence is defined as the likelihood that a finding
      *          accurately identifies the behavior or issue that it was intended to identify.</p>
      *          <p>Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent
@@ -104,12 +119,14 @@ export interface AwsSecurityFinding {
      */
     Confidence?: number;
     /**
+     * @public
      * <p>The level of importance assigned to the resources associated with the finding.</p>
      *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
      *          is reserved for the most critical resources.</p>
      */
     Criticality?: number;
     /**
+     * @public
      * <p>A finding's title.</p>
      *          <note>
      *             <p>In this release, <code>Title</code> is a required property.</p>
@@ -117,6 +134,7 @@ export interface AwsSecurityFinding {
      */
     Title: string | undefined;
     /**
+     * @public
      * <p>A finding's description.</p>
      *          <note>
      *             <p>In this release, <code>Description</code> is a required property.</p>
@@ -124,106 +142,129 @@ export interface AwsSecurityFinding {
      */
     Description: string | undefined;
     /**
+     * @public
      * <p>A data type that describes the remediation options for a finding.</p>
      */
     Remediation?: Remediation;
     /**
+     * @public
      * <p>A URL that links to a page about the current finding in the security findings provider's
      *          solution.</p>
      */
     SourceUrl?: string;
     /**
+     * @public
      * <p>A data type where security findings providers can include additional solution-specific
      *          details that aren't part of the defined <code>AwsSecurityFinding</code> format.</p>
      *          <p>Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.</p>
      */
     ProductFields?: Record<string, string>;
     /**
+     * @public
      * <p>A list of name/value string pairs associated with the finding. These are custom,
      *          user-defined fields added to a finding. </p>
      */
     UserDefinedFields?: Record<string, string>;
     /**
+     * @public
      * <p>A list of malware related to a finding.</p>
      */
     Malware?: Malware[];
     /**
+     * @public
      * <p>The details of network-related information about a finding.</p>
      */
     Network?: Network;
     /**
+     * @public
      * <p>Provides information about a network path that is relevant to a finding. Each entry
      *          under <code>NetworkPath</code> represents a component of that path.</p>
      */
     NetworkPath?: NetworkPathComponent[];
     /**
+     * @public
      * <p>The details of process-related information about a finding.</p>
      */
     Process?: ProcessDetails;
     /**
+     * @public
      * <p>Details about the threat detected in a security finding and the file paths that were affected by the threat.
      *       </p>
      */
     Threats?: Threat[];
     /**
+     * @public
      * <p>Threat intelligence details related to a finding.</p>
      */
     ThreatIntelIndicators?: ThreatIntelIndicator[];
     /**
+     * @public
      * <p>A set of resource data types that describe the resources that the finding refers
      *          to.</p>
      */
     Resources: Resource[] | undefined;
     /**
+     * @public
      * <p>This data type is exclusive to findings that are generated as the result of a check run
      *          against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations.
      *          Contains security standard-related finding details.</p>
      */
     Compliance?: Compliance;
     /**
+     * @public
      * <p>Indicates the veracity of a finding. </p>
      */
     VerificationState?: VerificationState | string;
     /**
+     * @public
      * @deprecated
      *
      * <p>The workflow state of a finding. </p>
      */
     WorkflowState?: WorkflowState | string;
     /**
+     * @public
      * <p>Provides information about the status of the investigation into a finding.</p>
      */
     Workflow?: Workflow;
     /**
+     * @public
      * <p>The record state of a finding.</p>
      */
     RecordState?: RecordState | string;
     /**
+     * @public
      * <p>A list of related findings.</p>
      */
     RelatedFindings?: RelatedFinding[];
     /**
+     * @public
      * <p>A user-defined note added to a finding.</p>
      */
     Note?: Note;
     /**
+     * @public
      * <p>Provides a list of vulnerabilities associated with the findings.</p>
      */
     Vulnerabilities?: Vulnerability[];
     /**
+     * @public
      * <p>Provides an overview of the patch compliance status for an instance against a selected
      *          compliance standard.</p>
      */
     PatchSummary?: PatchSummary;
     /**
+     * @public
      * <p>Provides details about an action that affects or that was taken on a resource.</p>
      */
     Action?: Action;
     /**
+     * @public
      * <p>In a <code>BatchImportFindings</code> request, finding providers use <code>FindingProviderFields</code> to provide and update their own values for confidence, criticality, related findings, severity, and types.</p>
      */
     FindingProviderFields?: FindingProviderFields;
     /**
+     * @public
      * <p>Indicates whether the finding is a sample finding.</p>
      */
     Sample?: boolean;
@@ -234,6 +275,7 @@ export interface AwsSecurityFinding {
  */
 export interface KeywordFilter {
     /**
+     * @public
      * <p>A value for the keyword.</p>
      */
     Value?: string;
@@ -244,6 +286,7 @@ export interface KeywordFilter {
  */
 export interface IpFilter {
     /**
+     * @public
      * <p>A finding's CIDR value.</p>
      */
     Cidr?: string;
@@ -254,6 +297,7 @@ export interface IpFilter {
  */
 export interface BooleanFilter {
     /**
+     * @public
      * <p>The value of the boolean.</p>
      */
     Value?: boolean;
@@ -267,59 +311,70 @@ export interface BooleanFilter {
  */
 export interface AwsSecurityFindingFilters {
     /**
+     * @public
      * <p>The ARN generated by Security Hub that uniquely identifies a third-party company
      *          (security findings provider) after this provider's product (solution that generates
      *          findings) is registered with Security Hub.</p>
      */
     ProductArn?: StringFilter[];
     /**
+     * @public
      * <p>The Amazon Web Services account ID that a finding is generated in.</p>
      */
     AwsAccountId?: StringFilter[];
     /**
+     * @public
      * <p>The security findings provider-specific identifier for a finding.</p>
      */
     Id?: StringFilter[];
     /**
+     * @public
      * <p>The identifier for the solution-specific component (a discrete unit of logic) that
      *          generated a finding. In various security findings providers' solutions, this generator can
      *          be called a rule, a check, a detector, a plugin, etc.</p>
      */
     GeneratorId?: StringFilter[];
     /**
+     * @public
      * <p>The Region from which the finding was generated.</p>
      */
     Region?: StringFilter[];
     /**
+     * @public
      * <p>A finding type in the format of <code>namespace/category/classifier</code> that
      *          classifies a finding.</p>
      */
     Type?: StringFilter[];
     /**
+     * @public
      * <p>An ISO8601-formatted timestamp that indicates when the security findings provider first
      *          observed the potential security issue that a finding captured.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     FirstObservedAt?: DateFilter[];
     /**
+     * @public
      * <p>An ISO8601-formatted timestamp that indicates when the security findings provider most
      *          recently observed the potential security issue that a finding captured.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     LastObservedAt?: DateFilter[];
     /**
+     * @public
      * <p>An ISO8601-formatted timestamp that indicates when the security findings provider
      *          captured the potential security issue that a finding captured.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     CreatedAt?: DateFilter[];
     /**
+     * @public
      * <p>An ISO8601-formatted timestamp that indicates when the security findings provider last
      *          updated the finding record. </p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     UpdatedAt?: DateFilter[];
     /**
+     * @public
      * @deprecated
      *
      * <p>The native severity as defined by the security findings provider's solution that
@@ -327,16 +382,19 @@ export interface AwsSecurityFindingFilters {
      */
     SeverityProduct?: NumberFilter[];
     /**
+     * @public
      * @deprecated
      *
      * <p>The normalized severity of a finding.</p>
      */
     SeverityNormalized?: NumberFilter[];
     /**
+     * @public
      * <p>The label of a finding's severity.</p>
      */
     SeverityLabel?: StringFilter[];
     /**
+     * @public
      * <p>A finding's confidence. Confidence is defined as the likelihood that a finding
      *          accurately identifies the behavior or issue that it was intended to identify.</p>
      *          <p>Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent
@@ -344,284 +402,350 @@ export interface AwsSecurityFindingFilters {
      */
     Confidence?: NumberFilter[];
     /**
+     * @public
      * <p>The level of importance assigned to the resources associated with the finding.</p>
      *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
      *          is reserved for the most critical resources.</p>
      */
     Criticality?: NumberFilter[];
     /**
+     * @public
      * <p>A finding's title.</p>
      */
     Title?: StringFilter[];
     /**
+     * @public
      * <p>A finding's description.</p>
      */
     Description?: StringFilter[];
     /**
+     * @public
      * <p>The recommendation of what to do about the issue described in a finding.</p>
      */
     RecommendationText?: StringFilter[];
     /**
+     * @public
      * <p>A URL that links to a page about the current finding in the security findings provider's
      *          solution.</p>
      */
     SourceUrl?: StringFilter[];
     /**
+     * @public
      * <p>A data type where security findings providers can include additional solution-specific
      *          details that aren't part of the defined <code>AwsSecurityFinding</code> format.</p>
      */
     ProductFields?: MapFilter[];
     /**
+     * @public
      * <p>The name of the solution (product) that generates findings.</p>
      */
     ProductName?: StringFilter[];
     /**
+     * @public
      * <p>The name of the findings provider (company) that owns the solution (product) that
      *          generates findings.</p>
      */
     CompanyName?: StringFilter[];
     /**
+     * @public
      * <p>A list of name/value string pairs associated with the finding. These are custom,
      *          user-defined fields added to a finding. </p>
      */
     UserDefinedFields?: MapFilter[];
     /**
+     * @public
      * <p>The name of the malware that was observed.</p>
      */
     MalwareName?: StringFilter[];
     /**
+     * @public
      * <p>The type of the malware that was observed.</p>
      */
     MalwareType?: StringFilter[];
     /**
+     * @public
      * <p>The filesystem path of the malware that was observed.</p>
      */
     MalwarePath?: StringFilter[];
     /**
+     * @public
      * <p>The state of the malware that was observed.</p>
      */
     MalwareState?: StringFilter[];
     /**
+     * @public
      * <p>Indicates the direction of network traffic associated with a finding.</p>
      */
     NetworkDirection?: StringFilter[];
     /**
+     * @public
      * <p>The protocol of network-related information about a finding.</p>
      */
     NetworkProtocol?: StringFilter[];
     /**
+     * @public
      * <p>The source IPv4 address of network-related information about a finding.</p>
      */
     NetworkSourceIpV4?: IpFilter[];
     /**
+     * @public
      * <p>The source IPv6 address of network-related information about a finding.</p>
      */
     NetworkSourceIpV6?: IpFilter[];
     /**
+     * @public
      * <p>The source port of network-related information about a finding.</p>
      */
     NetworkSourcePort?: NumberFilter[];
     /**
+     * @public
      * <p>The source domain of network-related information about a finding.</p>
      */
     NetworkSourceDomain?: StringFilter[];
     /**
+     * @public
      * <p>The source media access control (MAC) address of network-related information about a
      *          finding.</p>
      */
     NetworkSourceMac?: StringFilter[];
     /**
+     * @public
      * <p>The destination IPv4 address of network-related information about a finding.</p>
      */
     NetworkDestinationIpV4?: IpFilter[];
     /**
+     * @public
