aws-cdk-lib 2.200.2__py3-none-any.whl → 2.224.0__py3-none-any.whl

aws_cdk/aws_securityhub/__init__.py

@@ -67,9 +67,302 @@ from .. import (
     TagManager as _TagManager_0a598cb3,
     TreeInspector as _TreeInspector_488e0dd5,
 )
+from ..interfaces.aws_securityhub import (
+    AggregatorV2Reference as _AggregatorV2Reference_a3d3e7bc,
+    AutomationRuleReference as _AutomationRuleReference_840d6e74,
+    AutomationRuleV2Reference as _AutomationRuleV2Reference_0c38f3c7,
+    ConfigurationPolicyReference as _ConfigurationPolicyReference_1c2fb12f,
+    DelegatedAdminReference as _DelegatedAdminReference_bebc4b15,
+    FindingAggregatorReference as _FindingAggregatorReference_653c7463,
+    HubReference as _HubReference_30eead86,
+    HubV2Reference as _HubV2Reference_df6d8d5f,
+    IAggregatorV2Ref as _IAggregatorV2Ref_af56713f,
+    IAutomationRuleRef as _IAutomationRuleRef_87633460,
+    IAutomationRuleV2Ref as _IAutomationRuleV2Ref_9909169c,
+    IConfigurationPolicyRef as _IConfigurationPolicyRef_c5d7ee65,
+    IDelegatedAdminRef as _IDelegatedAdminRef_1537f0f1,
+    IFindingAggregatorRef as _IFindingAggregatorRef_bdf7f80f,
+    IHubRef as _IHubRef_afbeae07,
+    IHubV2Ref as _IHubV2Ref_e1cb746c,
+    IInsightRef as _IInsightRef_f81a9d16,
+    IOrganizationConfigurationRef as _IOrganizationConfigurationRef_ee9b4f99,
+    IPolicyAssociationRef as _IPolicyAssociationRef_644f6314,
+    IProductSubscriptionRef as _IProductSubscriptionRef_9d6dd87b,
+    ISecurityControlRef as _ISecurityControlRef_7085a031,
+    IStandardRef as _IStandardRef_f188bebb,
+    InsightReference as _InsightReference_16026cef,
+    OrganizationConfigurationReference as _OrganizationConfigurationReference_4519b145,
+    PolicyAssociationReference as _PolicyAssociationReference_e2a78f89,
+    ProductSubscriptionReference as _ProductSubscriptionReference_8296053d,
+    SecurityControlReference as _SecurityControlReference_fdd0de23,
+    StandardReference as _StandardReference_2d34fa7e,
+)
+
+
+@jsii.implements(_IInspectable_c2943556, _IAggregatorV2Ref_af56713f, _ITaggableV2_4e6798f8)
+class CfnAggregatorV2(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnAggregatorV2",
+):
+    '''Enables aggregation across AWS Regions .
+
+    This API is in public preview and subject to change.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-aggregatorv2.html
+    :cloudformationResource: AWS::SecurityHub::AggregatorV2
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_securityhub as securityhub
+        
+        cfn_aggregator_v2 = securityhub.CfnAggregatorV2(self, "MyCfnAggregatorV2",
+            linked_regions=["linkedRegions"],
+            region_linking_mode="regionLinkingMode",
+        
+            # the properties below are optional
+            tags={
+                "tags_key": "tags"
+            }
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        linked_regions: typing.Sequence[builtins.str],
+        region_linking_mode: builtins.str,
+        tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    ) -> None:
+        '''Create a new ``AWS::SecurityHub::AggregatorV2``.
+
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param linked_regions: The list of Regions that are linked to the aggregation Region.
+        :param region_linking_mode: Determines how Regions are linked to an Aggregator V2.
+        :param tags: A list of key-value pairs to be applied to the AggregatorV2.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a48a2a082be753c7ff9a23ae8720fc6090537bc7754b3949c569c91cc2d97185)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnAggregatorV2Props(
+            linked_regions=linked_regions,
+            region_linking_mode=region_linking_mode,
+            tags=tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__faa540694e43a0e61feeb3f53848b1f6e9494b6ed7da21b25aac134881132c39)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e6872b5e370c8e8f4d83602fa651c03fde81b36e7c5bc3b28fa097f66a87ee66)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="aggregatorV2Ref")
+    def aggregator_v2_ref(self) -> _AggregatorV2Reference_a3d3e7bc:
+        '''A reference to a AggregatorV2 resource.'''
+        return typing.cast(_AggregatorV2Reference_a3d3e7bc, jsii.get(self, "aggregatorV2Ref"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrAggregationRegion")
+    def attr_aggregation_region(self) -> builtins.str:
+        '''The AWS Region where data is aggregated.
+
+        :cloudformationAttribute: AggregationRegion
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrAggregationRegion"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrAggregatorV2Arn")
+    def attr_aggregator_v2_arn(self) -> builtins.str:
+        '''The ARN of the AggregatorV2.
+
+        :cloudformationAttribute: AggregatorV2Arn
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrAggregatorV2Arn"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="linkedRegions")
+    def linked_regions(self) -> typing.List[builtins.str]:
+        '''The list of Regions that are linked to the aggregation Region.'''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "linkedRegions"))
+
+    @linked_regions.setter
+    def linked_regions(self, value: typing.List[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__73719aabf2def1251bbcce62564af2561a7db568f2cc383d665c93c84e03855c)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "linkedRegions", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="regionLinkingMode")
+    def region_linking_mode(self) -> builtins.str:
+        '''Determines how Regions are linked to an Aggregator V2.'''
+        return typing.cast(builtins.str, jsii.get(self, "regionLinkingMode"))
+
+    @region_linking_mode.setter
+    def region_linking_mode(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3f12f6fa7491c9cf6429ed03592fa2e0b84dd1df61b65fe9caf3ffa327ed324f)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "regionLinkingMode", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''A list of key-value pairs to be applied to the AggregatorV2.'''
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(
+        self,
+        value: typing.Optional[typing.Mapping[builtins.str, builtins.str]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e47a206d80ca672182e6fba3a9c614bda1d391a22aa37078d5b442ce9858a656)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnAggregatorV2Props",
+    jsii_struct_bases=[],
+    name_mapping={
+        "linked_regions": "linkedRegions",
+        "region_linking_mode": "regionLinkingMode",
+        "tags": "tags",
+    },
+)
+class CfnAggregatorV2Props:
+    def __init__(
+        self,
+        *,
+        linked_regions: typing.Sequence[builtins.str],
+        region_linking_mode: builtins.str,
+        tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnAggregatorV2``.
+
+        :param linked_regions: The list of Regions that are linked to the aggregation Region.
+        :param region_linking_mode: Determines how Regions are linked to an Aggregator V2.
+        :param tags: A list of key-value pairs to be applied to the AggregatorV2.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-aggregatorv2.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_securityhub as securityhub
+            
+            cfn_aggregator_v2_props = securityhub.CfnAggregatorV2Props(
+                linked_regions=["linkedRegions"],
+                region_linking_mode="regionLinkingMode",
+            
+                # the properties below are optional
+                tags={
+                    "tags_key": "tags"
+                }
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__ba603e1d6925ab7babf45e555f2f6c66e3573a9e5841cd7b5ebf0d444664667e)
+            check_type(argname="argument linked_regions", value=linked_regions, expected_type=type_hints["linked_regions"])
+            check_type(argname="argument region_linking_mode", value=region_linking_mode, expected_type=type_hints["region_linking_mode"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "linked_regions": linked_regions,
+            "region_linking_mode": region_linking_mode,
+        }
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def linked_regions(self) -> typing.List[builtins.str]:
+        '''The list of Regions that are linked to the aggregation Region.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-aggregatorv2.html#cfn-securityhub-aggregatorv2-linkedregions
+        '''
+        result = self._values.get("linked_regions")
+        assert result is not None, "Required property 'linked_regions' is missing"
+        return typing.cast(typing.List[builtins.str], result)
+
+    @builtins.property
+    def region_linking_mode(self) -> builtins.str:
+        '''Determines how Regions are linked to an Aggregator V2.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-aggregatorv2.html#cfn-securityhub-aggregatorv2-regionlinkingmode
+        '''
+        result = self._values.get("region_linking_mode")
+        assert result is not None, "Required property 'region_linking_mode' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''A list of key-value pairs to be applied to the AggregatorV2.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-aggregatorv2.html#cfn-securityhub-aggregatorv2-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnAggregatorV2Props(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
+@jsii.implements(_IInspectable_c2943556, _IAutomationRuleRef_87633460, _ITaggableV2_4e6798f8)
 class CfnAutomationRule(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -77,7 +370,7 @@ class CfnAutomationRule(
 ):
     '''The ``AWS::SecurityHub::AutomationRule`` resource specifies an automation rule based on input parameters.
 
-    For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+    For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html
     :cloudformationResource: AWS::SecurityHub::AutomationRule
@@ -89,9 +382,6 @@ class CfnAutomationRule(
         # The values are placeholders you should change.
         from aws_cdk import aws_securityhub as securityhub
         
-        # id: Any
-        # updated_by: Any
-        
         cfn_automation_rule = securityhub.CfnAutomationRule(self, "MyCfnAutomationRule",
             actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty(
                 finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
@@ -99,10 +389,10 @@ class CfnAutomationRule(
                     criticality=123,
                     note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                         text="text",
-                        updated_by=updated_by
+                        updated_by="updatedBy"
                     ),
                     related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                        id=id,
+                        id="id",
                         product_arn="productArn"
                     )],
                     severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -315,7 +605,8 @@ class CfnAutomationRule(
         rule_status: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::AutomationRule``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param actions: One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria`` .
@@ -418,6 +709,12 @@ class CfnAutomationRule(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrUpdatedAt"))
 
+    @builtins.property
+    @jsii.member(jsii_name="automationRuleRef")
+    def automation_rule_ref(self) -> _AutomationRuleReference_840d6e74:
+        '''A reference to a AutomationRule resource.'''
+        return typing.cast(_AutomationRuleReference_840d6e74, jsii.get(self, "automationRuleRef"))
+
     @builtins.property
     @jsii.member(jsii_name="cdkTagManager")
     def cdk_tag_manager(self) -> _TagManager_0a598cb3:
@@ -563,7 +860,7 @@ class CfnAutomationRule(
             finding_fields_update: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty", typing.Dict[builtins.str, typing.Any]]],
             type: builtins.str,
         ) -> None:
-            '''One or more actions that AWS Security Hub takes when a finding matches the defined criteria of a rule.
+            '''One or more actions that Security Hub takes when a finding matches the defined criteria of a rule.
 
             :param finding_fields_update: Specifies that the automation rule action is an update to a finding field.
             :param type: Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
@@ -577,19 +874,16 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # id: Any
-                # updated_by: Any
-                
                 automation_rules_action_property = securityhub.CfnAutomationRule.AutomationRulesActionProperty(
                     finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
                         confidence=123,
                         criticality=123,
                         note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                             text="text",
-                            updated_by=updated_by
+                            updated_by="updatedBy"
                         ),
                         related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                            id=id,
+                            id="id",
                             product_arn="productArn"
                         )],
                         severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -701,18 +995,15 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # id: Any
-                # updated_by: Any
-                
                 automation_rules_finding_fields_update_property = securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
                     confidence=123,
                     criticality=123,
                     note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                         text="text",
-                        updated_by=updated_by
+                        updated_by="updatedBy"
                     ),
                     related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                        id=id,
+                        id="id",
                         product_arn="productArn"
                     )],
                     severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -951,16 +1242,16 @@ class CfnAutomationRule(
             :param compliance_associated_standards_id: The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the `DescribeStandards <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html>`_ API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param compliance_security_control_id: The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param compliance_status: The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param confidence: The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. ``Confidence`` is scored on a 0–100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see `Confidence <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence>`_ in the *AWS Security Hub User Guide* . Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param created_at: A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param criticality: The level of importance that is assigned to the resources that are associated with a finding. ``Criticality`` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see `Criticality <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality>`_ in the *AWS Security Hub User Guide* . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param confidence: The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. ``Confidence`` is scored on a 0–100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see `Confidence <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence>`_ in the *Security Hub User Guide* . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param created_at: A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param criticality: The level of importance that is assigned to the resources that are associated with a finding. ``Criticality`` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see `Criticality <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality>`_ in the *Security Hub User Guide* . Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param description: A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param first_observed_at: A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param first_observed_at: A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param generator_id: The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
             :param id: The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param last_observed_at: A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param last_observed_at: A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param note_text: The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param note_updated_at: The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param note_updated_at: The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param note_updated_by: The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param product_arn: The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param product_name: Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -976,8 +1267,8 @@ class CfnAutomationRule(
             :param severity_label: The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param source_url: Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param title: A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
-            :param type: One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see `Types taxonomy for ASFF <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html>`_ in the *AWS Security Hub User Guide* . Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param updated_at: A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param type: One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see `Types taxonomy for ASFF <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html>`_ in the *Security Hub User Guide* . Array Members: Minimum number of 1 item. Maximum number of 20 items.
+            :param updated_at: A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ . Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param user_defined_fields: A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param verification_state: Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param workflow_status: Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -1343,7 +1634,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.NumberFilterProperty"]]]]:
             '''The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
 
-            ``Confidence`` is scored on a 0–100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see `Confidence <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence>`_ in the *AWS Security Hub User Guide* .
+            ``Confidence`` is scored on a 0–100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see `Confidence <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence>`_ in the *Security Hub User Guide* .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1358,7 +1649,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.DateFilterProperty"]]]]:
             '''A timestamp that indicates when this finding record was created.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1373,7 +1664,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.NumberFilterProperty"]]]]:
             '''The level of importance that is assigned to the resources that are associated with a finding.
 
-            ``Criticality`` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see `Criticality <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality>`_ in the *AWS Security Hub User Guide* .
+            ``Criticality`` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see `Criticality <https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality>`_ in the *Security Hub User Guide* .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1401,7 +1692,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1442,7 +1733,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1470,7 +1761,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.DateFilterProperty"]]]]:
             '''The timestamp of when the note was updated.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1684,7 +1975,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.StringFilterProperty"]]]]:
             '''One or more finding types in the format of namespace/category/classifier that classify a finding.
 
-            For a list of namespaces, classifiers, and categories, see `Types taxonomy for ASFF <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html>`_ in the *AWS Security Hub User Guide* .
+            For a list of namespaces, classifiers, and categories, see `Types taxonomy for ASFF <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html>`_ in the *Security Hub User Guide* .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1699,7 +1990,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the finding record was most recently updated.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
 
@@ -1774,8 +2065,8 @@ class CfnAutomationRule(
             '''A date filter for querying findings.
 
