Class: Aws::SecurityHub::Client

Inherits:

Seahorse::Client::Base

Object
Seahorse::Client::Base
Aws::SecurityHub::Client

show all

Includes:: ClientStubs

Defined in:: gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb

Overview

An API client for SecurityHub. To construct a client, you need to configure a :region and :credentials.

client = Aws::SecurityHub::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

#accept_administrator_invitation(params = {}) ⇒ Struct
We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.
#accept_invitation(params = {}) ⇒ Struct
This method is deprecated.
#batch_delete_automation_rules(params = {}) ⇒ Types::BatchDeleteAutomationRulesResponse
Deletes one or more automation rules.
#batch_disable_standards(params = {}) ⇒ Types::BatchDisableStandardsResponse
Disables the standards specified by the provided StandardsSubscriptionArns.
#batch_enable_standards(params = {}) ⇒ Types::BatchEnableStandardsResponse
Enables the standards specified by the provided StandardsArn.
#batch_get_automation_rules(params = {}) ⇒ Types::BatchGetAutomationRulesResponse
Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).
#batch_get_configuration_policy_associations(params = {}) ⇒ Types::BatchGetConfigurationPolicyAssociationsResponse
Returns associations between an Security Hub CSPM configuration and a batch of target accounts, organizational units, or the root.
#batch_get_security_controls(params = {}) ⇒ Types::BatchGetSecurityControlsResponse
Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.
#batch_get_standards_control_associations(params = {}) ⇒ Types::BatchGetStandardsControlAssociationsResponse
For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.
#batch_import_findings(params = {}) ⇒ Types::BatchImportFindingsResponse
Imports security findings generated by a finding provider into Security Hub CSPM.
#batch_update_automation_rules(params = {}) ⇒ Types::BatchUpdateAutomationRulesResponse
Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.
#batch_update_findings(params = {}) ⇒ Types::BatchUpdateFindingsResponse
Used by Security Hub CSPM customers to update information about their investigation into one or more findings.
#batch_update_findings_v2(params = {}) ⇒ Types::BatchUpdateFindingsV2Response
Updates information about a customer's investigation into a finding.
#batch_update_standards_control_associations(params = {}) ⇒ Types::BatchUpdateStandardsControlAssociationsResponse
For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.
#create_action_target(params = {}) ⇒ Types::CreateActionTargetResponse
Creates a custom action target in Security Hub CSPM.
#create_aggregator_v2(params = {}) ⇒ Types::CreateAggregatorV2Response
Enables aggregation across Amazon Web Services Regions.
#create_automation_rule(params = {}) ⇒ Types::CreateAutomationRuleResponse
Creates an automation rule based on input parameters.
#create_automation_rule_v2(params = {}) ⇒ Types::CreateAutomationRuleV2Response
Creates a V2 automation rule.
#create_configuration_policy(params = {}) ⇒ Types::CreateConfigurationPolicyResponse
Creates a configuration policy with the defined configuration.
#create_connector_v2(params = {}) ⇒ Types::CreateConnectorV2Response
Grants permission to create a connectorV2 based on input parameters.
#create_finding_aggregator(params = {}) ⇒ Types::CreateFindingAggregatorResponse
The aggregation Region is now called the home Region.
#create_insight(params = {}) ⇒ Types::CreateInsightResponse
Creates a custom insight in Security Hub CSPM.
#create_members(params = {}) ⇒ Types::CreateMembersResponse
Creates a member association in Security Hub CSPM between the specified accounts and the account used to make the request, which is the administrator account.
#create_ticket_v2(params = {}) ⇒ Types::CreateTicketV2Response
Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID.
#decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse
We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.
#delete_action_target(params = {}) ⇒ Types::DeleteActionTargetResponse
Deletes a custom action target from Security Hub CSPM.
#delete_aggregator_v2(params = {}) ⇒ Struct
Deletes the Aggregator V2.
#delete_automation_rule_v2(params = {}) ⇒ Struct
Deletes a V2 automation rule.
#delete_configuration_policy(params = {}) ⇒ Struct
Deletes a configuration policy.
#delete_connector_v2(params = {}) ⇒ Struct
Grants permission to delete a connectorV2.
#delete_finding_aggregator(params = {}) ⇒ Struct
The aggregation Region is now called the home Region.
#delete_insight(params = {}) ⇒ Types::DeleteInsightResponse
Deletes the insight specified by the InsightArn.
#delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse
We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.
#delete_members(params = {}) ⇒ Types::DeleteMembersResponse
Deletes the specified member accounts from Security Hub CSPM.
#describe_action_targets(params = {}) ⇒ Types::DescribeActionTargetsResponse
Returns a list of the custom action targets in Security Hub CSPM in your account.
#describe_hub(params = {}) ⇒ Types::DescribeHubResponse
Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub CSPM.
#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse
Returns information about the way your organization is configured in Security Hub CSPM.
#describe_products(params = {}) ⇒ Types::DescribeProductsResponse
Returns information about product integrations in Security Hub CSPM.
#describe_products_v2(params = {}) ⇒ Types::DescribeProductsV2Response
Gets information about the product integration.
#describe_security_hub_v2(params = {}) ⇒ Types::DescribeSecurityHubV2Response
Returns details about the service resource in your account.
#describe_standards(params = {}) ⇒ Types::DescribeStandardsResponse
Returns a list of the available standards in Security Hub CSPM.
#describe_standards_controls(params = {}) ⇒ Types::DescribeStandardsControlsResponse
Returns a list of security standards controls.
#disable_import_findings_for_product(params = {}) ⇒ Struct
Disables the integration of the specified product with Security Hub CSPM.
#disable_organization_admin_account(params = {}) ⇒ Struct
Disables a Security Hub CSPM administrator account.
#disable_security_hub(params = {}) ⇒ Struct
Disables Security Hub CSPM in your account only in the current Amazon Web Services Region.
#disable_security_hub_v2(params = {}) ⇒ Struct
Disable the service for the current Amazon Web Services Region or specified Amazon Web Services Region.
#disassociate_from_administrator_account(params = {}) ⇒ Struct
Disassociates the current Security Hub CSPM member account from the associated administrator account.
#disassociate_from_master_account(params = {}) ⇒ Struct
This method is deprecated.
#disassociate_members(params = {}) ⇒ Struct
Disassociates the specified member accounts from the associated administrator account.
#enable_import_findings_for_product(params = {}) ⇒ Types::EnableImportFindingsForProductResponse
Enables the integration of a partner product with Security Hub CSPM.
#enable_organization_admin_account(params = {}) ⇒ Types::EnableOrganizationAdminAccountResponse
Designates the Security Hub CSPM administrator account for an organization.
#enable_security_hub(params = {}) ⇒ Struct
Enables Security Hub CSPM for your account in the current Region or the Region you specify in the request.
#enable_security_hub_v2(params = {}) ⇒ Types::EnableSecurityHubV2Response
Enables the service in account for the current Amazon Web Services Region or specified Amazon Web Services Region.
#generate_recommended_policy_v2(params = {}) ⇒ Struct
Begins the recommended policy generation to remediate a Security Hub finding.
#get_administrator_account(params = {}) ⇒ Types::GetAdministratorAccountResponse
Provides the details for the Security Hub CSPM administrator account for the current member account.
#get_aggregator_v2(params = {}) ⇒ Types::GetAggregatorV2Response
Returns the configuration of the specified Aggregator V2.
#get_automation_rule_v2(params = {}) ⇒ Types::GetAutomationRuleV2Response
Returns an automation rule for the V2 service.
#get_configuration_policy(params = {}) ⇒ Types::GetConfigurationPolicyResponse
Provides information about a configuration policy.
#get_configuration_policy_association(params = {}) ⇒ Types::GetConfigurationPolicyAssociationResponse
Returns the association between a configuration and a target account, organizational unit, or the root.
#get_connector_v2(params = {}) ⇒ Types::GetConnectorV2Response
Grants permission to retrieve details for a connectorV2 based on connector id.
#get_enabled_standards(params = {}) ⇒ Types::GetEnabledStandardsResponse
Returns a list of the standards that are currently enabled.
#get_finding_aggregator(params = {}) ⇒ Types::GetFindingAggregatorResponse
The aggregation Region is now called the home Region.
#get_finding_history(params = {}) ⇒ Types::GetFindingHistoryResponse
Returns the history of a Security Hub CSPM finding.
#get_finding_statistics_v2(params = {}) ⇒ Types::GetFindingStatisticsV2Response
Returns aggregated statistical data about findings.
#get_findings(params = {}) ⇒ Types::GetFindingsResponse
Returns a list of findings that match the specified criteria.
#get_findings_trends_v2(params = {}) ⇒ Types::GetFindingsTrendsV2Response
Returns findings trend data based on the specified criteria.
#get_findings_v2(params = {}) ⇒ Types::GetFindingsV2Response
Returns a list of findings that match the specified criteria.
#get_insight_results(params = {}) ⇒ Types::GetInsightResultsResponse
Lists the results of the Security Hub CSPM insight specified by the insight ARN.
#get_insights(params = {}) ⇒ Types::GetInsightsResponse
Lists and describes insights for the specified insight ARNs.
#get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse
We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.
#get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse
This method is deprecated.
#get_members(params = {}) ⇒ Types::GetMembersResponse
Returns the details for the Security Hub CSPM member accounts for the specified account IDs.
#get_recommended_policy_v2(params = {}) ⇒ Types::GetRecommendedPolicyV2Response
Retrieves the recommended policy to remediate a Security Hub finding.
#get_resources_statistics_v2(params = {}) ⇒ Types::GetResourcesStatisticsV2Response
Retrieves statistical information about Amazon Web Services resources and their associated security findings.
#get_resources_trends_v2(params = {}) ⇒ Types::GetResourcesTrendsV2Response
Returns resource trend data based on the specified criteria.
#get_resources_v2(params = {}) ⇒ Types::GetResourcesV2Response
Returns a list of resources.
#get_security_control_definition(params = {}) ⇒ Types::GetSecurityControlDefinitionResponse
Retrieves the definition of a security control.
#invite_members(params = {}) ⇒ Types::InviteMembersResponse
We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.
#list_aggregators_v2(params = {}) ⇒ Types::ListAggregatorsV2Response
Retrieves a list of V2 aggregators.
#list_automation_rules(params = {}) ⇒ Types::ListAutomationRulesResponse
A list of automation rules and their metadata for the calling account.
#list_automation_rules_v2(params = {}) ⇒ Types::ListAutomationRulesV2Response
Returns a list of automation rules and metadata for the calling account.
#list_configuration_policies(params = {}) ⇒ Types::ListConfigurationPoliciesResponse
Lists the configuration policies that the Security Hub CSPM delegated administrator has created for your organization.
#list_configuration_policy_associations(params = {}) ⇒ Types::ListConfigurationPolicyAssociationsResponse
Provides information about the associations for your configuration policies and self-managed behavior.
#list_connectors_v2(params = {}) ⇒ Types::ListConnectorsV2Response
Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account.
#list_enabled_products_for_import(params = {}) ⇒ Types::ListEnabledProductsForImportResponse
Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub CSPM.
#list_finding_aggregators(params = {}) ⇒ Types::ListFindingAggregatorsResponse
If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator.
#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse
We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.
#list_members(params = {}) ⇒ Types::ListMembersResponse
Lists details about all member accounts for the current Security Hub CSPM administrator account.
#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse
Lists the Security Hub CSPM administrator accounts.
#list_security_control_definitions(params = {}) ⇒ Types::ListSecurityControlDefinitionsResponse
Lists all of the security controls that apply to a specified standard.
#list_standards_control_associations(params = {}) ⇒ Types::ListStandardsControlAssociationsResponse
Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Returns a list of tags associated with a resource.
#register_connector_v2(params = {}) ⇒ Types::RegisterConnectorV2Response
Grants permission to complete the authorization based on input parameters.
#start_configuration_policy_association(params = {}) ⇒ Types::StartConfigurationPolicyAssociationResponse
Associates a target account, organizational unit, or the root with a specified configuration.
#start_configuration_policy_disassociation(params = {}) ⇒ Struct
Disassociates a target account, organizational unit, or the root from a specified configuration.
#tag_resource(params = {}) ⇒ Struct
Adds one or more tags to a resource.
#untag_resource(params = {}) ⇒ Struct
Removes one or more tags from a resource.
#update_action_target(params = {}) ⇒ Struct
Updates the name and description of a custom action target in Security Hub CSPM.
#update_aggregator_v2(params = {}) ⇒ Types::UpdateAggregatorV2Response
Udpates the configuration for the Aggregator V2.
#update_automation_rule_v2(params = {}) ⇒ Struct
Updates a V2 automation rule.
#update_configuration_policy(params = {}) ⇒ Types::UpdateConfigurationPolicyResponse
Updates a configuration policy.
#update_connector_v2(params = {}) ⇒ Struct
Grants permission to update a connectorV2 based on its id and input parameters.
#update_finding_aggregator(params = {}) ⇒ Types::UpdateFindingAggregatorResponse
The aggregation Region is now called the home Region.
#update_findings(params = {}) ⇒ Struct
UpdateFindings is a deprecated operation.
#update_insight(params = {}) ⇒ Struct
Updates the Security Hub CSPM insight identified by the specified insight ARN.
#update_organization_configuration(params = {}) ⇒ Struct
Updates the configuration of your organization in Security Hub CSPM.
#update_security_control(params = {}) ⇒ Struct
Updates the properties of a security control.
#update_security_hub_configuration(params = {}) ⇒ Struct
Updates configuration options for Security Hub CSPM.
#update_standards_control(params = {}) ⇒ Struct
Used to control whether an individual security standard control is enabled or disabled.