      * <p>The destination IPv6 address of network-related information about a finding.</p>
      */
     NetworkDestinationIpV6?: IpFilter[];
     /**
+     * @public
      * <p>The destination port of network-related information about a finding.</p>
      */
     NetworkDestinationPort?: NumberFilter[];
     /**
+     * @public
      * <p>The destination domain of network-related information about a finding.</p>
      */
     NetworkDestinationDomain?: StringFilter[];
     /**
+     * @public
      * <p>The name of the process.</p>
      */
     ProcessName?: StringFilter[];
     /**
+     * @public
      * <p>The path to the process executable.</p>
      */
     ProcessPath?: StringFilter[];
     /**
+     * @public
      * <p>The process ID.</p>
      */
     ProcessPid?: NumberFilter[];
     /**
+     * @public
      * <p>The parent process ID. This field accepts positive integers between <code>O</code> and <code>2147483647</code>.</p>
      */
     ProcessParentPid?: NumberFilter[];
     /**
+     * @public
      * <p>A timestamp that identifies when the process was launched.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     ProcessLaunchedAt?: DateFilter[];
     /**
+     * @public
      * <p>A timestamp that identifies when the process was terminated.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     ProcessTerminatedAt?: DateFilter[];
     /**
+     * @public
      * <p>The type of a threat intelligence indicator.</p>
      */
     ThreatIntelIndicatorType?: StringFilter[];
     /**
+     * @public
      * <p>The value of a threat intelligence indicator.</p>
      */
     ThreatIntelIndicatorValue?: StringFilter[];
     /**
+     * @public
      * <p>The category of a threat intelligence indicator.</p>
      */
     ThreatIntelIndicatorCategory?: StringFilter[];
     /**
+     * @public
      * <p>A timestamp that identifies the last observation of a threat intelligence indicator.</p>
      */
     ThreatIntelIndicatorLastObservedAt?: DateFilter[];
     /**
+     * @public
      * <p>The source of the threat intelligence.</p>
      */
     ThreatIntelIndicatorSource?: StringFilter[];
     /**
+     * @public
      * <p>The URL for more details from the source of the threat intelligence.</p>
      */
     ThreatIntelIndicatorSourceUrl?: StringFilter[];
     /**
+     * @public
      * <p>Specifies the type of the resource that details are provided for.</p>
      */
     ResourceType?: StringFilter[];
     /**
+     * @public
      * <p>The canonical identifier for the given resource type.</p>
      */
     ResourceId?: StringFilter[];
     /**
+     * @public
      * <p>The canonical Amazon Web Services partition name that the Region is assigned to.</p>
      */
     ResourcePartition?: StringFilter[];
     /**
+     * @public
      * <p>The canonical Amazon Web Services external Region name where this resource is located.</p>
      */
     ResourceRegion?: StringFilter[];
     /**
+     * @public
      * <p>A list of Amazon Web Services tags associated with a resource at the time the finding was
      *          processed.</p>
      */
     ResourceTags?: MapFilter[];
     /**
+     * @public
      * <p>The instance type of the instance.</p>
      */
     ResourceAwsEc2InstanceType?: StringFilter[];
     /**
+     * @public
      * <p>The Amazon Machine Image (AMI) ID of the instance.</p>
      */
     ResourceAwsEc2InstanceImageId?: StringFilter[];
     /**
+     * @public
      * <p>The IPv4 addresses associated with the instance.</p>
      */
     ResourceAwsEc2InstanceIpV4Addresses?: IpFilter[];
     /**
+     * @public
      * <p>The IPv6 addresses associated with the instance.</p>
      */
     ResourceAwsEc2InstanceIpV6Addresses?: IpFilter[];
     /**
+     * @public
      * <p>The key name associated with the instance.</p>
      */
     ResourceAwsEc2InstanceKeyName?: StringFilter[];
     /**
+     * @public
      * <p>The IAM profile ARN of the instance.</p>
      */
     ResourceAwsEc2InstanceIamInstanceProfileArn?: StringFilter[];
     /**
+     * @public
      * <p>The identifier of the VPC that the instance was launched in.</p>
      */
     ResourceAwsEc2InstanceVpcId?: StringFilter[];
     /**
+     * @public
      * <p>The identifier of the subnet that the instance was launched in.</p>
      */
     ResourceAwsEc2InstanceSubnetId?: StringFilter[];
     /**
+     * @public
      * <p>The date and time the instance was launched.</p>
      */
     ResourceAwsEc2InstanceLaunchedAt?: DateFilter[];
     /**
+     * @public
      * <p>The canonical user ID of the owner of the S3 bucket.</p>
      */
     ResourceAwsS3BucketOwnerId?: StringFilter[];
     /**
+     * @public
      * <p>The display name of the owner of the S3 bucket.</p>
      */
     ResourceAwsS3BucketOwnerName?: StringFilter[];
     /**
+     * @public
      * @deprecated
      *
      * <p>The user associated with the IAM access key related to a finding.</p>
      */
     ResourceAwsIamAccessKeyUserName?: StringFilter[];
     /**
+     * @public
      * <p>The name of the principal that is associated with an IAM access key.</p>
      */
     ResourceAwsIamAccessKeyPrincipalName?: StringFilter[];
     /**
+     * @public
      * <p>The status of the IAM access key related to a finding.</p>
      */
     ResourceAwsIamAccessKeyStatus?: StringFilter[];
     /**
+     * @public
      * <p>The creation date/time of the IAM access key related to a finding.</p>
      */
     ResourceAwsIamAccessKeyCreatedAt?: DateFilter[];
     /**
+     * @public
      * <p>The name of an IAM user.</p>
      */
     ResourceAwsIamUserUserName?: StringFilter[];
     /**
+     * @public
      * <p>The name of the container related to a finding.</p>
      */
     ResourceContainerName?: StringFilter[];
     /**
+     * @public
      * <p>The identifier of the image related to a finding.</p>
      */
     ResourceContainerImageId?: StringFilter[];
     /**
+     * @public
      * <p>The name of the image related to a finding.</p>
      */
     ResourceContainerImageName?: StringFilter[];
     /**
+     * @public
      * <p>A timestamp that identifies when the container was started.</p>
      *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
      */
     ResourceContainerLaunchedAt?: DateFilter[];
     /**
+     * @public
      * <p>The details of a resource that doesn't have a specific subfield for the resource type
      *          defined.</p>
      */
     ResourceDetailsOther?: MapFilter[];
     /**
+     * @public
      * <p>Exclusive to findings that are generated as the result of a check run against a specific
      *          rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security
      *          standard-related finding details.</p>
      */
     ComplianceStatus?: StringFilter[];
     /**
+     * @public
      * <p>The veracity of a finding.</p>
      */
     VerificationState?: StringFilter[];
     /**
+     * @public
      * <p>The workflow state of a finding.</p>
      *          <p>Note that this field is deprecated. To search for a finding based on its workflow
      *          status, use <code>WorkflowStatus</code>.</p>
      */
     WorkflowState?: StringFilter[];
     /**
+     * @public
      * <p>The status of the investigation into a finding. Allowed values are the following.</p>
      *          <ul>
      *             <li>
@@ -694,36 +818,44 @@ export interface AwsSecurityFindingFilters {
      */
     WorkflowStatus?: StringFilter[];
     /**
+     * @public
      * <p>The updated record state for the finding.</p>
      */
     RecordState?: StringFilter[];
     /**
+     * @public
      * <p>The ARN of the solution that generated a related finding.</p>
      */
     RelatedFindingsProductArn?: StringFilter[];
     /**
+     * @public
      * <p>The solution-generated identifier for a related finding.</p>
      */
     RelatedFindingsId?: StringFilter[];
     /**
+     * @public
      * <p>The text of a note.</p>
      */
     NoteText?: StringFilter[];
     /**
+     * @public
      * <p>The timestamp of when the note was updated.</p>
      */
     NoteUpdatedAt?: DateFilter[];
     /**
+     * @public
      * <p>The principal that created a note.</p>
      */
     NoteUpdatedBy?: StringFilter[];
     /**
+     * @public
      * @deprecated
      *
      * <p>A keyword for a finding.</p>
      */
     Keyword?: KeywordFilter[];
     /**
+     * @public
      * <p>The finding provider value for the finding confidence. Confidence is defined as the likelihood
      *          that a finding accurately identifies the behavior or issue that it was intended to
      *          identify.</p>
@@ -732,6 +864,7 @@ export interface AwsSecurityFindingFilters {
      */
     FindingProviderFieldsConfidence?: NumberFilter[];
     /**
+     * @public
      * <p>The finding provider value for the level of importance assigned to the resources associated with
      *          the findings.</p>
      *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
@@ -739,22 +872,27 @@ export interface AwsSecurityFindingFilters {
      */
     FindingProviderFieldsCriticality?: NumberFilter[];
     /**
+     * @public
      * <p>The finding identifier of a related finding that is identified by the finding provider.</p>
      */
     FindingProviderFieldsRelatedFindingsId?: StringFilter[];
     /**
+     * @public
      * <p>The ARN of the solution that generated a related finding that is identified by the finding provider.</p>
      */
     FindingProviderFieldsRelatedFindingsProductArn?: StringFilter[];
     /**
+     * @public
      * <p>The finding provider value for the severity label.</p>
      */
     FindingProviderFieldsSeverityLabel?: StringFilter[];
     /**
+     * @public
      * <p>The finding provider's original value for the severity.</p>
      */
     FindingProviderFieldsSeverityOriginal?: StringFilter[];
     /**
+     * @public
      * <p>One or more finding types that the finding provider assigned to the finding. Uses the format of <code>namespace/category/classifier</code>
      *          that classify a finding.</p>
      *          <p>Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual
@@ -762,10 +900,12 @@ export interface AwsSecurityFindingFilters {
      */
     FindingProviderFieldsTypes?: StringFilter[];
     /**
+     * @public
      * <p>Indicates whether or not sample findings are included in the filter results.</p>
      */
     Sample?: BooleanFilter[];
     /**
+     * @public
      * <p>
      *          The unique identifier of a control across standards. Values for this field typically consist of an
      *          Amazon Web Service and a number, such as APIGateway.5.
@@ -773,6 +913,7 @@ export interface AwsSecurityFindingFilters {
      */
     ComplianceSecurityControlId?: StringFilter[];
     /**
+     * @public
      * <p>
      *          The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the
      *          Amazon Resource Name (ARN) returned for a standard in the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html">DescribeStandards</a> API response.
@@ -786,10 +927,12 @@ export interface AwsSecurityFindingFilters {
  */
 export interface AwsSecurityFindingIdentifier {
     /**
+     * @public
      * <p>The identifier of the finding that was specified by the finding provider.</p>
      */
     Id: string | undefined;
     /**
+     * @public
      * <p>The ARN generated by Security Hub that uniquely identifies a product that generates findings.
      *          This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for
      *          a custom integration.</p>
@@ -801,6 +944,7 @@ export interface AwsSecurityFindingIdentifier {
  */
 export interface BatchDeleteAutomationRulesRequest {
     /**
+     * @public
      * <p>
      *          A list of Amazon Resource Names (ARNs) for the rules that are to be deleted.
      *       </p>
@@ -816,18 +960,21 @@ export interface BatchDeleteAutomationRulesRequest {
  */
 export interface UnprocessedAutomationRule {
     /**
+     * @public
      * <p>
      *          The Amazon Resource Name (ARN) for the unprocessed automation rule.
      *       </p>
      */
     RuleArn?: string;
     /**
+     * @public
      * <p>
      *          The error code associated with the unprocessed automation rule.
      *       </p>
      */
     ErrorCode?: number;
     /**
+     * @public
      * <p>
      *          An error message describing why a request didn't process a specific rule.
      *       </p>
@@ -839,12 +986,14 @@ export interface UnprocessedAutomationRule {
  */
 export interface BatchDeleteAutomationRulesResponse {
     /**
+     * @public
      * <p>
      *          A list of properly processed rule ARNs.
      *       </p>
      */
     ProcessedAutomationRules?: string[];
     /**
+     * @public
      * <p>
      *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
      *          tells you which automation rules the request didn't delete and why.