             :param date_range: A date range for the date filter.
-            :param end: A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
-            :param start: A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param end: A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param start: A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-datefilter.html
             :exampleMetadata: fixture=_generated
@@ -1823,7 +2114,7 @@ class CfnAutomationRule(
         def end(self) -> typing.Optional[builtins.str]:
             '''A timestamp that provides the end date for the date filter.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-datefilter.html#cfn-securityhub-automationrule-datefilter-end
             '''
@@ -1834,7 +2125,7 @@ class CfnAutomationRule(
         def start(self) -> typing.Optional[builtins.str]:
             '''A timestamp that provides the start date for the date filter.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-datefilter.html#cfn-securityhub-automationrule-datefilter-start
             '''
@@ -1931,11 +2222,11 @@ class CfnAutomationRule(
             key: builtins.str,
             value: builtins.str,
         ) -> None:
-            '''A map filter for filtering AWS Security Hub findings.
+            '''A map filter for filtering Security Hub findings.
 
             Each map filter provides the field to check for, the value to check for, and the comparison operator.
 
-            :param comparison: The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag. ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security`` , ``Finance`` , or both values. To search for values that don't have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag. ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            :param comparison: The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag. ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security`` , ``Finance`` , or both values. To search for values that don't have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag. ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
             :param key: The key of the map filter. For example, for ``ResourceTags`` , ``Key`` identifies the name of the tag. For ``UserDefinedFields`` , ``Key`` is the name of the field.
             :param value: The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security`` . If you provide ``security`` as the filter value, then there's no match.
 
@@ -1987,7 +2278,7 @@ class CfnAutomationRule(
 
             You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error.
 
-            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-mapfilter.html#cfn-securityhub-automationrule-mapfilter-comparison
             '''
@@ -2036,7 +2327,7 @@ class CfnAutomationRule(
         name_mapping={"text": "text", "updated_by": "updatedBy"},
     )
     class NoteUpdateProperty:
-        def __init__(self, *, text: builtins.str, updated_by: typing.Any) -> None:
+        def __init__(self, *, text: builtins.str, updated_by: builtins.str) -> None:
             '''The updated note.
 
             :param text: The updated note text.
@@ -2051,11 +2342,9 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # updated_by: Any
-                
                 note_update_property = securityhub.CfnAutomationRule.NoteUpdateProperty(
                     text="text",
-                    updated_by=updated_by
+                    updated_by="updatedBy"
                 )
             '''
             if __debug__:
@@ -2078,14 +2367,14 @@ class CfnAutomationRule(
             return typing.cast(builtins.str, result)
 
         @builtins.property
-        def updated_by(self) -> typing.Any:
+        def updated_by(self) -> builtins.str:
             '''The principal that updated the note.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-noteupdate.html#cfn-securityhub-automationrule-noteupdate-updatedby
             '''
             result = self._values.get("updated_by")
             assert result is not None, "Required property 'updated_by' is missing"
-            return typing.cast(typing.Any, result)
+            return typing.cast(builtins.str, result)
 
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -2189,7 +2478,7 @@ class CfnAutomationRule(
         name_mapping={"id": "id", "product_arn": "productArn"},
     )
     class RelatedFindingProperty:
-        def __init__(self, *, id: typing.Any, product_arn: builtins.str) -> None:
+        def __init__(self, *, id: builtins.str, product_arn: builtins.str) -> None:
             '''Provides details about a list of findings that the current finding relates to.
 
             :param id: The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -2204,10 +2493,8 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # id: Any
-                
                 related_finding_property = securityhub.CfnAutomationRule.RelatedFindingProperty(
-                    id=id,
+                    id="id",
                     product_arn="productArn"
                 )
             '''
@@ -2221,7 +2508,7 @@ class CfnAutomationRule(
             }
 
         @builtins.property
-        def id(self) -> typing.Any:
+        def id(self) -> builtins.str:
             '''The product-generated identifier for a related finding.
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -2230,7 +2517,7 @@ class CfnAutomationRule(
             '''
             result = self._values.get("id")
             assert result is not None, "Required property 'id' is missing"
-            return typing.cast(typing.Any, result)
+            return typing.cast(builtins.str, result)
 
         @builtins.property
         def product_arn(self) -> builtins.str:
@@ -2363,9 +2650,9 @@ class CfnAutomationRule(
     )
     class StringFilterProperty:
         def __init__(self, *, comparison: builtins.str, value: builtins.str) -> None:
-            '''A string filter for filtering AWS Security Hub findings.
+            '''A string filter for filtering Security Hub findings.
 
-            :param comparison: The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012`` . - To search for values that start with the filter value, use ``PREFIX`` . For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us`` . A ``ResourceRegion`` that starts with a different value, such as ``af`` , ``ap`` , or ``ca`` , doesn't match. ``CONTAINS`` , ``EQUALS`` , and ``PREFIX`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront`` , ``CloudWatch`` , or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012`` . - To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS`` . For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us`` . ``NOT_CONTAINS`` , ``NOT_EQUALS`` , and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2`` . It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface`` . - ``ResourceType PREFIX AwsIam`` - ``ResourceType PREFIX AwsEc2`` - ``ResourceType NOT_EQUALS AwsIamPolicy`` - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            :param comparison: The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012`` . - To search for values that start with the filter value, use ``PREFIX`` . For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us`` . A ``ResourceRegion`` that starts with a different value, such as ``af`` , ``ap`` , or ``ca`` , doesn't match. ``CONTAINS`` , ``EQUALS`` , and ``PREFIX`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront`` , ``CloudWatch`` , or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012`` . - To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS`` . For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us`` . ``NOT_CONTAINS`` , ``NOT_EQUALS`` , and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2`` . It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface`` . - ``ResourceType PREFIX AwsIam`` - ``ResourceType PREFIX AwsEc2`` - ``ResourceType NOT_EQUALS AwsIamPolicy`` - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2`` , ``GetFindingStatisticsV2`` , ``GetResourcesV2`` , and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
             :param value: The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub`` . If you provide ``security hub`` as the filter value, there's no match.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-stringfilter.html
@@ -2422,7 +2709,7 @@ class CfnAutomationRule(
             - ``ResourceType NOT_EQUALS AwsIamPolicy``
             - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface``
 
-            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2`` , ``GetFindingStatisticsV2`` , ``GetResourcesV2`` , and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-stringfilter.html#cfn-securityhub-automationrule-stringfilter-comparison
             '''
@@ -2567,9 +2854,6 @@ class CfnAutomationRuleProps:
             # The values are placeholders you should change.
             from aws_cdk import aws_securityhub as securityhub
             
-            # id: Any
-            # updated_by: Any
-            
             cfn_automation_rule_props = securityhub.CfnAutomationRuleProps(
                 actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty(
                     finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
@@ -2577,10 +2861,10 @@ class CfnAutomationRuleProps:
                         criticality=123,
                         note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                             text="text",
-                            updated_by=updated_by
+                            updated_by="updatedBy"
                         ),
                         related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                            id=id,
+                            id="id",
                             product_arn="productArn"
                         )],
                         severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -2903,18 +3187,18 @@ class CfnAutomationRuleProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
-class CfnConfigurationPolicy(
+@jsii.implements(_IInspectable_c2943556, _IAutomationRuleV2Ref_9909169c, _ITaggableV2_4e6798f8)
+class CfnAutomationRuleV2(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
-    jsii_type="aws-cdk-lib.aws_securityhub.CfnConfigurationPolicy",
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2",
 ):
-    '''The ``AWS::SecurityHub::ConfigurationPolicy`` resource creates a central configuration policy with the defined settings.
+    '''Creates a V2 automation rule.
 
-    Only the AWS Security Hub delegated administrator can create this resource in the home Region. For more information, see `Central configuration in Security Hub <https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html>`_ in the *AWS Security Hub User Guide* .
+    This API is in public preview and subject to change.
 
-    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html
-    :cloudformationResource: AWS::SecurityHub::ConfigurationPolicy
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html
+    :cloudformationResource: AWS::SecurityHub::AutomationRuleV2
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2923,41 +3207,2128 @@ class CfnConfigurationPolicy(
         # The values are placeholders you should change.
         from aws_cdk import aws_securityhub as securityhub
         
-        cfn_configuration_policy = securityhub.CfnConfigurationPolicy(self, "MyCfnConfigurationPolicy",
-            configuration_policy=securityhub.CfnConfigurationPolicy.PolicyProperty(
-                security_hub=securityhub.CfnConfigurationPolicy.SecurityHubPolicyProperty(
-                    enabled_standard_identifiers=["enabledStandardIdentifiers"],
-                    security_controls_configuration=securityhub.CfnConfigurationPolicy.SecurityControlsConfigurationProperty(
-                        disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"],
-                        enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"],
-                        security_control_custom_parameters=[securityhub.CfnConfigurationPolicy.SecurityControlCustomParameterProperty(
-                            parameters={
-                                "parameters_key": securityhub.CfnConfigurationPolicy.ParameterConfigurationProperty(
-                                    value_type="valueType",
+        cfn_automation_rule_v2 = securityhub.CfnAutomationRuleV2(self, "MyCfnAutomationRuleV2",
+            actions=[securityhub.CfnAutomationRuleV2.AutomationRulesActionV2Property(
+                type="type",
         
-                                    # the properties below are optional
-                                    value=securityhub.CfnConfigurationPolicy.ParameterValueProperty(
-                                        boolean=False,
-                                        double=123,
-                                        enum="enum",
-                                        enum_list=["enumList"],
-                                        integer=123,
-                                        integer_list=[123],
-                                        string="string",
-                                        string_list=["stringList"]
-                                    )
-                                )
-                            },
-                            security_control_id="securityControlId"
+                # the properties below are optional
+                external_integration_configuration=securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty(
+                    connector_arn="connectorArn"
+                ),
+                finding_fields_update=securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property(
+                    comment="comment",
+                    severity_id=123,
+                    status_id=123
+                )
+            )],
+            criteria=securityhub.CfnAutomationRuleV2.CriteriaProperty(
+                ocsf_finding_criteria=securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty(
+                    composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty(
+                        boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                                value=False
+                            )
+                        )],
+                        date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                                date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                                    unit="unit",
+                                    value=123
+                                ),
+                                end="end",
+                                start="start"
+                            )
+                        )],
+                        map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                                comparison="comparison",
+                                key="key",
+                                value="value"
+                            )
+                        )],
+                        number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                                eq=123,
+                                gte=123,
+                                lte=123
+                            )
+                        )],
+                        operator="operator",
+                        string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                                comparison="comparison",
+                                value="value"
+                            )
                         )]
-                    ),
-                    service_enabled=False
+                    )],
+                    composite_operator="compositeOperator"
                 )
             ),
-            name="name",
+            description="description",
+            rule_name="ruleName",
+            rule_order=123,
         
