@aws-sdk/client-securityhub 3.454.0 → 3.458.0

package/dist-types/models/models_2.d.ts

@@ -1,7 +1,44 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { AccountDetails, Action, ActionTarget, Adjustment, AdminAccount, AssociationStatus, AutoEnableStandards, AutomationRulesAction, AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, AwsAmazonMqBrokerDetails, AwsApiGatewayRestApiDetails, AwsApiGatewayStageDetails, AwsApiGatewayV2ApiDetails, AwsApiGatewayV2StageDetails, AwsAppSyncGraphQlApiDetails, AwsAthenaWorkGroupDetails, AwsAutoScalingAutoScalingGroupDetails, AwsAutoScalingLaunchConfigurationDetails, AwsBackupBackupPlanDetails, AwsBackupBackupVaultDetails, AwsBackupRecoveryPointDetails, AwsCertificateManagerCertificateDetails, AwsCloudFormationStackDetails, AwsCloudFrontDistributionDetails, AwsCloudTrailTrailDetails, AwsCloudWatchAlarmDetails, AwsCodeBuildProjectDetails, AwsDmsEndpointDetails, AwsDmsReplicationInstanceDetails, AwsDmsReplicationTaskDetails, AwsDynamoDbTableDetails, AwsEc2EipDetails, AwsEc2InstanceDetails, AwsEc2LaunchTemplateDetails, AwsEc2NetworkAclDetails, AwsEc2NetworkInterfaceDetails, AwsEc2RouteTableDetails, AwsEc2SecurityGroupDetails, AwsEc2SubnetDetails, AwsEc2TransitGatewayDetails, AwsEc2VolumeDetails, AwsEc2VpcDetails, AwsEc2VpcEndpointServiceDetails, AwsEc2VpcPeeringConnectionDetails, AwsEc2VpnConnectionDetails, AwsEcrContainerImageDetails, AwsEcrRepositoryDetails, AwsEcsClusterDetails, AwsEcsContainerDetails, AwsEcsServiceDetails, AwsEcsTaskDefinitionDetails, DateFilter, MapFilter, NoteUpdate, NumberFilter, RelatedFinding, RuleStatus, SeverityLabel, SeverityUpdate, StringFilter, VerificationState, WorkflowStatus, WorkflowUpdate } from "./models_0";
-import { AwsEcsTaskDetails, AwsEfsAccessPointDetails, AwsEksClusterDetails, AwsElasticBeanstalkEnvironmentDetails, AwsElasticsearchDomainDetails, AwsElbLoadBalancerDetails, AwsElbv2LoadBalancerDetails, AwsEventSchemasRegistryDetails, AwsEventsEndpointDetails, AwsEventsEventbusDetails, AwsGuardDutyDetectorDetails, AwsIamAccessKeyDetails, AwsIamGroupDetails, AwsIamPolicyDetails, AwsIamRoleDetails, AwsIamUserDetails, AwsKinesisStreamDetails, AwsKmsKeyDetails, AwsLambdaFunctionDetails, AwsLambdaLayerVersionDetails, AwsMskClusterDetails, AwsNetworkFirewallFirewallDetails, AwsNetworkFirewallFirewallPolicyDetails, AwsNetworkFirewallRuleGroupDetails, AwsOpenSearchServiceDomainDetails, AwsRdsDbClusterDetails, AwsRdsDbClusterSnapshotDetails, AwsRdsDbInstanceDetails, AwsRdsDbSecurityGroupDetails, AwsRdsDbSnapshotDetails, AwsRdsEventSubscriptionDetails, AwsRedshiftClusterDetails, AwsRoute53HostedZoneDetails, AwsS3AccountPublicAccessBlockDetails, AwsS3BucketDetails, AwsS3ObjectDetails, AwsSageMakerNotebookInstanceDetails, AwsSecretsManagerSecretDetails, AwsSnsTopicDetails, AwsSqsQueueDetails, AwsSsmPatchComplianceDetails, AwsStepFunctionStateMachineDetails, AwsWafRateBasedRuleDetails, AwsWafRegionalRateBasedRuleDetails, AwsWafRegionalRuleDetails, AwsWafRegionalRuleGroupDetails, AwsWafRegionalWebAclDetails, AwsWafRuleDetails, AwsWafRuleGroupDetails, AwsWafv2ActionAllowDetails, AwsWafv2ActionBlockDetails, AwsWafv2RulesActionDetails, Compliance, DataClassificationDetails, FindingProviderFields, GeneratorDetails, Malware, Network, NetworkPathComponent, Note, PatchSummary, ProcessDetails, RecordState, Remediation } from "./models_1";