@@ -857,6 +1006,7 @@ export interface BatchDeleteAutomationRulesResponse {
  */
 export interface BatchDisableStandardsRequest {
     /**
+     * @public
      * <p>The ARNs of the standards subscriptions to disable.</p>
      */
     StandardsSubscriptionArns: string[] | undefined;
@@ -894,6 +1044,7 @@ export type StatusReasonCode = (typeof StatusReasonCode)[keyof typeof StatusReas
  */
 export interface StandardsStatusReason {
     /**
+     * @public
      * <p>The reason code that represents the reason for the current status of a standard subscription.</p>
      */
     StatusReasonCode: StatusReasonCode | string | undefined;
@@ -904,18 +1055,22 @@ export interface StandardsStatusReason {
  */
 export interface StandardsSubscription {
     /**
+     * @public
      * <p>The ARN of a resource that represents your subscription to a supported standard.</p>
      */
     StandardsSubscriptionArn: string | undefined;
     /**
+     * @public
      * <p>The ARN of a standard.</p>
      */
     StandardsArn: string | undefined;
     /**
+     * @public
      * <p>A key-value pair of input for the standard.</p>
      */
     StandardsInput: Record<string, string> | undefined;
     /**
+     * @public
      * <p>The status of the standard subscription.</p>
      *          <p>The status values are as follows:</p>
      *          <ul>
@@ -943,6 +1098,7 @@ export interface StandardsSubscription {
      */
     StandardsStatus: StandardsStatus | string | undefined;
     /**
+     * @public
      * <p>The reason for the current status.</p>
      */
     StandardsStatusReason?: StandardsStatusReason;
@@ -952,6 +1108,7 @@ export interface StandardsSubscription {
  */
 export interface BatchDisableStandardsResponse {
     /**
+     * @public
      * <p>The details of the standards subscriptions that were disabled.</p>
      */
     StandardsSubscriptions?: StandardsSubscription[];
@@ -962,11 +1119,13 @@ export interface BatchDisableStandardsResponse {
  */
 export interface StandardsSubscriptionRequest {
     /**
+     * @public
      * <p>The ARN of the standard that you want to enable. To view the list of available standards
      *          and their ARNs, use the <code>DescribeStandards</code> operation.</p>
      */
     StandardsArn: string | undefined;
     /**
+     * @public
      * <p>A key-value pair of input for the standard.</p>
      */
     StandardsInput?: Record<string, string>;
@@ -976,6 +1135,7 @@ export interface StandardsSubscriptionRequest {
  */
 export interface BatchEnableStandardsRequest {
     /**
+     * @public
      * <p>The list of standards checks to enable.</p>
      */
     StandardsSubscriptionRequests: StandardsSubscriptionRequest[] | undefined;
@@ -985,6 +1145,7 @@ export interface BatchEnableStandardsRequest {
  */
 export interface BatchEnableStandardsResponse {
     /**
+     * @public
      * <p>The details of the standards subscriptions that were enabled.</p>
      */
     StandardsSubscriptions?: StandardsSubscription[];
@@ -994,6 +1155,7 @@ export interface BatchEnableStandardsResponse {
  */
 export interface BatchGetAutomationRulesRequest {
     /**
+     * @public
      * <p>
      *          A list of rule ARNs to get details for.
      *       </p>
@@ -1005,12 +1167,14 @@ export interface BatchGetAutomationRulesRequest {
  */
 export interface BatchGetAutomationRulesResponse {
     /**
+     * @public
      * <p>
      *          A list of rule details for the provided rule ARNs.
      *       </p>
      */
     Rules?: AutomationRulesConfig[];
     /**
+     * @public
      * <p>
      *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
      *          tells you which automation rules the request didn't retrieve and why.
@@ -1023,6 +1187,7 @@ export interface BatchGetAutomationRulesResponse {
  */
 export interface BatchGetSecurityControlsRequest {
     /**
+     * @public
      * <p> A list of security controls (identified with <code>SecurityControlId</code>,
      *             <code>SecurityControlArn</code>, or a mix of both parameters). The security control ID
      *          or Amazon Resource Name (ARN) is the same across standards. </p>
@@ -1063,6 +1228,7 @@ export type SeverityRating = (typeof SeverityRating)[keyof typeof SeverityRating
  */
 export interface SecurityControl {
     /**
+     * @public
      * <p>
      *          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a
      *          number, such as APIGateway.3.
@@ -1070,29 +1236,34 @@ export interface SecurityControl {
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p> The Amazon Resource Name (ARN) for a security control across standards, such as
      *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
      *          parameter doesn't mention a specific standard. </p>
      */
     SecurityControlArn: string | undefined;
     /**
+     * @public
      * <p>The title of a security control.
      *       </p>
      */
     Title: string | undefined;
     /**
+     * @public
      * <p> The description of a security control across standards. This typically summarizes how
      *             Security Hub evaluates the control and the conditions under which it produces a
      *          failed finding. This parameter doesn't reference a specific standard. </p>
      */
     Description: string | undefined;
     /**
+     * @public
      * <p>
      *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
      *       </p>
      */
     RemediationUrl: string | undefined;
     /**
+     * @public
      * <p>
      *          The severity of a security control. For more information about how Security Hub determines control severity, see
      *          <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
@@ -1101,6 +1272,7 @@ export interface SecurityControl {
      */
     SeverityRating: SeverityRating | string | undefined;
     /**
+     * @public
      * <p>
      *          The enablement status of a security control in a specific standard.
      *       </p>
@@ -1127,18 +1299,21 @@ export type UnprocessedErrorCode = (typeof UnprocessedErrorCode)[keyof typeof Un
  */
 export interface UnprocessedSecurityControl {
     /**
+     * @public
      * <p> The control (identified with <code>SecurityControlId</code>,
      *             <code>SecurityControlArn</code>, or a mix of both parameters) for which a response
      *          couldn't be returned. </p>
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p>
      *          The error code for the unprocessed security control.
      *       </p>
      */
     ErrorCode: UnprocessedErrorCode | string | undefined;
     /**
+     * @public
      * <p>
      *          The reason why the security control was unprocessed.
      *       </p>
@@ -1150,6 +1325,7 @@ export interface UnprocessedSecurityControl {
  */
 export interface BatchGetSecurityControlsResponse {
     /**
+     * @public
      * <p>
      *          An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control.
      *          The same information is returned whether the request includes <code>SecurityControlId</code> or <code>SecurityControlArn</code>.
@@ -1157,6 +1333,7 @@ export interface BatchGetSecurityControlsResponse {
      */
     SecurityControls: SecurityControl[] | undefined;
     /**
+     * @public
      * <p>
      *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) for which
      *          details cannot be returned.
@@ -1173,6 +1350,7 @@ export interface BatchGetSecurityControlsResponse {
  */
 export interface StandardsControlAssociationId {
     /**
+     * @public
      * <p>
      *          The unique identifier (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) of a security
      *          control across standards.
@@ -1180,6 +1358,7 @@ export interface StandardsControlAssociationId {
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p>
      *          The ARN of a standard.
      *       </p>
@@ -1191,6 +1370,7 @@ export interface StandardsControlAssociationId {
  */
 export interface BatchGetStandardsControlAssociationsRequest {
     /**
+     * @public
      * <p>
      *          An array with one or more objects that includes a security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard.
      *          This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.
@@ -1204,12 +1384,14 @@ export interface BatchGetStandardsControlAssociationsRequest {
  */
 export interface StandardsControlAssociationDetail {
     /**
+     * @public
      * <p>
      *          The Amazon Resource Name (ARN) of a security standard.
      *       </p>
      */
     StandardsArn: string | undefined;
     /**
+     * @public
      * <p>
      *          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service
      *          name and a number, such as APIGateway.3.
@@ -1217,42 +1399,49 @@ export interface StandardsControlAssociationDetail {
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p> The ARN of a security control across standards, such as
      *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
      *          parameter doesn't mention a specific standard. </p>
      */
     SecurityControlArn: string | undefined;
     /**
+     * @public
      * <p>
      *          Specifies whether a control is enabled or disabled in a specified standard.
      *       </p>
      */
     AssociationStatus: AssociationStatus | string | undefined;
     /**
+     * @public
      * <p>
      *          The requirement that underlies a control in the compliance framework related to the standard.
      *       </p>
      */
     RelatedRequirements?: string[];
     /**
+     * @public
      * <p>
      *          The time at which the enablement status of the control in the specified standard was last updated.
      *       </p>
      */
     UpdatedAt?: Date;
     /**
+     * @public
      * <p>
      *          The reason for updating the enablement status of a control in a specified standard.
      *       </p>
      */
     UpdatedReason?: string;
     /**
+     * @public
      * <p>
      *          The title of a control. This field may reference a specific standard.
      *       </p>
      */
     StandardsControlTitle?: string;
     /**
+     * @public
      * <p>
      *          The description of a control. This typically summarizes how Security Hub evaluates the control and the
      *          conditions under which it produces a failed finding. This parameter may reference a specific standard.
@@ -1260,6 +1449,7 @@ export interface StandardsControlAssociationDetail {
      */
     StandardsControlDescription?: string;
     /**
+     * @public
      * <p> Provides the input parameter that Security Hub uses to call the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html">UpdateStandardsControl</a> API. This API can be used to enable or disable a control
      *          in a specified standard. </p>
      */
@@ -1273,6 +1463,7 @@ export interface StandardsControlAssociationDetail {
  */
 export interface UnprocessedStandardsControlAssociation {
     /**
+     * @public
      * <p> An array with one or more objects that includes a security control (identified with
      *             <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both
      *          parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the
@@ -1281,11 +1472,13 @@ export interface UnprocessedStandardsControlAssociation {
      */
     StandardsControlAssociationId: StandardsControlAssociationId | undefined;
     /**
+     * @public
      * <p>The error code for the unprocessed standard and control association.
      *       </p>
      */
     ErrorCode: UnprocessedErrorCode | string | undefined;
     /**
+     * @public
      * <p>The reason why the standard and control association was unprocessed. </p>
      */
     ErrorReason?: string;
@@ -1295,12 +1488,14 @@ export interface UnprocessedStandardsControlAssociation {
  */
 export interface BatchGetStandardsControlAssociationsResponse {
     /**
+     * @public
      * <p>Provides the enablement status of a security control in a specified standard and other details for the control in relation to
      *          the specified standard.
      *       </p>
      */
     StandardsControlAssociationDetails: StandardsControlAssociationDetail[] | undefined;
     /**
+     * @public
      * <p>
      *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) whose enablement
      *          status in a specified standard cannot be returned.
@@ -1313,6 +1508,7 @@ export interface BatchGetStandardsControlAssociationsResponse {
  */
 export interface BatchImportFindingsRequest {
     /**
+     * @public
      * <p>A list of findings to import. To successfully import a finding, it must follow the
      *             <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html">Amazon Web Services Security Finding Format</a>. Maximum of 100 findings per request.</p>
      */
@@ -1325,14 +1521,17 @@ export interface BatchImportFindingsRequest {
  */
 export interface ImportFindingsError {
     /**
+     * @public
      * <p>The identifier of the finding that could not be updated.</p>
      */
     Id: string | undefined;
     /**
+     * @public
      * <p>The code of the error returned by the <code>BatchImportFindings</code> operation.</p>
      */
     ErrorCode: string | undefined;
     /**
+     * @public
      * <p>The message of the error returned by the <code>BatchImportFindings</code>
      *          operation.</p>
      */
@@ -1343,14 +1542,17 @@ export interface ImportFindingsError {
  */
 export interface BatchImportFindingsResponse {
     /**
+     * @public
      * <p>The number of findings that failed to import.</p>
      */
     FailedCount: number | undefined;
     /**
+     * @public
      * <p>The number of findings that were successfully imported.</p>
      */
     SuccessCount: number | undefined;
     /**
+     * @public
      * <p>The list of findings that failed to import.</p>
      */
     FailedFindings?: ImportFindingsError[];
@@ -1363,12 +1565,14 @@ export interface BatchImportFindingsResponse {
  */
 export interface UpdateAutomationRulesRequestItem {
     /**
+     * @public
      * <p>
      *          The Amazon Resource Name (ARN) for the rule.
      *       </p>
      */
     RuleArn: string | undefined;
     /**
+     * @public
      * <p>
      *          Whether the rule is active after it is created. If
      *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
@@ -1380,24 +1584,28 @@ export interface UpdateAutomationRulesRequestItem {
      */
     RuleStatus?: RuleStatus | string;
     /**
+     * @public
      * <p> An integer ranging from 1 to 1000 that represents the order in which the rule action is
      *          applied to findings. Security Hub applies rules with lower values for this parameter
      *          first. </p>
      */
     RuleOrder?: number;
     /**
+     * @public
      * <p>
      *          A description of the rule.
      *       </p>
      */
     Description?: string;
     /**
+     * @public
      * <p>
      *          The name of the rule.