             # the properties below are optional
-            description="description",
+            rule_status="ruleStatus",
+            tags={
+                "tags_key": "tags"
+            }
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.AutomationRulesActionV2Property", typing.Dict[builtins.str, typing.Any]]]]],
+        criteria: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.CriteriaProperty", typing.Dict[builtins.str, typing.Any]]],
+        description: builtins.str,
+        rule_name: builtins.str,
+        rule_order: jsii.Number,
+        rule_status: typing.Optional[builtins.str] = None,
+        tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    ) -> None:
+        '''Create a new ``AWS::SecurityHub::AutomationRuleV2``.
+
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param actions: A list of actions to be performed when the rule criteria is met.
+        :param criteria: The filtering type and configuration of the automation rule.
+        :param description: A description of the V2 automation rule.
+        :param rule_name: The name of the V2 automation rule.
+        :param rule_order: The value for the rule priority.
+        :param rule_status: The status of the V2 automation rule.
+        :param tags: A list of key-value pairs associated with the V2 automation rule.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d67bab57d18f8318b1f3e5e5aee0425c6d6ad2a73c3def328f22c6e22aa173d4)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnAutomationRuleV2Props(
+            actions=actions,
+            criteria=criteria,
+            description=description,
+            rule_name=rule_name,
+            rule_order=rule_order,
+            rule_status=rule_status,
+            tags=tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__148b5ad52f495a944fc188c33e9ce4790af9aae05ed5382a214fb325dffaf8bb)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2f9d1f99336eb3a75c15b25a178234de86a8bfdf4875bf0ce1cd38b114f64593)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrCreatedAt")
+    def attr_created_at(self) -> builtins.str:
+        '''The timestamp when the V2 automation rule was created.
+
+        :cloudformationAttribute: CreatedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrCreatedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrRuleArn")
+    def attr_rule_arn(self) -> builtins.str:
+        '''The ARN of the V2 automation rule.
+
+        :cloudformationAttribute: RuleArn
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrRuleArn"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrRuleId")
+    def attr_rule_id(self) -> builtins.str:
+        '''The ID of the V2 automation rule.
+
+        :cloudformationAttribute: RuleId
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrRuleId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrUpdatedAt")
+    def attr_updated_at(self) -> builtins.str:
+        '''The timestamp when the V2 automation rule was updated.
+
+        :cloudformationAttribute: UpdatedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrUpdatedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="automationRuleV2Ref")
+    def automation_rule_v2_ref(self) -> _AutomationRuleV2Reference_0c38f3c7:
+        '''A reference to a AutomationRuleV2 resource.'''
+        return typing.cast(_AutomationRuleV2Reference_0c38f3c7, jsii.get(self, "automationRuleV2Ref"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="actions")
+    def actions(
+        self,
+    ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.AutomationRulesActionV2Property"]]]:
+        '''A list of actions to be performed when the rule criteria is met.'''
+        return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.AutomationRulesActionV2Property"]]], jsii.get(self, "actions"))
+
+    @actions.setter
+    def actions(
+        self,
+        value: typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.AutomationRulesActionV2Property"]]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6347d27f0ba2cf053f67fe33ad975271c9a681e994a3d68259bee4b4cecff923)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "actions", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="criteria")
+    def criteria(
+        self,
+    ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.CriteriaProperty"]:
+        '''The filtering type and configuration of the automation rule.'''
+        return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.CriteriaProperty"], jsii.get(self, "criteria"))
+
+    @criteria.setter
+    def criteria(
+        self,
+        value: typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.CriteriaProperty"],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a5adb921eebdd2ef5c8fd115e4be769f443780102c814dd43fe745285e68ab8e)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "criteria", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> builtins.str:
+        '''A description of the V2 automation rule.'''
+        return typing.cast(builtins.str, jsii.get(self, "description"))
+
+    @description.setter
+    def description(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__125c937bc05766b550dc71a5d1d56e19a69b4ef80f88b4ef38e2e5e003477882)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="ruleName")
+    def rule_name(self) -> builtins.str:
+        '''The name of the V2 automation rule.'''
+        return typing.cast(builtins.str, jsii.get(self, "ruleName"))
+
+    @rule_name.setter
+    def rule_name(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d67119779ecc92e0cdf9224e19bbf9519a8b3464aefe9656b42f750f87734d6a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "ruleName", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="ruleOrder")
+    def rule_order(self) -> jsii.Number:
+        '''The value for the rule priority.'''
+        return typing.cast(jsii.Number, jsii.get(self, "ruleOrder"))
+
+    @rule_order.setter
+    def rule_order(self, value: jsii.Number) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0756c118bad7b3ecf44f8e5b333e1b12ae1f8fcc93cfb9994a9b01b1e420c800)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "ruleOrder", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="ruleStatus")
+    def rule_status(self) -> typing.Optional[builtins.str]:
+        '''The status of the V2 automation rule.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ruleStatus"))
+
+    @rule_status.setter
+    def rule_status(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9d3ccd09d54183efd7f79c4f4fa028ef4ff9dcf82d873ad68a9b84292b42fca1)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "ruleStatus", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''A list of key-value pairs associated with the V2 automation rule.'''
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(
+        self,
+        value: typing.Optional[typing.Mapping[builtins.str, builtins.str]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c4cafeb60a0ac8c7088697f2b7bd61bc6887761dd3405c6d9a418c848d6a35ed)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.AutomationRulesActionV2Property",
+        jsii_struct_bases=[],
+        name_mapping={
+            "type": "type",
+            "external_integration_configuration": "externalIntegrationConfiguration",
+            "finding_fields_update": "findingFieldsUpdate",
+        },
+    )
+    class AutomationRulesActionV2Property:
+        def __init__(
+            self,
+            *,
+            type: builtins.str,
+            external_integration_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            finding_fields_update: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property", typing.Dict[builtins.str, typing.Any]]]] = None,
+        ) -> None:
+            '''Allows you to configure automated responses.
+
+            :param type: Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
+            :param external_integration_configuration: The settings for integrating automation rule actions with external systems or service.
+            :param finding_fields_update: Specifies that the automation rule action is an update to a finding field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                automation_rules_action_v2_property = securityhub.CfnAutomationRuleV2.AutomationRulesActionV2Property(
+                    type="type",
+                
+                    # the properties below are optional
+                    external_integration_configuration=securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty(
+                        connector_arn="connectorArn"
+                    ),
+                    finding_fields_update=securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property(
+                        comment="comment",
+                        severity_id=123,
+                        status_id=123
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__c5861ee659ea2189f4b0d18349855ec99f8b11ef0e6bc925783f2b7a3911d61f)
+                check_type(argname="argument type", value=type, expected_type=type_hints["type"])
+                check_type(argname="argument external_integration_configuration", value=external_integration_configuration, expected_type=type_hints["external_integration_configuration"])
+                check_type(argname="argument finding_fields_update", value=finding_fields_update, expected_type=type_hints["finding_fields_update"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "type": type,
+            }
+            if external_integration_configuration is not None:
+                self._values["external_integration_configuration"] = external_integration_configuration
+            if finding_fields_update is not None:
+                self._values["finding_fields_update"] = finding_fields_update
+
+        @builtins.property
+        def type(self) -> builtins.str:
+            '''Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html#cfn-securityhub-automationrulev2-automationrulesactionv2-type
+            '''
+            result = self._values.get("type")
+            assert result is not None, "Required property 'type' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def external_integration_configuration(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty"]]:
+            '''The settings for integrating automation rule actions with external systems or service.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html#cfn-securityhub-automationrulev2-automationrulesactionv2-externalintegrationconfiguration
+            '''
+            result = self._values.get("external_integration_configuration")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty"]], result)
+
+        @builtins.property
+        def finding_fields_update(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property"]]:
+            '''Specifies that the automation rule action is an update to a finding field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html#cfn-securityhub-automationrulev2-automationrulesactionv2-findingfieldsupdate
+            '''
+            result = self._values.get("finding_fields_update")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property"]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "AutomationRulesActionV2Property(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property",
+        jsii_struct_bases=[],
+        name_mapping={
+            "comment": "comment",
+            "severity_id": "severityId",
+            "status_id": "statusId",
+        },
+    )
+    class AutomationRulesFindingFieldsUpdateV2Property:
+        def __init__(
+            self,
+            *,
+            comment: typing.Optional[builtins.str] = None,
+            severity_id: typing.Optional[jsii.Number] = None,
+            status_id: typing.Optional[jsii.Number] = None,
+        ) -> None:
+            '''Allows you to define the structure for modifying specific fields in security findings.
+
+            :param comment: Notes or contextual information for findings that are modified by the automation rule.
+            :param severity_id: The severity level to be assigned to findings that match the automation rule criteria.
+            :param status_id: The status to be applied to findings that match automation rule criteria.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                automation_rules_finding_fields_update_v2_property = securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property(
+                    comment="comment",
+                    severity_id=123,
+                    status_id=123
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__4f90f98d77f04ef40f0534b1d8b8660117e52394e43158b5d7f298d3bc8625cc)
+                check_type(argname="argument comment", value=comment, expected_type=type_hints["comment"])
+                check_type(argname="argument severity_id", value=severity_id, expected_type=type_hints["severity_id"])
+                check_type(argname="argument status_id", value=status_id, expected_type=type_hints["status_id"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if comment is not None:
+                self._values["comment"] = comment
+            if severity_id is not None:
+                self._values["severity_id"] = severity_id
+            if status_id is not None:
+                self._values["status_id"] = status_id
+
+        @builtins.property
+        def comment(self) -> typing.Optional[builtins.str]:
+            '''Notes or contextual information for findings that are modified by the automation rule.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html#cfn-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2-comment
+            '''
+            result = self._values.get("comment")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def severity_id(self) -> typing.Optional[jsii.Number]:
+            '''The severity level to be assigned to findings that match the automation rule criteria.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html#cfn-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2-severityid
+            '''
+            result = self._values.get("severity_id")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def status_id(self) -> typing.Optional[jsii.Number]:
+            '''The status to be applied to findings that match automation rule criteria.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html#cfn-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2-statusid
+            '''
+            result = self._values.get("status_id")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "AutomationRulesFindingFieldsUpdateV2Property(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.BooleanFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"value": "value"},
+    )
+    class BooleanFilterProperty:
+        def __init__(
+            self,
+            *,
+            value: typing.Union[builtins.bool, _IResolvable_da3f097b],
+        ) -> None:
+            '''Boolean filter for querying findings.
+
+            :param value: The value of the boolean.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-booleanfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                boolean_filter_property = securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                    value=False
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__bf1f4033b6ab73724f96c846c6e76e7a50093a23574134c07515d9390346e33b)
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "value": value,
+            }
+
+        @builtins.property
+        def value(self) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
+            '''The value of the boolean.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-booleanfilter.html#cfn-securityhub-automationrulev2-booleanfilter-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(typing.Union[builtins.bool, _IResolvable_da3f097b], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "BooleanFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.CompositeFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "boolean_filters": "booleanFilters",
+            "date_filters": "dateFilters",
+            "map_filters": "mapFilters",
+            "number_filters": "numberFilters",
+            "operator": "operator",
+            "string_filters": "stringFilters",
+        },
+    )
+    class CompositeFilterProperty:
+        def __init__(
+            self,
+            *,
+            boolean_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.OcsfBooleanFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+            date_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.OcsfDateFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+            map_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.OcsfMapFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+            number_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.OcsfNumberFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+            operator: typing.Optional[builtins.str] = None,
+            string_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.OcsfStringFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        ) -> None:
+            '''Enables the creation of filtering criteria for security findings.
+
+            :param boolean_filters: Enables filtering based on boolean field values.
+            :param date_filters: Enables filtering based on date and timestamp fields.
+            :param map_filters: Enables the creation of filtering criteria for security findings.
+            :param number_filters: Enables filtering based on numerical field values.
+            :param operator: The logical operator used to combine multiple filter conditions.
+            :param string_filters: Enables filtering based on string field values.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                composite_filter_property = securityhub.CfnAutomationRuleV2.CompositeFilterProperty(
+                    boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty(
+                        field_name="fieldName",
+                        filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                            value=False
+                        )
+                    )],
+                    date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty(
+                        field_name="fieldName",
+                        filter=securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                            date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                                unit="unit",
+                                value=123
+                            ),
+                            end="end",
+                            start="start"
+                        )
+                    )],
+                    map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty(
+                        field_name="fieldName",
+                        filter=securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                            comparison="comparison",
+                            key="key",
+                            value="value"
+                        )
+                    )],
+                    number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty(
+                        field_name="fieldName",
+                        filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                            eq=123,
+                            gte=123,
+                            lte=123
+                        )
+                    )],
+                    operator="operator",
+                    string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty(
+                        field_name="fieldName",
+                        filter=securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                            comparison="comparison",
+                            value="value"
+                        )
+                    )]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__ef5252b213e349428bc417b1dd29e26751fcc25bde34b016a3eaf19d58151f2e)
+                check_type(argname="argument boolean_filters", value=boolean_filters, expected_type=type_hints["boolean_filters"])
+                check_type(argname="argument date_filters", value=date_filters, expected_type=type_hints["date_filters"])
+                check_type(argname="argument map_filters", value=map_filters, expected_type=type_hints["map_filters"])
+                check_type(argname="argument number_filters", value=number_filters, expected_type=type_hints["number_filters"])
+                check_type(argname="argument operator", value=operator, expected_type=type_hints["operator"])
+                check_type(argname="argument string_filters", value=string_filters, expected_type=type_hints["string_filters"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if boolean_filters is not None:
+                self._values["boolean_filters"] = boolean_filters
+            if date_filters is not None:
+                self._values["date_filters"] = date_filters
+            if map_filters is not None:
+                self._values["map_filters"] = map_filters
+            if number_filters is not None:
+                self._values["number_filters"] = number_filters
+            if operator is not None:
+                self._values["operator"] = operator
+            if string_filters is not None:
+                self._values["string_filters"] = string_filters
+
+        @builtins.property
+        def boolean_filters(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfBooleanFilterProperty"]]]]:
+            '''Enables filtering based on boolean field values.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-booleanfilters
+            '''
+            result = self._values.get("boolean_filters")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfBooleanFilterProperty"]]]], result)
+
+        @builtins.property
+        def date_filters(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfDateFilterProperty"]]]]:
+            '''Enables filtering based on date and timestamp fields.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-datefilters
+            '''
+            result = self._values.get("date_filters")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfDateFilterProperty"]]]], result)
+
+        @builtins.property
+        def map_filters(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfMapFilterProperty"]]]]:
+            '''Enables the creation of filtering criteria for security findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-mapfilters
+            '''
+            result = self._values.get("map_filters")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfMapFilterProperty"]]]], result)
+
+        @builtins.property
+        def number_filters(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfNumberFilterProperty"]]]]:
+            '''Enables filtering based on numerical field values.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-numberfilters
+            '''
+            result = self._values.get("number_filters")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfNumberFilterProperty"]]]], result)
+
+        @builtins.property
+        def operator(self) -> typing.Optional[builtins.str]:
+            '''The logical operator used to combine multiple filter conditions.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-operator
+            '''
+            result = self._values.get("operator")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def string_filters(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfStringFilterProperty"]]]]:
+            '''Enables filtering based on string field values.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-stringfilters
+            '''
+            result = self._values.get("string_filters")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfStringFilterProperty"]]]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "CompositeFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.CriteriaProperty",
+        jsii_struct_bases=[],
+        name_mapping={"ocsf_finding_criteria": "ocsfFindingCriteria"},
+    )
+    class CriteriaProperty:
+        def __init__(
+            self,
+            *,
+            ocsf_finding_criteria: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.OcsfFindingFiltersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        ) -> None:
+            '''The filtering type and configuration of the automation rule.
+
+            :param ocsf_finding_criteria: The filtering conditions that align with OCSF standards.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-criteria.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                criteria_property = securityhub.CfnAutomationRuleV2.CriteriaProperty(
+                    ocsf_finding_criteria=securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty(
+                        composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty(
+                            boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                                    value=False
+                                )
+                            )],
+                            date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                                    date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                                        unit="unit",
+                                        value=123
+                                    ),
+                                    end="end",
+                                    start="start"
+                                )
+                            )],
+                            map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                                    comparison="comparison",
+                                    key="key",
+                                    value="value"
