From 17db5f7ed11b88153c63670b0c01ebec943cf874 Mon Sep 17 00:00:00 2001
From: awstools Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps
you assess your Amazon Web Services environment against security industry standards and best practices. Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and
+ Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and
supported third-party products and helps you analyze your security trends and identify the highest priority security
issues. To help you manage the security state of your organization, Security Hub supports multiple security standards.
@@ -17,10 +17,10 @@ and external compliance frameworks such as the Center for Internet Security (CIS
Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes
several security controls, each of which represents a security best practice. Security Hub runs checks against
security controls and generates control findings to help you assess your compliance against security best practices. In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services,
+ In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices,
such as Amazon GuardDuty and Amazon Inspector, and
supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You
-can also send Security Hub findings to other Amazon Web Services and supported third-party products.
Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.
@@ -31,12 +31,12 @@ and schemas. If you're new to Security Hub, you might find it helpful to also re . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as -integrating Security Hub with other Amazon Web Services. +integrating Security Hub with other Amazon Web Servicesservices.In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to -Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, +Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.
With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/SecurityHub.ts b/clients/client-securityhub/src/SecurityHub.ts index 05aab4d3b41a..728f3d9abca7 100644 --- a/clients/client-securityhub/src/SecurityHub.ts +++ b/clients/client-securityhub/src/SecurityHub.ts @@ -1746,7 +1746,7 @@ export interface SecurityHub { /** *
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps * you assess your Amazon Web Services environment against security industry standards and best practices.
- *Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and + *
Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and * supported third-party products and helps you analyze your security trends and identify the highest priority security * issues.
*To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -1755,10 +1755,10 @@ export interface SecurityHub { * Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes * several security controls, each of which represents a security best practice. Security Hub runs checks against * security controls and generates control findings to help you assess your compliance against security best practices.
- *In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, + *
In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, * such as Amazon GuardDuty and Amazon Inspector, and * supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You - * can also send Security Hub findings to other Amazon Web Services and supported third-party products.
+ * can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products. *Security Hub offers automation features that help you triage and remediate security issues. For example, * you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with * Amazon EventBridge to trigger automatic responses to specific findings.
@@ -1769,12 +1769,12 @@ export interface SecurityHub { * . The * user guide explains key concepts and provides procedures * that demonstrate how to use Security Hub features. It also provides information about topics such as - * integrating Security Hub with other Amazon Web Services. + * integrating Security Hub with other Amazon Web Servicesservices. *In addition to interacting with Security Hub by making calls to the Security Hub API, you can * use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools * and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, * Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to - * Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, + * Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, * managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools * and SDKs, see Tools to Build on Amazon Web Services.
*With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/SecurityHubClient.ts b/clients/client-securityhub/src/SecurityHubClient.ts index d3f65b946909..3fcb5911a997 100644 --- a/clients/client-securityhub/src/SecurityHubClient.ts +++ b/clients/client-securityhub/src/SecurityHubClient.ts @@ -638,7 +638,7 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv /** *
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps * you assess your Amazon Web Services environment against security industry standards and best practices.
- *Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and + *
Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and * supported third-party products and helps you analyze your security trends and identify the highest priority security * issues.
*To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -647,10 +647,10 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv * Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes * several security controls, each of which represents a security best practice. Security Hub runs checks against * security controls and generates control findings to help you assess your compliance against security best practices.
- *In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, + *
In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, * such as Amazon GuardDuty and Amazon Inspector, and * supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You - * can also send Security Hub findings to other Amazon Web Services and supported third-party products.
+ * can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products. *Security Hub offers automation features that help you triage and remediate security issues. For example, * you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with * Amazon EventBridge to trigger automatic responses to specific findings.
@@ -661,12 +661,12 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv * . The * user guide explains key concepts and provides procedures * that demonstrate how to use Security Hub features. It also provides information about topics such as - * integrating Security Hub with other Amazon Web Services. + * integrating Security Hub with other Amazon Web Servicesservices. *In addition to interacting with Security Hub by making calls to the Security Hub API, you can * use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools * and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, * Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to - * Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, + * Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, * managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools * and SDKs, see Tools to Build on Amazon Web Services.