      *       </p>
      */
     RuleName?: string;
     /**
+     * @public
      * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
      *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
      *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
@@ -1405,6 +1613,7 @@ export interface UpdateAutomationRulesRequestItem {
      */
     IsTerminal?: boolean;
     /**
+     * @public
      * <p>
      *          A set of ASFF finding field attributes and corresponding expected values that
      *          Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in
@@ -1413,6 +1622,7 @@ export interface UpdateAutomationRulesRequestItem {
      */
     Criteria?: AutomationRulesFindingFilters;
     /**
+     * @public
      * <p>
      *          One or more actions to update finding fields if a finding matches the conditions
      *          specified in <code>Criteria</code>.
@@ -1425,6 +1635,7 @@ export interface UpdateAutomationRulesRequestItem {
  */
 export interface BatchUpdateAutomationRulesRequest {
     /**
+     * @public
      * <p>
      *          An array of ARNs for the rules that are to be updated. Optionally, you can also include
      *          <code>RuleStatus</code> and <code>RuleOrder</code>.
@@ -1437,12 +1648,14 @@ export interface BatchUpdateAutomationRulesRequest {
  */
 export interface BatchUpdateAutomationRulesResponse {
     /**
+     * @public
      * <p>
      *          A list of properly processed rule ARNs.
      *       </p>
      */
     ProcessedAutomationRules?: string[];
     /**
+     * @public
      * <p>
      *          A list of objects containing <code>RuleArn</code>, <code>ErrorCode</code>, and <code>ErrorMessage</code>. This parameter
      *          tells you which automation rules the request didn't update and why.
@@ -1455,6 +1668,7 @@ export interface BatchUpdateAutomationRulesResponse {
  */
 export interface BatchUpdateFindingsRequest {
     /**
+     * @public
      * <p>The list of findings to update. <code>BatchUpdateFindings</code> can be used to update
      *          up to 100 findings at a time.</p>
      *          <p>For each finding, the list provides the finding identifier and the ARN of the finding
@@ -1462,14 +1676,17 @@ export interface BatchUpdateFindingsRequest {
      */
     FindingIdentifiers: AwsSecurityFindingIdentifier[] | undefined;
     /**
+     * @public
      * <p>The updated note.</p>
      */
     Note?: NoteUpdate;
     /**
+     * @public
      * <p>Used to update the finding severity.</p>
      */
     Severity?: SeverityUpdate;
     /**
+     * @public
      * <p>Indicates the veracity of a finding.</p>
      *          <p>The available values for <code>VerificationState</code> are  as follows.</p>
      *          <ul>
@@ -1495,6 +1712,7 @@ export interface BatchUpdateFindingsRequest {
      */
     VerificationState?: VerificationState | string;
     /**
+     * @public
      * <p>The updated value for the finding confidence. Confidence is defined as the likelihood
      *          that a finding accurately identifies the behavior or issue that it was intended to
      *          identify.</p>
@@ -1503,6 +1721,7 @@ export interface BatchUpdateFindingsRequest {
      */
     Confidence?: number;
     /**
+     * @public
      * <p>The updated value for the level of importance assigned to the resources associated with
      *          the findings.</p>
      *          <p>A score of 0 means that the underlying resources have no criticality, and a score of 100
@@ -1510,6 +1729,7 @@ export interface BatchUpdateFindingsRequest {
      */
     Criticality?: number;
     /**
+     * @public
      * <p>One or more finding types in the format of namespace/category/classifier that classify a
      *          finding.</p>
      *          <p>Valid namespace values are as follows.</p>
@@ -1533,16 +1753,19 @@ export interface BatchUpdateFindingsRequest {
      */
     Types?: string[];
     /**
+     * @public
      * <p>A list of name/value string pairs associated with the finding. These are custom,
      *          user-defined fields added to a finding.</p>
      */
     UserDefinedFields?: Record<string, string>;
     /**
+     * @public
      * <p>Used to update the workflow status of a finding.</p>
      *          <p>The workflow status indicates the progress of the investigation into the finding. </p>
      */
     Workflow?: WorkflowUpdate;
     /**
+     * @public
      * <p>A list of findings that are related to the updated findings.</p>
      */
     RelatedFindings?: RelatedFinding[];
@@ -1554,10 +1777,12 @@ export interface BatchUpdateFindingsRequest {
  */
 export interface BatchUpdateFindingsUnprocessedFinding {
     /**
+     * @public
      * <p>The identifier of the finding that was not updated.</p>
      */
     FindingIdentifier: AwsSecurityFindingIdentifier | undefined;
     /**
+     * @public
      * <p>The code associated with the error. Possible values are:</p>
      *          <ul>
      *             <li>
@@ -1594,6 +1819,7 @@ export interface BatchUpdateFindingsUnprocessedFinding {
      */
     ErrorCode: string | undefined;
     /**
+     * @public
      * <p>The message associated with the error. Possible values are:</p>
      *          <ul>
      *             <li>
@@ -1635,10 +1861,12 @@ export interface BatchUpdateFindingsUnprocessedFinding {
  */
 export interface BatchUpdateFindingsResponse {
     /**
+     * @public
      * <p>The list of findings that were updated successfully.</p>
      */
     ProcessedFindings: AwsSecurityFindingIdentifier[] | undefined;
     /**
+     * @public
      * <p>The list of findings that were not updated.</p>
      */
     UnprocessedFindings: BatchUpdateFindingsUnprocessedFinding[] | undefined;
@@ -1651,19 +1879,23 @@ export interface BatchUpdateFindingsResponse {
  */
 export interface StandardsControlAssociationUpdate {
     /**
+     * @public
      * <p>The Amazon Resource Name (ARN) of the standard in which you want to update the
      *          control's enablement status.</p>
      */
     StandardsArn: string | undefined;
     /**
+     * @public
      * <p>The unique identifier for the security control whose enablement status you want to update.</p>
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p>The desired enablement status of the control in the standard.</p>
      */
     AssociationStatus: AssociationStatus | string | undefined;
     /**
+     * @public
      * <p>The reason for updating the control's enablement status in the standard.</p>
      */
     UpdatedReason?: string;
@@ -1673,6 +1905,7 @@ export interface StandardsControlAssociationUpdate {
  */
 export interface BatchUpdateStandardsControlAssociationsRequest {
     /**
+     * @public
      * <p>
      *          Updates the enablement status of a security control in a specified standard.
      *       </p>
@@ -1687,17 +1920,20 @@ export interface BatchUpdateStandardsControlAssociationsRequest {
  */
 export interface UnprocessedStandardsControlAssociationUpdate {
     /**
+     * @public
      * <p>An array of control and standard associations for which an update failed when calling
      *          <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">BatchUpdateStandardsControlAssociations</a>.
      *       </p>
      */
     StandardsControlAssociationUpdate: StandardsControlAssociationUpdate | undefined;
     /**
+     * @public
      * <p>The error code for the unprocessed update of the control's enablement status in the
      *          specified standard.</p>
      */
     ErrorCode: UnprocessedErrorCode | string | undefined;
     /**
+     * @public
      * <p>The reason why a control's enablement status in the specified standard couldn't be updated. </p>
      */
     ErrorReason?: string;
@@ -1707,6 +1943,7 @@ export interface UnprocessedStandardsControlAssociationUpdate {
  */
 export interface BatchUpdateStandardsControlAssociationsResponse {
     /**
+     * @public
      * <p>
      *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) whose enablement status in a specified standard couldn't be updated.
      *       </p>
@@ -1730,14 +1967,17 @@ export type ControlFindingGenerator = (typeof ControlFindingGenerator)[keyof typ
  */
 export interface CreateActionTargetRequest {
     /**
+     * @public
      * <p>The name of the custom action target. Can contain up to 20 characters.</p>
      */
     Name: string | undefined;
     /**
+     * @public
      * <p>The description for the custom action target.</p>
      */
     Description: string | undefined;
     /**
+     * @public
      * <p>The ID for the custom action target. Can contain up to 20 alphanumeric characters.</p>
      */
     Id: string | undefined;
@@ -1747,6 +1987,7 @@ export interface CreateActionTargetRequest {
  */
 export interface CreateActionTargetResponse {
     /**
+     * @public
      * <p>The Amazon Resource Name (ARN) for the custom action target.</p>
      */
     ActionTargetArn: string | undefined;
@@ -1770,12 +2011,14 @@ export declare class ResourceConflictException extends __BaseException {
  */
 export interface CreateAutomationRuleRequest {
     /**
+     * @public
      * <p>
      *             User-defined tags that help you label the purpose of a rule.
      *         </p>
      */
     Tags?: Record<string, string>;
     /**
+     * @public
      * <p>
      *          Whether the rule is active after it is created. If
      *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
@@ -1787,24 +2030,28 @@ export interface CreateAutomationRuleRequest {
      */
     RuleStatus?: RuleStatus | string;
     /**
+     * @public
      * <p>An integer ranging from 1 to 1000 that represents the order in which the rule action is
      *          applied to findings. Security Hub applies rules with lower values for this parameter
      *          first. </p>
      */
     RuleOrder: number | undefined;
     /**
+     * @public
      * <p>
      *          The name of the rule.
      *       </p>
      */
     RuleName: string | undefined;
     /**
+     * @public
      * <p>
      *          A description of the rule.
      *       </p>
      */
     Description: string | undefined;
     /**
+     * @public
      * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
      *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
      *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
@@ -1812,6 +2059,7 @@ export interface CreateAutomationRuleRequest {
      */
     IsTerminal?: boolean;
     /**
+     * @public
      * <p>
      *          A set of ASFF finding field attributes and corresponding expected values that
      *          Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in
@@ -1820,6 +2068,7 @@ export interface CreateAutomationRuleRequest {
      */
     Criteria: AutomationRulesFindingFilters | undefined;
     /**
+     * @public
      * <p>
      *          One or more actions to update finding fields if a finding matches the conditions
      *          specified in <code>Criteria</code>.
@@ -1832,6 +2081,7 @@ export interface CreateAutomationRuleRequest {
  */
 export interface CreateAutomationRuleResponse {
     /**
+     * @public
      * <p>
      *          The Amazon Resource Name (ARN) of the automation rule that you created.