+import { AwsEcsTaskDetails, AwsEfsAccessPointDetails, AwsEksClusterDetails, AwsElasticBeanstalkEnvironmentDetails, AwsElasticsearchDomainDetails, AwsElbLoadBalancerDetails, AwsElbv2LoadBalancerDetails, AwsEventSchemasRegistryDetails, AwsEventsEndpointDetails, AwsEventsEventbusDetails, AwsGuardDutyDetectorDetails, AwsIamAccessKeyDetails, AwsIamGroupDetails, AwsIamPolicyDetails, AwsIamRoleDetails, AwsIamUserDetails, AwsKinesisStreamDetails, AwsKmsKeyDetails, AwsLambdaFunctionDetails, AwsLambdaLayerVersionDetails, AwsMskClusterDetails, AwsNetworkFirewallFirewallDetails, AwsNetworkFirewallFirewallPolicyDetails, AwsNetworkFirewallRuleGroupDetails, AwsOpenSearchServiceDomainDetails, AwsRdsDbClusterDetails, AwsRdsDbClusterSnapshotDetails, AwsRdsDbInstanceDetails, AwsRdsDbSecurityGroupDetails, AwsRdsDbSnapshotDetails, AwsRdsEventSubscriptionDetails, AwsRedshiftClusterDetails, AwsRoute53HostedZoneDetails, AwsS3AccountPublicAccessBlockDetails, AwsS3BucketDetails, AwsS3ObjectDetails, AwsSageMakerNotebookInstanceDetails, AwsSecretsManagerSecretDetails, AwsSnsTopicDetails, AwsSqsQueueDetails, AwsSsmPatchComplianceDetails, AwsStepFunctionStateMachineDetails, AwsWafRateBasedRuleDetails, AwsWafRegionalRateBasedRuleDetails, AwsWafRegionalRuleDetails, AwsWafRegionalRuleGroupDetails, AwsWafRegionalWebAclDetails, AwsWafRuleDetails, AwsWafRuleGroupDetails, AwsWafv2ActionAllowDetails, AwsWafv2ActionBlockDetails, AwsWafv2RulesActionCaptchaDetails, AwsWafv2RulesActionCountDetails, Compliance, DataClassificationDetails, FindingProviderFields, GeneratorDetails, Malware, Network, NetworkPathComponent, Note, PatchSummary, ProcessDetails, RecordState, Remediation } from "./models_1";
 import { SecurityHubServiceException as __BaseException } from "./SecurityHubServiceException";
+/**
+ * @public
+ * <p>
+ *          The action that WAF should take on a web request when it matches a rule's statement.
+ *          Settings at the web ACL level can override the rule action setting.
+ *       </p>
+ */
+export interface AwsWafv2RulesActionDetails {
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to allow the web request.
+     *       </p>
+     */
+    Allow?: AwsWafv2ActionAllowDetails;
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to block the web request.
+     *       </p>
+     */
+    Block?: AwsWafv2ActionBlockDetails;
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to run a CAPTCHA check against the web request.
+     *       </p>
+     */
+    Captcha?: AwsWafv2RulesActionCaptchaDetails;
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.
+     *       </p>
+     */
+    Count?: AwsWafv2RulesActionCountDetails;
+}
 /**
  * @public
  * <p>
@@ -1150,7 +1187,7 @@ export interface Resource {
 export interface Severity {
     /**
      * @public
-     * <p>Deprecated. This attribute is being deprecated. Instead of providing
+     * <p>Deprecated. This attribute isn't included in findings. Instead of providing
      *             <code>Product</code>, provide <code>Original</code>.</p>
      *          <p>The native severity as defined by the Amazon Web Services service or integrated partner product that
      *          generated the finding.</p>
@@ -1210,7 +1247,7 @@ export interface Severity {
     Label?: SeverityLabel;
     /**
      * @public
-     * <p>Deprecated. The normalized severity of a finding. This attribute is being deprecated.
+     * <p>Deprecated. The normalized severity of a finding.