*With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts b/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts index eff74521c862..426515c688bb 100644 --- a/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts +++ b/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts @@ -31,11 +31,12 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M *
* UpdateFindings
is a deprecated operation. Instead of UpdateFindings
, use
* the BatchUpdateFindings
operation.
Updates the Note
and RecordState
of the Security Hub-aggregated
+ *
The UpdateFindings
operation updates the Note
and RecordState
of the Security Hub aggregated
* findings that the filter attributes specify. Any member account that can view the finding
- * also sees the update to the finding.
Finding updates made with UpdateFindings
might not be persisted if the same finding is later updated by the
- * finding provider through the BatchImportFindings
operation.
Finding updates made with UpdateFindings
aren't persisted if the same finding is later updated by the
+ * finding provider through the BatchImportFindings
operation. In addition, Security Hub doesn't
+ * record updates made with UpdateFindings
in the finding history.
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps * you assess your Amazon Web Services environment against security industry standards and best practices.
- *Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and + *
Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and * supported third-party products and helps you analyze your security trends and identify the highest priority security * issues.
*To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -12,10 +12,10 @@ * Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes * several security controls, each of which represents a security best practice. Security Hub runs checks against * security controls and generates control findings to help you assess your compliance against security best practices.
- *In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, + *
In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, * such as Amazon GuardDuty and Amazon Inspector, and * supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You - * can also send Security Hub findings to other Amazon Web Services and supported third-party products.
+ * can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products. *Security Hub offers automation features that help you triage and remediate security issues. For example, * you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with * Amazon EventBridge to trigger automatic responses to specific findings.
@@ -26,12 +26,12 @@ * . The * user guide explains key concepts and provides procedures * that demonstrate how to use Security Hub features. It also provides information about topics such as - * integrating Security Hub with other Amazon Web Services. + * integrating Security Hub with other Amazon Web Servicesservices. *In addition to interacting with Security Hub by making calls to the Security Hub API, you can * use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools * and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, * Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to - * Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, + * Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, * managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools * and SDKs, see Tools to Build on Amazon Web Services.
*With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/models/models_0.ts b/clients/client-securityhub/src/models/models_0.ts index 8489b4880398..a30f7219c80b 100644 --- a/clients/client-securityhub/src/models/models_0.ts +++ b/clients/client-securityhub/src/models/models_0.ts @@ -1965,7 +1965,7 @@ export interface AutomationRulesFindingFilters { *
* The identifier for the given resource type. For Amazon Web Services resources that are identified by * Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, - * this is the identifier as defined by the Amazon Web Service that created the resource. + * this is the identifier as defined by the Amazon Web Servicesservice that created the resource. * For non-Amazon Web Services resources, this is a unique identifier that is associated with the * resource. *
@@ -10662,7 +10662,7 @@ export interface RouteSetDetails { /** *- * The prefix of the destination Amazon Web Service. + * The prefix of the destination Amazon Web Servicesservice. *
* @public */ diff --git a/clients/client-securityhub/src/models/models_1.ts b/clients/client-securityhub/src/models/models_1.ts index b3abe37e63dc..afc80a1f3453 100644 --- a/clients/client-securityhub/src/models/models_1.ts +++ b/clients/client-securityhub/src/models/models_1.ts @@ -10045,7 +10045,7 @@ export interface Compliance { /** ** The unique identifier of a control across standards. Values for this field typically consist of an - * Amazon Web Service and a number, such as APIGateway.5. + * Amazon Web Servicesservice and a number, such as APIGateway.5. *
* @public */ diff --git a/clients/client-securityhub/src/models/models_2.ts b/clients/client-securityhub/src/models/models_2.ts index 4516b6e5f2c8..3950796210f6 100644 --- a/clients/client-securityhub/src/models/models_2.ts +++ b/clients/client-securityhub/src/models/models_2.ts @@ -4045,7 +4045,7 @@ export interface AwsSecurityFindingFilters { /** ** The unique identifier of a control across standards. Values for this field typically consist of an - * Amazon Web Service and a number, such as APIGateway.5. + * Amazon Web Servicesservice and a number, such as APIGateway.5. *
* @public */ @@ -4970,7 +4970,7 @@ export type UpdateStatus = (typeof UpdateStatus)[keyof typeof UpdateStatus]; export interface SecurityControl { /** *- * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a + * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a * number, such as APIGateway.3. *
* @public @@ -5029,8 +5029,8 @@ export interface SecurityControl { /** *
* Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of
- * READY
indicates findings include the current parameter values. A status of UPDATING
indicates that
- * all findings may not include the current parameter values.