      *       </p>
@@ -1843,6 +2093,7 @@ export interface CreateAutomationRuleResponse {
  */
 export interface CreateFindingAggregatorRequest {
     /**
+     * @public
      * <p>Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.</p>
      *          <p>The selected option also determines how to use the Regions provided in the Regions list.</p>
      *          <p>The options are as follows:</p>
@@ -1866,6 +2117,7 @@ export interface CreateFindingAggregatorRequest {
      */
     RegionLinkingMode: string | undefined;
     /**
+     * @public
      * <p>If <code>RegionLinkingMode</code> is <code>ALL_REGIONS_EXCEPT_SPECIFIED</code>, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.</p>
      *          <p>If <code>RegionLinkingMode</code> is <code>SPECIFIED_REGIONS</code>, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
      *       </p>
@@ -1877,18 +2129,22 @@ export interface CreateFindingAggregatorRequest {
  */
 export interface CreateFindingAggregatorResponse {
     /**
+     * @public
      * <p>The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.</p>
      */
     FindingAggregatorArn?: string;
     /**
+     * @public
      * <p>The aggregation Region.</p>
      */
     FindingAggregationRegion?: string;
     /**
+     * @public
      * <p>Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.</p>
      */
     RegionLinkingMode?: string;
     /**
+     * @public
      * <p>The list of excluded Regions or included Regions.</p>
      */
     Regions?: string[];
@@ -1898,15 +2154,18 @@ export interface CreateFindingAggregatorResponse {
  */
 export interface CreateInsightRequest {
     /**
+     * @public
      * <p>The name of the custom insight to create.</p>
      */
     Name: string | undefined;
     /**
+     * @public
      * <p>One or more attributes used to filter the findings included in the insight. The insight
      *          only includes findings that match the criteria defined in the filters.</p>
      */
     Filters: AwsSecurityFindingFilters | undefined;
     /**
+     * @public
      * <p>The attribute used to group the findings for the insight. The grouping attribute
      *          identifies the type of item that the insight applies to. For example, if an insight is
      *          grouped by resource identifier, then the insight produces a list of resource
@@ -1919,6 +2178,7 @@ export interface CreateInsightRequest {
  */
 export interface CreateInsightResponse {
     /**
+     * @public
      * <p>The ARN of the insight created.</p>
      */
     InsightArn: string | undefined;
@@ -1928,6 +2188,7 @@ export interface CreateInsightResponse {
  */
 export interface CreateMembersRequest {
     /**
+     * @public
      * <p>The list of accounts to associate with the Security Hub administrator account. For each account, the
      *          list includes the account ID and optionally the email address.</p>
      */
@@ -1939,10 +2200,12 @@ export interface CreateMembersRequest {
  */
 export interface Result {
     /**
+     * @public
      * <p>An Amazon Web Services account ID of the account that was not processed.</p>
      */
     AccountId?: string;
     /**
+     * @public
      * <p>The reason that the account was not processed.</p>
      */
     ProcessingResult?: string;
@@ -1952,6 +2215,7 @@ export interface Result {
  */
 export interface CreateMembersResponse {
     /**
+     * @public
      * <p>The list of Amazon Web Services accounts that were not processed. For each account, the list includes
      *          the account ID and the email address.</p>
      */
@@ -1962,6 +2226,7 @@ export interface CreateMembersResponse {
  */
 export interface DeclineInvitationsRequest {
     /**
+     * @public
      * <p>The list of prospective member account IDs for which to decline an invitation.</p>
      */
     AccountIds: string[] | undefined;
@@ -1971,6 +2236,7 @@ export interface DeclineInvitationsRequest {
  */
 export interface DeclineInvitationsResponse {
     /**
+     * @public
      * <p>The list of Amazon Web Services accounts that were not processed. For each account, the list includes
      *          the account ID and the email address.</p>
      */
@@ -1981,6 +2247,7 @@ export interface DeclineInvitationsResponse {
  */
 export interface DeleteActionTargetRequest {
     /**
+     * @public
      * <p>The Amazon Resource Name (ARN) of the custom action target to delete.</p>
      */
     ActionTargetArn: string | undefined;
@@ -1990,6 +2257,7 @@ export interface DeleteActionTargetRequest {
  */
 export interface DeleteActionTargetResponse {
     /**
+     * @public
      * <p>The ARN of the custom action target that was deleted.</p>
      */
     ActionTargetArn: string | undefined;
@@ -1999,6 +2267,7 @@ export interface DeleteActionTargetResponse {
  */
 export interface DeleteFindingAggregatorRequest {
     /**
+     * @public
      * <p>The ARN of the finding aggregator to delete. To obtain the ARN, use <code>ListFindingAggregators</code>.</p>
      */
     FindingAggregatorArn: string | undefined;
@@ -2013,6 +2282,7 @@ export interface DeleteFindingAggregatorResponse {
  */
 export interface DeleteInsightRequest {
     /**
+     * @public
      * <p>The ARN of the insight to delete.</p>
      */
     InsightArn: string | undefined;
@@ -2022,6 +2292,7 @@ export interface DeleteInsightRequest {
  */
 export interface DeleteInsightResponse {
     /**
+     * @public
      * <p>The ARN of the insight that was deleted.</p>
      */
     InsightArn: string | undefined;
@@ -2031,6 +2302,7 @@ export interface DeleteInsightResponse {
  */
 export interface DeleteInvitationsRequest {
     /**
+     * @public
      * <p>The list of member account IDs that received the invitations you want to delete.</p>
      */
     AccountIds: string[] | undefined;
@@ -2040,6 +2312,7 @@ export interface DeleteInvitationsRequest {
  */
 export interface DeleteInvitationsResponse {
     /**
+     * @public
      * <p>The list of Amazon Web Services accounts for which the invitations were not deleted. For each account,
      *          the list includes the account ID and the email address.</p>
      */
@@ -2050,6 +2323,7 @@ export interface DeleteInvitationsResponse {
  */
 export interface DeleteMembersRequest {
     /**
+     * @public
      * <p>The list of account IDs for the member accounts to delete.</p>
      */
     AccountIds: string[] | undefined;
@@ -2059,6 +2333,7 @@ export interface DeleteMembersRequest {
  */
 export interface DeleteMembersResponse {
     /**
+     * @public
      * <p>The list of Amazon Web Services accounts that were not deleted. For each account, the list includes the
      *          account ID and the email address.</p>
      */
@@ -2069,10 +2344,12 @@ export interface DeleteMembersResponse {
  */
 export interface DescribeActionTargetsRequest {
     /**
+     * @public
      * <p>A list of custom action target ARNs for the custom action targets to retrieve.</p>
      */
     ActionTargetArns?: string[];
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>DescribeActionTargets</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -2081,6 +2358,7 @@ export interface DescribeActionTargetsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of results to return.</p>
      */
     MaxResults?: number;
@@ -2090,12 +2368,14 @@ export interface DescribeActionTargetsRequest {
  */
 export interface DescribeActionTargetsResponse {
     /**
+     * @public
      * <p>A list of <code>ActionTarget</code> objects. Each object includes the <code>ActionTargetArn</code>,
      *             <code>Description</code>, and <code>Name</code> of a custom action target available in
      *          Security Hub.</p>
      */
     ActionTargets: ActionTarget[] | undefined;
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -2105,6 +2385,7 @@ export interface DescribeActionTargetsResponse {
  */
 export interface DescribeHubRequest {
     /**
+     * @public
      * <p>The ARN of the Hub resource to retrieve.</p>
      */
     HubArn?: string;
@@ -2114,14 +2395,17 @@ export interface DescribeHubRequest {
  */
 export interface DescribeHubResponse {
     /**
+     * @public
      * <p>The ARN of the Hub resource that was retrieved.</p>
      */
     HubArn?: string;
     /**
+     * @public
      * <p>The date and time when Security Hub was enabled in the account.</p>
      */
     SubscribedAt?: string;
     /**
+     * @public
      * <p>Whether to automatically enable new controls when they are added to standards that are
      *          enabled.</p>
      *          <p>If set to <code>true</code>, then new controls for enabled standards are enabled
@@ -2129,6 +2413,7 @@ export interface DescribeHubResponse {
      */
     AutoEnableControls?: boolean;
     /**
+     * @public
      * <p>Specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to
      *          <code>SECURITY_CONTROL</code>, Security Hub generates a single finding for a control check even when the check
      *          applies to multiple enabled standards.</p>
@@ -2151,17 +2436,20 @@ export interface DescribeOrganizationConfigurationRequest {
  */
 export interface DescribeOrganizationConfigurationResponse {
     /**
+     * @public
      * <p>Whether to automatically enable Security Hub for new accounts in the organization.</p>
      *          <p>If set to <code>true</code>, then Security Hub is enabled for new accounts. If set to false,
      *          then new accounts are not added automatically.</p>
      */
     AutoEnable?: boolean;
     /**
+     * @public
      * <p>Whether the maximum number of allowed member accounts are already associated with the
      *          Security Hub administrator account.</p>
      */
     MemberAccountLimitReached?: boolean;
     /**
+     * @public
      * <p>Whether to automatically enable Security Hub <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html">default standards</a>
      *          for new member accounts in the organization.</p>
      *          <p>The default value of this parameter is equal to <code>DEFAULT</code>.</p>
@@ -2176,6 +2464,7 @@ export interface DescribeOrganizationConfigurationResponse {
  */
 export interface DescribeProductsRequest {
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>DescribeProducts</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -2184,10 +2473,12 @@ export interface DescribeProductsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of results to return.</p>
      */
     MaxResults?: number;
     /**
+     * @public
      * <p>The ARN of the integration to return.</p>
      */
     ProductArn?: string;
@@ -2211,26 +2502,32 @@ export type IntegrationType = (typeof IntegrationType)[keyof typeof IntegrationT
  */
 export interface Product {
     /**
+     * @public
      * <p>The ARN assigned to the product.</p>
      */
     ProductArn: string | undefined;
     /**
+     * @public
      * <p>The name of the product.</p>
      */
     ProductName?: string;
     /**
+     * @public
      * <p>The name of the company that provides the product.</p>
      */
     CompanyName?: string;
     /**
+     * @public
      * <p>A description of the product.</p>
      */
     Description?: string;
     /**
+     * @public
      * <p>The categories assigned to the product.</p>
      */
     Categories?: string[];
     /**
+     * @public
      * <p>The types of integration that the product supports. Available values are the
      *          following.</p>
      *          <ul>
@@ -2252,15 +2549,18 @@ export interface Product {
      */
     IntegrationTypes?: (IntegrationType | string)[];
     /**
+     * @public
      * <p>For integrations with Amazon Web Services services, the Amazon Web Services Console URL from which to activate the service.</p>
      *          <p>For integrations with third-party products, the Amazon Web Services Marketplace URL from which to subscribe to or purchase the product.</p>
      */
     MarketplaceUrl?: string;
     /**
+     * @public
      * <p>The URL to the service or product documentation about the integration with Security Hub, including how to activate the integration.</p>
      */
     ActivationUrl?: string;
     /**
+     * @public
      * <p>The resource policy associated with the product.</p>
      */
     ProductSubscriptionResourcePolicy?: string;
@@ -2270,10 +2570,12 @@ export interface Product {
  */
 export interface DescribeProductsResponse {
     /**
+     * @public
      * <p>A list of products, including details for each product.</p>
      */
     Products: Product[] | undefined;
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -2283,6 +2585,7 @@ export interface DescribeProductsResponse {
  */
 export interface DescribeStandardsRequest {
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>DescribeStandards</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -2291,6 +2594,7 @@ export interface DescribeStandardsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of standards to return.</p>
      */
     MaxResults?: number;
@@ -2301,11 +2605,13 @@ export interface DescribeStandardsRequest {
  */
 export interface StandardsManagedBy {
     /**
+     * @public
      * <p>An identifier for the company that manages a specific security standard. For existing
      *          standards, the value is equal to <code>Amazon Web Services</code>.</p>
      */
     Company?: string;
     /**
+     * @public
      * <p>An identifier for the product that manages a specific security standard. For existing
      *          standards, the value is equal to the Amazon Web Services service that manages the
      *          standard.</p>
@@ -2318,18 +2624,22 @@ export interface StandardsManagedBy {
  */
 export interface Standard {
     /**
+     * @public
      * <p>The ARN of a standard.</p>
      */
     StandardsArn?: string;
     /**
+     * @public
      * <p>The name of the standard.</p>
      */
     Name?: string;
     /**
+     * @public
      * <p>A description of the standard.</p>
      */
     Description?: string;
     /**
+     * @public
      * <p>Whether the standard is enabled by default. When Security Hub is enabled from the console, if a
      *          standard is enabled by default, the check box for that standard is selected by
      *          default.</p>
@@ -2339,6 +2649,7 @@ export interface Standard {
      */
     EnabledByDefault?: boolean;
     /**
+     * @public
      * <p>Provides details about the management of a standard.