      *          Instead of providing <code>Normalized</code>, provide <code>Label</code>.</p>
      *          <p>If you provide <code>Label</code> and do not provide <code>Normalized</code>, then
      *             <code>Normalized</code> is set automatically as follows.</p>
@@ -2060,9 +2097,8 @@ export interface BooleanFilter {
 }
 /**
  * @public
- * <p>A collection of attributes that are applied to all active Security Hub-aggregated findings and
- *          that result in a subset of findings that are included in this insight.</p>
- *          <p>You can filter by up to 10 finding attributes. For each attribute, you can provide up to
+ * <p>A collection of filters that are applied to all active findings aggregated by Security Hub.</p>
+ *          <p>You can filter by up to ten finding attributes. For each attribute, you can provide up to
  *          20 filter values.</p>
  */
 export interface AwsSecurityFindingFilters {
@@ -2676,6 +2712,37 @@ export interface AwsSecurityFindingFilters {
      *       </p>
      */
     ComplianceAssociatedStandardsId?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this
+     *             field only if you use Security Hub and Amazon Inspector.
+     *         </p>
+     */
+    VulnerabilitiesExploitAvailable?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter
+     *             findings by this field only if you use Security Hub and Amazon Inspector.
+     *
+     *         </p>
+     */
+    VulnerabilitiesFixAvailable?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             The name of a security control parameter.
+     *         </p>
+     */
+    ComplianceSecurityControlParametersName?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             The current value of a security control parameter.
+     *         </p>
+     */
+    ComplianceSecurityControlParametersValue?: StringFilter[];
 }
 /**
  * @public
@@ -2950,6 +3017,214 @@ export interface BatchGetSecurityControlsRequest {
      */
     SecurityControlIds: string[] | undefined;
 }
+/**
+ * @public
+ * <p>
+ *             An object that includes the data type of a security control parameter and its current value.
+ *         </p>
+ */
+export type ParameterValue = ParameterValue.BooleanMember | ParameterValue.DoubleMember | ParameterValue.EnumMember | ParameterValue.EnumListMember | ParameterValue.IntegerMember | ParameterValue.IntegerListMember | ParameterValue.StringMember | ParameterValue.StringListMember | ParameterValue.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace ParameterValue {
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is an integer.
+     *         </p>
+     */
+    interface IntegerMember {
+        Integer: number;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is a list of integers.
+     *         </p>
+     */
+    interface IntegerListMember {
+        Integer?: never;
+        IntegerList: number[];
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is a double.
+     *         </p>
+     */
+    interface DoubleMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double: number;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is a string.
+     *         </p>
+     */
+    interface StringMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String: string;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is a list of strings.
+     *         </p>
+     */
+    interface StringListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList: string[];
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is a boolean.
+     *         </p>
+     */
+    interface BooleanMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean: boolean;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is an enum.
+     *         </p>
+     */
+    interface EnumMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum: string;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             A control parameter that is a list of enums.
+     *         </p>
+     */
+    interface EnumListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList: string[];
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        Integer: (value: number) => T;
+        IntegerList: (value: number[]) => T;
+        Double: (value: number) => T;
+        String: (value: string) => T;
+        StringList: (value: string[]) => T;
+        Boolean: (value: boolean) => T;
+        Enum: (value: string) => T;
+        EnumList: (value: string[]) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: ParameterValue, visitor: Visitor<T>) => T;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const ParameterValueType: {
+    readonly CUSTOM: "CUSTOM";
+    readonly DEFAULT: "DEFAULT";
+};
+/**
+ * @public
+ */
+export type ParameterValueType = (typeof ParameterValueType)[keyof typeof ParameterValueType];
+/**
+ * @public
+ * <p>
+ *             An object that provides the current value of a security control parameter and identifies whether it has been customized.
+ *         </p>
+ */
+export interface ParameterConfiguration {
+    /**
+     * @public
+     * <p>
+     *             Identifies whether a control parameter uses a custom user-defined value or the Security Hub default value.
+     *         </p>
+     */
+    ValueType: ParameterValueType | undefined;
+    /**
+     * @public
+     * <p>
+     *             The current value of a control parameter.