+ * READY
indicates that Security Hub uses the current control parameter values when running security checks of the control.
+ * A status of UPDATING
indicates that all security checks might not use the current parameter values.
*
- * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service + * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice * name and a number, such as APIGateway.3. *
* @public @@ -6589,7 +6589,7 @@ export type Policy = Policy.SecurityHubMember | Policy.$UnknownMember; export namespace Policy { /** *- * The Amazon Web Service that the configuration policy applies to. + * The Amazon Web Servicesservice that the configuration policy applies to. *
* @public */ @@ -6737,19 +6737,24 @@ export interface CreateFindingAggregatorRequest { *
- * ALL_REGIONS
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
+ * ALL_REGIONS
- Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
*
- * ALL_REGIONS_EXCEPT_SPECIFIED
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
+ * ALL_REGIONS_EXCEPT_SPECIFIED
- Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
*
- * SPECIFIED_REGIONS
- Indicates to aggregate findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.
+ * SPECIFIED_REGIONS
- Aggregates findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.
*
+ * NO_REGIONS
- Aggregates no data because no Regions are selected as linked Regions.
+ *
If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
*
An InvalidInputException
error results if you populate this field while RegionLinkingMode
is
+ * NO_REGIONS
.
* Describes the type of finding change event, such as a call to
* BatchImportFindings
- * (by an integrated Amazon Web Service or third party partner integration) or
+ * (by an integrated Amazon Web Servicesservice or third party partner integration) or
* BatchUpdateFindings
* (by a Security Hub customer).
*
Identifies the source of the event that changed the finding. For example, an integrated
- * Amazon Web Service or third-party partner integration may call
+ * Amazon Web Servicesservice or third-party partner integration may call
*
* The unique identifier of a security control across standards. Values for this field typically consist of an
- * Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from
+ * Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from
*
* A unique standard-agnostic identifier for a control. Values for this field typically consist of an
- * Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.
+ * Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.
*
- *
- *
- *
+ * If If An \n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Service that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n \n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t \n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Servicesservice that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n \n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t \n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n \n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n \n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n \n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: \n \n \n Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: \n \n \n \n If If If If An Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Service or third-party partner integration may call \n Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Servicesservice or third-party partner integration may call \n \n Describes the type of finding change event, such as a call to \n \n Describes the type of finding change event, such as a call to \n \n The Amazon Web Service that the configuration policy applies to.\n \n The Amazon Web Servicesservice that the configuration policy applies to.\n \n The prefix of the destination Amazon Web Service.\n \n The prefix of the destination Amazon Web Servicesservice.\n \n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a \n number, such as APIGateway.3.\n \n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a \n number, such as APIGateway.3.\n \n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \n \n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \n \n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from \n \n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from \n Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices. Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues. To help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices. In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Services and supported third-party products. Security Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings. This guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Services. In addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services. With the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide. The following throttling limits apply to Security Hub API operations. \n \n \n \n \n All other operations - Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices. Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues. To help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices. In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products. Security Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings. This guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Servicesservices. In addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services. With the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide. The following throttling limits apply to Security Hub API operations. \n \n \n \n \n All other operations - \n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service \n name and a number, such as APIGateway.3.\n \n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice \n name and a number, such as APIGateway.3.\n \n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n \n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: \n \n \n Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: \n \n \n \n If If If If An \n Updates the Finding updates made with \n The Finding updates made with BatchImportFindings
* , or an Security Hub customer
* may call
@@ -8818,7 +8825,7 @@ export interface SecurityControlDefinition {
/**
* SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The
* ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
*
*
* @public
*/
@@ -9847,6 +9859,8 @@ export interface UpdateFindingAggregatorRequest {
/**
* ALL_REGIONS
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
+ * ALL_REGIONS
- Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
* ALL_REGIONS_EXCEPT_SPECIFIED
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
+ * ALL_REGIONS_EXCEPT_SPECIFIED
- Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
* SPECIFIED_REGIONS
- Indicates to aggregate findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.
+ * SPECIFIED_REGIONS
- Aggregates findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.