      *       </p>
      */
@@ -2349,10 +2660,12 @@ export interface Standard {
  */
 export interface DescribeStandardsResponse {
     /**
+     * @public
      * <p>A list of available standards.</p>
      */
     Standards?: Standard[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -2362,11 +2675,13 @@ export interface DescribeStandardsResponse {
  */
 export interface DescribeStandardsControlsRequest {
     /**
+     * @public
      * <p>The ARN of a resource that represents your subscription to a supported standard. To get
      *          the subscription ARNs of the standards you have enabled, use the <code>GetEnabledStandards</code> operation.</p>
      */
     StandardsSubscriptionArn: string | undefined;
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>DescribeStandardsControls</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -2375,6 +2690,7 @@ export interface DescribeStandardsControlsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of security standard controls to return.</p>
      */
     MaxResults?: number;
@@ -2385,48 +2701,58 @@ export interface DescribeStandardsControlsRequest {
  */
 export interface StandardsControl {
     /**
+     * @public
      * <p>The ARN of the security standard control.</p>
      */
     StandardsControlArn?: string;
     /**
+     * @public
      * <p>The current status of the security standard control. Indicates whether the control is
      *          enabled or disabled. Security Hub does not check against disabled controls.</p>
      */
     ControlStatus?: ControlStatus | string;
     /**
+     * @public
      * <p>The reason provided for the most recent change in status for the control.</p>
      */
     DisabledReason?: string;
     /**
+     * @public
      * <p>The date and time that the status of the security standard control was most recently
      *          updated.</p>
      */
     ControlStatusUpdatedAt?: Date;
     /**
+     * @public
      * <p>The identifier of the security standard control.</p>
      */
     ControlId?: string;
     /**
+     * @public
      * <p>The title of the security standard control.</p>
      */
     Title?: string;
     /**
+     * @public
      * <p>The longer description of the security standard control. Provides information about what
      *          the control is checking for.</p>
      */
     Description?: string;
     /**
+     * @public
      * <p>A link to remediation information for the control in the Security Hub user
      *          documentation.</p>
      */
     RemediationUrl?: string;
     /**
+     * @public
      * <p>The severity of findings generated from this security standard control.</p>
      *          <p>The finding severity is based on an assessment of how easy it would be to compromise Amazon Web Services
      *          resources if the issue is detected.</p>
      */
     SeverityRating?: SeverityRating | string;
     /**
+     * @public
      * <p>The list of requirements that are related to this control.</p>
      */
     RelatedRequirements?: string[];
@@ -2436,10 +2762,12 @@ export interface StandardsControl {
  */
 export interface DescribeStandardsControlsResponse {
     /**
+     * @public
      * <p>A list of security standards controls.</p>
      */
     Controls?: StandardsControl[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -2449,6 +2777,7 @@ export interface DescribeStandardsControlsResponse {
  */
 export interface DisableImportFindingsForProductRequest {
     /**
+     * @public
      * <p>The ARN of the integrated product to disable the integration for.</p>
      */
     ProductSubscriptionArn: string | undefined;
@@ -2463,6 +2792,7 @@ export interface DisableImportFindingsForProductResponse {
  */
 export interface DisableOrganizationAdminAccountRequest {
     /**
+     * @public
      * <p>The Amazon Web Services account identifier of the Security Hub administrator account.</p>
      */
     AdminAccountId: string | undefined;
@@ -2507,6 +2837,7 @@ export interface DisassociateFromMasterAccountResponse {
  */
 export interface DisassociateMembersRequest {
     /**
+     * @public
      * <p>The account IDs of the member accounts to disassociate from the administrator account.</p>
      */
     AccountIds: string[] | undefined;
@@ -2521,6 +2852,7 @@ export interface DisassociateMembersResponse {
  */
 export interface EnableImportFindingsForProductRequest {
     /**
+     * @public
      * <p>The ARN of the product to enable the integration for.</p>
      */
     ProductArn: string | undefined;
@@ -2530,6 +2862,7 @@ export interface EnableImportFindingsForProductRequest {
  */
 export interface EnableImportFindingsForProductResponse {
     /**
+     * @public
      * <p>The ARN of your subscription to the product to enable integrations for.</p>
      */
     ProductSubscriptionArn?: string;
@@ -2539,6 +2872,7 @@ export interface EnableImportFindingsForProductResponse {
  */
 export interface EnableOrganizationAdminAccountRequest {
     /**
+     * @public
      * <p>The Amazon Web Services account identifier of the account to designate as the Security Hub administrator
      *          account.</p>
      */
@@ -2554,10 +2888,12 @@ export interface EnableOrganizationAdminAccountResponse {
  */
 export interface EnableSecurityHubRequest {
     /**
+     * @public
      * <p>The tags to add to the hub resource when you enable Security Hub.</p>
      */
     Tags?: Record<string, string>;
     /**
+     * @public
      * <p>Whether to enable the security standards that Security Hub has designated as automatically
      *          enabled. If you do not provide a value for <code>EnableDefaultStandards</code>, it is set
      *          to <code>true</code>. To not enable the automatically enabled standards, set
@@ -2565,6 +2901,7 @@ export interface EnableSecurityHubRequest {
      */
     EnableDefaultStandards?: boolean;
     /**
+     * @public
      * <p>This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on.
      *       If the value for this field is set to
      *       <code>SECURITY_CONTROL</code>, Security Hub generates a single finding for a control check even when the check
@@ -2589,6 +2926,7 @@ export interface EnableSecurityHubResponse {
  */
 export interface FindingAggregator {
     /**
+     * @public
      * <p>The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.</p>
      */
     FindingAggregatorArn?: string;
@@ -2601,18 +2939,21 @@ export interface FindingAggregator {
  */
 export interface FindingHistoryUpdate {
     /**
+     * @public
      * <p>
      *          The ASFF field that changed during the finding change event.
      *       </p>
      */
     UpdatedField?: string;
     /**
+     * @public
      * <p>
      *          The value of the ASFF field before the finding change event.
      *       </p>
      */
     OldValue?: string;
     /**
+     * @public
      * <p>
      *          The value of the ASFF field after the finding change event. To preserve storage and readability, Security Hub omits this value
      *           if <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_FindingHistoryRecord.html">
@@ -2642,6 +2983,7 @@ export type FindingHistoryUpdateSourceType = (typeof FindingHistoryUpdateSourceT
  */
 export interface FindingHistoryUpdateSource {
     /**
+     * @public
      * <p>
      *          Describes the type of finding change event, such as a call to <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html">
      *                <code>BatchImportFindings</code>
@@ -2652,6 +2994,7 @@ export interface FindingHistoryUpdateSource {
      */
     Type?: FindingHistoryUpdateSourceType | string;
     /**
+     * @public
      * <p>
      *          The identity of the source that initiated the finding change event. For example, the Amazon Resource Name (ARN) of a partner that calls BatchImportFindings or of a customer that calls BatchUpdateFindings.
      *       </p>
@@ -2667,10 +3010,12 @@ export interface FindingHistoryUpdateSource {
  */
 export interface FindingHistoryRecord {
     /**
+     * @public
      * <p>Identifies which finding to get the finding history for.</p>
      */
     FindingIdentifier?: AwsSecurityFindingIdentifier;
     /**
+     * @public
      * <p> An ISO 8601-formatted timestamp that indicates when Security Hub
      *             processed the updated finding record.</p>
      *          <p>A correctly formatted example is
@@ -2680,6 +3025,7 @@ export interface FindingHistoryRecord {
      */
     UpdateTime?: Date;
     /**
+     * @public
      * <p>
      *          Identifies whether the event marks the creation of a new finding. A value of <code>True</code> means that the finding is
      *          newly created. A value of <code>False</code> means that the finding isn’t newly created.
@@ -2687,6 +3033,7 @@ export interface FindingHistoryRecord {
      */
     FindingCreated?: boolean;
     /**
+     * @public
      * <p> Identifies the source of the event that changed the finding. For example, an integrated
      *                 Amazon Web Service or third-party partner integration may call <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html">
      *                <code>BatchImportFindings</code>
@@ -2697,6 +3044,7 @@ export interface FindingHistoryRecord {
      */
     UpdateSource?: FindingHistoryUpdateSource;
     /**
+     * @public
      * <p>
      *          An array of objects that provides details about the finding change event, including the Amazon Web Services Security
      *          Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after
@@ -2705,6 +3053,7 @@ export interface FindingHistoryRecord {
      */
     Updates?: FindingHistoryUpdate[];
     /**
+     * @public
      * <p>
      *          A token for pagination purposes. Provide this token in the subsequent request to <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsHistory.html">
      *                <code>GetFindingsHistory</code>
@@ -2725,18 +3074,22 @@ export interface GetAdministratorAccountRequest {
  */
 export interface Invitation {
     /**
+     * @public
      * <p>The account ID of the Security Hub administrator account that the invitation was sent from.</p>
      */
     AccountId?: string;
     /**
+     * @public
      * <p>The ID of the invitation sent to the member account.</p>
      */
     InvitationId?: string;
     /**
+     * @public
      * <p>The timestamp of when the invitation was sent.</p>
      */
     InvitedAt?: Date;
     /**
+     * @public
      * <p>The current status of the association between the member and administrator accounts.</p>
      */
     MemberStatus?: string;
@@ -2746,6 +3099,7 @@ export interface Invitation {
  */
 export interface GetAdministratorAccountResponse {
     /**
+     * @public
      * <p>Details about an invitation.</p>
      */
     Administrator?: Invitation;
@@ -2755,10 +3109,12 @@ export interface GetAdministratorAccountResponse {
  */
 export interface GetEnabledStandardsRequest {
     /**
+     * @public
      * <p>The list of the standards subscription ARNs for the standards to retrieve.</p>
      */
     StandardsSubscriptionArns?: string[];
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>GetEnabledStandards</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -2767,6 +3123,7 @@ export interface GetEnabledStandardsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of results to return in the response.</p>
      */
     MaxResults?: number;
@@ -2776,11 +3133,13 @@ export interface GetEnabledStandardsRequest {
  */
 export interface GetEnabledStandardsResponse {
     /**
+     * @public
      * <p>The list of <code>StandardsSubscriptions</code> objects that include information about
      *          the enabled standards.</p>
      */
     StandardsSubscriptions?: StandardsSubscription[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -2790,6 +3149,7 @@ export interface GetEnabledStandardsResponse {
  */
 export interface GetFindingAggregatorRequest {
     /**
+     * @public
      * <p>The ARN of the finding aggregator to return details for. To obtain the ARN, use <code>ListFindingAggregators</code>.</p>
      */
     FindingAggregatorArn: string | undefined;
@@ -2799,18 +3159,22 @@ export interface GetFindingAggregatorRequest {
  */
 export interface GetFindingAggregatorResponse {
     /**
+     * @public
      * <p>The ARN of the finding aggregator.</p>
      */
     FindingAggregatorArn?: string;
     /**
+     * @public
      * <p>The aggregation Region.</p>
      */
     FindingAggregationRegion?: string;
     /**
+     * @public
      * <p>Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.</p>
      */
     RegionLinkingMode?: string;
     /**
+     * @public
      * <p>The list of excluded Regions or included Regions.</p>
      */
     Regions?: string[];
@@ -2820,10 +3184,12 @@ export interface GetFindingAggregatorResponse {
  */
 export interface GetFindingHistoryRequest {
     /**
+     * @public
      * <p>Identifies which finding to get the finding history for.</p>
      */
     FindingIdentifier: AwsSecurityFindingIdentifier | undefined;
     /**
+     * @public
      * <p>
      *          An ISO 8601-formatted timestamp that indicates the start time of the requested finding history. A correctly formatted
      *          example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated
@@ -2841,6 +3207,7 @@ export interface GetFindingHistoryRequest {
      */
     StartTime?: Date;
     /**
+     * @public
      * <p>
      *          An ISO 8601-formatted timestamp that indicates the end time of the requested finding history. A correctly formatted
      *          example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated
@@ -2858,6 +3225,7 @@ export interface GetFindingHistoryRequest {
      */
     EndTime?: Date;
     /**
+     * @public
      * <p>
      *          A token for pagination purposes. Provide <code>NULL</code> as the initial value. In subsequent requests, provide the
      *          token included in the response to get up to an additional 100 results of finding history. If you don’t provide
@@ -2866,6 +3234,7 @@ export interface GetFindingHistoryRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>
      *          The maximum number of results to be returned. If you don’t provide it, Security Hub returns up to 100 results of finding history.
      *       </p>
@@ -2877,12 +3246,14 @@ export interface GetFindingHistoryRequest {
  */
 export interface GetFindingHistoryResponse {
     /**
+     * @public
      * <p>
      *          A list of events that altered the specified finding during the specified time period.
      *       </p>
      */
     Records?: FindingHistoryRecord[];
     /**
+     * @public
      * <p>
      *          A token for pagination purposes. Provide this token in the subsequent request to <code>GetFindingsHistory</code> to
      *          get up to an additional 100 results of history for the same finding that you specified in your initial request.