Instance Method Summary collapse

#initialize(options) ⇒ Client constructor
A new instance of Client.

Constructor Details

#initialize(options) ⇒ `Client`

Returns a new instance of Client.

Parameters:

options (Hash)

Options Hash (options):

:plugins (Array<Seahorse::Client::Plugin>) — default: []] —
A list of plugins to apply to the client. Each plugin is either a class name or an instance of a plugin class.
:credentials (required, Aws::CredentialProvider) —
Your AWS credentials used for authentication. This can be any class that includes and implements Aws::CredentialProvider, or instance of any one of the following classes:
- Aws::Credentials - Used for configuring static, non-refreshing credentials.
- Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.
- Aws::AssumeRoleCredentials - Used when you need to assume a role.
- Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.
- Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.
- Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.
- Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.
- Aws::ECSCredentials - Used for loading credentials from instances running in ECS.
- Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.
When :credentials are not configured directly, the following locations will be searched for credentials:
- Aws.config[:credentials]
- The :access_key_id, :secret_access_key, :session_token, and :account_id options.
- ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'], ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID'].
- ~/.aws/credentials
- ~/.aws/config
- EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentials or Aws::ECSCredentials to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true.
:region (required, String) —
The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:
- Aws.config[:region]
- ENV['AWS_REGION']
- ENV['AMAZON_REGION']
- ENV['AWS_DEFAULT_REGION']
- ~/.aws/credentials
- ~/.aws/config
:access_key_id (String)
:account_id (String)
:active_endpoint_cache (Boolean) — default: false —
When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.
:adaptive_retry_wait_to_fill (Boolean) — default: true —
Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.
:auth_scheme_preference (Array<String>) —
A list of preferred authentication schemes to use when making a request. Supported values are: sigv4, sigv4a, httpBearerAuth, and noAuth. When set using ENV['AWS_AUTH_SCHEME_PREFERENCE'] or in shared config as auth_scheme_preference, the value should be a comma-separated list.
:client_side_monitoring (Boolean) — default: false —
When true, client-side metrics will be collected for all API requests from this client.
:client_side_monitoring_client_id (String) — default: "" —
Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.
:client_side_monitoring_host (String) — default: "127.0.0.1" —
Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.
:client_side_monitoring_port (Integer) — default: 31000 —
Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.
:client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher —
Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.
:convert_params (Boolean) — default: true —
When true, an attempt is made to coerce request parameters into the required types.
:correct_clock_skew (Boolean) — default: true —
Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.
:defaults_mode (String) — default: "legacy" —
See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.
:disable_host_prefix_injection (Boolean) — default: false —
When true, the SDK will not prepend the modeled host prefix to the endpoint.
:disable_request_compression (Boolean) — default: false —
When set to 'true' the request body will not be compressed for supported operations.
:endpoint (String, URI::HTTPS, URI::HTTP) —
Normally you should not configure the :endpoint option directly. This is normally constructed from the :region option. Configuring :endpoint is normally reserved for connecting to test or custom endpoints. The endpoint should be a URI formatted like:
```
'http://example.com'
'https://example.com'
'http://example.com:123'
```
:endpoint_cache_max_entries (Integer) — default: 1000 —
Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.
:endpoint_cache_max_threads (Integer) — default: 10 —
Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
:endpoint_cache_poll_interval (Integer) — default: 60 —
When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.
:endpoint_discovery (Boolean) — default: false —
When set to true, endpoint discovery will be enabled for operations when available.
:ignore_configured_endpoint_urls (Boolean) —
Setting to true disables use of endpoint URLs provided via environment variables and the shared configuration file.
:log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default —
The log formatter.
:log_level (Symbol) — default: :info —
The log level to send messages to the :logger at.
:logger (Logger) —
The Logger instance to send log messages to. If this option is not set, logging will be disabled.
:max_attempts (Integer) — default: 3 —
An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.
:profile (String) — default: "default" —
Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.
:request_checksum_calculation (String) — default: "when_supported" —
Determines when a checksum will be calculated for request payloads. Values are:
- when_supported - (default) When set, a checksum will be calculated for all request payloads of operations modeled with the httpChecksum trait where requestChecksumRequired is true and/or a requestAlgorithmMember is modeled.
- when_required - When set, a checksum will only be calculated for request payloads of operations modeled with the httpChecksum trait where requestChecksumRequired is true or where a requestAlgorithmMember is modeled and supplied.
:request_min_compression_size_bytes (Integer) — default: 10240 —
The minimum size in bytes that triggers compression for request bodies. The value must be non-negative integer value between 0 and 10485780 bytes inclusive.
:response_checksum_validation (String) — default: "when_supported" —
Determines when checksum validation will be performed on response payloads. Values are:
- when_supported - (default) When set, checksum validation is performed on all response payloads of operations modeled with the httpChecksum trait where responseAlgorithms is modeled, except when no modeled checksum algorithms are supported.
- when_required - When set, checksum validation is not performed on response payloads of operations unless the checksum algorithm is supported and the requestValidationModeMember member is set to ENABLED.
:retry_backoff (Proc) —
A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.
:retry_base_delay (Float) — default: 0.3 —
The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.
:retry_jitter (Symbol) — default: :none —
A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

@see https://www.awsarchitectureblog.com/2015/03/backoff.html
:retry_limit (Integer) — default: 3 —
The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.
:retry_max_delay (Integer) — default: 0 —
The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.
:retry_mode (String) — default: "legacy" —
Specifies which retry algorithm to use. Values are:
- legacy - The pre-existing retry behavior. This is the default value if no retry mode is provided.
- standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.
- adaptive - A retry mode that includes all the functionality of standard mode along with automatic client side throttling.
:sdk_ua_app_id (String) —
A unique and opaque application ID that is appended to the User-Agent header as app/sdk_ua_app_id. It should have a maximum length of 50. This variable is sourced from environment variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
:secret_access_key (String)
:session_token (String)
:sigv4a_signing_region_set (Array) —
A list of regions that should be signed with SigV4a signing. When not passed, a default :sigv4a_signing_region_set is searched for in the following locations:
- Aws.config[:sigv4a_signing_region_set]
- ENV['AWS_SIGV4A_SIGNING_REGION_SET']
- ~/.aws/config
:stub_responses (Boolean) — default: false —
Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.
:telemetry_provider (Aws::Telemetry::TelemetryProviderBase) — default: Aws::Telemetry::NoOpTelemetryProvider —
Allows you to provide a telemetry provider, which is used to emit telemetry data. By default, uses NoOpTelemetryProvider which will not record or emit any telemetry data. The SDK supports the following telemetry providers:
- OpenTelemetry (OTel) - To use the OTel provider, install and require the opentelemetry-sdk gem and then, pass in an instance of a Aws::Telemetry::OTelProvider for telemetry provider.
:token_provider (Aws::TokenProvider) —
Your Bearer token used for authentication. This can be any class that includes and implements Aws::TokenProvider, or instance of any one of the following classes:
- Aws::StaticTokenProvider - Used for configuring static, non-refreshing tokens.
- Aws::SSOTokenProvider - Used for loading tokens from AWS SSO using an access token generated from aws login.
When :token_provider is not configured directly, the Aws::TokenProviderChain will be used to search for tokens configured for your profile in shared configuration files.
:use_dualstack_endpoint (Boolean) —
When set to true, dualstack enabled endpoints (with .aws TLD) will be used if available.
:use_fips_endpoint (Boolean) —
When set to true, fips compatible endpoints will be used if available. When a fips region is used, the region is normalized and this config is set to true.
:validate_params (Boolean) — default: true —
When true, request parameters are validated before sending the request.
:endpoint_provider (Aws::SecurityHub::EndpointProvider) —
The endpoint provider used to resolve endpoints. Any object that responds to #resolve_endpoint(parameters) where parameters is a Struct similar to Aws::SecurityHub::EndpointParameters.
:http_continue_timeout (Float) — default: 1 —
The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.
:http_idle_timeout (Float) — default: 5 —
The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.
:http_open_timeout (Float) — default: 15 —
The default number of seconds to wait for response data. This value can safely be set per-request on the session.
:http_proxy (URI::HTTP, String) —
A proxy to send requests through. Formatted like 'http://proxy.com:123'.
:http_read_timeout (Float) — default: 60 —
The default number of seconds to wait for response data. This value can safely be set per-request on the session.
:http_wire_trace (Boolean) — default: false —
When true, HTTP debug output will be sent to the :logger.
:on_chunk_received (Proc) —
When a Proc object is provided, it will be used as callback when each chunk of the response body is received. It provides three arguments: the chunk, the number of bytes received, and the total number of bytes in the response (or nil if the server did not send a content-length).
:on_chunk_sent (Proc) —
When a Proc object is provided, it will be used as callback when each chunk of the request body is sent. It provides three arguments: the chunk, the number of bytes read from the body, and the total number of bytes in the body.
:raise_response_errors (Boolean) — default: true —
When true, response errors are raised.
:ssl_ca_bundle (String) —
Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.
:ssl_ca_directory (String) —
Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.
:ssl_ca_store (String) —
Sets the X509::Store to verify peer certificate.
:ssl_cert (OpenSSL::X509::Certificate) —
Sets a client certificate when creating http connections.
:ssl_key (OpenSSL::PKey) —
Sets a client key when creating http connections.
:ssl_timeout (Float) —
Sets the SSL timeout in seconds
:ssl_verify_peer (Boolean) — default: true —
When true, SSL peer certificates are verified when establishing a connection.



471
472
473

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 471

def initialize(*args)
  super
end

Instance Method Details

#accept_administrator_invitation(params = {}) ⇒ `Struct`

We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see Managing Security Hub CSPM administrator and member accounts with Organizations in the Security Hub CSPM User Guide.

Accepts the invitation to be a member account and be monitored by the Security Hub CSPM administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

Examples:

Example: To accept an invitation be a member account


# The following example demonstrates how an account can accept an invitation from the Security Hub administrator account
# to be a member account. This operation is applicable only to member accounts that are not added through AWS
# Organizations.

resp = client.accept_administrator_invitation({
  administrator_id: "123456789012", 
  invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb", 
})

Request syntax with placeholder values


resp = client.accept_administrator_invitation({
  administrator_id: "NonEmptyString", # required
  invitation_id: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:administrator_id (required, String) —
The account ID of the Security Hub CSPM administrator account that sent the invitation.
:invitation_id (required, String) —
The identifier of the invitation sent from the Security Hub CSPM administrator account.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 532

def accept_administrator_invitation(params = {}, options = {})
  req = build_request(:accept_administrator_invitation, params)
  req.send_request(options)
end

#accept_invitation(params = {}) ⇒ `Struct`

This method is deprecated. Instead, use AcceptAdministratorInvitation.