+                                )
+                            )],
+                            number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                                    eq=123,
+                                    gte=123,
+                                    lte=123
+                                )
+                            )],
+                            operator="operator",
+                            string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                                    comparison="comparison",
+                                    value="value"
+                                )
+                            )]
+                        )],
+                        composite_operator="compositeOperator"
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__1ba9d632d542a300365cf2fd23759ae4458525cb9c085d0a969ca6b488962b63)
+                check_type(argname="argument ocsf_finding_criteria", value=ocsf_finding_criteria, expected_type=type_hints["ocsf_finding_criteria"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if ocsf_finding_criteria is not None:
+                self._values["ocsf_finding_criteria"] = ocsf_finding_criteria
+
+        @builtins.property
+        def ocsf_finding_criteria(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfFindingFiltersProperty"]]:
+            '''The filtering conditions that align with OCSF standards.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-criteria.html#cfn-securityhub-automationrulev2-criteria-ocsffindingcriteria
+            '''
+            result = self._values.get("ocsf_finding_criteria")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.OcsfFindingFiltersProperty"]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "CriteriaProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.DateFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"date_range": "dateRange", "end": "end", "start": "start"},
+    )
+    class DateFilterProperty:
+        def __init__(
+            self,
+            *,
+            date_range: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.DateRangeProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            end: typing.Optional[builtins.str] = None,
+            start: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''A date filter for querying findings.
+
+            :param date_range: A date range for the date filter.
+            :param end: A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param start: A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                date_filter_property = securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                    date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                        unit="unit",
+                        value=123
+                    ),
+                    end="end",
+                    start="start"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__3d21b2c9e81f0b05c0b5eae1aed977679e202dd65257b012d2ffca3404d4bce2)
+                check_type(argname="argument date_range", value=date_range, expected_type=type_hints["date_range"])
+                check_type(argname="argument end", value=end, expected_type=type_hints["end"])
+                check_type(argname="argument start", value=start, expected_type=type_hints["start"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if date_range is not None:
+                self._values["date_range"] = date_range
+            if end is not None:
+                self._values["end"] = end
+            if start is not None:
+                self._values["start"] = start
+
+        @builtins.property
+        def date_range(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.DateRangeProperty"]]:
+            '''A date range for the date filter.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html#cfn-securityhub-automationrulev2-datefilter-daterange
+            '''
+            result = self._values.get("date_range")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.DateRangeProperty"]], result)
+
+        @builtins.property
+        def end(self) -> typing.Optional[builtins.str]:
+            '''A timestamp that provides the end date for the date filter.
+
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html#cfn-securityhub-automationrulev2-datefilter-end
+            '''
+            result = self._values.get("end")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def start(self) -> typing.Optional[builtins.str]:
+            '''A timestamp that provides the start date for the date filter.
+
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html#cfn-securityhub-automationrulev2-datefilter-start
+            '''
+            result = self._values.get("start")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "DateFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.DateRangeProperty",
+        jsii_struct_bases=[],
+        name_mapping={"unit": "unit", "value": "value"},
+    )
+    class DateRangeProperty:
+        def __init__(self, *, unit: builtins.str, value: jsii.Number) -> None:
+            '''A date range for the date filter.
+
+            :param unit: A date range unit for the date filter.
+            :param value: A date range value for the date filter.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-daterange.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                date_range_property = securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                    unit="unit",
+                    value=123
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__6cd41336e92eb03ceeaab0c8bb04ecdcbaa676b6a22a3cd4a1f8ba069311dc05)
+                check_type(argname="argument unit", value=unit, expected_type=type_hints["unit"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "unit": unit,
+                "value": value,
+            }
+
+        @builtins.property
+        def unit(self) -> builtins.str:
+            '''A date range unit for the date filter.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-daterange.html#cfn-securityhub-automationrulev2-daterange-unit
+            '''
+            result = self._values.get("unit")
+            assert result is not None, "Required property 'unit' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def value(self) -> jsii.Number:
+            '''A date range value for the date filter.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-daterange.html#cfn-securityhub-automationrulev2-daterange-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(jsii.Number, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "DateRangeProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty",
+        jsii_struct_bases=[],
+        name_mapping={"connector_arn": "connectorArn"},
+    )
+    class ExternalIntegrationConfigurationProperty:
+        def __init__(
+            self,
+            *,
+            connector_arn: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''The settings for integrating automation rule actions with external systems or service.
+
+            :param connector_arn: The ARN of the connector that establishes the integration.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-externalintegrationconfiguration.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                external_integration_configuration_property = securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty(
+                    connector_arn="connectorArn"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__a2fd9a1462ca1711dacb92a0d07d564ed40fe787a40d0cfcdebf274371c09173)
+                check_type(argname="argument connector_arn", value=connector_arn, expected_type=type_hints["connector_arn"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if connector_arn is not None:
+                self._values["connector_arn"] = connector_arn
+
+        @builtins.property
+        def connector_arn(self) -> typing.Optional[builtins.str]:
+            '''The ARN of the connector that establishes the integration.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-externalintegrationconfiguration.html#cfn-securityhub-automationrulev2-externalintegrationconfiguration-connectorarn
+            '''
+            result = self._values.get("connector_arn")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ExternalIntegrationConfigurationProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.MapFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"comparison": "comparison", "key": "key", "value": "value"},
+    )
+    class MapFilterProperty:
+        def __init__(
+            self,
+            *,
+            comparison: builtins.str,
+            key: builtins.str,
+            value: builtins.str,
+        ) -> None:
+            '''A map filter for filtering Security Hub findings.
+
+            Each map filter provides the field to check for, the value to check for, and the comparison operator.
+
+            :param comparison: The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag. ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security`` , ``Finance`` , or both values. To search for values that don't have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag. ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
+            :param key: The key of the map filter. For example, for ``ResourceTags`` , ``Key`` identifies the name of the tag. For ``UserDefinedFields`` , ``Key`` is the name of the field.
+            :param value: The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security`` . If you provide ``security`` as the filter value, then there's no match.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                map_filter_property = securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                    comparison="comparison",
+                    key="key",
+                    value="value"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__3ce382a730a7d946b88f0a9bbc8ee839e8cc4048403520f61f9601274312c198)
+                check_type(argname="argument comparison", value=comparison, expected_type=type_hints["comparison"])
+                check_type(argname="argument key", value=key, expected_type=type_hints["key"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "comparison": comparison,
+                "key": key,
+                "value": value,
+            }
+
+        @builtins.property
+        def comparison(self) -> builtins.str:
+            '''The condition to apply to the key value when filtering Security Hub findings with a map filter.
+
+            To search for values that have the filter value, use one of the following comparison operators:
+
+            - To search for values that include the filter value, use ``CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match.
+            - To search for values that exactly match the filter value, use ``EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag.
+
+            ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security`` , ``Finance`` , or both values.
+
+            To search for values that don't have the filter value, use one of the following comparison operators:
+
+            - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag.
+            - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag.
+
+            ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values.
+
+            ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters.
+
+            You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error.
+
+            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html#cfn-securityhub-automationrulev2-mapfilter-comparison
+            '''
+            result = self._values.get("comparison")
+            assert result is not None, "Required property 'comparison' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def key(self) -> builtins.str:
+            '''The key of the map filter.
+
+            For example, for ``ResourceTags`` , ``Key`` identifies the name of the tag. For ``UserDefinedFields`` , ``Key`` is the name of the field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html#cfn-securityhub-automationrulev2-mapfilter-key
+            '''
+            result = self._values.get("key")
+            assert result is not None, "Required property 'key' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def value(self) -> builtins.str:
+            '''The value for the key in the map filter.
+
+            Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security`` . If you provide ``security`` as the filter value, then there's no match.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html#cfn-securityhub-automationrulev2-mapfilter-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "MapFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.NumberFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"eq": "eq", "gte": "gte", "lte": "lte"},
+    )
+    class NumberFilterProperty:
+        def __init__(
+            self,
+            *,
+            eq: typing.Optional[jsii.Number] = None,
+            gte: typing.Optional[jsii.Number] = None,
+            lte: typing.Optional[jsii.Number] = None,
+        ) -> None:
+            '''A number filter for querying findings.
+
+            :param eq: The equal-to condition to be applied to a single field when querying for findings.
+            :param gte: The greater-than-equal condition to be applied to a single field when querying for findings.
+            :param lte: The less-than-equal condition to be applied to a single field when querying for findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                number_filter_property = securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                    eq=123,
+                    gte=123,
+                    lte=123
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__647dc97c620209dca2753ac34dae13a3a6afc9916dad52290296e2565ad48048)
+                check_type(argname="argument eq", value=eq, expected_type=type_hints["eq"])
+                check_type(argname="argument gte", value=gte, expected_type=type_hints["gte"])
+                check_type(argname="argument lte", value=lte, expected_type=type_hints["lte"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if eq is not None:
+                self._values["eq"] = eq
+            if gte is not None:
+                self._values["gte"] = gte
+            if lte is not None:
+                self._values["lte"] = lte
+
+        @builtins.property
+        def eq(self) -> typing.Optional[jsii.Number]:
+            '''The equal-to condition to be applied to a single field when querying for findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html#cfn-securityhub-automationrulev2-numberfilter-eq
+            '''
+            result = self._values.get("eq")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def gte(self) -> typing.Optional[jsii.Number]:
+            '''The greater-than-equal condition to be applied to a single field when querying for findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html#cfn-securityhub-automationrulev2-numberfilter-gte
+            '''
+            result = self._values.get("gte")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def lte(self) -> typing.Optional[jsii.Number]:
+            '''The less-than-equal condition to be applied to a single field when querying for findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html#cfn-securityhub-automationrulev2-numberfilter-lte
+            '''
+            result = self._values.get("lte")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "NumberFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"field_name": "fieldName", "filter": "filter"},
+    )
+    class OcsfBooleanFilterProperty:
+        def __init__(
+            self,
+            *,
+            field_name: builtins.str,
+            filter: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.BooleanFilterProperty", typing.Dict[builtins.str, typing.Any]]],
+        ) -> None:
+            '''Enables filtering of security findings based on boolean field values in OCSF.
+
+            :param field_name: The name of the field.
+            :param filter: Enables filtering of security findings based on boolean field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfbooleanfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                ocsf_boolean_filter_property = securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty(
+                    field_name="fieldName",
+                    filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                        value=False
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__a42eba30c4eef0c19b5165ead711c40b18983e8c78c7eaafba9deb680ec94bfd)
+                check_type(argname="argument field_name", value=field_name, expected_type=type_hints["field_name"])
+                check_type(argname="argument filter", value=filter, expected_type=type_hints["filter"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "field_name": field_name,
+                "filter": filter,
+            }
+
+        @builtins.property
+        def field_name(self) -> builtins.str:
+            '''The name of the field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfbooleanfilter.html#cfn-securityhub-automationrulev2-ocsfbooleanfilter-fieldname
+            '''
+            result = self._values.get("field_name")
+            assert result is not None, "Required property 'field_name' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def filter(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.BooleanFilterProperty"]:
+            '''Enables filtering of security findings based on boolean field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfbooleanfilter.html#cfn-securityhub-automationrulev2-ocsfbooleanfilter-filter
+            '''
+            result = self._values.get("filter")
+            assert result is not None, "Required property 'filter' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.BooleanFilterProperty"], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "OcsfBooleanFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"field_name": "fieldName", "filter": "filter"},
+    )
+    class OcsfDateFilterProperty:
+        def __init__(
+            self,
+            *,
+            field_name: builtins.str,
+            filter: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.DateFilterProperty", typing.Dict[builtins.str, typing.Any]]],
+        ) -> None:
+            '''Enables filtering of security findings based on date and timestamp fields in OCSF.
+
+            :param field_name: The name of the field.
+            :param filter: Enables filtering of security findings based on date and timestamp fields in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfdatefilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                ocsf_date_filter_property = securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty(
+                    field_name="fieldName",
+                    filter=securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                        date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                            unit="unit",
+                            value=123
+                        ),
+                        end="end",
+                        start="start"
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__0835da7838d6730412395869f245eb4865e7ae2b63a637022d4a3475231c342f)
+                check_type(argname="argument field_name", value=field_name, expected_type=type_hints["field_name"])
+                check_type(argname="argument filter", value=filter, expected_type=type_hints["filter"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "field_name": field_name,
+                "filter": filter,
+            }
+
+        @builtins.property
+        def field_name(self) -> builtins.str:
+            '''The name of the field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfdatefilter.html#cfn-securityhub-automationrulev2-ocsfdatefilter-fieldname
+            '''
+            result = self._values.get("field_name")
+            assert result is not None, "Required property 'field_name' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def filter(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.DateFilterProperty"]:
+            '''Enables filtering of security findings based on date and timestamp fields in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfdatefilter.html#cfn-securityhub-automationrulev2-ocsfdatefilter-filter
+            '''
+            result = self._values.get("filter")
+            assert result is not None, "Required property 'filter' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.DateFilterProperty"], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "OcsfDateFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "composite_filters": "compositeFilters",
+            "composite_operator": "compositeOperator",
+        },
+    )
+    class OcsfFindingFiltersProperty:
+        def __init__(
+            self,
+            *,
+            composite_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.CompositeFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+            composite_operator: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''Specifies the filtering criteria for security findings using OCSF.
+
+            :param composite_filters: Enables the creation of complex filtering conditions by combining filter criteria.
+            :param composite_operator: The logical operators used to combine the filtering on multiple ``CompositeFilters`` .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsffindingfilters.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                ocsf_finding_filters_property = securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty(
+                    composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty(
+                        boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                                value=False
+                            )
+                        )],
+                        date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                                date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                                    unit="unit",
+                                    value=123
+                                ),
+                                end="end",
+                                start="start"
+                            )
+                        )],
+                        map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                                comparison="comparison",
+                                key="key",
+                                value="value"
+                            )
+                        )],
+                        number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                                eq=123,
+                                gte=123,
+                                lte=123
+                            )
+                        )],
+                        operator="operator",
+                        string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty(
+                            field_name="fieldName",
+                            filter=securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                                comparison="comparison",
+                                value="value"
+                            )
+                        )]
+                    )],
+                    composite_operator="compositeOperator"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__67b27a03af9c079f8cc42cdfa5f8df4adc151b555e1080317dfc2e8c5873519c)
+                check_type(argname="argument composite_filters", value=composite_filters, expected_type=type_hints["composite_filters"])
+                check_type(argname="argument composite_operator", value=composite_operator, expected_type=type_hints["composite_operator"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if composite_filters is not None:
+                self._values["composite_filters"] = composite_filters
+            if composite_operator is not None:
+                self._values["composite_operator"] = composite_operator
+
+        @builtins.property
+        def composite_filters(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.CompositeFilterProperty"]]]]:
+            '''Enables the creation of complex filtering conditions by combining filter criteria.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsffindingfilters.html#cfn-securityhub-automationrulev2-ocsffindingfilters-compositefilters
+            '''
+            result = self._values.get("composite_filters")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.CompositeFilterProperty"]]]], result)
+
+        @builtins.property
+        def composite_operator(self) -> typing.Optional[builtins.str]:
+            '''The logical operators used to combine the filtering on multiple ``CompositeFilters`` .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsffindingfilters.html#cfn-securityhub-automationrulev2-ocsffindingfilters-compositeoperator
+            '''
+            result = self._values.get("composite_operator")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "OcsfFindingFiltersProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"field_name": "fieldName", "filter": "filter"},
+    )
+    class OcsfMapFilterProperty:
+        def __init__(
+            self,
+            *,
+            field_name: builtins.str,
+            filter: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.MapFilterProperty", typing.Dict[builtins.str, typing.Any]]],
+        ) -> None:
+            '''Enables filtering of security findings based on map field values in OCSF.
+
+            :param field_name: The name of the field.