@@ -2908,10 +3279,12 @@ export type SortOrder = (typeof SortOrder)[keyof typeof SortOrder];
  */
 export interface SortCriterion {
     /**
+     * @public
      * <p>The finding attribute used to sort findings.</p>
      */
     Field?: string;
     /**
+     * @public
      * <p>The order used to sort findings.</p>
      */
     SortOrder?: SortOrder | string;
@@ -2921,6 +3294,7 @@ export interface SortCriterion {
  */
 export interface GetFindingsRequest {
     /**
+     * @public
      * <p>The finding attributes used to define a condition to filter the returned
      *          findings.</p>
      *          <p>You can filter by up to 10 finding attributes. For each attribute, you can provide up to
@@ -2930,10 +3304,12 @@ export interface GetFindingsRequest {
      */
     Filters?: AwsSecurityFindingFilters;
     /**
+     * @public
      * <p>The finding attributes used to sort the list of returned findings.</p>
      */
     SortCriteria?: SortCriterion[];
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>GetFindings</code> operation, set the value of this parameter to
      *          <code>NULL</code>.</p>
@@ -2942,6 +3318,7 @@ export interface GetFindingsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of findings to return.</p>
      */
     MaxResults?: number;
@@ -2951,10 +3328,12 @@ export interface GetFindingsRequest {
  */
 export interface GetFindingsResponse {
     /**
+     * @public
      * <p>The findings that matched the filters specified in the request.</p>
      */
     Findings: AwsSecurityFinding[] | undefined;
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -2964,6 +3343,7 @@ export interface GetFindingsResponse {
  */
 export interface GetInsightResultsRequest {
     /**
+     * @public
      * <p>The ARN of the insight for which to return results.</p>
      */
     InsightArn: string | undefined;
@@ -2975,11 +3355,13 @@ export interface GetInsightResultsRequest {
  */
 export interface InsightResultValue {
     /**
+     * @public
      * <p>The value of the attribute that the findings are grouped by for the insight whose
      *          results are returned by the <code>GetInsightResults</code> operation.</p>
      */
     GroupByAttributeValue: string | undefined;
     /**
+     * @public
      * <p>The number of findings returned for each <code>GroupByAttributeValue</code>.</p>
      */
     Count: number | undefined;
@@ -2990,16 +3372,19 @@ export interface InsightResultValue {
  */
 export interface InsightResults {
     /**
+     * @public
      * <p>The ARN of the insight whose results are returned by the <code>GetInsightResults</code>
      *          operation.</p>
      */
     InsightArn: string | undefined;
     /**
+     * @public
      * <p>The attribute that the findings are grouped by for the insight whose results are
      *          returned by the <code>GetInsightResults</code> operation.</p>
      */
     GroupByAttribute: string | undefined;
     /**
+     * @public
      * <p>The list of insight result values returned by the <code>GetInsightResults</code>
      *          operation.</p>
      */
@@ -3010,6 +3395,7 @@ export interface InsightResults {
  */
 export interface GetInsightResultsResponse {
     /**
+     * @public
      * <p>The insight results returned by the operation.</p>
      */
     InsightResults: InsightResults | undefined;
@@ -3019,12 +3405,14 @@ export interface GetInsightResultsResponse {
  */
 export interface GetInsightsRequest {
     /**
+     * @public
      * <p>The ARNs of the insights to describe. If you do not provide any insight ARNs, then
      *             <code>GetInsights</code> returns all of your custom insights. It does not return any
      *          managed insights.</p>
      */
     InsightArns?: string[];
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>GetInsights</code> operation, set the value of this parameter to
      *          <code>NULL</code>.</p>
@@ -3033,6 +3421,7 @@ export interface GetInsightsRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of items to return in the response.</p>
      */
     MaxResults?: number;
@@ -3043,19 +3432,23 @@ export interface GetInsightsRequest {
  */
 export interface Insight {
     /**
+     * @public
      * <p>The ARN of a Security Hub insight.</p>
      */
     InsightArn: string | undefined;
     /**
+     * @public
      * <p>The name of a Security Hub insight.</p>
      */
     Name: string | undefined;
     /**
+     * @public
      * <p>One or more attributes used to filter the findings included in the insight. The insight
      *          only includes findings that match the criteria defined in the filters.</p>
      */
     Filters: AwsSecurityFindingFilters | undefined;
     /**
+     * @public
      * <p>The grouping attribute for the insight's findings. Indicates how to group the matching
      *          findings, and identifies the type of item that the insight applies to. For example, if an
      *          insight is grouped by resource identifier, then the insight produces a list of resource
@@ -3068,10 +3461,12 @@ export interface Insight {
  */
 export interface GetInsightsResponse {
     /**
+     * @public
      * <p>The insights returned by the operation.</p>
      */
     Insights: Insight[] | undefined;
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -3086,6 +3481,7 @@ export interface GetInvitationsCountRequest {
  */
 export interface GetInvitationsCountResponse {
     /**
+     * @public
      * <p>The number of all membership invitations sent to this Security Hub member account, not
      *          including the currently accepted invitation.</p>
      */
@@ -3101,6 +3497,7 @@ export interface GetMasterAccountRequest {
  */
 export interface GetMasterAccountResponse {
     /**
+     * @public
      * <p>A list of details about the Security Hub administrator account for the current member account.
      *       </p>
      */
@@ -3111,6 +3508,7 @@ export interface GetMasterAccountResponse {
  */
 export interface GetMembersRequest {
     /**
+     * @public
      * <p>The list of account IDs for the Security Hub member accounts to return the details for. </p>
      */
     AccountIds: string[] | undefined;
@@ -3121,14 +3519,17 @@ export interface GetMembersRequest {
  */
 export interface Member {
     /**
+     * @public
      * <p>The Amazon Web Services account ID of the member account.</p>
      */
     AccountId?: string;
     /**
+     * @public
      * <p>The email address of the member account.</p>
      */
     Email?: string;
     /**
+     * @public
      * @deprecated
      *
      * <p>This is replaced by <code>AdministratorID</code>.</p>
@@ -3136,10 +3537,12 @@ export interface Member {
      */
     MasterId?: string;
     /**
+     * @public
      * <p>The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.</p>
      */
     AdministratorId?: string;
     /**
+     * @public
      * <p>The status of the relationship between the member account and its administrator account.
      *       </p>
      *          <p>The status can have one of the following values:</p>
@@ -3183,11 +3586,13 @@ export interface Member {
      */
     MemberStatus?: string;
     /**
+     * @public
      * <p>A timestamp for the date and time when the invitation was sent to the member
      *          account.</p>
      */
     InvitedAt?: Date;
     /**
+     * @public
      * <p>The timestamp for the date and time when the member account was updated.</p>
      */
     UpdatedAt?: Date;
@@ -3197,10 +3602,12 @@ export interface Member {
  */
 export interface GetMembersResponse {
     /**
+     * @public
      * <p>The list of details about the Security Hub member accounts.</p>
      */
     Members?: Member[];
     /**
+     * @public
      * <p>The list of Amazon Web Services accounts that could not be processed. For each account, the list
      *          includes the account ID and the email address.</p>
      */
@@ -3211,6 +3618,7 @@ export interface GetMembersResponse {
  */
 export interface InviteMembersRequest {
     /**
+     * @public
      * <p>The list of account IDs of the Amazon Web Services accounts to invite to Security Hub as members. </p>
      */
     AccountIds: string[] | undefined;
@@ -3220,6 +3628,7 @@ export interface InviteMembersRequest {
  */
 export interface InviteMembersResponse {
     /**
+     * @public
      * <p>The list of Amazon Web Services accounts that could not be processed. For each account, the list
      *          includes the account ID and the email address.</p>
      */
@@ -3230,6 +3639,7 @@ export interface InviteMembersResponse {
  */
 export interface ListAutomationRulesRequest {
     /**
+     * @public
      * <p>
      *          A token to specify where to start paginating the response. This is the <code>NextToken</code>
      *          from a previously truncated response. On your first call to the <code>ListAutomationRules</code>
@@ -3238,6 +3648,7 @@ export interface ListAutomationRulesRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p> The maximum number of rules to return in the response. This currently ranges from 1 to
      *          100. </p>
      */
@@ -3248,6 +3659,7 @@ export interface ListAutomationRulesRequest {
  */
 export interface ListAutomationRulesResponse {
     /**
+     * @public
      * <p>
      *          Metadata for rules in the calling account. The response includes rules with a
      *          <code>RuleStatus</code> of <code>ENABLED</code> and <code>DISABLED</code>.
@@ -3255,6 +3667,7 @@ export interface ListAutomationRulesResponse {
      */
     AutomationRulesMetadata?: AutomationRulesMetadata[];
     /**
+     * @public
      * <p>
      *          A pagination token for the response.
      *       </p>
@@ -3266,6 +3679,7 @@ export interface ListAutomationRulesResponse {
  */
 export interface ListEnabledProductsForImportRequest {
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>ListEnabledProductsForImport</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -3274,6 +3688,7 @@ export interface ListEnabledProductsForImportRequest {
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of items to return in the response.</p>
      */
     MaxResults?: number;
@@ -3283,10 +3698,12 @@ export interface ListEnabledProductsForImportRequest {
  */
 export interface ListEnabledProductsForImportResponse {
     /**
+     * @public
      * <p>The list of ARNs for the resources that represent your subscriptions to products. </p>
      */
     ProductSubscriptions?: string[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -3296,10 +3713,12 @@ export interface ListEnabledProductsForImportResponse {
  */
 export interface ListFindingAggregatorsRequest {
     /**
+     * @public
      * <p>The token returned with the previous set of results. Identifies the next set of results to return.</p>
      */
     NextToken?: string;
     /**
+     * @public
      * <p>The maximum number of results to return. This operation currently only returns a single result.</p>
      */
     MaxResults?: number;
@@ -3309,10 +3728,12 @@ export interface ListFindingAggregatorsRequest {
  */
 export interface ListFindingAggregatorsResponse {
     /**
+     * @public
      * <p>The list of finding aggregators. This operation currently only returns a single result.</p>
      */
     FindingAggregators?: FindingAggregator[];
     /**
+     * @public
      * <p>If there are more results, this is the token to provide in the next call to <code>ListFindingAggregators</code>.</p>
      *          <p>This operation currently only returns a single result.
      *       </p>
@@ -3324,10 +3745,12 @@ export interface ListFindingAggregatorsResponse {
  */
 export interface ListInvitationsRequest {
     /**
+     * @public
      * <p>The maximum number of items to return in the response. </p>
      */
     MaxResults?: number;
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>ListInvitations</code> operation, set the value of this parameter to
      *             <code>NULL</code>.</p>
@@ -3341,10 +3764,12 @@ export interface ListInvitationsRequest {
  */
 export interface ListInvitationsResponse {
     /**
+     * @public
      * <p>The details of the invitations returned by the operation.</p>
      */
     Invitations?: Invitation[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -3354,6 +3779,7 @@ export interface ListInvitationsResponse {
  */
 export interface ListMembersRequest {
     /**
+     * @public
      * <p>Specifies which member accounts to include in the response based on their relationship
      *          status with the administrator account. The default value is <code>TRUE</code>.</p>
      *          <p>If <code>OnlyAssociated</code> is set to <code>TRUE</code>, the response includes member
@@ -3363,10 +3789,12 @@ export interface ListMembersRequest {
      */
     OnlyAssociated?: boolean;
     /**
+     * @public
      * <p>The maximum number of items to return in the response. </p>
      */
     MaxResults?: number;
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>ListMembers</code> operation, set the value of this parameter to
      *          <code>NULL</code>.</p>
@@ -3380,10 +3808,12 @@ export interface ListMembersRequest {
  */
 export interface ListMembersResponse {
     /**
+     * @public
      * <p>Member details returned by the operation.</p>
      */
     Members?: Member[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -3393,10 +3823,12 @@ export interface ListMembersResponse {
  */
 export interface ListOrganizationAdminAccountsRequest {
     /**
+     * @public
      * <p>The maximum number of items to return in the response.</p>
      */
     MaxResults?: number;
     /**
+     * @public
      * <p>The token that is required for pagination. On your first call to the
      *             <code>ListOrganizationAdminAccounts</code> operation, set the value of this parameter to
      *             <code>NULL</code>. For subsequent calls to the operation, to continue listing data, set
@@ -3409,10 +3841,12 @@ export interface ListOrganizationAdminAccountsRequest {
  */
 export interface ListOrganizationAdminAccountsResponse {
     /**
+     * @public
      * <p>The list of Security Hub administrator accounts.</p>
      */
     AdminAccounts?: AdminAccount[];
     /**
+     * @public
      * <p>The pagination token to use to request the next page of results.</p>
      */
     NextToken?: string;
@@ -3422,18 +3856,21 @@ export interface ListOrganizationAdminAccountsResponse {
  */
 export interface ListSecurityControlDefinitionsRequest {
     /**
+     * @public
      * <p>
      *          The Amazon Resource Name (ARN) of the standard that you want to view controls for.