The Security Hub CSPM console continues to use AcceptInvitation. It will eventually change to use AcceptAdministratorInvitation. Any IAM policies that specifically control access to this function must continue to use AcceptInvitation. You should also add AcceptAdministratorInvitation to your policies to ensure that the correct permissions are in place after the console begins to use AcceptAdministratorInvitation.

Accepts the invitation to be a member account and be monitored by the Security Hub CSPM administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

Examples:

Request syntax with placeholder values


resp = client.accept_invitation({
  master_id: "NonEmptyString", # required
  invitation_id: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:master_id (required, String) —
The account ID of the Security Hub CSPM administrator account that sent the invitation.
:invitation_id (required, String) —
The identifier of the invitation sent from the Security Hub CSPM administrator account.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 580

def accept_invitation(params = {}, options = {})
  req = build_request(:accept_invitation, params)
  req.send_request(options)
end

#batch_delete_automation_rules(params = {}) ⇒ `Types::BatchDeleteAutomationRulesResponse`

Deletes one or more automation rules.

Examples:

Example: To delete one or more automation rules


# The following example deletes the specified automation rules.

resp = client.batch_delete_automation_rules({
  automation_rules_arns: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
  ], 
})

resp.to_h outputs the following:
{
  processed_automation_rules: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  ], 
  unprocessed_automation_rules: [
    {
      error_code: 500, 
      error_message: "InternalException", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_delete_automation_rules({
  automation_rules_arns: ["NonEmptyString"], # required
})

Response structure


resp.processed_automation_rules #=> Array
resp.processed_automation_rules[0] #=> String
resp.unprocessed_automation_rules #=> Array
resp.unprocessed_automation_rules[0].rule_arn #=> String
resp.unprocessed_automation_rules[0].error_code #=> Integer
resp.unprocessed_automation_rules[0].error_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:automation_rules_arns (required, Array<String>) —
A list of Amazon Resource Names (ARNs) for the rules that are to be deleted.

Returns:

(Types::BatchDeleteAutomationRulesResponse) —
Returns a response object which responds to the following methods:
- #processed_automation_rules => Array<String>
- #unprocessed_automation_rules => Array<Types::UnprocessedAutomationRule>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 641

def batch_delete_automation_rules(params = {}, options = {})
  req = build_request(:batch_delete_automation_rules, params)
  req.send_request(options)
end

#batch_disable_standards(params = {}) ⇒ `Types::BatchDisableStandardsResponse`

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Security Standards section of the Security Hub CSPM User Guide.

Examples:

Example: To disable one or more security standards


# The following example disables a security standard in Security Hub.

resp = client.batch_disable_standards({
  standards_subscription_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
  ], 
})

resp.to_h outputs the following:
{
  standards_subscriptions: [
    {
      standards_arn: "arn:aws:securityhub:eu-central-1::standards/pci-dss/v/3.2.1", 
      standards_input: {
      }, 
      standards_status: "DELETING", 
      standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_disable_standards({
  standards_subscription_arns: ["NonEmptyString"], # required
})

Response structure


resp.standards_subscriptions #=> Array
resp.standards_subscriptions[0].standards_subscription_arn #=> String
resp.standards_subscriptions[0].standards_arn #=> String
resp.standards_subscriptions[0].standards_input #=> Hash
resp.standards_subscriptions[0].standards_input["NonEmptyString"] #=> String
resp.standards_subscriptions[0].standards_status #=> String, one of "PENDING", "READY", "FAILED", "DELETING", "INCOMPLETE"
resp.standards_subscriptions[0].standards_controls_updatable #=> String, one of "READY_FOR_UPDATES", "NOT_READY_FOR_UPDATES"
resp.standards_subscriptions[0].standards_status_reason.status_reason_code #=> String, one of "NO_AVAILABLE_CONFIGURATION_RECORDER", "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_subscription_arns (required, Array<String>) —
The ARNs of the standards subscriptions to disable.

Returns:

(Types::BatchDisableStandardsResponse) —
Returns a response object which responds to the following methods:
- #standards_subscriptions => Array<Types::StandardsSubscription>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 708

def batch_disable_standards(params = {}, options = {})
  req = build_request(:batch_disable_standards, params)
  req.send_request(options)
end

#batch_enable_standards(params = {}) ⇒ `Types::BatchEnableStandardsResponse`

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Security Standards section of the Security Hub CSPM User Guide.

Examples:

Example: To enable security standards


# The following example enables the security standard specified by the StandardArn. You can use this operation to enable
# one or more Security Hub standards.

resp = client.batch_enable_standards({
  standards_subscription_requests: [
    {
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  standards_subscriptions: [
    {
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
      standards_input: {
      }, 
      standards_status: "PENDING", 
      standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_enable_standards({
  standards_subscription_requests: [ # required
    {
      standards_arn: "NonEmptyString", # required
      standards_input: {
        "NonEmptyString" => "NonEmptyString",
      },
    },
  ],
})

Response structure


resp.standards_subscriptions #=> Array
resp.standards_subscriptions[0].standards_subscription_arn #=> String
resp.standards_subscriptions[0].standards_arn #=> String
resp.standards_subscriptions[0].standards_input #=> Hash
resp.standards_subscriptions[0].standards_input["NonEmptyString"] #=> String
resp.standards_subscriptions[0].standards_status #=> String, one of "PENDING", "READY", "FAILED", "DELETING", "INCOMPLETE"
resp.standards_subscriptions[0].standards_controls_updatable #=> String, one of "READY_FOR_UPDATES", "NOT_READY_FOR_UPDATES"
resp.standards_subscriptions[0].standards_status_reason.status_reason_code #=> String, one of "NO_AVAILABLE_CONFIGURATION_RECORDER", "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_subscription_requests (required, Array<Types::StandardsSubscriptionRequest>) —
The list of standards checks to enable.

Returns:

(Types::BatchEnableStandardsResponse) —
Returns a response object which responds to the following methods:
- #standards_subscriptions => Array<Types::StandardsSubscription>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 785

def batch_enable_standards(params = {}, options = {})
  req = build_request(:batch_enable_standards, params)
  req.send_request(options)
end

#batch_get_automation_rules(params = {}) ⇒ `Types::BatchGetAutomationRulesResponse`

Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).

Examples:

Example: To update one ore more automation rules


# The following example updates the specified automation rules.

resp = client.batch_get_automation_rules({
  automation_rules_arns: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
  ], 
})

resp.to_h outputs the following:
{
  rules: [
    {
      actions: [
        {
          finding_fields_update: {
            workflow: {
              status: "RESOLVED", 
            }, 
          }, 
          type: "FINDING_FIELDS_UPDATE", 
        }, 
      ], 
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      criteria: {
        aws_account_id: [
          {
            comparison: "EQUALS", 
            value: "111122223333", 
          }, 
        ], 
        first_observed_at: [
          {
            date_range: {
              unit: "DAYS", 
              value: 5, 
            }, 
          }, 
        ], 
        type: [
          {
            comparison: "EQUALS", 
            value: "Software and Configuration Checks/Industry and Regulatory Standards", 
          }, 
        ], 
      }, 
      description: "sample rule description 1", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      rule_name: "sample-rule-name-1", 
      rule_order: 1, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
    {
      actions: [
        {
          finding_fields_update: {
            workflow: {
              status: "RESOLVED", 
            }, 
          }, 
          type: "FINDING_FIELDS_UPDATE", 
        }, 
      ], 
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      criteria: {
        resource_type: [
          {
            comparison: "EQUALS", 
            value: "Ec2Instance", 
          }, 
        ], 
        severity_label: [
          {
            comparison: "EQUALS", 
            value: "INFORMATIONAL", 
          }, 
        ], 
      }, 
      description: "Sample rule description 2", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      rule_name: "sample-rule-name-2", 
      rule_order: 2, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_get_automation_rules({
  automation_rules_arns: ["NonEmptyString"], # required
})

