From 17db5f7ed11b88153c63670b0c01ebec943cf874 Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 21 Aug 2024 18:23:46 +0000 Subject: [PATCH] feat(client-securityhub): Security Hub documentation and definition updates --- clients/client-securityhub/README.md | 10 ++-- clients/client-securityhub/src/SecurityHub.ts | 10 ++-- .../src/SecurityHubClient.ts | 10 ++-- .../src/commands/UpdateFindingsCommand.ts | 9 ++-- clients/client-securityhub/src/index.ts | 10 ++-- .../client-securityhub/src/models/models_0.ts | 4 +- .../client-securityhub/src/models/models_1.ts | 2 +- .../client-securityhub/src/models/models_2.ts | 46 ++++++++++++------- .../sdk-codegen/aws-models/securityhub.json | 36 +++++++-------- 9 files changed, 76 insertions(+), 61 deletions(-) diff --git a/clients/client-securityhub/README.md b/clients/client-securityhub/README.md index af2ab0d9d257..8c140737a0bb 100644 --- a/clients/client-securityhub/README.md +++ b/clients/client-securityhub/README.md @@ -8,7 +8,7 @@ AWS SDK for JavaScript SecurityHub Client for Node.js, Browser and React Native.

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.

-

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and +

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.

To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -17,10 +17,10 @@ and external compliance frameworks such as the Center for Internet Security (CIS Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes several security controls, each of which represents a security best practice. Security Hub runs checks against security controls and generates control findings to help you assess your compliance against security best practices.

-

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, +

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, such as Amazon GuardDuty and Amazon Inspector, and supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You -can also send Security Hub findings to other Amazon Web Services and supported third-party products.

+can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.

@@ -31,12 +31,12 @@ and schemas. If you're new to Security Hub, you might find it helpful to also re . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as -integrating Security Hub with other Amazon Web Services.

+integrating Security Hub with other Amazon Web Servicesservices.

In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to -Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, +Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/SecurityHub.ts b/clients/client-securityhub/src/SecurityHub.ts index 05aab4d3b41a..728f3d9abca7 100644 --- a/clients/client-securityhub/src/SecurityHub.ts +++ b/clients/client-securityhub/src/SecurityHub.ts @@ -1746,7 +1746,7 @@ export interface SecurityHub { /** *

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps * you assess your Amazon Web Services environment against security industry standards and best practices.

- *

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and + *

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and * supported third-party products and helps you analyze your security trends and identify the highest priority security * issues.

*

To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -1755,10 +1755,10 @@ export interface SecurityHub { * Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes * several security controls, each of which represents a security best practice. Security Hub runs checks against * security controls and generates control findings to help you assess your compliance against security best practices.

- *

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, + *

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, * such as Amazon GuardDuty and Amazon Inspector, and * supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You - * can also send Security Hub findings to other Amazon Web Services and supported third-party products.

+ * can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

*

Security Hub offers automation features that help you triage and remediate security issues. For example, * you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with * Amazon EventBridge to trigger automatic responses to specific findings.

@@ -1769,12 +1769,12 @@ export interface SecurityHub { * . The * user guide explains key concepts and provides procedures * that demonstrate how to use Security Hub features. It also provides information about topics such as - * integrating Security Hub with other Amazon Web Services.

+ * integrating Security Hub with other Amazon Web Servicesservices.

*

In addition to interacting with Security Hub by making calls to the Security Hub API, you can * use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools * and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, * Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to - * Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, + * Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, * managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools * and SDKs, see Tools to Build on Amazon Web Services.

*

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/SecurityHubClient.ts b/clients/client-securityhub/src/SecurityHubClient.ts index d3f65b946909..3fcb5911a997 100644 --- a/clients/client-securityhub/src/SecurityHubClient.ts +++ b/clients/client-securityhub/src/SecurityHubClient.ts @@ -638,7 +638,7 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv /** *

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps * you assess your Amazon Web Services environment against security industry standards and best practices.

- *

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and + *

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and * supported third-party products and helps you analyze your security trends and identify the highest priority security * issues.

*

To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -647,10 +647,10 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv * Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes * several security controls, each of which represents a security best practice. Security Hub runs checks against * security controls and generates control findings to help you assess your compliance against security best practices.

- *

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, + *

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, * such as Amazon GuardDuty and Amazon Inspector, and * supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You - * can also send Security Hub findings to other Amazon Web Services and supported third-party products.

+ * can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

*

Security Hub offers automation features that help you triage and remediate security issues. For example, * you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with * Amazon EventBridge to trigger automatic responses to specific findings.