      *       </p>
      */
     StandardsArn?: string;
     /**
+     * @public
      * <p>
      *          Optional pagination parameter.
      *       </p>
      */
     NextToken?: string;
     /**
+     * @public
      * <p> An optional parameter that limits the total results of the API response to the
      *          specified number. If this parameter isn't provided in the request, the results include the
      *          first 25 security controls that apply to the specified standard. The results also include a
@@ -3463,6 +3900,7 @@ export type RegionAvailabilityStatus = (typeof RegionAvailabilityStatus)[keyof t
  */
 export interface SecurityControlDefinition {
     /**
+     * @public
      * <p>
      *          The unique identifier of a security control across standards. Values for this field typically consist of an
      *          Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from
@@ -3472,24 +3910,28 @@ export interface SecurityControlDefinition {
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p>
      *          The title of a security control.
      *       </p>
      */
     Title: string | undefined;
     /**
+     * @public
      * <p> The description of a security control across standards. This typically summarizes how
      *             Security Hub evaluates the control and the conditions under which it produces a
      *          failed finding. This parameter doesn't reference a specific standard. </p>
      */
     Description: string | undefined;
     /**
+     * @public
      * <p>
      *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
      *       </p>
      */
     RemediationUrl: string | undefined;
     /**
+     * @public
      * <p>
      *          The severity of a security control. For more information about how Security Hub determines control severity,
      *          see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
@@ -3498,6 +3940,7 @@ export interface SecurityControlDefinition {
      */
     SeverityRating: SeverityRating | string | undefined;
     /**
+     * @public
      * <p>
      *          Specifies whether a security control is available in the current Amazon Web Services Region.
      *       </p>
@@ -3509,12 +3952,14 @@ export interface SecurityControlDefinition {
  */
 export interface ListSecurityControlDefinitionsResponse {
     /**
+     * @public
      * <p>
      *          An array of controls that apply to the specified standard.
      *       </p>
      */
     SecurityControlDefinitions: SecurityControlDefinition[] | undefined;
     /**
+     * @public
      * <p> A pagination parameter that's included in the response only if it was included in the
      *          request. </p>
      */
@@ -3525,6 +3970,7 @@ export interface ListSecurityControlDefinitionsResponse {
  */
 export interface ListStandardsControlAssociationsRequest {
     /**
+     * @public
      * <p>
      *          The identifier of the control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) that you
      *          want to determine the enablement status of in each enabled standard.
@@ -3532,12 +3978,14 @@ export interface ListStandardsControlAssociationsRequest {
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p>
      *          Optional pagination parameter.
      *       </p>
      */
     NextToken?: string;
     /**
+     * @public
      * <p> An optional parameter that limits the total results of the API response to the
      *          specified number. If this parameter isn't provided in the request, the results include the
      *          first 25 standard and control associations. The results also include a
@@ -3555,12 +4003,14 @@ export interface ListStandardsControlAssociationsRequest {
  */
 export interface StandardsControlAssociationSummary {
     /**
+     * @public
      * <p>
      *          The Amazon Resource Name (ARN) of a standard.
      *       </p>
      */
     StandardsArn: string | undefined;
     /**
+     * @public
      * <p>
      *          A unique standard-agnostic identifier for a control. Values for this field typically consist of an
      *          Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.
@@ -3568,38 +4018,45 @@ export interface StandardsControlAssociationSummary {
      */
     SecurityControlId: string | undefined;
     /**
+     * @public
      * <p> The ARN of a control, such as
      *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
      *          parameter doesn't mention a specific standard. </p>
      */
     SecurityControlArn: string | undefined;
     /**
+     * @public
      * <p>
      *          The enablement status of a control in a specific standard.
      *       </p>
      */
     AssociationStatus: AssociationStatus | string | undefined;
     /**
+     * @public
      * <p>
      *          The requirement that underlies this control in the compliance framework related to the standard.
      *       </p>
      */
     RelatedRequirements?: string[];
     /**
+     * @public
      * <p> The last time that a control's enablement status in a specified standard was updated. </p>
      */
     UpdatedAt?: Date;
     /**
+     * @public
      * <p> The reason for updating the control's enablement status in a specified standard. </p>
      */
     UpdatedReason?: string;
     /**
+     * @public
      * <p>
      *          The title of a control.
      *       </p>
      */
     StandardsControlTitle?: string;
     /**
+     * @public
      * <p>
      *          The description of a control. This typically summarizes how Security Hub evaluates the control and the
      *          conditions under which it produces a failed finding. The parameter may reference a specific standard.
@@ -3612,11 +4069,13 @@ export interface StandardsControlAssociationSummary {
  */
 export interface ListStandardsControlAssociationsResponse {
     /**
+     * @public
      * <p> An array that provides the enablement status and other details for each security
      *          control that applies to each enabled standard. </p>
      */
     StandardsControlAssociationSummaries: StandardsControlAssociationSummary[] | undefined;
     /**
+     * @public
      * <p> A pagination parameter that's included in the response only if it was included in the
      *          request. </p>
      */
@@ -3627,6 +4086,7 @@ export interface ListStandardsControlAssociationsResponse {
  */
 export interface ListTagsForResourceRequest {
     /**
+     * @public
      * <p>The ARN of the resource to retrieve tags for.</p>
      */
     ResourceArn: string | undefined;
@@ -3636,6 +4096,7 @@ export interface ListTagsForResourceRequest {
  */
 export interface ListTagsForResourceResponse {
     /**
+     * @public
      * <p>The tags associated with a resource.</p>
      */
     Tags?: Record<string, string>;
@@ -3645,10 +4106,12 @@ export interface ListTagsForResourceResponse {
  */
 export interface TagResourceRequest {
     /**
+     * @public
      * <p>The ARN of the resource to apply the tags to.</p>
      */
     ResourceArn: string | undefined;
     /**
+     * @public
      * <p>The tags to add to the resource. You can add up to 50 tags at a time. The tag keys can be no longer than 128 characters. The tag values can be no longer than 256 characters.</p>
      */
     Tags: Record<string, string> | undefined;
@@ -3663,10 +4126,12 @@ export interface TagResourceResponse {
  */
 export interface UntagResourceRequest {
     /**
+     * @public
      * <p>The ARN of the resource to remove the tags from.</p>
      */
     ResourceArn: string | undefined;
     /**
+     * @public
      * <p>The tag keys associated with the tags to remove from the resource. You can remove up to 50 tags at a time.</p>
      */
     TagKeys: string[] | undefined;
@@ -3681,14 +4146,17 @@ export interface UntagResourceResponse {
  */
 export interface UpdateActionTargetRequest {
     /**
+     * @public
      * <p>The ARN of the custom action target to update.</p>
      */
     ActionTargetArn: string | undefined;
     /**
+     * @public
      * <p>The updated name of the custom action target.</p>
      */
     Name?: string;
     /**
+     * @public
      * <p>The updated description for the custom action target.</p>
      */
     Description?: string;
@@ -3703,10 +4171,12 @@ export interface UpdateActionTargetResponse {
  */
 export interface UpdateFindingAggregatorRequest {
     /**
+     * @public
      * <p>The ARN of the finding aggregator. To obtain the ARN, use <code>ListFindingAggregators</code>.</p>
      */
     FindingAggregatorArn: string | undefined;
     /**
+     * @public
      * <p>Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.</p>
      *          <p>The selected option also determines how to use the Regions provided in the Regions list.</p>
      *          <p>The options are as follows:</p>
@@ -3730,6 +4200,7 @@ export interface UpdateFindingAggregatorRequest {
      */
     RegionLinkingMode: string | undefined;
     /**
+     * @public
      * <p>If <code>RegionLinkingMode</code> is <code>ALL_REGIONS_EXCEPT_SPECIFIED</code>, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.</p>
      *          <p>If <code>RegionLinkingMode</code> is <code>SPECIFIED_REGIONS</code>, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.</p>
      */
@@ -3740,18 +4211,22 @@ export interface UpdateFindingAggregatorRequest {
  */
 export interface UpdateFindingAggregatorResponse {
     /**
+     * @public
      * <p>The ARN of the finding aggregator.</p>
      */
     FindingAggregatorArn?: string;
     /**
+     * @public
      * <p>The aggregation Region.</p>
      */
     FindingAggregationRegion?: string;
     /**
+     * @public
      * <p>Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.</p>
      */
     RegionLinkingMode?: string;
     /**
+     * @public
      * <p>The list of excluded Regions or included Regions.</p>
      */
     Regions?: string[];
@@ -3761,14 +4236,17 @@ export interface UpdateFindingAggregatorResponse {
  */
 export interface UpdateFindingsRequest {
     /**
+     * @public
      * <p>A collection of attributes that specify which findings you want to update.</p>
      */
     Filters: AwsSecurityFindingFilters | undefined;
     /**
+     * @public
      * <p>The updated note for the finding.</p>
      */
     Note?: NoteUpdate;
     /**
+     * @public
      * <p>The updated record state for the finding.</p>
      */
     RecordState?: RecordState | string;
@@ -3783,18 +4261,22 @@ export interface UpdateFindingsResponse {
  */
 export interface UpdateInsightRequest {
     /**
+     * @public
      * <p>The ARN of the insight that you want to update.</p>
      */
     InsightArn: string | undefined;
     /**
+     * @public
      * <p>The updated name for the insight.</p>
      */
     Name?: string;
     /**
+     * @public
      * <p>The updated filters that define this insight.</p>
      */
     Filters?: AwsSecurityFindingFilters;
     /**
+     * @public
      * <p>The updated <code>GroupBy</code> attribute that defines this insight.</p>
      */
     GroupByAttribute?: string;
@@ -3809,6 +4291,7 @@ export interface UpdateInsightResponse {
  */
 export interface UpdateOrganizationConfigurationRequest {
     /**
+     * @public
      * <p>Whether to automatically enable Security Hub for new accounts in the organization.</p>
      *          <p>By default, this is <code>false</code>, and new accounts are not added
      *          automatically.</p>
@@ -3816,6 +4299,7 @@ export interface UpdateOrganizationConfigurationRequest {
      */
     AutoEnable: boolean | undefined;
     /**
+     * @public
      * <p>Whether to automatically enable Security Hub <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html">default standards</a>
      *          for new member accounts in the organization.</p>
      *          <p>By default, this parameter is equal to <code>DEFAULT</code>, and new member accounts are automatically enabled with default Security Hub standards.</p>
@@ -3833,6 +4317,7 @@ export interface UpdateOrganizationConfigurationResponse {
  */
 export interface UpdateSecurityHubConfigurationRequest {
     /**
+     * @public
      * <p>Whether to automatically enable new controls when they are added to standards that are
      *          enabled.</p>
      *          <p>By default, this is set to <code>true</code>, and new controls are enabled
@@ -3841,6 +4326,7 @@ export interface UpdateSecurityHubConfigurationRequest {
      */
     AutoEnableControls?: boolean;
     /**
+     * @public
      * <p>Updates whether the calling account has consolidated control findings turned on.
      *       If the value for this field is set to
      *       <code>SECURITY_CONTROL</code>, Security Hub generates a single finding for a control check even when the check
@@ -3861,14 +4347,17 @@ export interface UpdateSecurityHubConfigurationResponse {
  */
 export interface UpdateStandardsControlRequest {
     /**
+     * @public
      * <p>The ARN of the security standard control to enable or disable.</p>
      */
     StandardsControlArn: string | undefined;
     /**
+     * @public
      * <p>The updated status of the security standard control.</p>
      */
     ControlStatus?: ControlStatus | string;
     /**
+     * @public
      * <p>A description of the reason why you are disabling a security standard control. If you
      *          are disabling a control, then this is required.</p>
      */