Response structure


resp.rules #=> Array
resp.rules[0].rule_arn #=> String
resp.rules[0].rule_status #=> String, one of "ENABLED", "DISABLED"
resp.rules[0].rule_order #=> Integer
resp.rules[0].rule_name #=> String
resp.rules[0].description #=> String
resp.rules[0].is_terminal #=> Boolean
resp.rules[0].criteria.product_arn #=> Array
resp.rules[0].criteria.product_arn[0].value #=> String
resp.rules[0].criteria.product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.aws_account_id #=> Array
resp.rules[0].criteria.aws_account_id[0].value #=> String
resp.rules[0].criteria.aws_account_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.id #=> Array
resp.rules[0].criteria.id[0].value #=> String
resp.rules[0].criteria.id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.generator_id #=> Array
resp.rules[0].criteria.generator_id[0].value #=> String
resp.rules[0].criteria.generator_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.type #=> Array
resp.rules[0].criteria.type[0].value #=> String
resp.rules[0].criteria.type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.first_observed_at #=> Array
resp.rules[0].criteria.first_observed_at[0].start #=> String
resp.rules[0].criteria.first_observed_at[0].end #=> String
resp.rules[0].criteria.first_observed_at[0].date_range.value #=> Integer
resp.rules[0].criteria.first_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.first_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.last_observed_at #=> Array
resp.rules[0].criteria.last_observed_at[0].start #=> String
resp.rules[0].criteria.last_observed_at[0].end #=> String
resp.rules[0].criteria.last_observed_at[0].date_range.value #=> Integer
resp.rules[0].criteria.last_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.last_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.created_at #=> Array
resp.rules[0].criteria.created_at[0].start #=> String
resp.rules[0].criteria.created_at[0].end #=> String
resp.rules[0].criteria.created_at[0].date_range.value #=> Integer
resp.rules[0].criteria.created_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.created_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.updated_at #=> Array
resp.rules[0].criteria.updated_at[0].start #=> String
resp.rules[0].criteria.updated_at[0].end #=> String
resp.rules[0].criteria.updated_at[0].date_range.value #=> Integer
resp.rules[0].criteria.updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.confidence #=> Array
resp.rules[0].criteria.confidence[0].gte #=> Float
resp.rules[0].criteria.confidence[0].lte #=> Float
resp.rules[0].criteria.confidence[0].eq #=> Float
resp.rules[0].criteria.confidence[0].gt #=> Float
resp.rules[0].criteria.confidence[0].lt #=> Float
resp.rules[0].criteria.criticality #=> Array
resp.rules[0].criteria.criticality[0].gte #=> Float
resp.rules[0].criteria.criticality[0].lte #=> Float
resp.rules[0].criteria.criticality[0].eq #=> Float
resp.rules[0].criteria.criticality[0].gt #=> Float
resp.rules[0].criteria.criticality[0].lt #=> Float
resp.rules[0].criteria.title #=> Array
resp.rules[0].criteria.title[0].value #=> String
resp.rules[0].criteria.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.description #=> Array
resp.rules[0].criteria.description[0].value #=> String
resp.rules[0].criteria.description[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.source_url #=> Array
resp.rules[0].criteria.source_url[0].value #=> String
resp.rules[0].criteria.source_url[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.product_name #=> Array
resp.rules[0].criteria.product_name[0].value #=> String
resp.rules[0].criteria.product_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.company_name #=> Array
resp.rules[0].criteria.company_name[0].value #=> String
resp.rules[0].criteria.company_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.severity_label #=> Array
resp.rules[0].criteria.severity_label[0].value #=> String
resp.rules[0].criteria.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_type #=> Array
resp.rules[0].criteria.resource_type[0].value #=> String
resp.rules[0].criteria.resource_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_id #=> Array
resp.rules[0].criteria.resource_id[0].value #=> String
resp.rules[0].criteria.resource_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_partition #=> Array
resp.rules[0].criteria.resource_partition[0].value #=> String
resp.rules[0].criteria.resource_partition[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_region #=> Array
resp.rules[0].criteria.resource_region[0].value #=> String
resp.rules[0].criteria.resource_region[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_tags #=> Array
resp.rules[0].criteria.resource_tags[0].key #=> String
resp.rules[0].criteria.resource_tags[0].value #=> String
resp.rules[0].criteria.resource_tags[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.rules[0].criteria.resource_details_other #=> Array
resp.rules[0].criteria.resource_details_other[0].key #=> String
resp.rules[0].criteria.resource_details_other[0].value #=> String
resp.rules[0].criteria.resource_details_other[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.rules[0].criteria.compliance_status #=> Array
resp.rules[0].criteria.compliance_status[0].value #=> String
resp.rules[0].criteria.compliance_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.compliance_security_control_id #=> Array
resp.rules[0].criteria.compliance_security_control_id[0].value #=> String
resp.rules[0].criteria.compliance_security_control_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.compliance_associated_standards_id #=> Array
resp.rules[0].criteria.compliance_associated_standards_id[0].value #=> String
resp.rules[0].criteria.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.verification_state #=> Array
resp.rules[0].criteria.verification_state[0].value #=> String
resp.rules[0].criteria.verification_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.workflow_status #=> Array
resp.rules[0].criteria.workflow_status[0].value #=> String
resp.rules[0].criteria.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.record_state #=> Array
resp.rules[0].criteria.record_state[0].value #=> String
resp.rules[0].criteria.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.related_findings_product_arn #=> Array
resp.rules[0].criteria.related_findings_product_arn[0].value #=> String
resp.rules[0].criteria.related_findings_product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.related_findings_id #=> Array
resp.rules[0].criteria.related_findings_id[0].value #=> String
resp.rules[0].criteria.related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.note_text #=> Array
resp.rules[0].criteria.note_text[0].value #=> String
resp.rules[0].criteria.note_text[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.note_updated_at #=> Array
resp.rules[0].criteria.note_updated_at[0].start #=> String
resp.rules[0].criteria.note_updated_at[0].end #=> String
resp.rules[0].criteria.note_updated_at[0].date_range.value #=> Integer
resp.rules[0].criteria.note_updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.note_updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.note_updated_by #=> Array
resp.rules[0].criteria.note_updated_by[0].value #=> String
resp.rules[0].criteria.note_updated_by[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.user_defined_fields #=> Array
resp.rules[0].criteria.user_defined_fields[0].key #=> String
resp.rules[0].criteria.user_defined_fields[0].value #=> String
resp.rules[0].criteria.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.rules[0].criteria.resource_application_arn #=> Array
resp.rules[0].criteria.resource_application_arn[0].value #=> String
resp.rules[0].criteria.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_application_name #=> Array
resp.rules[0].criteria.resource_application_name[0].value #=> String
resp.rules[0].criteria.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.aws_account_name #=> Array
resp.rules[0].criteria.aws_account_name[0].value #=> String
resp.rules[0].criteria.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].actions #=> Array
resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE"
resp.rules[0].actions[0].finding_fields_update.note.text #=> String
resp.rules[0].actions[0].finding_fields_update.note.updated_by #=> String
resp.rules[0].actions[0].finding_fields_update.severity.normalized #=> Integer
resp.rules[0].actions[0].finding_fields_update.severity.product #=> Float
resp.rules[0].actions[0].finding_fields_update.severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.rules[0].actions[0].finding_fields_update.verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
resp.rules[0].actions[0].finding_fields_update.confidence #=> Integer
resp.rules[0].actions[0].finding_fields_update.criticality #=> Integer
resp.rules[0].actions[0].finding_fields_update.types #=> Array
resp.rules[0].actions[0].finding_fields_update.types[0] #=> String
resp.rules[0].actions[0].finding_fields_update.user_defined_fields #=> Hash
resp.rules[0].actions[0].finding_fields_update.user_defined_fields["NonEmptyString"] #=> String
resp.rules[0].actions[0].finding_fields_update.workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
resp.rules[0].actions[0].finding_fields_update.related_findings #=> Array
resp.rules[0].actions[0].finding_fields_update.related_findings[0].product_arn #=> String
resp.rules[0].actions[0].finding_fields_update.related_findings[0].id #=> String
resp.rules[0].created_at #=> Time
resp.rules[0].updated_at #=> Time
resp.rules[0].created_by #=> String
resp.unprocessed_automation_rules #=> Array
resp.unprocessed_automation_rules[0].rule_arn #=> String
resp.unprocessed_automation_rules[0].error_code #=> Integer
resp.unprocessed_automation_rules[0].error_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:automation_rules_arns (required, Array<String>) —
A list of rule ARNs to get details for.

Returns:

(Types::BatchGetAutomationRulesResponse) —
Returns a response object which responds to the following methods:
- #rules => Array<Types::AutomationRulesConfig>
- #unprocessed_automation_rules => Array<Types::UnprocessedAutomationRule>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 1078

def batch_get_automation_rules(params = {}, options = {})
  req = build_request(:batch_get_automation_rules, params)
  req.send_request(options)
end

#batch_get_configuration_policy_associations(params = {}) ⇒ `Types::BatchGetConfigurationPolicyAssociationsResponse`

Returns associations between an Security Hub CSPM configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

Examples:

Example: To get configuration associations for a batch of targets


# This operation provides details about configuration associations for a batch of target accounts, organizational units,
# or the root.

resp = client.batch_get_configuration_policy_associations({
  configuration_policy_association_identifiers: [
    {
      target: {
        account_id: "111122223333", 
      }, 
    }, 
    {
      target: {
        root_id: "r-f6g7h8i9j0example", 
      }, 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  configuration_policy_associations: [
    {
      association_status: "SUCCESS", 
      association_status_message: "This field is only populated for a failed association", 
      association_type: "INHERITED", 
      configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      target_id: "111122223333", 
      target_type: "ACCOUNT", 
      updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
    }, 
  ], 
  unprocessed_configuration_policy_associations: [
    {
      configuration_policy_association_identifiers: {
        target: {
          root_id: "r-f6g7h8i9j0example", 
        }, 
      }, 
      error_code: "400", 
      error_reason: "You do not have sufficient access to perform this action.", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_get_configuration_policy_associations({
  configuration_policy_association_identifiers: [ # required
    {
      target: {
        account_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
        root_id: "NonEmptyString",
      },
    },
  ],
})

Response structure


resp.configuration_policy_associations #=> Array
resp.configuration_policy_associations[0].configuration_policy_id #=> String
resp.configuration_policy_associations[0].target_id #=> String
resp.configuration_policy_associations[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.configuration_policy_associations[0].association_type #=> String, one of "INHERITED", "APPLIED"
resp.configuration_policy_associations[0].updated_at #=> Time
resp.configuration_policy_associations[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.configuration_policy_associations[0].association_status_message #=> String
resp.unprocessed_configuration_policy_associations #=> Array
resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.account_id #=> String
resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.organizational_unit_id #=> String
resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.root_id #=> String
resp.unprocessed_configuration_policy_associations[0].error_code #=> String
resp.unprocessed_configuration_policy_associations[0].error_reason #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:configuration_policy_association_identifiers (required, Array<Types::ConfigurationPolicyAssociation>) —
Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

Returns:

(Types::BatchGetConfigurationPolicyAssociationsResponse) —
Returns a response object which responds to the following methods:
- #configuration_policy_associations => Array<Types::ConfigurationPolicyAssociationSummary>
- #unprocessed_configuration_policy_associations => Array<Types::UnprocessedConfigurationPolicyAssociation>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 1180

def batch_get_configuration_policy_associations(params = {}, options = {})
  req = build_request(:batch_get_configuration_policy_associations, params)
  req.send_request(options)
end

#batch_get_security_controls(params = {}) ⇒ `Types::BatchGetSecurityControlsResponse`

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

Examples:

Example: To get security control details


# The following example gets details for the specified controls in the current AWS account and AWS Region.

resp = client.batch_get_security_controls({
  security_control_ids: [
    "ACM.1", 
    "APIGateway.1", 
  ], 
})

resp.to_h outputs the following:
{
  security_controls: [
    {
      description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", 
      last_update_reason: "Stayed with default value", 
      parameters: {
        "daysToExpiration" => {
          value: {
            integer: 30, 
          }, 
          value_type: "DEFAULT", 
        }, 
      }, 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", 
      security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1", 
      security_control_id: "ACM.1", 
      security_control_status: "ENABLED", 
      severity_rating: "MEDIUM", 
      title: "Imported and ACM-issued certificates should be renewed after a specified time period", 
      update_status: "UPDATING", 
    }, 
    {
      description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", 
      last_update_reason: "Updated control parameters to comply with internal requirements", 
      parameters: {
        "loggingLevel" => {
          value: {
            enum: "ERROR", 
          }, 
          value_type: "CUSTOM", 
        }, 
      }, 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", 
      security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1", 
      security_control_id: "APIGateway.1", 
      security_control_status: "ENABLED", 
      severity_rating: "MEDIUM", 
      title: "API Gateway REST and WebSocket API execution logging should be enabled", 
      update_status: "UPDATING", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_get_security_controls({
  security_control_ids: ["NonEmptyString"], # required
})

Response structure


resp.security_controls #=> Array
resp.security_controls[0].security_control_id #=> String
resp.security_controls[0].security_control_arn #=> String
resp.security_controls[0].title #=> String
resp.security_controls[0].description #=> String
resp.security_controls[0].remediation_url #=> String
resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED"
resp.security_controls[0].update_status #=> String, one of "READY", "UPDATING"
resp.security_controls[0].parameters #=> Hash
resp.security_controls[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.security_controls[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.security_controls[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.security_controls[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.security_controls[0].parameters["NonEmptyString"].value.double #=> Float
resp.security_controls[0].parameters["NonEmptyString"].value.string #=> String
resp.security_controls[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.security_controls[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.security_controls[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.security_controls[0].parameters["NonEmptyString"].value.enum #=> String
resp.security_controls[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.security_controls[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
resp.security_controls[0].last_update_reason #=> String
resp.unprocessed_ids #=> Array
resp.unprocessed_ids[0].security_control_id #=> String
resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED"
resp.unprocessed_ids[0].error_reason #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:security_control_ids (required, Array<String>) —
A list of security controls (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.

Returns:

(Types::BatchGetSecurityControlsResponse) —
Returns a response object which responds to the following methods:
- #security_controls => Array<Types::SecurityControl>
- #unprocessed_ids => Array<Types::UnprocessedSecurityControl>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 1294

def batch_get_security_controls(params = {}, options = {})
  req = build_request(:batch_get_security_controls, params)
  req.send_request(options)
end

#batch_get_standards_control_associations(params = {}) ⇒ `Types::BatchGetStandardsControlAssociationsResponse`

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the association has a NOT_READY_FOR_UPDATES value for StandardsControlsUpdatable.