+     *         </p>
+     */
+    Value?: ParameterValue;
+}
 /**
  * @public
  * @enum
@@ -2976,6 +3251,18 @@ export declare const SeverityRating: {
  * @public
  */
 export type SeverityRating = (typeof SeverityRating)[keyof typeof SeverityRating];
+/**
+ * @public
+ * @enum
+ */
+export declare const UpdateStatus: {
+    readonly READY: "READY";
+    readonly UPDATING: "UPDATING";
+};
+/**
+ * @public
+ */
+export type UpdateStatus = (typeof UpdateStatus)[keyof typeof UpdateStatus];
 /**
  * @public
  * <p>
@@ -3034,6 +3321,34 @@ export interface SecurityControl {
      *       </p>
      */
     SecurityControlStatus: ControlStatus | undefined;
+    /**
+     * @public
+     * <p>
+     *             Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of
+     * <code>READY</code> indicates findings include the current parameter values. A status of <code>UPDATING</code> indicates that
+     * all findings may not include the current parameter values.
+     *         </p>
+     */
+    UpdateStatus?: UpdateStatus;
+    /**
+     * @public
+     * <p>
+     *             An object that identifies the name of a control parameter, its current value, and whether it has been customized.
+     *         </p>
+     */
+    Parameters?: Record<string, ParameterConfiguration>;
+    /**
+     * @public
+     * <p>
+     *             The most recent reason for updating the customizable properties of a security control. This differs from the
+     *             <code>UpdateReason</code> field of the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">
+     *                <code>BatchUpdateStandardsControlAssociations</code>
+     *             </a> API, which tracks the
+     *             reason for updating the enablement status of a control. This field accepts alphanumeric
+     *             characters in addition to white spaces, dashes, and underscores.
+     *         </p>
+     */
+    LastUpdateReason?: string;
 }
 /**
  * @public
@@ -3708,138 +4023,540 @@ export interface BatchUpdateStandardsControlAssociationsResponse {
 }
 /**
  * @public
- * @enum
- */
-export declare const ControlFindingGenerator: {
-    readonly SECURITY_CONTROL: "SECURITY_CONTROL";
-    readonly STANDARD_CONTROL: "STANDARD_CONTROL";
-};
-/**
- * @public
+ * <p>
+ *             The options for customizing a security control parameter with a boolean. For a boolean parameter, the options are
+ *             <code>true</code> and <code>false</code>.
+ *         </p>
  */
-export type ControlFindingGenerator = (typeof ControlFindingGenerator)[keyof typeof ControlFindingGenerator];
+export interface BooleanConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a boolean parameter.
+     *         </p>
+     */
+    DefaultValue?: boolean;
+}
 /**
  * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a double.
+ *         </p>
  */
-export interface CreateActionTargetRequest {
+export interface DoubleConfigurationOptions {
     /**
      * @public
-     * <p>The name of the custom action target. Can contain up to 20 characters.</p>
+     * <p>
+     *             The Security Hub default value for a control parameter that is a double.
+     *         </p>
      */
-    Name: string | undefined;
+    DefaultValue?: number;
     /**
      * @public
-     * <p>The description for the custom action target.</p>
+     * <p>
+     *             The minimum valid value for a control parameter that is a double.
+     *         </p>
      */
-    Description: string | undefined;
+    Min?: number;
     /**
      * @public
-     * <p>The ID for the custom action target. Can contain up to 20 alphanumeric characters.</p>
+     * <p>
+     *             The maximum valid value for a control parameter that is a double.
+     *         </p>
      */
-    Id: string | undefined;
+    Max?: number;
 }
 /**
  * @public
+ * <p>
+ *             The options for customizing a security control parameter that is an enum.
+ *         </p>
  */
-export interface CreateActionTargetResponse {
+export interface EnumConfigurationOptions {
     /**
      * @public
-     * <p>The Amazon Resource Name (ARN) for the custom action target.</p>
+     * <p>
+     *             The Security Hub default value for a control parameter that is an enum.
+     *         </p>
      */
-    ActionTargetArn: string | undefined;
-}
-/**
- * @public
- * <p>The resource specified in the request conflicts with an existing resource.</p>
- */
-export declare class ResourceConflictException extends __BaseException {
-    readonly name: "ResourceConflictException";
-    readonly $fault: "client";
-    Message?: string;
-    Code?: string;
+    DefaultValue?: string;
     /**
-     * @internal
+     * @public
+     * <p>
+     *             The valid values for a control parameter that is an enum.
+     *         </p>
      */
-    constructor(opts: __ExceptionOptionType<ResourceConflictException, __BaseException>);
+    AllowedValues?: string[];
 }
 /**
  * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a list of enums.