+            :param filter: Enables filtering of security findings based on map field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfmapfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                ocsf_map_filter_property = securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty(
+                    field_name="fieldName",
+                    filter=securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                        comparison="comparison",
+                        key="key",
+                        value="value"
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__b733ec921abf18e15f42cbdb443df518e81d6c48b4cf4b2397f4812a20240777)
+                check_type(argname="argument field_name", value=field_name, expected_type=type_hints["field_name"])
+                check_type(argname="argument filter", value=filter, expected_type=type_hints["filter"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "field_name": field_name,
+                "filter": filter,
+            }
+
+        @builtins.property
+        def field_name(self) -> builtins.str:
+            '''The name of the field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfmapfilter.html#cfn-securityhub-automationrulev2-ocsfmapfilter-fieldname
+            '''
+            result = self._values.get("field_name")
+            assert result is not None, "Required property 'field_name' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def filter(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.MapFilterProperty"]:
+            '''Enables filtering of security findings based on map field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfmapfilter.html#cfn-securityhub-automationrulev2-ocsfmapfilter-filter
+            '''
+            result = self._values.get("filter")
+            assert result is not None, "Required property 'filter' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.MapFilterProperty"], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "OcsfMapFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"field_name": "fieldName", "filter": "filter"},
+    )
+    class OcsfNumberFilterProperty:
+        def __init__(
+            self,
+            *,
+            field_name: builtins.str,
+            filter: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.NumberFilterProperty", typing.Dict[builtins.str, typing.Any]]],
+        ) -> None:
+            '''Enables filtering of security findings based on numerical field values in OCSF.
+
+            :param field_name: The name of the field.
+            :param filter: Enables filtering of security findings based on numerical field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfnumberfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                ocsf_number_filter_property = securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty(
+                    field_name="fieldName",
+                    filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                        eq=123,
+                        gte=123,
+                        lte=123
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__96733fb6348f5b5cd478197a8fee3f33665015a9b17eb4ce28d9ca28862964c7)
+                check_type(argname="argument field_name", value=field_name, expected_type=type_hints["field_name"])
+                check_type(argname="argument filter", value=filter, expected_type=type_hints["filter"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "field_name": field_name,
+                "filter": filter,
+            }
+
+        @builtins.property
+        def field_name(self) -> builtins.str:
+            '''The name of the field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfnumberfilter.html#cfn-securityhub-automationrulev2-ocsfnumberfilter-fieldname
+            '''
+            result = self._values.get("field_name")
+            assert result is not None, "Required property 'field_name' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def filter(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.NumberFilterProperty"]:
+            '''Enables filtering of security findings based on numerical field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfnumberfilter.html#cfn-securityhub-automationrulev2-ocsfnumberfilter-filter
+            '''
+            result = self._values.get("filter")
+            assert result is not None, "Required property 'filter' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.NumberFilterProperty"], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "OcsfNumberFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"field_name": "fieldName", "filter": "filter"},
+    )
+    class OcsfStringFilterProperty:
+        def __init__(
+            self,
+            *,
+            field_name: builtins.str,
+            filter: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRuleV2.StringFilterProperty", typing.Dict[builtins.str, typing.Any]]],
+        ) -> None:
+            '''Enables filtering of security findings based on string field values in OCSF.
+
+            :param field_name: The name of the field.
+            :param filter: Enables filtering of security findings based on string field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                ocsf_string_filter_property = securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty(
+                    field_name="fieldName",
+                    filter=securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                        comparison="comparison",
+                        value="value"
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__664006d14466473dd08a13af9d06be4f13672817d578a3e7b6c2e476b7e219f0)
+                check_type(argname="argument field_name", value=field_name, expected_type=type_hints["field_name"])
+                check_type(argname="argument filter", value=filter, expected_type=type_hints["filter"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "field_name": field_name,
+                "filter": filter,
+            }
+
+        @builtins.property
+        def field_name(self) -> builtins.str:
+            '''The name of the field.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfilter.html#cfn-securityhub-automationrulev2-ocsfstringfilter-fieldname
+            '''
+            result = self._values.get("field_name")
+            assert result is not None, "Required property 'field_name' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def filter(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.StringFilterProperty"]:
+            '''Enables filtering of security findings based on string field values in OCSF.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfilter.html#cfn-securityhub-automationrulev2-ocsfstringfilter-filter
+            '''
+            result = self._values.get("filter")
+            assert result is not None, "Required property 'filter' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRuleV2.StringFilterProperty"], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "OcsfStringFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2.StringFilterProperty",
+        jsii_struct_bases=[],
+        name_mapping={"comparison": "comparison", "value": "value"},
+    )
+    class StringFilterProperty:
+        def __init__(self, *, comparison: builtins.str, value: builtins.str) -> None:
+            '''A string filter for filtering Security Hub findings.
+
+            :param comparison: The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012`` . - To search for values that start with the filter value, use ``PREFIX`` . For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us`` . A ``ResourceRegion`` that starts with a different value, such as ``af`` , ``ap`` , or ``ca`` , doesn't match. ``CONTAINS`` , ``EQUALS`` , and ``PREFIX`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront`` , ``CloudWatch`` , or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012`` . - To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS`` . For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us`` . ``NOT_CONTAINS`` , ``NOT_EQUALS`` , and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2`` . It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface`` . - ``ResourceType PREFIX AwsIam`` - ``ResourceType PREFIX AwsEc2`` - ``ResourceType NOT_EQUALS AwsIamPolicy`` - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2`` , ``GetFindingStatisticsV2`` , ``GetResourcesV2`` , and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
+            :param value: The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub`` . If you provide ``security hub`` as the filter value, there's no match.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-stringfilter.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                string_filter_property = securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                    comparison="comparison",
+                    value="value"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__5b950655292e8a1a447bc6fef9ec46917dffad72edcfb67f4bae7b7bdbd3100b)
+                check_type(argname="argument comparison", value=comparison, expected_type=type_hints["comparison"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "comparison": comparison,
+                "value": value,
+            }
+
+        @builtins.property
+        def comparison(self) -> builtins.str:
+            '''The condition to apply to a string value when filtering Security Hub findings.
+
+            To search for values that have the filter value, use one of the following comparison operators:
+
+            - To search for values that include the filter value, use ``CONTAINS`` . For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront.
+            - To search for values that exactly match the filter value, use ``EQUALS`` . For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012`` .
+            - To search for values that start with the filter value, use ``PREFIX`` . For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us`` . A ``ResourceRegion`` that starts with a different value, such as ``af`` , ``ap`` , or ``ca`` , doesn't match.
+
+            ``CONTAINS`` , ``EQUALS`` , and ``PREFIX`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront`` , ``CloudWatch`` , or both strings in the title.
+
+            To search for values that don’t have the filter value, use one of the following comparison operators:
+
+            - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront.
+            - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012`` .
+            - To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS`` . For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us`` .
+
+            ``NOT_CONTAINS`` , ``NOT_EQUALS`` , and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title.
+
+            You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters.
+
+            You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters.
+
+            For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2`` . It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface`` .
+
+            - ``ResourceType PREFIX AwsIam``
+            - ``ResourceType PREFIX AwsEc2``
+            - ``ResourceType NOT_EQUALS AwsIamPolicy``
+            - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface``
+
+            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2`` , ``GetFindingStatisticsV2`` , ``GetResourcesV2`` , and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-stringfilter.html#cfn-securityhub-automationrulev2-stringfilter-comparison
+            '''
+            result = self._values.get("comparison")
+            assert result is not None, "Required property 'comparison' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def value(self) -> builtins.str:
+            '''The string filter value.
+
+            Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub`` . If you provide ``security hub`` as the filter value, there's no match.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-stringfilter.html#cfn-securityhub-automationrulev2-stringfilter-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "StringFilterProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRuleV2Props",
+    jsii_struct_bases=[],
+    name_mapping={
+        "actions": "actions",
+        "criteria": "criteria",
+        "description": "description",
+        "rule_name": "ruleName",
+        "rule_order": "ruleOrder",
+        "rule_status": "ruleStatus",
+        "tags": "tags",
+    },
+)
+class CfnAutomationRuleV2Props:
+    def __init__(
+        self,
+        *,
+        actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.AutomationRulesActionV2Property, typing.Dict[builtins.str, typing.Any]]]]],
+        criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.CriteriaProperty, typing.Dict[builtins.str, typing.Any]]],
+        description: builtins.str,
+        rule_name: builtins.str,
+        rule_order: jsii.Number,
+        rule_status: typing.Optional[builtins.str] = None,
+        tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnAutomationRuleV2``.
+
+        :param actions: A list of actions to be performed when the rule criteria is met.
+        :param criteria: The filtering type and configuration of the automation rule.
+        :param description: A description of the V2 automation rule.
+        :param rule_name: The name of the V2 automation rule.
+        :param rule_order: The value for the rule priority.
+        :param rule_status: The status of the V2 automation rule.
+        :param tags: A list of key-value pairs associated with the V2 automation rule.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_securityhub as securityhub
+            
+            cfn_automation_rule_v2_props = securityhub.CfnAutomationRuleV2Props(
+                actions=[securityhub.CfnAutomationRuleV2.AutomationRulesActionV2Property(
+                    type="type",
+            
+                    # the properties below are optional
+                    external_integration_configuration=securityhub.CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty(
+                        connector_arn="connectorArn"
+                    ),
+                    finding_fields_update=securityhub.CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property(
+                        comment="comment",
+                        severity_id=123,
+                        status_id=123
+                    )
+                )],
+                criteria=securityhub.CfnAutomationRuleV2.CriteriaProperty(
+                    ocsf_finding_criteria=securityhub.CfnAutomationRuleV2.OcsfFindingFiltersProperty(
+                        composite_filters=[securityhub.CfnAutomationRuleV2.CompositeFilterProperty(
+                            boolean_filters=[securityhub.CfnAutomationRuleV2.OcsfBooleanFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.BooleanFilterProperty(
+                                    value=False
+                                )
+                            )],
+                            date_filters=[securityhub.CfnAutomationRuleV2.OcsfDateFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.DateFilterProperty(
+                                    date_range=securityhub.CfnAutomationRuleV2.DateRangeProperty(
+                                        unit="unit",
+                                        value=123
+                                    ),
+                                    end="end",
+                                    start="start"
+                                )
+                            )],
+                            map_filters=[securityhub.CfnAutomationRuleV2.OcsfMapFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.MapFilterProperty(
+                                    comparison="comparison",
+                                    key="key",
+                                    value="value"
+                                )
+                            )],
+                            number_filters=[securityhub.CfnAutomationRuleV2.OcsfNumberFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.NumberFilterProperty(
+                                    eq=123,
+                                    gte=123,
+                                    lte=123
+                                )
+                            )],
+                            operator="operator",
+                            string_filters=[securityhub.CfnAutomationRuleV2.OcsfStringFilterProperty(
+                                field_name="fieldName",
+                                filter=securityhub.CfnAutomationRuleV2.StringFilterProperty(
+                                    comparison="comparison",
+                                    value="value"
+                                )
+                            )]
+                        )],
+                        composite_operator="compositeOperator"
+                    )
+                ),
+                description="description",
+                rule_name="ruleName",
+                rule_order=123,
+            
+                # the properties below are optional
+                rule_status="ruleStatus",
+                tags={
+                    "tags_key": "tags"
+                }
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__96bf6ac88f339a8dafdb0d899cf9e7c5353a67121a8a0b34137e9631c11f04a4)
+            check_type(argname="argument actions", value=actions, expected_type=type_hints["actions"])
+            check_type(argname="argument criteria", value=criteria, expected_type=type_hints["criteria"])
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument rule_name", value=rule_name, expected_type=type_hints["rule_name"])
+            check_type(argname="argument rule_order", value=rule_order, expected_type=type_hints["rule_order"])
+            check_type(argname="argument rule_status", value=rule_status, expected_type=type_hints["rule_status"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "actions": actions,
+            "criteria": criteria,
+            "description": description,
+            "rule_name": rule_name,
+            "rule_order": rule_order,
+        }
+        if rule_status is not None:
+            self._values["rule_status"] = rule_status
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def actions(
+        self,
+    ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRuleV2.AutomationRulesActionV2Property]]]:
+        '''A list of actions to be performed when the rule criteria is met.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-actions
+        '''
+        result = self._values.get("actions")
+        assert result is not None, "Required property 'actions' is missing"
+        return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRuleV2.AutomationRulesActionV2Property]]], result)
+
+    @builtins.property
+    def criteria(
+        self,
+    ) -> typing.Union[_IResolvable_da3f097b, CfnAutomationRuleV2.CriteriaProperty]:
+        '''The filtering type and configuration of the automation rule.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-criteria
+        '''
+        result = self._values.get("criteria")
+        assert result is not None, "Required property 'criteria' is missing"
+        return typing.cast(typing.Union[_IResolvable_da3f097b, CfnAutomationRuleV2.CriteriaProperty], result)
+
+    @builtins.property
+    def description(self) -> builtins.str:
+        '''A description of the V2 automation rule.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-description
+        '''
+        result = self._values.get("description")
+        assert result is not None, "Required property 'description' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def rule_name(self) -> builtins.str:
+        '''The name of the V2 automation rule.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-rulename
+        '''
+        result = self._values.get("rule_name")
+        assert result is not None, "Required property 'rule_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def rule_order(self) -> jsii.Number:
+        '''The value for the rule priority.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-ruleorder
+        '''
+        result = self._values.get("rule_order")
+        assert result is not None, "Required property 'rule_order' is missing"
+        return typing.cast(jsii.Number, result)
+
+    @builtins.property
+    def rule_status(self) -> typing.Optional[builtins.str]:
+        '''The status of the V2 automation rule.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-rulestatus
+        '''
+        result = self._values.get("rule_status")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''A list of key-value pairs associated with the V2 automation rule.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnAutomationRuleV2Props(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.implements(_IInspectable_c2943556, _IConfigurationPolicyRef_c5d7ee65, _ITaggableV2_4e6798f8)
+class CfnConfigurationPolicy(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnConfigurationPolicy",
+):
+    '''The ``AWS::SecurityHub::ConfigurationPolicy`` resource creates a central configuration policy with the defined settings.
+
+    Only the Security Hub delegated administrator can create this resource in the home Region. For more information, see `Central configuration in Security Hub <https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html>`_ in the *Security Hub User Guide* .
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html
+    :cloudformationResource: AWS::SecurityHub::ConfigurationPolicy
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_securityhub as securityhub
+        
+        cfn_configuration_policy = securityhub.CfnConfigurationPolicy(self, "MyCfnConfigurationPolicy",
+            configuration_policy=securityhub.CfnConfigurationPolicy.PolicyProperty(
+                security_hub=securityhub.CfnConfigurationPolicy.SecurityHubPolicyProperty(
+                    enabled_standard_identifiers=["enabledStandardIdentifiers"],
+                    security_controls_configuration=securityhub.CfnConfigurationPolicy.SecurityControlsConfigurationProperty(
+                        disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"],
+                        enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"],
+                        security_control_custom_parameters=[securityhub.CfnConfigurationPolicy.SecurityControlCustomParameterProperty(
+                            parameters={
+                                "parameters_key": securityhub.CfnConfigurationPolicy.ParameterConfigurationProperty(
+                                    value_type="valueType",
+        
+                                    # the properties below are optional
+                                    value=securityhub.CfnConfigurationPolicy.ParameterValueProperty(
+                                        boolean=False,
+                                        double=123,
+                                        enum="enum",
+                                        enum_list=["enumList"],
+                                        integer=123,
+                                        integer_list=[123],
+                                        string="string",
+                                        string_list=["stringList"]
+                                    )
+                                )
+                            },
+                            security_control_id="securityControlId"
+                        )]
+                    ),
+                    service_enabled=False
+                )
+            ),
+            name="name",
+        
+            # the properties below are optional
+            description="description",
             tags={
                 "tags_key": "tags"
             }
@@ -2974,13 +5345,14 @@ class CfnConfigurationPolicy(
         description: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::ConfigurationPolicy``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param configuration_policy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
+        :param configuration_policy: An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
         :param name: The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: ``-, ., !, *, /`` .
         :param description: The description of the configuration policy.
-        :param tags: User-defined tags associated with a configuration policy. For more information, see `Tagging AWS Security Hub resources <https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html>`_ in the *Security Hub user guide* .
+        :param tags: User-defined tags associated with a configuration policy. For more information, see `Tagging Security Hub resources <https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html>`_ in the *Security Hub user guide* .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e2cee5cf3fe5ba0b354ff30ea357f97d4a69893bed692305ae2919f0061404d2)
@@ -3083,12 +5455,18 @@ class CfnConfigurationPolicy(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="configurationPolicyRef")
+    def configuration_policy_ref(self) -> _ConfigurationPolicyReference_1c2fb12f:
+        '''A reference to a ConfigurationPolicy resource.'''
+        return typing.cast(_ConfigurationPolicyReference_1c2fb12f, jsii.get(self, "configurationPolicyRef"))
+
     @builtins.property
     @jsii.member(jsii_name="configurationPolicy")
     def configuration_policy(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, "CfnConfigurationPolicy.PolicyProperty"]:
-        '''An object that defines how AWS Security Hub is configured.'''
+        '''An object that defines how Security Hub is configured.'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnConfigurationPolicy.PolicyProperty"], jsii.get(self, "configurationPolicy"))
 