Examples:

Example: To get enablement status of a batch of controls


# The following example retrieves the enablement status of the specified controls in the specified standards.

resp = client.batch_get_standards_control_associations({
  standards_control_association_ids: [
    {
      security_control_id: "CloudTrail.1", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
    }, 
    {
      security_control_id: "CloudWatch.12", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  standards_control_association_details: [
    {
      association_status: "ENABLED", 
      related_requirements: [
        "CIS AWS Foundations 2.1", 
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudTrail.1", 
      security_control_id: "CloudTrail.1", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      standards_control_description: "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", 
      standards_control_title: "Ensure CloudTrail is enabled in all regions", 
      updated_at: Time.parse("2022-01-13T18:52:29.539000+00:00"), 
    }, 
    {
      association_status: "ENABLED", 
      related_requirements: [
        "CIS AWS Foundations 3.12", 
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudWatch.12", 
      security_control_id: "CloudWatch.12", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      standards_control_description: "Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Network gateways are required to send/receive traffic to a destination outside of a VPC. It is recommended that a metric filter and alarm be established for changes to network gateways.", 
      standards_control_title: "Ensure a log metric filter and alarm exist for changes to network gateways", 
      updated_at: Time.parse("2022-01-13T18:52:29.686000+00:00"), 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_get_standards_control_associations({
  standards_control_association_ids: [ # required
    {
      security_control_id: "NonEmptyString", # required
      standards_arn: "NonEmptyString", # required
    },
  ],
})

Response structure


resp.standards_control_association_details #=> Array
resp.standards_control_association_details[0].standards_arn #=> String
resp.standards_control_association_details[0].security_control_id #=> String
resp.standards_control_association_details[0].security_control_arn #=> String
resp.standards_control_association_details[0].association_status #=> String, one of "ENABLED", "DISABLED"
resp.standards_control_association_details[0].related_requirements #=> Array
resp.standards_control_association_details[0].related_requirements[0] #=> String
resp.standards_control_association_details[0].updated_at #=> Time
resp.standards_control_association_details[0].updated_reason #=> String
resp.standards_control_association_details[0].standards_control_title #=> String
resp.standards_control_association_details[0].standards_control_description #=> String
resp.standards_control_association_details[0].standards_control_arns #=> Array
resp.standards_control_association_details[0].standards_control_arns[0] #=> String
resp.unprocessed_associations #=> Array
resp.unprocessed_associations[0].standards_control_association_id.security_control_id #=> String
resp.unprocessed_associations[0].standards_control_association_id.standards_arn #=> String
resp.unprocessed_associations[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED"
resp.unprocessed_associations[0].error_reason #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_control_association_ids (required, Array<Types::StandardsControlAssociationId>) —
An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.

Returns:

(Types::BatchGetStandardsControlAssociationsResponse) —
Returns a response object which responds to the following methods:
- #standards_control_association_details => Array<Types::StandardsControlAssociationDetail>
- #unprocessed_associations => Array<Types::UnprocessedStandardsControlAssociation>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 1403

def batch_get_standards_control_associations(params = {}, options = {})
  req = build_request(:batch_get_standards_control_associations, params)
  req.send_request(options)
end

#batch_import_findings(params = {}) ⇒ `Types::BatchImportFindingsResponse`

Imports security findings generated by a finding provider into Security Hub CSPM. This action is requested by the finding provider to import its findings into Security Hub CSPM.

BatchImportFindings must be called by one of the following:

The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.
An Amazon Web Services account that Security Hub CSPM has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub CSPM customers use to manage their investigation workflow.

Note
UserDefinedFields
VerificationState
Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

Confidence
Criticality
RelatedFindings
Severity
Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

Examples:

Example: To import security findings from a third party provider to Security Hub


# The following example imports findings from a third party provider to Security Hub.

resp = client.batch_import_findings({
  findings: [
    {
      aws_account_id: "123456789012", 
      created_at: "2020-05-27T17:05:54.832Z", 
      description: "Vulnerability in a CloudTrail trail", 
      finding_provider_fields: {
        severity: {
          label: "LOW", 
          original: "10", 
        }, 
        types: [
          "Software and Configuration Checks/Vulnerabilities/CVE", 
        ], 
      }, 
      generator_id: "TestGeneratorId", 
      id: "Id1", 
      product_arn: "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default", 
      resources: [
        {
          id: "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName", 
          partition: "aws", 
          region: "us-west-1", 
          type: "AwsCloudTrailTrail", 
        }, 
      ], 
      schema_version: "2018-10-08", 
      title: "CloudTrail trail vulnerability", 
      updated_at: "2020-06-02T16:05:54.832Z", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  failed_count: 123, 
  failed_findings: [
  ], 
  success_count: 123, 
}

Response structure


resp.failed_count #=> Integer
resp.success_count #=> Integer
resp.failed_findings #=> Array
resp.failed_findings[0].id #=> String
resp.failed_findings[0].error_code #=> String
resp.failed_findings[0].error_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:findings (required, Array<Types::AwsSecurityFinding>) —
A list of findings to import. To successfully import a finding, it must follow the Amazon Web Services Security Finding Format. Maximum of 100 findings per request.

Returns:

(Types::BatchImportFindingsResponse) —
Returns a response object which responds to the following methods:
- #failed_count => Integer
- #success_count => Integer
- #failed_findings => Array<Types::ImportFindingsError>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 1535

def batch_import_findings(params = {}, options = {})
  req = build_request(:batch_import_findings, params)
  req.send_request(options)
end

#batch_update_automation_rules(params = {}) ⇒ `Types::BatchUpdateAutomationRulesResponse`

Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.

Examples:

Example: To update one ore more automation rules


# The following example updates the specified automation rules.

resp = client.batch_update_automation_rules({
  update_automation_rules_request_items: [
    {
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      rule_order: 15, 
      rule_status: "ENABLED", 
    }, 
    {
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      rule_status: "DISABLED", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  processed_automation_rules: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
  ], 
}

Request syntax with placeholder values


resp = client.batch_update_automation_rules({
  update_automation_rules_request_items: [ # required
    {
      rule_arn: "NonEmptyString", # required
      rule_status: "ENABLED", # accepts ENABLED, DISABLED
      rule_order: 1,
      description: "NonEmptyString",
      rule_name: "NonEmptyString",
      is_terminal: false,
      criteria: {
        product_arn: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        aws_account_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        generator_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        type: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        first_observed_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        last_observed_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        created_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        updated_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        confidence: [
          {
            gte: 1.0,
            lte: 1.0,
            eq: 1.0,
            gt: 1.0,
            lt: 1.0,
          },
        ],
        criticality: [
          {
            gte: 1.0,
            lte: 1.0,
            eq: 1.0,
            gt: 1.0,
            lt: 1.0,
          },
        ],
        title: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        description: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        source_url: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        product_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        company_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        severity_label: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_type: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_partition: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_region: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_tags: [
          {
            key: "NonEmptyString",
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
          },
        ],
        resource_details_other: [
          {
            key: "NonEmptyString",
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
          },
        ],
        compliance_status: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        compliance_security_control_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        compliance_associated_standards_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        verification_state: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        workflow_status: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        record_state: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        related_findings_product_arn: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        related_findings_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        note_text: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        note_updated_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        note_updated_by: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        user_defined_fields: [
          {
            key: "NonEmptyString",
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
          },
        ],
        resource_application_arn: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_application_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        aws_account_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
      },
      actions: [
        {
          type: "FINDING_FIELDS_UPDATE", # accepts FINDING_FIELDS_UPDATE
          finding_fields_update: {
            note: {
              text: "NonEmptyString", # required
              updated_by: "NonEmptyString", # required
            },
            severity: {
              normalized: 1,
              product: 1.0,
              label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
            },
            verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
            confidence: 1,
            criticality: 1,
            types: ["NonEmptyString"],
            user_defined_fields: {
              "NonEmptyString" => "NonEmptyString",
            },
            workflow: {
              status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
            },
            related_findings: [
              {
                product_arn: "NonEmptyString", # required
                id: "NonEmptyString", # required
              },
            ],
          },
        },
      ],
    },
  ],
})

Response structure


resp.processed_automation_rules #=> Array
resp.processed_automation_rules[0] #=> String
resp.unprocessed_automation_rules #=> Array
resp.unprocessed_automation_rules[0].rule_arn #=> String
resp.unprocessed_automation_rules[0].error_code #=> Integer
resp.unprocessed_automation_rules[0].error_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:update_automation_rules_request_items (required, Array<Types::UpdateAutomationRulesRequestItem>) —
An array of ARNs for the rules that are to be updated. Optionally, you can also include RuleStatus and RuleOrder.

Returns:

(Types::BatchUpdateAutomationRulesResponse) —
Returns a response object which responds to the following methods:
- #processed_automation_rules => Array<String>
- #unprocessed_automation_rules => Array<Types::UnprocessedAutomationRule>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 1903

def batch_update_automation_rules(params = {}, options = {})
  req = build_request(:batch_update_automation_rules, params)
  req.send_request(options)
end

#batch_update_findings(params = {}) ⇒ `Types::BatchUpdateFindingsResponse`

Used by Security Hub CSPM customers to update information about their investigation into one or more findings. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. A member account can update findings only for their own account. Administrator and member accounts can use this operation to update the following fields and objects for one or more findings:

Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow

If you use this operation to update a finding, your updates don’t affect the value for the UpdatedAt field of the finding. Also note that it can take several minutes for Security Hub CSPM to process your request and update each finding specified in the request.

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. For more information see Configuring access to BatchUpdateFindings in the Security Hub CSPM User Guide.

Examples:

Example: To update Security Hub findings


# The following example updates Security Hub findings. The finding identifier parameter specifies which findings to
# update. Only specific finding fields can be updated with this operation.

resp = client.batch_update_findings({
  confidence: 80, 
  criticality: 80, 
  finding_identifiers: [
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
  ], 
  note: {
    text: "Known issue that is not a risk.", 
    updated_by: "user1", 
  }, 
  related_findings: [
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
  ], 
  severity: {
    label: "LOW", 
  }, 
  types: [
    "Software and Configuration Checks/Vulnerabilities/CVE", 
  ], 
  user_defined_fields: {
    "reviewedByCio" => "true", 
  }, 
  verification_state: "TRUE_POSITIVE", 
  workflow: {
    status: "RESOLVED", 
  }, 
})

resp.to_h outputs the following:
{
  processed_findings: [
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
  ], 
  unprocessed_findings: [
  ], 
}

Request syntax with placeholder values


resp = client.batch_update_findings({
  finding_identifiers: [ # required
    {
      id: "NonEmptyString", # required
      product_arn: "NonEmptyString", # required
    },
  ],
  note: {
    text: "NonEmptyString", # required
    updated_by: "NonEmptyString", # required
  },
  severity: {
    normalized: 1,
    product: 1.0,
    label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
  },
  verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
  confidence: 1,
  criticality: 1,
  types: ["NonEmptyString"],
  user_defined_fields: {
    "NonEmptyString" => "NonEmptyString",
  },
  workflow: {
    status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
  },
  related_findings: [
    {
      product_arn: "NonEmptyString", # required
      id: "NonEmptyString", # required
    },
  ],
})

Response structure


resp.processed_findings #=> Array
resp.processed_findings[0].id #=> String
resp.processed_findings[0].product_arn #=> String
resp.unprocessed_findings #=> Array
resp.unprocessed_findings[0].finding_identifier.id #=> String
resp.unprocessed_findings[0].finding_identifier.product_arn #=> String
resp.unprocessed_findings[0].error_code #=> String
resp.unprocessed_findings[0].error_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:finding_identifiers (required, Array<Types::AwsSecurityFindingIdentifier>) —
The list of findings to update. BatchUpdateFindings can be used to update up to 100 findings at a time.

For each finding, the list provides the finding identifier and the ARN of the finding provider.
:note (Types::NoteUpdate) —
The updated note.
:severity (Types::SeverityUpdate) —
Used to update the finding severity.
:verification_state (String) —
Indicates the veracity of a finding.

The available values for VerificationState are as follows.
- UNKNOWN – The default disposition of a security finding
- TRUE_POSITIVE – The security finding is confirmed
- FALSE_POSITIVE – The security finding was determined to be a false alarm
- BENIGN_POSITIVE – A special case of TRUE_POSITIVE where the finding doesn't pose any threat, is expected, or both
:confidence (Integer) —
The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
:criticality (Integer) —
The updated value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
:types (Array<String>) —
One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are as follows.
- Software and Configuration Checks
- TTPs
- Effects
- Unusual Behaviors
- Sensitive Data Identifications
:user_defined_fields (Hash<String,String>) —
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
:workflow (Types::WorkflowUpdate) —
Used to update the workflow status of a finding.

The workflow status indicates the progress of the investigation into the finding.
:related_findings (Array<Types::RelatedFinding>) —
A list of findings that are related to the updated findings.