+ *         </p>
  */
-export interface CreateAutomationRuleRequest {
+export interface EnumListConfigurationOptions {
     /**
      * @public
      * <p>
-     *             User-defined tags that help you label the purpose of a rule.
+     *             The Security Hub default value for a control parameter that is a list of enums.
      *         </p>
      */
-    Tags?: Record<string, string>;
+    DefaultValue?: string[];
     /**
      * @public
      * <p>
-     *          Whether the rule is active after it is created. If
-     *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
-     *          and finding updates after the rule is created. To change the value of this
-     *          parameter after creating a rule, use <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html">
-     *                <code>BatchUpdateAutomationRules</code>
-     *             </a>.
-     *       </p>
-     */
-    RuleStatus?: RuleStatus;
-    /**
-     * @public
-     * <p>An integer ranging from 1 to 1000 that represents the order in which the rule action is
-     *          applied to findings. Security Hub applies rules with lower values for this parameter
-     *          first. </p>
+     *             The maximum number of list items that an enum list control parameter can accept.
+     *         </p>
      */
-    RuleOrder: number | undefined;
+    MaxItems?: number;
     /**
      * @public
      * <p>
-     *          The name of the rule.
-     *       </p>
+     *             The valid values for a control parameter that is a list of enums.
+     *         </p>
      */
-    RuleName: string | undefined;
+    AllowedValues?: string[];
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is an integer.
+ *         </p>
+ */
+export interface IntegerConfigurationOptions {
     /**
      * @public
      * <p>
-     *          A description of the rule.
-     *       </p>
-     */
-    Description: string | undefined;
-    /**
-     * @public
-     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
-     *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
-     *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
+     *             The Security Hub default value for a control parameter that is an integer.
      *         </p>
      */
-    IsTerminal?: boolean;
+    DefaultValue?: number;
     /**
      * @public
      * <p>
-     *          A set of ASFF finding field attributes and corresponding expected values that
-     *          Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in
-     *          this parameter, Security Hub applies the rule action to the finding.
-     *       </p>
+     *             The minimum valid value for a control parameter that is an integer.
+     *         </p>
      */
-    Criteria: AutomationRulesFindingFilters | undefined;
+    Min?: number;
     /**
      * @public
      * <p>
-     *          One or more actions to update finding fields if a finding matches the conditions
-     *          specified in <code>Criteria</code>.
-     *       </p>
+     *             The maximum valid value for a control parameter that is an integer.
+     *         </p>
      */
-    Actions: AutomationRulesAction[] | undefined;
+    Max?: number;
 }
 /**
  * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a list of integers.
+ *         </p>
  */
-export interface CreateAutomationRuleResponse {
+export interface IntegerListConfigurationOptions {
     /**
      * @public
      * <p>
-     *          The Amazon Resource Name (ARN) of the automation rule that you created.
+     *             The Security Hub default value for a control parameter that is a list of integers.
+     *         </p>
+     */
+    DefaultValue?: number[];
+    /**
+     * @public
+     * <p>
+     *             The minimum valid value for a control parameter that is a list of integers.
+     *         </p>
+     */
+    Min?: number;
+    /**
+     * @public
+     * <p>
+     *             The maximum valid value for a control parameter that is a list of integers.
+     *         </p>
+     */
+    Max?: number;
+    /**
+     * @public
+     * <p>
+     *             The maximum number of list items that an interger list control parameter can accept.
+     *         </p>
+     */
+    MaxItems?: number;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a string.
+ *         </p>
+ */
+export interface StringConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a string.
+     *         </p>
+     */
+    DefaultValue?: string;
+    /**
+     * @public
+     * <p>
+     *             An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string.
+     *         </p>
+     */
+    Re2Expression?: string;
+    /**
+     * @public
+     * <p>
+     *             The description of the RE2 regular expression.
+     *         </p>
+     */
+    ExpressionDescription?: string;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a list of strings.
+ *         </p>
+ */
+export interface StringListConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a list of strings.
+     *         </p>
+     */
+    DefaultValue?: string[];
+    /**
+     * @public
+     * <p>
+     *             An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control
+     *             parameter.
+     *         </p>
+     */
+    Re2Expression?: string;
+    /**
+     * @public
+     * <p>
+     *             The maximum number of list items that a string list control parameter can accept.