     @configuration_policy.setter
@@ -3157,7 +5535,7 @@ class CfnConfigurationPolicy(
         ) -> None:
             '''An object that provides the current value of a security control parameter and identifies whether it has been customized.
 
-            :param value_type: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior. When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field. When ``ValueType`` is set equal to ``CUSTOM`` , the ``Value`` field can't be empty.
+            :param value_type: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field. When ``ValueType`` is set equal to ``CUSTOM`` , the ``Value`` field can't be empty.
             :param value: The current value of a control parameter.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-parameterconfiguration.html
@@ -3197,7 +5575,7 @@ class CfnConfigurationPolicy(
 
         @builtins.property
         def value_type(self) -> builtins.str:
-            '''Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
+            '''Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.
 
             When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field.
 
@@ -3415,7 +5793,7 @@ class CfnConfigurationPolicy(
             *,
             security_hub: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConfigurationPolicy.SecurityHubPolicyProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''An object that defines how AWS Security Hub is configured.
+            '''An object that defines how Security Hub is configured.
 
             It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
 
@@ -3598,7 +5976,7 @@ class CfnConfigurationPolicy(
             enabled_security_control_identifiers: typing.Optional[typing.Sequence[builtins.str]] = None,
             security_control_custom_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConfigurationPolicy.SecurityControlCustomParameterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         ) -> None:
-            '''An object that defines which security controls are enabled in an AWS Security Hub configuration policy.
+            '''An object that defines which security controls are enabled in an Security Hub configuration policy.
 
             The enablement status of a control is aligned across all of the enabled standards in an account.
 
@@ -3724,7 +6102,7 @@ class CfnConfigurationPolicy(
             security_controls_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConfigurationPolicy.SecurityControlsConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             service_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         ) -> None:
-            '''An object that defines how AWS Security Hub is configured.
+            '''An object that defines how Security Hub is configured.
 
             The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
 
@@ -3855,10 +6233,10 @@ class CfnConfigurationPolicyProps:
     ) -> None:
         '''Properties for defining a ``CfnConfigurationPolicy``.
 
-        :param configuration_policy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
+        :param configuration_policy: An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
         :param name: The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: ``-, ., !, *, /`` .
         :param description: The description of the configuration policy.
-        :param tags: User-defined tags associated with a configuration policy. For more information, see `Tagging AWS Security Hub resources <https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html>`_ in the *Security Hub user guide* .
+        :param tags: User-defined tags associated with a configuration policy. For more information, see `Tagging Security Hub resources <https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html>`_ in the *Security Hub user guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html
         :exampleMetadata: fixture=_generated
@@ -3928,7 +6306,7 @@ class CfnConfigurationPolicyProps:
     def configuration_policy(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, CfnConfigurationPolicy.PolicyProperty]:
-        '''An object that defines how AWS Security Hub is configured.
+        '''An object that defines how Security Hub is configured.
 
         It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
 
@@ -3963,7 +6341,7 @@ class CfnConfigurationPolicyProps:
     def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
         '''User-defined tags associated with a configuration policy.
 
-        For more information, see `Tagging AWS Security Hub resources <https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html>`_ in the *Security Hub user guide* .
+        For more information, see `Tagging Security Hub resources <https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html>`_ in the *Security Hub user guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html#cfn-securityhub-configurationpolicy-tags
         '''
@@ -3982,15 +6360,15 @@ class CfnConfigurationPolicyProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IDelegatedAdminRef_1537f0f1)
 class CfnDelegatedAdmin(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securityhub.CfnDelegatedAdmin",
 ):
-    '''The ``AWS::SecurityHub::DelegatedAdmin`` resource designates the delegated AWS Security Hub administrator account for an organization.
+    '''The ``AWS::SecurityHub::DelegatedAdmin`` resource designates the delegated Security Hub administrator account for an organization.
 
-    You must enable the integration between Security Hub and AWS Organizations before you can designate a delegated Security Hub administrator. Only the management account for an organization can designate the delegated Security Hub administrator account. For more information, see `Designating the delegated Security Hub administrator <https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html#designate-admin-instructions>`_ in the *AWS Security Hub User Guide* .
+    You must enable the integration between Security Hub and AWS Organizations before you can designate a delegated Security Hub administrator. Only the management account for an organization can designate the delegated Security Hub administrator account. For more information, see `Designating the delegated Security Hub administrator <https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html#designate-admin-instructions>`_ in the *Security Hub User Guide* .
 
     To change the delegated administrator account, remove the current delegated administrator account, and then designate the new account.
 
@@ -4020,7 +6398,8 @@ class CfnDelegatedAdmin(
         *,
         admin_account_id: builtins.str,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::DelegatedAdmin``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param admin_account_id: The AWS account identifier of the account to designate as the Security Hub administrator account.
@@ -4086,6 +6465,12 @@ class CfnDelegatedAdmin(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="delegatedAdminRef")
+    def delegated_admin_ref(self) -> _DelegatedAdminReference_bebc4b15:
+        '''A reference to a DelegatedAdmin resource.'''
+        return typing.cast(_DelegatedAdminReference_bebc4b15, jsii.get(self, "delegatedAdminRef"))
+
     @builtins.property
     @jsii.member(jsii_name="adminAccountId")
     def admin_account_id(self) -> builtins.str:
@@ -4153,7 +6538,7 @@ class CfnDelegatedAdminProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IFindingAggregatorRef_bdf7f80f)
 class CfnFindingAggregator(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -4161,7 +6546,7 @@ class CfnFindingAggregator(
 ):
     '''The ``AWS::SecurityHub::FindingAggregator`` resource enables cross-Region aggregation.
 
-    When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see `Cross-Region aggregation <https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html>`_ in the *AWS Security Hub User Guide*
+    When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see `Cross-Region aggregation <https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html>`_ in the *Security Hub User Guide*
 
     This resource must be created in the Region that you want to designate as your aggregation Region.
 
@@ -4193,7 +6578,8 @@ class CfnFindingAggregator(
         region_linking_mode: builtins.str,
         regions: typing.Optional[typing.Sequence[builtins.str]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::FindingAggregator``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. In AWS CloudFormation , the options for this property are as follows: - ``ALL_REGIONS`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Indicates to aggregate findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions.
@@ -4266,6 +6652,12 @@ class CfnFindingAggregator(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="findingAggregatorRef")
+    def finding_aggregator_ref(self) -> _FindingAggregatorReference_653c7463:
+        '''A reference to a FindingAggregator resource.'''
+        return typing.cast(_FindingAggregatorReference_653c7463, jsii.get(self, "findingAggregatorRef"))
+
     @builtins.property
     @jsii.member(jsii_name="regionLinkingMode")
     def region_linking_mode(self) -> builtins.str:
@@ -4379,13 +6771,13 @@ class CfnFindingAggregatorProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
+@jsii.implements(_IInspectable_c2943556, _IHubRef_afbeae07, _ITaggable_36806126)
 class CfnHub(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securityhub.CfnHub",
 ):
-    '''The ``AWS::SecurityHub::Hub`` resource specifies the enablement of the AWS Security Hub service in your AWS account .
+    '''The ``AWS::SecurityHub::Hub`` resource specifies the enablement of the Security Hub service in your AWS account .
 
     The service is enabled in the current AWS Region or the specified Region. You create a separate ``Hub`` resource in each Region in which you want to enable Security Hub .
 
@@ -4425,7 +6817,8 @@ class CfnHub(
         enable_default_standards: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Any = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::Hub``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param auto_enable_controls: Whether to automatically enable new controls when they are added to standards that are enabled. By default, this is set to ``true`` , and new controls are enabled automatically. To not automatically enable new controls, set this to ``false`` . When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of ``DISABLED`` . It can take up to several days for Security Hub to process the control release and designate the control as ``ENABLED`` in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have ``AutoEnableControls`` set to ``true`` .
@@ -4499,6 +6892,12 @@ class CfnHub(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="hubRef")
+    def hub_ref(self) -> _HubReference_30eead86:
+        '''A reference to a Hub resource.'''
+        return typing.cast(_HubReference_30eead86, jsii.get(self, "hubRef"))
+
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> _TagManager_0a598cb3:
@@ -4696,15 +7095,203 @@ class CfnHubProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IHubV2Ref_e1cb746c, _ITaggableV2_4e6798f8)
+class CfnHubV2(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnHubV2",
+):
+    '''Returns details about the service resource in your account.
+
+    This API is in public preview and subject to change.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html
+    :cloudformationResource: AWS::SecurityHub::HubV2
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_securityhub as securityhub
+        
+        cfn_hub_v2 = securityhub.CfnHubV2(self, "MyCfnHubV2",
+            tags={
+                "tags_key": "tags"
+            }
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    ) -> None:
+        '''Create a new ``AWS::SecurityHub::HubV2``.
+
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param tags: The tags to add to the hub V2 resource when you enable Security Hub.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8a938d6f02e5cc9357e7ae741d101719d29a8539be57e63f7148a944106dccc1)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnHubV2Props(tags=tags)
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e1dac3a23d94b8e2be0be6ae5d6d56142199c92d98f138b490e9a4036d9897ed)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f92498b56c6fcd7d027c6ff068634a704396d6376eee870869ddf3ffcd039b7a)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrHubV2Arn")
+    def attr_hub_v2_arn(self) -> builtins.str:
+        '''The ARN of the service resource.
+
+        :cloudformationAttribute: HubV2Arn
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrHubV2Arn"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrSubscribedAt")
+    def attr_subscribed_at(self) -> builtins.str:
+        '''The date and time when the service was enabled in the account.
+
+        :cloudformationAttribute: SubscribedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrSubscribedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="hubV2Ref")
+    def hub_v2_ref(self) -> _HubV2Reference_df6d8d5f:
+        '''A reference to a HubV2 resource.'''
+        return typing.cast(_HubV2Reference_df6d8d5f, jsii.get(self, "hubV2Ref"))
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''The tags to add to the hub V2 resource when you enable Security Hub.'''
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(
+        self,
+        value: typing.Optional[typing.Mapping[builtins.str, builtins.str]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6e41e91c55f6f2a331ab968ca257da397cb59475bac947e28be333f8f3cdc7cb)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_securityhub.CfnHubV2Props",
+    jsii_struct_bases=[],
+    name_mapping={"tags": "tags"},
+)
+class CfnHubV2Props:
+    def __init__(
+        self,
+        *,
+        tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnHubV2``.
+
+        :param tags: The tags to add to the hub V2 resource when you enable Security Hub.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_securityhub as securityhub
+            
+            cfn_hub_v2_props = securityhub.CfnHubV2Props(
+                tags={
+                    "tags_key": "tags"
+                }
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5701f591c6bb91f50e9187f704248e0e20e49f80fdbb611b3664c43166095344)
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''The tags to add to the hub V2 resource when you enable Security Hub.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html#cfn-securityhub-hubv2-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnHubV2Props(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.implements(_IInspectable_c2943556, _IInsightRef_f81a9d16)
 class CfnInsight(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securityhub.CfnInsight",
 ):
-    '''The ``AWS::SecurityHub::Insight`` resource creates a custom insight in AWS Security Hub .
+    '''The ``AWS::SecurityHub::Insight`` resource creates a custom insight in Security Hub .
 
-    An insight is a collection of findings that relate to a security issue that requires attention or remediation. For more information, see `Insights in AWS Security Hub <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-insights.html>`_ in the *AWS Security Hub User Guide* .
+    An insight is a collection of findings that relate to a security issue that requires attention or remediation. For more information, see `Insights in Security Hub <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-insights.html>`_ in the *Security Hub User Guide* .
 
     Tags aren't supported for this resource.
 
@@ -5201,7 +7788,8 @@ class CfnInsight(
         group_by_attribute: builtins.str,
         name: builtins.str,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::Insight``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param filters: One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters. You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.
@@ -5262,6 +7850,12 @@ class CfnInsight(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="insightRef")
+    def insight_ref(self) -> _InsightReference_16026cef:
+        '''A reference to a Insight resource.'''
+        return typing.cast(_InsightReference_16026cef, jsii.get(self, "insightRef"))
+
     @builtins.property
     @jsii.member(jsii_name="filters")
     def filters(
@@ -5525,7 +8119,7 @@ class CfnInsight(
             workflow_state: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnInsight.StringFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             workflow_status: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnInsight.StringFilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         ) -> None:
-            '''A collection of filters that are applied to all active findings aggregated by AWS Security Hub .
+            '''A collection of filters that are applied to all active findings aggregated by Security Hub .
 
             You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.
 