Returns:

(Types::BatchUpdateFindingsResponse) —
Returns a response object which responds to the following methods:
- #processed_findings => Array<Types::AwsSecurityFindingIdentifier>
- #unprocessed_findings => Array<Types::BatchUpdateFindingsUnprocessedFinding>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 2137

def batch_update_findings(params = {}, options = {})
  req = build_request(:batch_update_findings, params)
  req.send_request(options)
end

#batch_update_findings_v2(params = {}) ⇒ `Types::BatchUpdateFindingsV2Response`

Updates information about a customer's investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account.

BatchUpdateFindings and BatchUpdateFindingsV2 both use securityhub:BatchUpdateFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:BatchUpdateFindings action. You can configure IAM policies to restrict access to specific finding fields or field values by using the securityhub:OCSFSyntaxPath/<fieldName> condition key, where <fieldName> is one of the following supported fields: SeverityId, StatusId, or Comment.

To prevent a user from updating a specific field, use a Null condition with securityhub:OCSFSyntaxPath/<fieldName> set to "false". To prevent a user from setting a field to a specific value, use a StringEquals condition with securityhub:OCSFSyntaxPath/<fieldName> set to the disallowed value or list of values.

Updates from BatchUpdateFindingsV2 don't affect the value of finding_info.modified_time, finding_info.modified_time_dt, time, or time_dt for a finding.

Examples:

Request syntax with placeholder values


resp = client.batch_update_findings_v2({
  metadata_uids: ["NonEmptyString"],
  finding_identifiers: [
    {
      cloud_account_uid: "NonEmptyString", # required
      finding_info_uid: "NonEmptyString", # required
      metadata_product_uid: "NonEmptyString", # required
    },
  ],
  comment: "NonEmptyString",
  severity_id: 1,
  status_id: 1,
})

Response structure


resp.processed_findings #=> Array
resp.processed_findings[0].finding_identifier.cloud_account_uid #=> String
resp.processed_findings[0].finding_identifier.finding_info_uid #=> String
resp.processed_findings[0].finding_identifier.metadata_product_uid #=> String
resp.processed_findings[0].metadata_uid #=> String
resp.unprocessed_findings #=> Array
resp.unprocessed_findings[0].finding_identifier.cloud_account_uid #=> String
resp.unprocessed_findings[0].finding_identifier.finding_info_uid #=> String
resp.unprocessed_findings[0].finding_identifier.metadata_product_uid #=> String
resp.unprocessed_findings[0].metadata_uid #=> String
resp.unprocessed_findings[0].error_code #=> String, one of "ResourceNotFoundException", "ValidationException", "InternalServerException", "ConflictException"
resp.unprocessed_findings[0].error_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:metadata_uids (Array<String>) —
The list of finding metadata.uid to indicate findings to update. Finding metadata.uid is a globally unique identifier associated with the finding. Customers cannot use MetadataUids together with FindingIdentifiers.
:finding_identifiers (Array<Types::OcsfFindingIdentifier>) —
Provides information to identify a specific V2 finding.
:comment (String) —
The updated value for a user provided comment about the finding. Minimum character length 1. Maximum character length 512.
:severity_id (Integer) —
The updated value for the normalized severity identifier. The severity ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 6, 99]. When customer provides the updated severity ID, the string sibling severity will automatically be updated in the finding.
:status_id (Integer) —
The updated value for the normalized status identifier. The status ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 99]. When customer provides the updated status ID, the string sibling status will automatically be updated in the finding.

Returns:

(Types::BatchUpdateFindingsV2Response) —
Returns a response object which responds to the following methods:
- #processed_findings => Array<Types::BatchUpdateFindingsV2ProcessedFinding>
- #unprocessed_findings => Array<Types::BatchUpdateFindingsV2UnprocessedFinding>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 2232

def batch_update_findings_v2(params = {}, options = {})
  req = build_request(:batch_update_findings_v2, params)
  req.send_request(options)
end

#batch_update_standards_control_associations(params = {}) ⇒ `Types::BatchUpdateStandardsControlAssociationsResponse`

For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

Examples:

Example: To update enablement status of a batch of controls


# The following example disables CloudWatch.12 in CIS AWS Foundations Benchmark v1.2.0. The example returns an error for
# CloudTrail.1 because an invalid standard ARN is provided.

resp = client.batch_update_standards_control_associations({
  standards_control_association_updates: [
    {
      association_status: "DISABLED", 
      security_control_id: "CloudTrail.1", 
      standards_arn: "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0", 
      updated_reason: "Not relevant to environment", 
    }, 
    {
      association_status: "DISABLED", 
      security_control_id: "CloudWatch.12", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      updated_reason: "Not relevant to environment", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_association_updates: [
    {
      error_code: "INVALID_INPUT", 
      error_reason: "Invalid Standards Arn: 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0'", 
      standards_control_association_update: {
        association_status: "DISABLED", 
        security_control_id: "CloudTrail.1", 
        standards_arn: "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0", 
        updated_reason: "Test Reason", 
      }, 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_update_standards_control_associations({
  standards_control_association_updates: [ # required
    {
      standards_arn: "NonEmptyString", # required
      security_control_id: "NonEmptyString", # required
      association_status: "ENABLED", # required, accepts ENABLED, DISABLED
      updated_reason: "NonEmptyString",
    },
  ],
})

Response structure


resp.unprocessed_association_updates #=> Array
resp.unprocessed_association_updates[0].standards_control_association_update.standards_arn #=> String
resp.unprocessed_association_updates[0].standards_control_association_update.security_control_id #=> String
resp.unprocessed_association_updates[0].standards_control_association_update.association_status #=> String, one of "ENABLED", "DISABLED"
resp.unprocessed_association_updates[0].standards_control_association_update.updated_reason #=> String
resp.unprocessed_association_updates[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED"
resp.unprocessed_association_updates[0].error_reason #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_control_association_updates (required, Array<Types::StandardsControlAssociationUpdate>) —
Updates the enablement status of a security control in a specified standard.

Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the control has StandardsControlsUpdatable value NOT_READY_FOR_UPDATES.

Returns:

(Types::BatchUpdateStandardsControlAssociationsResponse) —
Returns a response object which responds to the following methods:
- #unprocessed_association_updates => Array<Types::UnprocessedStandardsControlAssociationUpdate>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 2318

def batch_update_standards_control_associations(params = {}, options = {})
  req = build_request(:batch_update_standards_control_associations, params)
  req.send_request(options)
end

#create_action_target(params = {}) ⇒ `Types::CreateActionTargetResponse`

Creates a custom action target in Security Hub CSPM.

You can use custom actions on findings and insights in Security Hub CSPM to trigger target actions in Amazon CloudWatch Events.

Examples:

Example: To create a custom action target


# The following example creates a custom action target in Security Hub. Custom actions on findings and insights
# automatically trigger actions in Amazon CloudWatch Events.

resp = client.create_action_target({
  description: "Action to send the finding for remediation tracking", 
  id: "Remediation", 
  name: "Send to remediation", 
})

resp.to_h outputs the following:
{
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
}

Request syntax with placeholder values


resp = client.create_action_target({
  name: "NonEmptyString", # required
  description: "NonEmptyString", # required
  id: "NonEmptyString", # required
})

Response structure


resp.action_target_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:name (required, String) —
The name of the custom action target. Can contain up to 20 characters.
:description (required, String) —
The description for the custom action target.
:id (required, String) —
The ID for the custom action target. Can contain up to 20 alphanumeric characters.

Returns:

(Types::CreateActionTargetResponse) —
Returns a response object which responds to the following methods:
- #action_target_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 2375

def create_action_target(params = {}, options = {})
  req = build_request(:create_action_target, params)
  req.send_request(options)
end

#create_aggregator_v2(params = {}) ⇒ `Types::CreateAggregatorV2Response`

Enables aggregation across Amazon Web Services Regions.

Examples:

Request syntax with placeholder values


resp = client.create_aggregator_v2({
  region_linking_mode: "NonEmptyString", # required
  linked_regions: ["NonEmptyString"],
  tags: {
    "TagKey" => "TagValue",
  },
  client_token: "ClientToken",
})

Response structure


resp.aggregator_v2_arn #=> String
resp.aggregation_region #=> String
resp.region_linking_mode #=> String
resp.linked_regions #=> Array
resp.linked_regions[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:region_linking_mode (required, String) —
Determines how Regions are linked to an Aggregator V2.
:linked_regions (Array<String>) —
The list of Regions that are linked to the aggregation Region.
:tags (Hash<String,String>) —
A list of key-value pairs to be applied to the AggregatorV2.
:client_token (String) —
A unique identifier used to ensure idempotency.

A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

(Types::CreateAggregatorV2Response) —
Returns a response object which responds to the following methods:
- #aggregator_v2_arn => String
- #aggregation_region => String
- #region_linking_mode => String
- #linked_regions => Array<String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 2427

def create_aggregator_v2(params = {}, options = {})
  req = build_request(:create_aggregator_v2, params)
  req.send_request(options)
end

#create_automation_rule(params = {}) ⇒ `Types::CreateAutomationRuleResponse`

Creates an automation rule based on input parameters.

Examples:

Example: To create an automation rule


# The following example creates an automation rule.

resp = client.create_automation_rule({
  actions: [
    {
      finding_fields_update: {
        note: {
          text: "This is a critical S3 bucket, please look into this ASAP", 
          updated_by: "test-user", 
        }, 
        severity: {
          label: "CRITICAL", 
        }, 
      }, 
      type: "FINDING_FIELDS_UPDATE", 
    }, 
  ], 
  criteria: {
    compliance_status: [
      {
        comparison: "EQUALS", 
        value: "FAILED", 
      }, 
    ], 
    product_name: [
      {
        comparison: "EQUALS", 
        value: "Security Hub", 
      }, 
    ], 
    record_state: [
      {
        comparison: "EQUALS", 
        value: "ACTIVE", 
      }, 
    ], 
    resource_id: [
      {
        comparison: "EQUALS", 
        value: "arn:aws:s3:::examplebucket/developers/design_info.doc", 
      }, 
    ], 
    workflow_status: [
      {
        comparison: "EQUALS", 
        value: "NEW", 
      }, 
    ], 
  }, 
  description: "Elevate finding severity to Critical for important resources", 
  is_terminal: false, 
  rule_name: "Elevate severity for important resources", 
  rule_order: 1, 
  rule_status: "ENABLED", 
  tags: {
    "important-resources-rule" => "s3-bucket", 
  }, 
})

resp.to_h outputs the following:
{
  rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
}

Request syntax with placeholder values


resp = client.create_automation_rule({
  tags: {
    "TagKey" => "TagValue",
  },
  rule_status: "ENABLED", # accepts ENABLED, DISABLED
  rule_order: 1, # required
  rule_name: "NonEmptyString", # required
  description: "NonEmptyString", # required
  is_terminal: false,
  criteria: { # required
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  actions: [ # required
    {
      type: "FINDING_FIELDS_UPDATE", # accepts FINDING_FIELDS_UPDATE
      finding_fields_update: {
        note: {
          text: "NonEmptyString", # required
          updated_by: "NonEmptyString", # required
        },
        severity: {
          normalized: 1,
          product: 1.0,
          label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
        },
        verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
        confidence: 1,
        criticality: 1,
        types: ["NonEmptyString"],
        user_defined_fields: {
          "NonEmptyString" => "NonEmptyString",
        },
        workflow: {
          status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
        },
        related_findings: [
          {
            product_arn: "NonEmptyString", # required
            id: "NonEmptyString", # required
          },
        ],
      },
    },
  ],
})

Response structure


resp.rule_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:tags (Hash<String,String>) —
User-defined tags associated with an automation rule.
:rule_status (String) —
Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub CSPM starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use BatchUpdateAutomationRules .
:rule_order (required, Integer) —
An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub CSPM applies rules with lower values for this parameter first.
:rule_name (required, String) —
The name of the rule.
:description (required, String) —
A description of the rule.
:is_terminal (Boolean) —
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub CSPM applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
:criteria (required, Types::AutomationRulesFindingFilters) —
A set of ASFF finding field attributes and corresponding expected values that Security Hub CSPM uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub CSPM applies the rule action to the finding.
:actions (required, Array<Types::AutomationRulesAction>) —
One or more actions to update finding fields if a finding matches the conditions specified in Criteria.