* NO_REGIONS
- Aggregates no data because no Regions are selected as linked Regions.
+ * RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.InvalidInputException
error results if you populate this field while RegionLinkingMode
is
+ * NO_REGIONS
.\n
",
+ "smithy.api#documentation": "ALL_REGIONS
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n ALL_REGIONS_EXCEPT_SPECIFIED
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n SPECIFIED_REGIONS
- Indicates to aggregate findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.\n \n
",
"smithy.api#required": {}
}
},
"Regions": {
"target": "com.amazonaws.securityhub#StringList",
"traits": {
- "smithy.api#documentation": "ALL_REGIONS
- Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n ALL_REGIONS_EXCEPT_SPECIFIED
- Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n SPECIFIED_REGIONS
- Aggregates findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.\n NO_REGIONS
- Aggregates no data because no Regions are selected as linked Regions.\n RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n InvalidInputException
error results if you populate this field while RegionLinkingMode
is \n NO_REGIONS
.BatchImportFindings
\n , or an Security Hub customer\n may call \n BatchUpdateFindings
\n . BatchImportFindings
\n , or an Security Hub customer\n may call \n BatchUpdateFindings
\n . BatchImportFindings
\n (by an integrated Amazon Web Service or third party partner integration) or \n BatchUpdateFindings
\n (by a Security Hub customer). \n BatchImportFindings
\n (by an integrated Amazon Web Servicesservice or third party partner integration) or \n BatchUpdateFindings
\n (by a Security Hub customer). \n READY
indicates findings include the current parameter values. A status of UPDATING
indicates that \nall findings may not include the current parameter values.\n READY
indicates that Security Hub uses the current control parameter values when running security checks of the control. \nA status of UPDATING
indicates that all security checks might not use the current parameter values.\n SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n \n
",
+ "smithy.api#documentation": "BatchEnableStandards
- RateLimit
of 1 request per\n second. BurstLimit
of 1 request per second.GetFindings
- RateLimit
of 3 requests per second.\n BurstLimit
of 6 requests per second.BatchImportFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.BatchUpdateFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.UpdateStandardsControl
- RateLimit
of 1 request per\n second. BurstLimit
of 5 requests per second.RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.\n
",
"smithy.api#title": "AWS SecurityHub",
"smithy.rules#endpointRuleSet": {
"version": "1.0",
@@ -33440,7 +33440,7 @@
"target": "com.amazonaws.securityhub#NonEmptyString",
"traits": {
"smithy.api#clientOptional": {},
- "smithy.api#documentation": "BatchEnableStandards
- RateLimit
of 1 request per\n second. BurstLimit
of 1 request per second.GetFindings
- RateLimit
of 3 requests per second.\n BurstLimit
of 6 requests per second.BatchImportFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.BatchUpdateFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.UpdateStandardsControl
- RateLimit
of 1 request per\n second. BurstLimit
of 5 requests per second.RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.\n
",
+ "smithy.api#documentation": "ALL_REGIONS
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n ALL_REGIONS_EXCEPT_SPECIFIED
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n SPECIFIED_REGIONS
- Indicates to aggregate findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.\n \n
",
"smithy.api#required": {}
}
},
"Regions": {
"target": "com.amazonaws.securityhub#StringList",
"traits": {
- "smithy.api#documentation": "ALL_REGIONS
- Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n ALL_REGIONS_EXCEPT_SPECIFIED
- Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n SPECIFIED_REGIONS
- Aggregates findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.\n NO_REGIONS
- Aggregates no data because no Regions are selected as linked Regions.\n RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.InvalidInputException
error results if you populate this field while RegionLinkingMode
is \n NO_REGIONS
.UpdateFindings
is a deprecated operation. Instead of UpdateFindings
, use\n the BatchUpdateFindings
operation.Note
and RecordState
of the Security Hub-aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n also sees the update to the finding.UpdateFindings
might not be persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings
operation.UpdateFindings
is a deprecated operation. Instead of UpdateFindings
, use\n the BatchUpdateFindings
operation.UpdateFindings
operation updates the Note
and RecordState
of the Security Hub aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n can also see the update to the finding.UpdateFindings
aren't persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings
operation. In addition, Security Hub doesn't \n record updates made with UpdateFindings
in the finding history.