@@ -661,12 +661,12 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv * . The * user guide explains key concepts and provides procedures * that demonstrate how to use Security Hub features. It also provides information about topics such as - * integrating Security Hub with other Amazon Web Services.

+ * integrating Security Hub with other Amazon Web Servicesservices.

*

In addition to interacting with Security Hub by making calls to the Security Hub API, you can * use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools * and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, * Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to - * Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, + * Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, * managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools * and SDKs, see Tools to Build on Amazon Web Services.

*

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts b/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts index eff74521c862..426515c688bb 100644 --- a/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts +++ b/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts @@ -31,11 +31,12 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M *

* UpdateFindings is a deprecated operation. Instead of UpdateFindings, use * the BatchUpdateFindings operation.

- *

Updates the Note and RecordState of the Security Hub-aggregated + *

The UpdateFindings operation updates the Note and RecordState of the Security Hub aggregated * findings that the filter attributes specify. Any member account that can view the finding - * also sees the update to the finding.

- *

Finding updates made with UpdateFindings might not be persisted if the same finding is later updated by the - * finding provider through the BatchImportFindings operation.

+ * can also see the update to the finding.

+ *

Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the + * finding provider through the BatchImportFindings operation. In addition, Security Hub doesn't + * record updates made with UpdateFindings in the finding history.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-securityhub/src/index.ts b/clients/client-securityhub/src/index.ts index cca4d0ad45d2..21d1d565d9b6 100644 --- a/clients/client-securityhub/src/index.ts +++ b/clients/client-securityhub/src/index.ts @@ -3,7 +3,7 @@ /** *

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps * you assess your Amazon Web Services environment against security industry standards and best practices.

- *

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and + *

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and * supported third-party products and helps you analyze your security trends and identify the highest priority security * issues.

*

To help you manage the security state of your organization, Security Hub supports multiple security standards. @@ -12,10 +12,10 @@ * Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes * several security controls, each of which represents a security best practice. Security Hub runs checks against * security controls and generates control findings to help you assess your compliance against security best practices.

- *

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, + *

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, * such as Amazon GuardDuty and Amazon Inspector, and * supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You - * can also send Security Hub findings to other Amazon Web Services and supported third-party products.

+ * can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

*

Security Hub offers automation features that help you triage and remediate security issues. For example, * you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with * Amazon EventBridge to trigger automatic responses to specific findings.

@@ -26,12 +26,12 @@ * . The * user guide explains key concepts and provides procedures * that demonstrate how to use Security Hub features. It also provides information about topics such as - * integrating Security Hub with other Amazon Web Services.

+ * integrating Security Hub with other Amazon Web Servicesservices.

*

In addition to interacting with Security Hub by making calls to the Security Hub API, you can * use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools * and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, * Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to - * Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, + * Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, * managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools * and SDKs, see Tools to Build on Amazon Web Services.

*

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in diff --git a/clients/client-securityhub/src/models/models_0.ts b/clients/client-securityhub/src/models/models_0.ts index 8489b4880398..a30f7219c80b 100644 --- a/clients/client-securityhub/src/models/models_0.ts +++ b/clients/client-securityhub/src/models/models_0.ts @@ -1965,7 +1965,7 @@ export interface AutomationRulesFindingFilters { *

* The identifier for the given resource type. For Amazon Web Services resources that are identified by * Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, - * this is the identifier as defined by the Amazon Web Service that created the resource. + * this is the identifier as defined by the Amazon Web Servicesservice that created the resource. * For non-Amazon Web Services resources, this is a unique identifier that is associated with the * resource. *

@@ -10662,7 +10662,7 @@ export interface RouteSetDetails { /** *

- * The prefix of the destination Amazon Web Service. + * The prefix of the destination Amazon Web Servicesservice. *

* @public */ diff --git a/clients/client-securityhub/src/models/models_1.ts b/clients/client-securityhub/src/models/models_1.ts index b3abe37e63dc..afc80a1f3453 100644 --- a/clients/client-securityhub/src/models/models_1.ts +++ b/clients/client-securityhub/src/models/models_1.ts @@ -10045,7 +10045,7 @@ export interface Compliance { /** *

* The unique identifier of a control across standards. Values for this field typically consist of an - * Amazon Web Service and a number, such as APIGateway.5. + * Amazon Web Servicesservice and a number, such as APIGateway.5. *

* @public */ diff --git a/clients/client-securityhub/src/models/models_2.ts b/clients/client-securityhub/src/models/models_2.ts index 4516b6e5f2c8..3950796210f6 100644 --- a/clients/client-securityhub/src/models/models_2.ts +++ b/clients/client-securityhub/src/models/models_2.ts @@ -4045,7 +4045,7 @@ export interface AwsSecurityFindingFilters { /** *