+     *         </p>
+     */
+    MaxItems?: number;
+    /**
+     * @public
+     * <p>
+     *             The description of the RE2 regular expression.
+     *         </p>
+     */
+    ExpressionDescription?: string;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter.
+ *         </p>
+ */
+export type ConfigurationOptions = ConfigurationOptions.BooleanMember | ConfigurationOptions.DoubleMember | ConfigurationOptions.EnumMember | ConfigurationOptions.EnumListMember | ConfigurationOptions.IntegerMember | ConfigurationOptions.IntegerListMember | ConfigurationOptions.StringMember | ConfigurationOptions.StringListMember | ConfigurationOptions.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace ConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is an integer.
+     *         </p>
+     */
+    interface IntegerMember {
+        Integer: IntegerConfigurationOptions;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a list of integers.
+     *         </p>
+     */
+    interface IntegerListMember {
+        Integer?: never;
+        IntegerList: IntegerListConfigurationOptions;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a double.
+     *         </p>
+     */
+    interface DoubleMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double: DoubleConfigurationOptions;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a string data type.
+     *         </p>
+     */
+    interface StringMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String: StringConfigurationOptions;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a list of strings.
+     *         </p>
+     */
+    interface StringListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList: StringListConfigurationOptions;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are
+     *             <code>true</code> and <code>false</code>.
+     *         </p>
+     */
+    interface BooleanMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean: BooleanConfigurationOptions;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is an enum.
+     *         </p>
+     */
+    interface EnumMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum: EnumConfigurationOptions;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a list of enums.
+     *         </p>
+     */
+    interface EnumListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList: EnumListConfigurationOptions;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        Integer: (value: IntegerConfigurationOptions) => T;
+        IntegerList: (value: IntegerListConfigurationOptions) => T;
+        Double: (value: DoubleConfigurationOptions) => T;
+        String: (value: StringConfigurationOptions) => T;
+        StringList: (value: StringListConfigurationOptions) => T;
+        Boolean: (value: BooleanConfigurationOptions) => T;
+        Enum: (value: EnumConfigurationOptions) => T;
+        EnumList: (value: EnumListConfigurationOptions) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: ConfigurationOptions, visitor: Visitor<T>) => T;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const ControlFindingGenerator: {
+    readonly SECURITY_CONTROL: "SECURITY_CONTROL";
+    readonly STANDARD_CONTROL: "STANDARD_CONTROL";
+};
+/**
+ * @public
+ */
+export type ControlFindingGenerator = (typeof ControlFindingGenerator)[keyof typeof ControlFindingGenerator];
+/**
+ * @public
+ */
+export interface CreateActionTargetRequest {
+    /**
+     * @public
+     * <p>The name of the custom action target. Can contain up to 20 characters.</p>
+     */
+    Name: string | undefined;
+    /**
+     * @public
+     * <p>The description for the custom action target.</p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>The ID for the custom action target. Can contain up to 20 alphanumeric characters.</p>
+     */
+    Id: string | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateActionTargetResponse {
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) for the custom action target.</p>
+     */
+    ActionTargetArn: string | undefined;
+}
+/**
+ * @public
+ * <p>The resource specified in the request conflicts with an existing resource.</p>
+ */
+export declare class ResourceConflictException extends __BaseException {
+    readonly name: "ResourceConflictException";
+    readonly $fault: "client";
+    Message?: string;
+    Code?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ResourceConflictException, __BaseException>);
+}
+/**
+ * @public
+ */
+export interface CreateAutomationRuleRequest {
+    /**
+     * @public
+     * <p>
+     *             User-defined tags that help you label the purpose of a rule.
+     *         </p>
+     */
+    Tags?: Record<string, string>;
+    /**
+     * @public
+     * <p>
+     *          Whether the rule is active after it is created. If
+     *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
+     *          and finding updates after the rule is created. To change the value of this
+     *          parameter after creating a rule, use <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html">
+     *                <code>BatchUpdateAutomationRules</code>
+     *             </a>.
+     *       </p>
+     */
+    RuleStatus?: RuleStatus;
+    /**
+     * @public
+     * <p>An integer ranging from 1 to 1000 that represents the order in which the rule action is
+     *          applied to findings. Security Hub applies rules with lower values for this parameter
+     *          first. </p>
+     */
+    RuleOrder: number | undefined;
+    /**
+     * @public
+     * <p>
+     *          The name of the rule.