@@ -5538,7 +8132,7 @@ class CfnInsight(
             :param compliance_security_control_parameters_value: The current value of a security control parameter.
             :param compliance_status: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.
             :param confidence: A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
-            :param created_at: A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param created_at: A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param criticality: The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
             :param description: A finding's description.
             :param finding_provider_fields_confidence: The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
@@ -5548,11 +8142,11 @@ class CfnInsight(
             :param finding_provider_fields_severity_label: The finding provider value for the severity label.
             :param finding_provider_fields_severity_original: The finding provider's original value for the severity.
             :param finding_provider_fields_types: One or more finding types that the finding provider assigned to the finding. Uses the format of ``namespace/category/classifier`` that classify a finding. Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
-            :param first_observed_at: A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param first_observed_at: A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param generator_id: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.
             :param id: The security findings provider-specific identifier for a finding.
             :param keyword: This field is deprecated. A keyword for a finding.
-            :param last_observed_at: A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param last_observed_at: A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param malware_name: The name of the malware that was observed.
             :param malware_path: The filesystem path of the malware that was observed.
             :param malware_state: The state of the malware that was observed.
@@ -5571,12 +8165,12 @@ class CfnInsight(
             :param note_text: The text of a note.
             :param note_updated_at: The timestamp of when the note was updated.
             :param note_updated_by: The principal that created a note.
-            :param process_launched_at: A timestamp that identifies when the process was launched. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param process_launched_at: A timestamp that identifies when the process was launched. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param process_name: The name of the process.
             :param process_parent_pid: The parent process ID. This field accepts positive integers between ``O`` and ``2147483647`` .
             :param process_path: The path to the process executable.
             :param process_pid: The process ID.
-            :param process_terminated_at: A timestamp that identifies when the process was terminated. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param process_terminated_at: A timestamp that identifies when the process was terminated. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param product_arn: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
             :param product_fields: A data type where security findings providers can include additional solution-specific details that aren't part of the defined ``AwsSecurityFinding`` format.
             :param product_name: The name of the solution (product) that generates findings.
@@ -5605,7 +8199,7 @@ class CfnInsight(
             :param resource_aws_s3_bucket_owner_name: The display name of the owner of the S3 bucket.
             :param resource_container_image_id: The identifier of the image related to a finding.
             :param resource_container_image_name: The name of the image related to a finding.
-            :param resource_container_launched_at: A timestamp that identifies when the container was started. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param resource_container_launched_at: A timestamp that identifies when the container was started. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param resource_container_name: The name of the container related to a finding.
             :param resource_details_other: The details of a resource that doesn't have a specific subfield for the resource type defined.
             :param resource_id: The canonical identifier for the given resource type.
@@ -5619,14 +8213,14 @@ class CfnInsight(
             :param severity_product: Deprecated. This attribute isn't included in findings. Instead of providing ``Product`` , provide ``Original`` . The native severity as defined by the AWS service or integrated partner product that generated the finding.
             :param source_url: A URL that links to a page about the current finding in the security findings provider's solution.
             :param threat_intel_indicator_category: The category of a threat intelligence indicator.
-            :param threat_intel_indicator_last_observed_at: A timestamp that identifies the last observation of a threat intelligence indicator. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param threat_intel_indicator_last_observed_at: A timestamp that identifies the last observation of a threat intelligence indicator. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param threat_intel_indicator_source: The source of the threat intelligence.
             :param threat_intel_indicator_source_url: The URL for more details from the source of the threat intelligence.
             :param threat_intel_indicator_type: The type of a threat intelligence indicator.
             :param threat_intel_indicator_value: The value of a threat intelligence indicator.
             :param title: A finding's title.
             :param type: A finding type in the format of ``namespace/category/classifier`` that classifies a finding.
-            :param updated_at: A timestamp that indicates when the security findings provider last updated the finding record. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param updated_at: A timestamp that indicates when the security findings provider last updated the finding record. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
             :param user_defined_fields: A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
             :param verification_state: The veracity of a finding.
             :param vulnerabilities_exploit_available: Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector.
@@ -6543,7 +9137,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-createdat
             '''
@@ -6667,7 +9261,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-firstobservedat
             '''
@@ -6717,7 +9311,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-lastobservedat
             '''
@@ -6928,7 +9522,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that identifies when the process was launched.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processlaunchedat
             '''
@@ -6987,7 +9581,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that identifies when the process was terminated.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-processterminatedat
             '''
@@ -7310,7 +9904,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that identifies when the container was started.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-resourcecontainerlaunchedat
             '''
@@ -7478,7 +10072,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that identifies the last observation of a threat intelligence indicator.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-threatintelindicatorlastobservedat
             '''
@@ -7557,7 +10151,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.DateFilterProperty"]]]]:
             '''A timestamp that indicates when the security findings provider last updated the finding record.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-updatedat
             '''
@@ -7748,8 +10342,8 @@ class CfnInsight(
             '''A date filter for querying findings.
 
             :param date_range: A date range for the date filter.
-            :param end: A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
-            :param start: A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param end: A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            :param start: A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html
             :exampleMetadata: fixture=_generated
@@ -7797,7 +10391,7 @@ class CfnInsight(
         def end(self) -> typing.Optional[builtins.str]:
             '''A timestamp that provides the end date for the date filter.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html#cfn-securityhub-insight-datefilter-end
             '''
@@ -7808,7 +10402,7 @@ class CfnInsight(
         def start(self) -> typing.Optional[builtins.str]:
             '''A timestamp that provides the start date for the date filter.
 
-            For more information about the validation and formatting of timestamp fields in AWS Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
+            For more information about the validation and formatting of timestamp fields in Security Hub , see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-datefilter.html#cfn-securityhub-insight-datefilter-start
             '''
@@ -8009,11 +10603,11 @@ class CfnInsight(
             key: builtins.str,
             value: builtins.str,
         ) -> None:
-            '''A map filter for filtering AWS Security Hub findings.
+            '''A map filter for filtering Security Hub findings.
 
             Each map filter provides the field to check for, the value to check for, and the comparison operator.
 
-            :param comparison: The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag. ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security`` , ``Finance`` , or both values. To search for values that don't have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag. ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            :param comparison: The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag. ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security`` , ``Finance`` , or both values. To search for values that don't have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag. ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
             :param key: The key of the map filter. For example, for ``ResourceTags`` , ``Key`` identifies the name of the tag. For ``UserDefinedFields`` , ``Key`` is the name of the field.
             :param value: The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security`` . If you provide ``security`` as the filter value, then there's no match.
 
@@ -8065,7 +10659,7 @@ class CfnInsight(
 
             You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error.
 
-            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-mapfilter.html#cfn-securityhub-insight-mapfilter-comparison
             '''
@@ -8200,9 +10794,9 @@ class CfnInsight(
     )
     class StringFilterProperty:
         def __init__(self, *, comparison: builtins.str, value: builtins.str) -> None:
-            '''A string filter for filtering AWS Security Hub findings.
+            '''A string filter for filtering Security Hub findings.
 
-            :param comparison: The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012`` . - To search for values that start with the filter value, use ``PREFIX`` . For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us`` . A ``ResourceRegion`` that starts with a different value, such as ``af`` , ``ap`` , or ``ca`` , doesn't match. ``CONTAINS`` , ``EQUALS`` , and ``PREFIX`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront`` , ``CloudWatch`` , or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012`` . - To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS`` . For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us`` . ``NOT_CONTAINS`` , ``NOT_EQUALS`` , and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2`` . It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface`` . - ``ResourceType PREFIX AwsIam`` - ``ResourceType PREFIX AwsEc2`` - ``ResourceType NOT_EQUALS AwsIamPolicy`` - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            :param comparison: The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use ``CONTAINS`` . For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront. - To search for values that exactly match the filter value, use ``EQUALS`` . For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012`` . - To search for values that start with the filter value, use ``PREFIX`` . For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us`` . A ``ResourceRegion`` that starts with a different value, such as ``af`` , ``ap`` , or ``ca`` , doesn't match. ``CONTAINS`` , ``EQUALS`` , and ``PREFIX`` filters on the same field are joined by ``OR`` . A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront`` , ``CloudWatch`` , or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, use ``NOT_CONTAINS`` . For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront. - To search for values other than the filter value, use ``NOT_EQUALS`` . For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012`` . - To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS`` . For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us`` . ``NOT_CONTAINS`` , ``NOT_EQUALS`` , and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND`` . A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title. You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2`` . It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface`` . - ``ResourceType PREFIX AwsIam`` - ``ResourceType PREFIX AwsEc2`` - ``ResourceType NOT_EQUALS AwsIamPolicy`` - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2`` , ``GetFindingStatisticsV2`` , ``GetResourcesV2`` , and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
             :param value: The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub`` . If you provide ``security hub`` as the filter value, there's no match.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-stringfilter.html
@@ -8259,7 +10853,7 @@ class CfnInsight(
             - ``ResourceType NOT_EQUALS AwsIamPolicy``
             - ``ResourceType NOT_EQUALS AwsEc2NetworkInterface``
 
-            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *AWS Security Hub User Guide* .
+            ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2`` , ``GetFindingStatisticsV2`` , ``GetResourcesV2`` , and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`_ in the *Security Hub User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-stringfilter.html#cfn-securityhub-insight-stringfilter-comparison
             '''
@@ -8855,15 +11449,15 @@ class CfnInsightProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IOrganizationConfigurationRef_ee9b4f99)
 class CfnOrganizationConfiguration(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securityhub.CfnOrganizationConfiguration",
 ):
-    '''The ``AWS::SecurityHub::OrganizationConfiguration`` resource specifies the way that your AWS organization is configured in AWS Security Hub .
+    '''The ``AWS::SecurityHub::OrganizationConfiguration`` resource specifies the way that your AWS organization is configured in Security Hub .
 
-    Specifically, you can use this resource to specify the configuration type for your organization and whether to automatically Security Hub and security standards in new member accounts. For more information, see `Managing administrator and member accounts <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html>`_ in the *AWS Security Hub User Guide* .
+    Specifically, you can use this resource to specify the configuration type for your organization and whether to automatically Security Hub and security standards in new member accounts. For more information, see `Managing administrator and member accounts <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html>`_ in the *Security Hub User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-organizationconfiguration.html
     :cloudformationResource: AWS::SecurityHub::OrganizationConfiguration
@@ -8893,7 +11487,8 @@ class CfnOrganizationConfiguration(
         auto_enable_standards: typing.Optional[builtins.str] = None,
         configuration_type: typing.Optional[builtins.str] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::OrganizationConfiguration``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param auto_enable: Whether to automatically enable Security Hub in new member accounts when they join the organization. If set to ``true`` , then Security Hub is automatically enabled in new accounts. If set to ``false`` , then Security Hub isn't enabled in new accounts automatically. The default value is ``false`` . If the ``ConfigurationType`` of your organization is set to ``CENTRAL`` , then this field is set to ``false`` and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.
@@ -8987,6 +11582,14 @@ class CfnOrganizationConfiguration(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="organizationConfigurationRef")
+    def organization_configuration_ref(
+        self,
+    ) -> _OrganizationConfigurationReference_4519b145:
+        '''A reference to a OrganizationConfiguration resource.'''
+        return typing.cast(_OrganizationConfigurationReference_4519b145, jsii.get(self, "organizationConfigurationRef"))
+
     @builtins.property
     @jsii.member(jsii_name="autoEnable")
     def auto_enable(self) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
@@ -9137,7 +11740,7 @@ class CfnOrganizationConfigurationProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IPolicyAssociationRef_644f6314)
 class CfnPolicyAssociation(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -9145,7 +11748,7 @@ class CfnPolicyAssociation(
 ):
     '''The ``AWS::SecurityHub::PolicyAssociation`` resource specifies associations for a configuration policy or a self-managed configuration.
 
-    You can associate a AWS Security Hub configuration policy or self-managed configuration with the organization root, organizational units (OUs), or AWS accounts . After a successful association, the configuration policy takes effect in the specified targets. For more information, see `Creating and associating Security Hub configuration policies <https://docs.aws.amazon.com/securityhub/latest/userguide/create-associate-policy.html>`_ in the *AWS Security Hub User Guide* .
+    You can associate a Security Hub configuration policy or self-managed configuration with the organization root, organizational units (OUs), or AWS accounts . After a successful association, the configuration policy takes effect in the specified targets. For more information, see `Creating and associating Security Hub configuration policies <https://docs.aws.amazon.com/securityhub/latest/userguide/create-associate-policy.html>`_ in the *Security Hub User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-policyassociation.html
     :cloudformationResource: AWS::SecurityHub::PolicyAssociation
@@ -9173,7 +11776,8 @@ class CfnPolicyAssociation(
         target_id: builtins.str,
         target_type: builtins.str,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::PolicyAssociation``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param configuration_policy_id: The universally unique identifier (UUID) of the configuration policy. A self-managed configuration has no UUID. The identifier of a self-managed configuration is ``SELF_MANAGED_SECURITY_HUB`` .
@@ -9254,7 +11858,7 @@ class CfnPolicyAssociation(
     @builtins.property
     @jsii.member(jsii_name="attrAssociationType")
     def attr_association_type(self) -> builtins.str:
-        '''Indicates whether the association between the specified target and the configuration was directly applied by the AWS Security Hub delegated administrator or inherited from a parent.
+        '''Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.
 
         :cloudformationAttribute: AssociationType
         '''
@@ -9274,6 +11878,12 @@ class CfnPolicyAssociation(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="policyAssociationRef")
+    def policy_association_ref(self) -> _PolicyAssociationReference_e2a78f89:
+        '''A reference to a PolicyAssociation resource.'''
+        return typing.cast(_PolicyAssociationReference_e2a78f89, jsii.get(self, "policyAssociationRef"))
+
     @builtins.property
     @jsii.member(jsii_name="configurationPolicyId")
     def configuration_policy_id(self) -> builtins.str:
@@ -9407,15 +12017,15 @@ class CfnPolicyAssociationProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IProductSubscriptionRef_9d6dd87b)
 class CfnProductSubscription(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securityhub.CfnProductSubscription",
 ):
-    '''The ``AWS::SecurityHub::ProductSubscription`` resource creates a subscription to a third-party product that generates findings that you want to receive in AWS Security Hub .
+    '''The ``AWS::SecurityHub::ProductSubscription`` resource creates a subscription to a third-party product that generates findings that you want to receive in Security Hub .
 
-    For a list of integrations to third-party products, see `Available third-party partner product integrations <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html>`_ in the *AWS Security Hub User Guide* .
+    For a list of integrations to third-party products, see `Available third-party partner product integrations <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html>`_ in the *Security Hub User Guide* .
 
     To change a product subscription, remove the current product subscription resource, and then create a new one.
 
@@ -9443,7 +12053,8 @@ class CfnProductSubscription(
         *,
         product_arn: builtins.str,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::ProductSubscription``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param product_arn: The ARN of the product to enable the integration for.
@@ -9500,6 +12111,12 @@ class CfnProductSubscription(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="productSubscriptionRef")
+    def product_subscription_ref(self) -> _ProductSubscriptionReference_8296053d:
+        '''A reference to a ProductSubscription resource.'''
+        return typing.cast(_ProductSubscriptionReference_8296053d, jsii.get(self, "productSubscriptionRef"))
+
     @builtins.property
     @jsii.member(jsii_name="productArn")
     def product_arn(self) -> builtins.str:
@@ -9567,15 +12184,15 @@ class CfnProductSubscriptionProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _ISecurityControlRef_7085a031)
 class CfnSecurityControl(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securityhub.CfnSecurityControl",
 ):
-    '''The ``AWS::SecurityHub::SecurityControl`` resource specifies custom parameter values for an AWS Security Hub control.
+    '''The ``AWS::SecurityHub::SecurityControl`` resource specifies custom parameter values for an Security Hub control.
 