Returns:

(Types::CreateAutomationRuleResponse) —
Returns a response object which responds to the following methods:
- #rule_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 2866

def create_automation_rule(params = {}, options = {})
  req = build_request(:create_automation_rule, params)
  req.send_request(options)
end

#create_automation_rule_v2(params = {}) ⇒ `Types::CreateAutomationRuleV2Response`

Creates a V2 automation rule.

Examples:

Request syntax with placeholder values


resp = client.create_automation_rule_v2({
  rule_name: "NonEmptyString", # required
  rule_status: "ENABLED", # accepts ENABLED, DISABLED
  description: "NonEmptyString", # required
  rule_order: 1.0, # required
  criteria: { # required
    ocsf_finding_criteria: {
      composite_filters: [
        {
          string_filters: [
            {
              field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
              filter: {
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
              },
            },
          ],
          date_filters: [
            {
              field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
              filter: {
                start: "NonEmptyString",
                end: "NonEmptyString",
                date_range: {
                  value: 1,
                  unit: "DAYS", # accepts DAYS
                  comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                },
              },
            },
          ],
          boolean_filters: [
            {
              field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
              filter: {
                value: false,
              },
            },
          ],
          number_filters: [
            {
              field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
              filter: {
                gte: 1.0,
                lte: 1.0,
                eq: 1.0,
                gt: 1.0,
                lt: 1.0,
              },
            },
          ],
          map_filters: [
            {
              field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
              filter: {
                key: "NonEmptyString",
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
              },
            },
          ],
          ip_filters: [
            {
              field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
              filter: {
                cidr: "NonEmptyString",
              },
            },
          ],
          nested_composite_filters: {
            # recursive CompositeFilterList
          },
          operator: "AND", # accepts AND, OR
        },
      ],
      composite_operator: "AND", # accepts AND, OR
    },
  },
  actions: [ # required
    {
      type: "FINDING_FIELDS_UPDATE", # required, accepts FINDING_FIELDS_UPDATE, EXTERNAL_INTEGRATION
      finding_fields_update: {
        severity_id: 1,
        comment: "NonEmptyString",
        status_id: 1,
      },
      external_integration_configuration: {
        connector_arn: "NonEmptyString",
      },
    },
  ],
  tags: {
    "TagKey" => "TagValue",
  },
  client_token: "ClientToken",
})

Response structure


resp.rule_arn #=> String
resp.rule_id #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:rule_name (required, String) —
The name of the V2 automation rule.
:rule_status (String) —
The status of the V2 automation rule.
:description (required, String) —
A description of the V2 automation rule.
:rule_order (required, Float) —
The value for the rule priority.
:criteria (required, Types::Criteria) —
The filtering type and configuration of the automation rule.
:actions (required, Array<Types::AutomationRulesActionV2>) —
A list of actions to be performed when the rule criteria is met.
:tags (Hash<String,String>) —
A list of key-value pairs associated with the V2 automation rule.
:client_token (String) —
A unique identifier used to ensure idempotency.

A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

(Types::CreateAutomationRuleV2Response) —
Returns a response object which responds to the following methods:
- #rule_arn => String
- #rule_id => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 3014

def create_automation_rule_v2(params = {}, options = {})
  req = build_request(:create_automation_rule_v2, params)
  req.send_request(options)
end

#create_configuration_policy(params = {}) ⇒ `Types::CreateConfigurationPolicyResponse`

Creates a configuration policy with the defined configuration. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To create a configuration policy


# This operation creates a configuration policy in Security Hub.

resp = client.create_configuration_policy({
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 14, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  description: "Configuration policy for testing FSBP and CIS", 
  name: "TestConfigurationPolicy", 
})

resp.to_h outputs the following:
{
  arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 14, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  created_at: Time.parse("2023-01-11T06:17:17.154Z"), 
  description: "Configuration policy for testing FSBP and CIS", 
  id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values


resp = client.create_configuration_policy({
  name: "NonEmptyString", # required
  description: "NonEmptyString",
  configuration_policy: { # required
    security_hub: {
      service_enabled: false,
      enabled_standard_identifiers: ["NonEmptyString"],
      security_controls_configuration: {
        enabled_security_control_identifiers: ["NonEmptyString"],
        disabled_security_control_identifiers: ["NonEmptyString"],
        security_control_custom_parameters: [
          {
            security_control_id: "NonEmptyString",
            parameters: {
              "NonEmptyString" => {
                value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
                value: {
                  integer: 1,
                  integer_list: [1],
                  double: 1.0,
                  string: "NonEmptyString",
                  string_list: ["NonEmptyString"],
                  boolean: false,
                  enum: "NonEmptyString",
                  enum_list: ["NonEmptyString"],
                },
              },
            },
          },
        ],
      },
    },
  },
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.arn #=> String
resp.id #=> String
resp.name #=> String
resp.description #=> String
resp.updated_at #=> Time
resp.created_at #=> Time
resp.configuration_policy.security_hub.service_enabled #=> Boolean
resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:name (required, String) —
The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.
:description (String) —
The description of the configuration policy.
:configuration_policy (required, Types::Policy) —
An object that defines how Security Hub CSPM is configured. It includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).
:tags (Hash<String,String>) —
User-defined tags associated with a configuration policy. For more information, see Tagging Security Hub CSPM resources in the Security Hub CSPM user guide.

Returns:

(Types::CreateConfigurationPolicyResponse) —
Returns a response object which responds to the following methods:
- #arn => String
- #id => String
- #name => String
- #description => String
- #updated_at => Time
- #created_at => Time
- #configuration_policy => Types::Policy

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 3210

def create_configuration_policy(params = {}, options = {})
  req = build_request(:create_configuration_policy, params)
  req.send_request(options)
end

#create_connector_v2(params = {}) ⇒ `Types::CreateConnectorV2Response`

Grants permission to create a connectorV2 based on input parameters.

Examples:

Request syntax with placeholder values


resp = client.create_connector_v2({
  name: "NonEmptyString", # required
  description: "NonEmptyString",
  provider: { # required
    jira_cloud: {
      project_key: "NonEmptyString",
    },
    service_now: {
      instance_name: "NonEmptyString", # required
      secret_arn: "NonEmptyString", # required
    },
  },
  kms_key_arn: "NonEmptyString",
  tags: {
    "TagKey" => "TagValue",
  },
  client_token: "ClientToken",
})

Response structure


resp.connector_arn #=> String
resp.connector_id #=> String
resp.auth_url #=> String
resp.connector_status #=> String, one of "CONNECTED", "FAILED_TO_CONNECT", "PENDING_CONFIGURATION", "PENDING_AUTHORIZATION"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:name (required, String) —
The unique name of the connectorV2.
:description (String) —
The description of the connectorV2.
:provider (required, Types::ProviderConfiguration) —
The third-party provider’s service configuration.
:kms_key_arn (String) —
The Amazon Resource Name (ARN) of KMS key used to encrypt secrets for the connectorV2.
:tags (Hash<String,String>) —
The tags to add to the connectorV2 when you create.
:client_token (String) —
A unique identifier used to ensure idempotency.

A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

(Types::CreateConnectorV2Response) —
Returns a response object which responds to the following methods:
- #connector_arn => String
- #connector_id => String
- #auth_url => String
- #connector_status => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 3278

def create_connector_v2(params = {}, options = {})
  req = build_request(:create_connector_v2, params)
  req.send_request(options)
end

#create_finding_aggregator(params = {}) ⇒ `Types::CreateFindingAggregatorResponse`

The aggregation Region is now called the home Region.

Used to enable cross-Region aggregation. This operation can be invoked from the home Region only.

For information about how cross-Region aggregation works, see Understanding cross-Region aggregation in Security Hub CSPM in the Security Hub CSPM User Guide.

Examples:

Example: To enable cross-Region aggregation


# The following example creates a finding aggregator. This is required to enable cross-Region aggregation.

resp = client.create_finding_aggregator({
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
})

resp.to_h outputs the following:
{
  finding_aggregation_region: "us-east-1", 
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
}

Request syntax with placeholder values


resp = client.create_finding_aggregator({
  region_linking_mode: "NonEmptyString", # required
  regions: ["NonEmptyString"],
})

Response structure


resp.finding_aggregator_arn #=> String
resp.finding_aggregation_region #=> String
resp.region_linking_mode #=> String
resp.regions #=> Array
resp.regions[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:region_linking_mode (required, String) —
Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub CSPM supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:
- ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub CSPM is enabled. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.
- ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub CSPM is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.
- SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub CSPM does not automatically aggregate findings from new Regions.
- NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.
:regions (Array<String>) —
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

Returns:

(Types::CreateFindingAggregatorResponse) —
Returns a response object which responds to the following methods:
- #finding_aggregator_arn => String
- #finding_aggregation_region => String
- #region_linking_mode => String
- #regions => Array<String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 3389

def create_finding_aggregator(params = {}, options = {})
  req = build_request(:create_finding_aggregator, params)
  req.send_request(options)
end

#create_insight(params = {}) ⇒ `Types::CreateInsightResponse`

Creates a custom insight in Security Hub CSPM. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

To group the related findings in the insight, use the GroupByAttribute.

Examples:

Example: To create a custom insight


# The following example creates a custom insight in Security Hub. An insight is a collection of findings that relate to a
# security issue.

resp = client.create_insight({
  filters: {
    resource_type: [
      {
        comparison: "EQUALS", 
        value: "AwsIamRole", 
      }, 
    ], 
    severity_label: [
      {
        comparison: "EQUALS", 
        value: "CRITICAL", 
      }, 
    ], 
  }, 
  group_by_attribute: "ResourceId", 
  name: "Critical role findings", 
})

resp.to_h outputs the following:
{
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
}

Request syntax with placeholder values


resp = client.create_insight({
  name: "NonEmptyString", # required
  filters: { # required
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  group_by_attribute: "NonEmptyString", # required
})

Response structure


resp.insight_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:name (required, String) —
The name of the custom insight to create.
:filters (required, Types::AwsSecurityFindingFilters) —
One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.
:group_by_attribute (required, String) —
The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.

Returns:

(Types::CreateInsightResponse) —
Returns a response object which responds to the following methods:
- #insight_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4171

def create_insight(params = {}, options = {})
  req = build_request(:create_insight, params)
  req.send_request(options)
end

#create_members(params = {}) ⇒ `Types::CreateMembersResponse`

Creates a member association in Security Hub CSPM between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

CreateMembers is always used to add accounts that are not organization members.

For accounts that are managed using Organizations, CreateMembers is only used in the following cases:

Security Hub CSPM is not configured to automatically add new organization accounts.
The account was disassociated or deleted in Security Hub CSPM.

This action can only be used by an account that has Security Hub CSPM enabled. To enable Security Hub CSPM, you can use the EnableSecurityHub operation.

For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub CSPM.

Accounts that are managed using Organizations don't receive an invitation. They automatically become a member account in Security Hub CSPM.

If the organization account does not have Security Hub CSPM enabled, then Security Hub CSPM and the default standards are automatically enabled. Note that Security Hub CSPM cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub CSPM before the administrator account enables it as a member account.
For organization accounts that already have Security Hub CSPM enabled, Security Hub CSPM does not make any other changes to those accounts. It does not change their enabled standards or controls.

A permissions policy is added that permits the administrator account to view the findings generated in the member account.

To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

Examples:

Example: To add a member account


# The following example creates a member association between the specified accounts and the administrator account (the
# account that makes the request). This operation is used to add accounts that aren't part of an organization.

resp = client.create_members({
  account_details: [
    {
      account_id: "123456789012", 
    }, 
    {
      account_id: "111122223333", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values


resp = client.create_members({
  account_details: [ # required
    {
      account_id: "AccountId", # required
      email: "NonEmptyString",
    },
  ],
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_details (required, Array<Types::AccountDetails>) —
The list of accounts to associate with the Security Hub CSPM administrator account. For each account, the list includes the account ID and optionally the email address.