* The unique identifier of a control across standards. Values for this field typically consist of an - * Amazon Web Service and a number, such as APIGateway.5. + * Amazon Web Servicesservice and a number, such as APIGateway.5. *

* @public */ @@ -4970,7 +4970,7 @@ export type UpdateStatus = (typeof UpdateStatus)[keyof typeof UpdateStatus]; export interface SecurityControl { /** *

- * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a + * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a * number, such as APIGateway.3. *

* @public @@ -5029,8 +5029,8 @@ export interface SecurityControl { /** *

* Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of - * READY indicates findings include the current parameter values. A status of UPDATING indicates that - * all findings may not include the current parameter values. + * READY indicates that Security Hub uses the current control parameter values when running security checks of the control. + * A status of UPDATING indicates that all security checks might not use the current parameter values. *

* @public */ @@ -5182,7 +5182,7 @@ export interface StandardsControlAssociationDetail { /** *

- * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service + * The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice * name and a number, such as APIGateway.3. *

* @public @@ -6589,7 +6589,7 @@ export type Policy = Policy.SecurityHubMember | Policy.$UnknownMember; export namespace Policy { /** *

- * The Amazon Web Service that the configuration policy applies to. + * The Amazon Web Servicesservice that the configuration policy applies to. *

* @public */ @@ -6737,19 +6737,24 @@ export interface CreateFindingAggregatorRequest { * * @public */ @@ -6759,6 +6764,8 @@ export interface CreateFindingAggregatorRequest { *

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

*

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region. *

+ *

An InvalidInputException error results if you populate this field while RegionLinkingMode is + * NO_REGIONS.

* @public */ Regions?: string[]; @@ -7843,7 +7850,7 @@ export interface FindingHistoryUpdateSource { *

* Describes the type of finding change event, such as a call to * BatchImportFindings - * (by an integrated Amazon Web Service or third party partner integration) or + * (by an integrated Amazon Web Servicesservice or third party partner integration) or * BatchUpdateFindings * (by a Security Hub customer). *

@@ -7917,7 +7924,7 @@ export interface FindingHistoryRecord { /** *

Identifies the source of the event that changed the finding. For example, an integrated - * Amazon Web Service or third-party partner integration may call + * Amazon Web Servicesservice or third-party partner integration may call * BatchImportFindings * , or an Security Hub customer * may call @@ -8818,7 +8825,7 @@ export interface SecurityControlDefinition { /** *

* The unique identifier of a security control across standards. Values for this field typically consist of an - * Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from + * Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from * SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The * ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3). *

@@ -9381,7 +9388,7 @@ export interface StandardsControlAssociationSummary { /** *

* A unique standard-agnostic identifier for a control. Values for this field typically consist of an - * Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard. + * Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard. *

* @public */ @@ -9826,19 +9833,24 @@ export interface UpdateFindingAggregatorRequest { * * @public */ @@ -9847,6 +9859,8 @@ export interface UpdateFindingAggregatorRequest { /** *

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

*

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

+ *

An InvalidInputException error results if you populate this field while RegionLinkingMode is + * NO_REGIONS.

* @public */ Regions?: string[]; diff --git a/codegen/sdk-codegen/aws-models/securityhub.json b/codegen/sdk-codegen/aws-models/securityhub.json index cbdab4b6ecaf..1beb307ca6bb 100644 --- a/codegen/sdk-codegen/aws-models/securityhub.json +++ b/codegen/sdk-codegen/aws-models/securityhub.json @@ -958,7 +958,7 @@ "ResourceId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "

\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Service that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n

\n

\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t

" + "smithy.api#documentation": "

\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Servicesservice that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n

\n

\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t

" } }, "ResourcePartition": { @@ -19082,7 +19082,7 @@ "ComplianceSecurityControlId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n

" + "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n

" } }, "ComplianceAssociatedStandardsId": { @@ -22189,7 +22189,7 @@ "SecurityControlId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n

" + "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n

" } }, "AssociatedStandards": { @@ -23076,14 +23076,14 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", + "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", "smithy.api#required": {} } }, "Regions": { "target": "com.amazonaws.securityhub#StringList", "traits": { - "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n

" + "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n

\n

An InvalidInputException error results if you populate this field while RegionLinkingMode is \n NO_REGIONS.

" } } }, @@ -25424,7 +25424,7 @@ "UpdateSource": { "target": "com.amazonaws.securityhub#FindingHistoryUpdateSource", "traits": { - "smithy.api#documentation": "

Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Service or third-party partner integration may call \n BatchImportFindings\n , or an Security Hub customer\n may call \n BatchUpdateFindings\n .