+     *       </p>
+     */
+    RuleName: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          A description of the rule.
+     *       </p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
+     *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
+     *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
+     *         </p>
+     */
+    IsTerminal?: boolean;
+    /**
+     * @public
+     * <p>
+     *          A set of ASFF finding field attributes and corresponding expected values that
+     *          Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in
+     *          this parameter, Security Hub applies the rule action to the finding.
+     *       </p>
+     */
+    Criteria: AutomationRulesFindingFilters | undefined;
+    /**
+     * @public
+     * <p>
+     *          One or more actions to update finding fields if a finding matches the conditions
+     *          specified in <code>Criteria</code>.
+     *       </p>
+     */
+    Actions: AutomationRulesAction[] | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateAutomationRuleResponse {
+    /**
+     * @public
+     * <p>
+     *          The Amazon Resource Name (ARN) of the automation rule that you created.
      *       </p>
      */
     RuleArn?: string;
@@ -3977,6 +4694,17 @@ export interface CreateMembersResponse {
      */
     UnprocessedAccounts?: Result[];
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const SecurityControlProperty: {
+    readonly Parameters: "Parameters";
+};
+/**
+ * @public
+ */
+export type SecurityControlProperty = (typeof SecurityControlProperty)[keyof typeof SecurityControlProperty];
 /**
  * @public
  */
@@ -5369,6 +6097,137 @@ export interface GetMembersResponse {
      */
     UnprocessedAccounts?: Result[];
 }
+/**
+ * @public
+ */
+export interface GetSecurityControlDefinitionRequest {
+    /**
+     * @public
+     * <p>
+     *             The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).
+     *         </p>
+     */
+    SecurityControlId: string | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const RegionAvailabilityStatus: {
+    readonly AVAILABLE: "AVAILABLE";
+    readonly UNAVAILABLE: "UNAVAILABLE";
+};
+/**
+ * @public
+ */
+export type RegionAvailabilityStatus = (typeof RegionAvailabilityStatus)[keyof typeof RegionAvailabilityStatus];
+/**
+ * @public
+ * <p>
+ *             An object that describes a security control parameter and the options for customizing it.
+ *         </p>
+ */
+export interface ParameterDefinition {
+    /**
+     * @public
+     * <p>
+     *             Description of a control parameter.
+     *         </p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a control parameter. Customization options vary based on the data type of the parameter.
+     *         </p>
+     */
+    ConfigurationOptions: ConfigurationOptions | undefined;
+}
+/**
+ * @public
+ * <p>
+ *          Provides metadata for a security control, including its unique standard-agnostic identifier, title, description,
+ *          severity, availability in Amazon Web Services Regions, and a link to remediation steps.
+ *       </p>
+ */
+export interface SecurityControlDefinition {
+    /**
+     * @public
+     * <p>
+     *          The unique identifier of a security control across standards. Values for this field typically consist of an
+     *          Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from
+     *          <code>SecurityControlArn</code>, which is a unique Amazon Resource Name (ARN) assigned to a control. The
+     *          ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
+     *       </p>
+     */
+    SecurityControlId: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          The title of a security control.
+     *       </p>
+     */
+    Title: string | undefined;
+    /**
+     * @public
+     * <p> The description of a security control across standards. This typically summarizes how
+     *             Security Hub evaluates the control and the conditions under which it produces a
+     *          failed finding. This parameter doesn't reference a specific standard. </p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
+     *       </p>
+     */
+    RemediationUrl: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          The severity of a security control. For more information about how Security Hub determines control severity,
+     *          see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
+     *          <i>Security Hub User Guide</i>.
+     *       </p>
+     */
+    SeverityRating: SeverityRating | undefined;
+    /**
+     * @public
+     * <p>
+     *          Specifies whether a security control is available in the current Amazon Web Services Region.
+     *       </p>
+     */
+    CurrentRegionAvailability: RegionAvailabilityStatus | undefined;
+    /**
+     * @public
+     * <p>
+     *             Security control properties that you can customize. Currently, only parameter customization is supported for select
+     *             controls. An empty array is returned for controls that don’t support custom properties.
+     *         </p>
+     */
+    CustomizableProperties?: SecurityControlProperty[];
+    /**
+     * @public
+     * <p>
+     *             An object that provides a security control parameter name, description, and the options for customizing it. This
+     * object is excluded for a control that doesn't support custom parameters.