-    For a list of controls that support custom parameters, see `Security Hub controls reference <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html>`_ . You can also use this resource to specify the use of default parameter values for a control. For more information about custom parameters, see `Custom control parameters <https://docs.aws.amazon.com/securityhub/latest/userguide/custom-control-parameters.html>`_ in the *AWS Security Hub User Guide* .
+    For a list of controls that support custom parameters, see `Security Hub controls reference <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html>`_ . You can also use this resource to specify the use of default parameter values for a control. For more information about custom parameters, see `Custom control parameters <https://docs.aws.amazon.com/securityhub/latest/userguide/custom-control-parameters.html>`_ in the *Security Hub User Guide* .
 
     Tags aren't supported for this resource.
 
@@ -9625,7 +12242,8 @@ class CfnSecurityControl(
         security_control_arn: typing.Optional[builtins.str] = None,
         security_control_id: typing.Optional[builtins.str] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::SecurityControl``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param parameters: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
@@ -9681,6 +12299,12 @@ class CfnSecurityControl(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="securityControlRef")
+    def security_control_ref(self) -> _SecurityControlReference_fdd0de23:
+        '''A reference to a SecurityControl resource.'''
+        return typing.cast(_SecurityControlReference_fdd0de23, jsii.get(self, "securityControlRef"))
+
     @builtins.property
     @jsii.member(jsii_name="parameters")
     def parameters(
@@ -9752,7 +12376,7 @@ class CfnSecurityControl(
         ) -> None:
             '''An object that provides the current value of a security control parameter and identifies whether it has been customized.
 
-            :param value_type: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior. When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field. When ``ValueType`` is set equal to ``CUSTOM`` , the ``Value`` field can't be empty.
+            :param value_type: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field. When ``ValueType`` is set equal to ``CUSTOM`` , the ``Value`` field can't be empty.
             :param value: The current value of a control parameter.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parameterconfiguration.html
@@ -9792,7 +12416,7 @@ class CfnSecurityControl(
 
         @builtins.property
         def value_type(self) -> builtins.str:
-            '''Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
+            '''Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.
 
             When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field.
 
@@ -10131,7 +12755,7 @@ class CfnSecurityControlProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IStandardRef_f188bebb)
 class CfnStandard(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -10143,7 +12767,7 @@ class CfnStandard(
 
     You must create a separate ``AWS::SecurityHub::Standard`` resource for each standard that you want to enable.
 
-    For more information about Security Hub standards, see `Security Hub standards reference <https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html>`_ in the *AWS Security Hub User Guide* .
+    For more information about Security Hub standards, see `Security Hub standards reference <https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html>`_ in the *Security Hub User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-standard.html
     :cloudformationResource: AWS::SecurityHub::Standard
@@ -10176,7 +12800,8 @@ class CfnStandard(
         standards_arn: builtins.str,
         disabled_standards_controls: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnStandard.StandardsControlProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::SecurityHub::Standard``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param standards_arn: The ARN of the standard that you want to enable. To view a list of available Security Hub standards and their ARNs, use the ```DescribeStandards`` <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html>`_ API operation.
@@ -10237,6 +12862,12 @@ class CfnStandard(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="standardRef")
+    def standard_ref(self) -> _StandardReference_2d34fa7e:
+        '''A reference to a Standard resource.'''
+        return typing.cast(_StandardReference_2d34fa7e, jsii.get(self, "standardRef"))
+
     @builtins.property
     @jsii.member(jsii_name="standardsArn")
     def standards_arn(self) -> builtins.str:
@@ -10285,7 +12916,7 @@ class CfnStandard(
         ) -> None:
             '''Provides details about an individual security control.
 
-            For a list of Security Hub controls, see `Security Hub controls reference <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html>`_ in the *AWS Security Hub User Guide* .
+            For a list of Security Hub controls, see `Security Hub controls reference <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html>`_ in the *Security Hub User Guide* .
 
             :param standards_control_arn: The Amazon Resource Name (ARN) of the control.
             :param reason: A user-defined reason for changing a control's enablement status in a specified standard. If you are disabling a control, then this property is required.
@@ -10438,8 +13069,12 @@ class CfnStandardProps:
 
 
 __all__ = [
+    "CfnAggregatorV2",
+    "CfnAggregatorV2Props",
     "CfnAutomationRule",
     "CfnAutomationRuleProps",
+    "CfnAutomationRuleV2",
+    "CfnAutomationRuleV2Props",
     "CfnConfigurationPolicy",
     "CfnConfigurationPolicyProps",
     "CfnDelegatedAdmin",
@@ -10448,6 +13083,8 @@ __all__ = [
     "CfnFindingAggregatorProps",
     "CfnHub",
     "CfnHubProps",
+    "CfnHubV2",
+    "CfnHubV2Props",
     "CfnInsight",
     "CfnInsightProps",
     "CfnOrganizationConfiguration",
@@ -10464,6 +13101,56 @@ __all__ = [
 
 publication.publish()
 
+def _typecheckingstub__a48a2a082be753c7ff9a23ae8720fc6090537bc7754b3949c569c91cc2d97185(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    linked_regions: typing.Sequence[builtins.str],
+    region_linking_mode: builtins.str,
+    tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__faa540694e43a0e61feeb3f53848b1f6e9494b6ed7da21b25aac134881132c39(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__e6872b5e370c8e8f4d83602fa651c03fde81b36e7c5bc3b28fa097f66a87ee66(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__73719aabf2def1251bbcce62564af2561a7db568f2cc383d665c93c84e03855c(
+    value: typing.List[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3f12f6fa7491c9cf6429ed03592fa2e0b84dd1df61b65fe9caf3ffa327ed324f(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__e47a206d80ca672182e6fba3a9c614bda1d391a22aa37078d5b442ce9858a656(
+    value: typing.Optional[typing.Mapping[builtins.str, builtins.str]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__ba603e1d6925ab7babf45e555f2f6c66e3573a9e5841cd7b5ebf0d444664667e(
+    *,
+    linked_regions: typing.Sequence[builtins.str],
+    region_linking_mode: builtins.str,
+    tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__90c663d2946359b509542feafdcb3d89f11ca9e30a214aae02ea3d6b354c9846(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -10633,7 +13320,7 @@ def _typecheckingstub__91f36875bd267215fe022e63a4ce087a699536cdc1b9f8b3c84b53aa8
 def _typecheckingstub__1f01ce6428aaccb76a4dd3111c6a58270f1129efa37f87f346378055261a8a01(
     *,
     text: builtins.str,
-    updated_by: typing.Any,
+    updated_by: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -10649,7 +13336,7 @@ def _typecheckingstub__000b578e595fbfb6609bb2cf3b90f42c91b01240906d31c22b9f1dd98
 
 def _typecheckingstub__9df6b75e5070bcb08d999a08b3bd84da05079be466527b5ce60bbe470f59dd64(
     *,
-    id: typing.Any,
+    id: builtins.str,
     product_arn: builtins.str,
 ) -> None:
     """Type checking stubs"""
@@ -10693,6 +13380,230 @@ def _typecheckingstub__221241b44c93ea569fcf69aaaade0ce7cf31b7343bc3d072d74ccd168
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__d67bab57d18f8318b1f3e5e5aee0425c6d6ad2a73c3def328f22c6e22aa173d4(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.AutomationRulesActionV2Property, typing.Dict[builtins.str, typing.Any]]]]],
+    criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.CriteriaProperty, typing.Dict[builtins.str, typing.Any]]],
+    description: builtins.str,
+    rule_name: builtins.str,
+    rule_order: jsii.Number,
+    rule_status: typing.Optional[builtins.str] = None,
+    tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__148b5ad52f495a944fc188c33e9ce4790af9aae05ed5382a214fb325dffaf8bb(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__2f9d1f99336eb3a75c15b25a178234de86a8bfdf4875bf0ce1cd38b114f64593(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__6347d27f0ba2cf053f67fe33ad975271c9a681e994a3d68259bee4b4cecff923(
+    value: typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRuleV2.AutomationRulesActionV2Property]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a5adb921eebdd2ef5c8fd115e4be769f443780102c814dd43fe745285e68ab8e(
+    value: typing.Union[_IResolvable_da3f097b, CfnAutomationRuleV2.CriteriaProperty],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__125c937bc05766b550dc71a5d1d56e19a69b4ef80f88b4ef38e2e5e003477882(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__d67119779ecc92e0cdf9224e19bbf9519a8b3464aefe9656b42f750f87734d6a(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0756c118bad7b3ecf44f8e5b333e1b12ae1f8fcc93cfb9994a9b01b1e420c800(
+    value: jsii.Number,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__9d3ccd09d54183efd7f79c4f4fa028ef4ff9dcf82d873ad68a9b84292b42fca1(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__c4cafeb60a0ac8c7088697f2b7bd61bc6887761dd3405c6d9a418c848d6a35ed(
+    value: typing.Optional[typing.Mapping[builtins.str, builtins.str]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__c5861ee659ea2189f4b0d18349855ec99f8b11ef0e6bc925783f2b7a3911d61f(
+    *,
+    type: builtins.str,
+    external_integration_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.ExternalIntegrationConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    finding_fields_update: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.AutomationRulesFindingFieldsUpdateV2Property, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__4f90f98d77f04ef40f0534b1d8b8660117e52394e43158b5d7f298d3bc8625cc(
+    *,
+    comment: typing.Optional[builtins.str] = None,
+    severity_id: typing.Optional[jsii.Number] = None,
+    status_id: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__bf1f4033b6ab73724f96c846c6e76e7a50093a23574134c07515d9390346e33b(
+    *,
+    value: typing.Union[builtins.bool, _IResolvable_da3f097b],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__ef5252b213e349428bc417b1dd29e26751fcc25bde34b016a3eaf19d58151f2e(
+    *,
+    boolean_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.OcsfBooleanFilterProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    date_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.OcsfDateFilterProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    map_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.OcsfMapFilterProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    number_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.OcsfNumberFilterProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    operator: typing.Optional[builtins.str] = None,
+    string_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.OcsfStringFilterProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__1ba9d632d542a300365cf2fd23759ae4458525cb9c085d0a969ca6b488962b63(
+    *,
+    ocsf_finding_criteria: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.OcsfFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3d21b2c9e81f0b05c0b5eae1aed977679e202dd65257b012d2ffca3404d4bce2(
+    *,
+    date_range: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.DateRangeProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    end: typing.Optional[builtins.str] = None,
+    start: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__6cd41336e92eb03ceeaab0c8bb04ecdcbaa676b6a22a3cd4a1f8ba069311dc05(
+    *,
+    unit: builtins.str,
+    value: jsii.Number,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a2fd9a1462ca1711dacb92a0d07d564ed40fe787a40d0cfcdebf274371c09173(
+    *,
+    connector_arn: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3ce382a730a7d946b88f0a9bbc8ee839e8cc4048403520f61f9601274312c198(
+    *,
+    comparison: builtins.str,
+    key: builtins.str,
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__647dc97c620209dca2753ac34dae13a3a6afc9916dad52290296e2565ad48048(
+    *,
+    eq: typing.Optional[jsii.Number] = None,
+    gte: typing.Optional[jsii.Number] = None,
+    lte: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a42eba30c4eef0c19b5165ead711c40b18983e8c78c7eaafba9deb680ec94bfd(
+    *,
+    field_name: builtins.str,
+    filter: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.BooleanFilterProperty, typing.Dict[builtins.str, typing.Any]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0835da7838d6730412395869f245eb4865e7ae2b63a637022d4a3475231c342f(
+    *,
+    field_name: builtins.str,
+    filter: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.DateFilterProperty, typing.Dict[builtins.str, typing.Any]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__67b27a03af9c079f8cc42cdfa5f8df4adc151b555e1080317dfc2e8c5873519c(
+    *,
+    composite_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.CompositeFilterProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    composite_operator: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b733ec921abf18e15f42cbdb443df518e81d6c48b4cf4b2397f4812a20240777(
+    *,
+    field_name: builtins.str,
+    filter: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.MapFilterProperty, typing.Dict[builtins.str, typing.Any]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__96733fb6348f5b5cd478197a8fee3f33665015a9b17eb4ce28d9ca28862964c7(
+    *,
+    field_name: builtins.str,
+    filter: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.NumberFilterProperty, typing.Dict[builtins.str, typing.Any]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__664006d14466473dd08a13af9d06be4f13672817d578a3e7b6c2e476b7e219f0(
+    *,
+    field_name: builtins.str,
+    filter: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.StringFilterProperty, typing.Dict[builtins.str, typing.Any]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__5b950655292e8a1a447bc6fef9ec46917dffad72edcfb67f4bae7b7bdbd3100b(
+    *,
+    comparison: builtins.str,
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__96bf6ac88f339a8dafdb0d899cf9e7c5353a67121a8a0b34137e9631c11f04a4(
+    *,
+    actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.AutomationRulesActionV2Property, typing.Dict[builtins.str, typing.Any]]]]],
+    criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRuleV2.CriteriaProperty, typing.Dict[builtins.str, typing.Any]]],
+    description: builtins.str,
+    rule_name: builtins.str,
+    rule_order: jsii.Number,
+    rule_status: typing.Optional[builtins.str] = None,
+    tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__e2cee5cf3fe5ba0b354ff30ea357f97d4a69893bed692305ae2919f0061404d2(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -10940,6 +13851,40 @@ def _typecheckingstub__9a38c34c1f2742403521eb4af2098475d7afb878d3f9aba37048ae543
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__8a938d6f02e5cc9357e7ae741d101719d29a8539be57e63f7148a944106dccc1(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__e1dac3a23d94b8e2be0be6ae5d6d56142199c92d98f138b490e9a4036d9897ed(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__f92498b56c6fcd7d027c6ff068634a704396d6376eee870869ddf3ffcd039b7a(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__6e41e91c55f6f2a331ab968ca257da397cb59475bac947e28be333f8f3cdc7cb(
+    value: typing.Optional[typing.Mapping[builtins.str, builtins.str]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__5701f591c6bb91f50e9187f704248e0e20e49f80fdbb611b3664c43166095344(
+    *,
+    tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d671d628902c96b28f2d378ea3f0a99fe19e13873725f86dd92bbe36b4c9a166(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,