" + "smithy.api#documentation": "

Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Servicesservice or third-party partner integration may call \n BatchImportFindings\n , or an Security Hub customer\n may call \n BatchUpdateFindings\n .

" } }, "Updates": { @@ -25482,7 +25482,7 @@ "Type": { "target": "com.amazonaws.securityhub#FindingHistoryUpdateSourceType", "traits": { - "smithy.api#documentation": "

\n Describes the type of finding change event, such as a call to \n BatchImportFindings\n (by an integrated Amazon Web Service or third party partner integration) or \n BatchUpdateFindings\n (by a Security Hub customer). \n

" + "smithy.api#documentation": "

\n Describes the type of finding change event, such as a call to \n BatchImportFindings\n (by an integrated Amazon Web Servicesservice or third party partner integration) or \n BatchUpdateFindings\n (by a Security Hub customer). \n

" } }, "Identity": { @@ -29680,7 +29680,7 @@ "SecurityHub": { "target": "com.amazonaws.securityhub#SecurityHubPolicy", "traits": { - "smithy.api#documentation": "

\n The Amazon Web Service that the configuration policy applies to.\n

" + "smithy.api#documentation": "

\n The Amazon Web Servicesservice that the configuration policy applies to.\n

" } } }, @@ -30875,7 +30875,7 @@ "DestinationPrefixListId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "

\n The prefix of the destination Amazon Web Service.\n

" + "smithy.api#documentation": "

\n The prefix of the destination Amazon Web Servicesservice.\n

" } }, "EgressOnlyInternetGatewayId": { @@ -31482,7 +31482,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a \n number, such as APIGateway.3.\n

", + "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a \n number, such as APIGateway.3.\n

", "smithy.api#required": {} } }, @@ -31537,7 +31537,7 @@ "UpdateStatus": { "target": "com.amazonaws.securityhub#UpdateStatus", "traits": { - "smithy.api#documentation": "

\n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \nREADY indicates findings include the current parameter values. A status of UPDATING indicates that \nall findings may not include the current parameter values.\n

" + "smithy.api#documentation": "

\n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \nREADY indicates that Security Hub uses the current control parameter values when running security checks of the control. \nA status of UPDATING indicates that all security checks might not use the current parameter values.\n

" } }, "Parameters": { @@ -31590,7 +31590,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n

", + "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n

", "smithy.api#required": {} } }, @@ -31986,7 +31986,7 @@ "name": "securityhub" }, "aws.protocols#restJson1": {}, - "smithy.api#documentation": "

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.

\n

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.

\n

To help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.

\n

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Services and supported third-party products.

\n

Security Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.

\n

This guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Services.

\n

In addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.

\n

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.

\n

The following throttling limits apply to Security Hub API operations.

\n ", + "smithy.api#documentation": "

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.

\n

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.

\n

To help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.

\n

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

\n

Security Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.

\n

This guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Servicesservices.

\n

In addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.

\n

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.

\n

The following throttling limits apply to Security Hub API operations.

\n ", "smithy.api#title": "AWS SecurityHub", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -33440,7 +33440,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service \n name and a number, such as APIGateway.3.\n

", + "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice \n name and a number, such as APIGateway.3.\n

", "smithy.api#required": {} } }, @@ -33558,7 +33558,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n

", + "smithy.api#documentation": "

\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n

", "smithy.api#required": {} } }, @@ -35341,14 +35341,14 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", + "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", "smithy.api#required": {} } }, "Regions": { "target": "com.amazonaws.securityhub#StringList", "traits": { - "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

" + "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

\n

An InvalidInputException error results if you populate this field while RegionLinkingMode is \n NO_REGIONS.

" } } }, @@ -35414,7 +35414,7 @@ } ], "traits": { - "smithy.api#documentation": "

\n UpdateFindings is a deprecated operation. Instead of UpdateFindings, use\n the BatchUpdateFindings operation.

\n

Updates the Note and RecordState of the Security Hub-aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n also sees the update to the finding.

\n

Finding updates made with UpdateFindings might not be persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings operation.

", + "smithy.api#documentation": "

\n UpdateFindings is a deprecated operation. Instead of UpdateFindings, use\n the BatchUpdateFindings operation.

\n

The UpdateFindings operation updates the Note and RecordState of the Security Hub aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n can also see the update to the finding.

\n

Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings operation. In addition, Security Hub doesn't \n record updates made with UpdateFindings in the finding history.

", "smithy.api#http": { "method": "PATCH", "uri": "/findings",