+     *         </p>
+     */
+    ParameterDefinitions?: Record<string, ParameterDefinition>;
+}
+/**
+ * @public
+ */
+export interface GetSecurityControlDefinitionResponse {
+    /**
+     * @public
+     * <p>
+     *          Provides metadata for a security control, including its unique standard-agnostic identifier, title, description,
+     *          severity, availability in Amazon Web Services Regions, and a link to remediation steps.
+     *       </p>
+     */
+    SecurityControlDefinition: SecurityControlDefinition | undefined;
+}
 /**
  * @public
  */
@@ -5635,74 +6494,6 @@ export interface ListSecurityControlDefinitionsRequest {
      */
     MaxResults?: number;
 }
-/**
- * @public
- * @enum
- */
-export declare const RegionAvailabilityStatus: {
-    readonly AVAILABLE: "AVAILABLE";
-    readonly UNAVAILABLE: "UNAVAILABLE";
-};
-/**
- * @public
- */
-export type RegionAvailabilityStatus = (typeof RegionAvailabilityStatus)[keyof typeof RegionAvailabilityStatus];
-/**
- * @public
- * <p>
- *          Provides metadata for a security control, including its unique standard-agnostic identifier, title, description,
- *          severity, availability in Amazon Web Services Regions, and a link to remediation steps.
- *       </p>
- */
-export interface SecurityControlDefinition {
-    /**
-     * @public
-     * <p>
-     *          The unique identifier of a security control across standards. Values for this field typically consist of an
-     *          Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from
-     *          <code>SecurityControlArn</code>, which is a unique Amazon Resource Name (ARN) assigned to a control. The
-     *          ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
-     *       </p>
-     */
-    SecurityControlId: string | undefined;
-    /**
-     * @public
-     * <p>
-     *          The title of a security control.
-     *       </p>
-     */
-    Title: string | undefined;
-    /**
-     * @public
-     * <p> The description of a security control across standards. This typically summarizes how
-     *             Security Hub evaluates the control and the conditions under which it produces a
-     *          failed finding. This parameter doesn't reference a specific standard. </p>
-     */
-    Description: string | undefined;
-    /**
-     * @public
-     * <p>
-     *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
-     *       </p>
-     */
-    RemediationUrl: string | undefined;
-    /**
-     * @public
-     * <p>
-     *          The severity of a security control. For more information about how Security Hub determines control severity,
-     *          see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
-     *          <i>Security Hub User Guide</i>.
-     *       </p>
-     */
-    SeverityRating: SeverityRating | undefined;
-    /**
-     * @public
-     * <p>
-     *          Specifies whether a security control is available in the current Amazon Web Services Region.
-     *       </p>
-     */
-    CurrentRegionAvailability: RegionAvailabilityStatus | undefined;
-}
 /**
  * @public
  */
@@ -5857,6 +6648,23 @@ export interface ListTagsForResourceResponse {
      */
     Tags?: Record<string, string>;
 }
+/**
+ * @public
+ * <p>
+ *             The request was rejected because it conflicts with the resource's availability. For example, you tried
+ *             to update a security control that's currently in the <code>UPDATING</code> state.
+ *         </p>
+ */
+export declare class ResourceInUseException extends __BaseException {
+    readonly name: "ResourceInUseException";
+    readonly $fault: "client";
+    Message?: string;
+    Code?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ResourceInUseException, __BaseException>);
+}
 /**
  * @public
  */
@@ -6068,6 +6876,38 @@ export interface UpdateOrganizationConfigurationRequest {
  */
 export interface UpdateOrganizationConfigurationResponse {
 }
+/**
+ * @public
+ */
+export interface UpdateSecurityControlRequest {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or ID of the control to update.
+     *         </p>
+     */
+    SecurityControlId: string | undefined;
+    /**
+     * @public
+     * <p>
+     *             An object that specifies which security control parameters to update.
+     *         </p>
+     */
+    Parameters: Record<string, ParameterConfiguration> | undefined;
+    /**
+     * @public
+     * <p>
+     *             The most recent reason for updating the properties of the security control. This field accepts alphanumeric
+     * characters in addition to white spaces, dashes, and underscores.
+     *         </p>
+     */
+    LastUpdateReason?: string;
+}
+/**
+ * @public
+ */
+export interface UpdateSecurityControlResponse {
+}
 /**
  * @public
  */