Returns:

(Types::CreateMembersResponse) —
Returns a response object which responds to the following methods:
- #unprocessed_accounts => Array<Types::Result>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4278

def create_members(params = {}, options = {})
  req = build_request(:create_members, params)
  req.send_request(options)
end

#create_ticket_v2(params = {}) ⇒ `Types::CreateTicketV2Response`

Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID.

Examples:

Request syntax with placeholder values


resp = client.create_ticket_v2({
  connector_id: "NonEmptyString", # required
  finding_metadata_uid: "NonEmptyString", # required
  client_token: "ClientToken",
  mode: "DRYRUN", # accepts DRYRUN
})

Response structure


resp.ticket_id #=> String
resp.ticket_src_url #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:connector_id (required, String) —
The UUID of the connectorV2 to identify connectorV2 resource.
:finding_metadata_uid (required, String) —
The the unique ID for the finding.
:client_token (String) —
The client idempotency token.

A suitable default value is auto-generated. You should normally not need to pass this option.**
:mode (String) —
The mode for ticket creation. When set to DRYRUN, the ticket is created using a Security Hub owned template test finding to verify the integration is working correctly.

Returns:

(Types::CreateTicketV2Response) —
Returns a response object which responds to the following methods:
- #ticket_id => String
- #ticket_src_url => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4326

def create_ticket_v2(params = {}, options = {})
  req = build_request(:create_ticket_v2, params)
  req.send_request(options)
end

#decline_invitations(params = {}) ⇒ `Types::DeclineInvitationsResponse`

Declines invitations to become a Security Hub CSPM member account.

A prospective member account uses this operation to decline an invitation to become a member.

Only member accounts that aren't part of an Amazon Web Services organization should use this operation. Organization accounts don't receive invitations.

Examples:

Example: To decline invitation to become a member account


# The following example declines an invitation from the Security Hub administrator account to become a member account. The
# invited account makes the request.

resp = client.decline_invitations({
  account_ids: [
    "123456789012", 
    "111122223333", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values


resp = client.decline_invitations({
  account_ids: ["NonEmptyString"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_ids (required, Array<String>) —
The list of prospective member account IDs for which to decline an invitation.

Returns:

(Types::DeclineInvitationsResponse) —
Returns a response object which responds to the following methods:
- #unprocessed_accounts => Array<Types::Result>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4394

def decline_invitations(params = {}, options = {})
  req = build_request(:decline_invitations, params)
  req.send_request(options)
end

#delete_action_target(params = {}) ⇒ `Types::DeleteActionTargetResponse`

Deletes a custom action target from Security Hub CSPM.

Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.

Examples:

Example: To delete a custom action target


# The following example deletes a custom action target that triggers target actions in Amazon CloudWatch Events. Deleting
# a custom action target doesn't affect findings or insights that were already sent to CloudWatch Events based on the
# custom action.

resp = client.delete_action_target({
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
})

resp.to_h outputs the following:
{
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
}

Request syntax with placeholder values


resp = client.delete_action_target({
  action_target_arn: "NonEmptyString", # required
})

Response structure


resp.action_target_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:action_target_arn (required, String) —
The Amazon Resource Name (ARN) of the custom action target to delete.

Returns:

(Types::DeleteActionTargetResponse) —
Returns a response object which responds to the following methods:
- #action_target_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4442

def delete_action_target(params = {}, options = {})
  req = build_request(:delete_action_target, params)
  req.send_request(options)
end

#delete_aggregator_v2(params = {}) ⇒ `Struct`

Deletes the Aggregator V2.

Examples:

Request syntax with placeholder values


resp = client.delete_aggregator_v2({
  aggregator_v2_arn: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:aggregator_v2_arn (required, String) —
The ARN of the Aggregator V2.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4464

def delete_aggregator_v2(params = {}, options = {})
  req = build_request(:delete_aggregator_v2, params)
  req.send_request(options)
end

#delete_automation_rule_v2(params = {}) ⇒ `Struct`

Deletes a V2 automation rule.

Examples:

Request syntax with placeholder values


resp = client.delete_automation_rule_v2({
  identifier: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:identifier (required, String) —
The ARN of the V2 automation rule.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4486

def delete_automation_rule_v2(params = {}, options = {})
  req = build_request(:delete_automation_rule_v2, params)
  req.send_request(options)
end

#delete_configuration_policy(params = {}) ⇒ `Struct`

Deletes a configuration policy. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region. For the deletion to succeed, you must first disassociate a configuration policy from target accounts, organizational units, or the root by invoking the StartConfigurationPolicyDisassociation operation.

Examples:

Example: To delete a configuration policy


# This operation deletes the specified configuration policy.

resp = client.delete_configuration_policy({
  identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

Request syntax with placeholder values


resp = client.delete_configuration_policy({
  identifier: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:identifier (required, String) —
The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4522

def delete_configuration_policy(params = {}, options = {})
  req = build_request(:delete_configuration_policy, params)
  req.send_request(options)
end

#delete_connector_v2(params = {}) ⇒ `Struct`

Grants permission to delete a connectorV2.

Examples:

Request syntax with placeholder values


resp = client.delete_connector_v2({
  connector_id: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:connector_id (required, String) —
The UUID of the connectorV2 to identify connectorV2 resource.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4544

def delete_connector_v2(params = {}, options = {})
  req = build_request(:delete_connector_v2, params)
  req.send_request(options)
end

#delete_finding_aggregator(params = {}) ⇒ `Struct`

The aggregation Region is now called the home Region.

Deletes a finding aggregator. When you delete the finding aggregator, you stop cross-Region aggregation. Finding replication stops occurring from the linked Regions to the home Region.

When you stop cross-Region aggregation, findings that were already replicated and sent to the home Region are still visible from the home Region. However, new findings and finding updates are no longer replicated and sent to the home Region.

Examples:

Example: To delete a finding aggregator


# The following example deletes a finding aggregator in Security Hub. Deleting the finding aggregator stops cross-Region
# aggregation. This operation produces no output.

resp = client.delete_finding_aggregator({
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

Request syntax with placeholder values


resp = client.delete_finding_aggregator({
  finding_aggregator_arn: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:finding_aggregator_arn (required, String) —
The ARN of the finding aggregator to delete. To obtain the ARN, use ListFindingAggregators.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4588

def delete_finding_aggregator(params = {}, options = {})
  req = build_request(:delete_finding_aggregator, params)
  req.send_request(options)
end

#delete_insight(params = {}) ⇒ `Types::DeleteInsightResponse`

Deletes the insight specified by the InsightArn.

Examples:

Example: To delete a custom insight


# The following example deletes a custom insight in Security Hub.

resp = client.delete_insight({
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  insight_arn: "arn:aws:securityhub:eu-central-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
}

Request syntax with placeholder values


resp = client.delete_insight({
  insight_arn: "NonEmptyString", # required
})

Response structure


resp.insight_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:insight_arn (required, String) —
The ARN of the insight to delete.

Returns:

(Types::DeleteInsightResponse) —
Returns a response object which responds to the following methods:
- #insight_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4630

def delete_insight(params = {}, options = {})
  req = build_request(:delete_insight, params)
  req.send_request(options)
end

#delete_invitations(params = {}) ⇒ `Types::DeleteInvitationsResponse`

Deletes invitations to become a Security Hub CSPM member account.

A Security Hub CSPM administrator account can use this operation to delete invitations sent to one or more prospective member accounts.

This operation is only used to delete invitations that are sent to prospective member accounts that aren't part of an Amazon Web Services organization. Organization accounts don't receive invitations.

Examples:

Example: To delete a custom insight


# The following example deletes an invitation sent by the Security Hub administrator account to a prospective member
# account. This operation is used only for invitations sent to accounts that aren't part of an organization. Organization
# accounts don't receive invitations.

resp = client.delete_invitations({
  account_ids: [
    "123456789012", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values


resp = client.delete_invitations({
  account_ids: ["NonEmptyString"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_ids (required, Array<String>) —
The list of member account IDs that received the invitations you want to delete.

Returns:

(Types::DeleteInvitationsResponse) —
Returns a response object which responds to the following methods:
- #unprocessed_accounts => Array<Types::Result>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4699

def delete_invitations(params = {}, options = {})
  req = build_request(:delete_invitations, params)
  req.send_request(options)
end

#delete_members(params = {}) ⇒ `Types::DeleteMembersResponse`

Deletes the specified member accounts from Security Hub CSPM.

You can invoke this API only to delete accounts that became members through invitation. You can't invoke this API to delete accounts that belong to an Organizations organization.

Examples:

Example: To delete a member account


# The following example deletes the specified member account from Security Hub. This operation can be used to delete
# member accounts that are part of an organization or that were invited manually.

resp = client.delete_members({
  account_ids: [
    "123456789111", 
    "123456789222", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values


resp = client.delete_members({
  account_ids: ["NonEmptyString"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_ids (required, Array<String>) —
The list of account IDs for the member accounts to delete.

Returns:

(Types::DeleteMembersResponse) —
Returns a response object which responds to the following methods:
- #unprocessed_accounts => Array<Types::Result>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4752

def delete_members(params = {}, options = {})
  req = build_request(:delete_members, params)
  req.send_request(options)
end

#describe_action_targets(params = {}) ⇒ `Types::DescribeActionTargetsResponse`

Returns a list of the custom action targets in Security Hub CSPM in your account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To return custom action targets


# The following example returns a list of custom action targets. You use custom actions on findings and insights in
# Security Hub to trigger target actions in Amazon CloudWatch Events.

resp = client.describe_action_targets({
  action_target_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
  ], 
})

resp.to_h outputs the following:
{
  action_targets: [
    {
      action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
      description: "Action to send the finding for remediation tracking", 
      name: "Send to remediation", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.describe_action_targets({
  action_target_arns: ["NonEmptyString"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.action_targets #=> Array
resp.action_targets[0].action_target_arn #=> String
resp.action_targets[0].name #=> String
resp.action_targets[0].description #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:action_target_arns (Array<String>) —
A list of custom action target ARNs for the custom action targets to retrieve.
:next_token (String) —
The token that is required for pagination. On your first call to the DescribeActionTargets operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of results to return.

Returns:

(Types::DescribeActionTargetsResponse) —
Returns a response object which responds to the following methods:
- #action_targets => Array<Types::ActionTarget>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4826

def describe_action_targets(params = {}, options = {})
  req = build_request(:describe_action_targets, params)
  req.send_request(options)
end

#describe_hub(params = {}) ⇒ `Types::DescribeHubResponse`

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub CSPM.

Examples:

Example: To return details about Hub resource


# The following example returns details about the Hub resource in the calling account. The Hub resource represents the
# implementation of  the AWS Security Hub service in the calling account.

resp = client.describe_hub({
  hub_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
})

resp.to_h outputs the following:
{
  auto_enable_controls: true, 
  control_finding_generator: "SECURITY_CONTROL", 
  hub_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
  subscribed_at: "2019-11-19T23:15:10.046Z", 
}

Request syntax with placeholder values


resp = client.describe_hub({
  hub_arn: "NonEmptyString",
})

Response structure


resp.hub_arn #=> String
resp.subscribed_at #=> String
resp.auto_enable_controls #=> Boolean
resp.control_finding_generator #=> String, one of "STANDARD_CONTROL", "SECURITY_CONTROL"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:hub_arn (String) —
The ARN of the Hub resource to retrieve.

Returns:

(Types::DescribeHubResponse) —
Returns a response object which responds to the following methods:
- #hub_arn => String
- #subscribed_at => String
- #auto_enable_controls => Boolean
- #control_finding_generator => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4879

def describe_hub(params = {}, options = {})
  req = build_request(:describe_hub, params)
  req.send_request(options)
end

#describe_organization_configuration(params = {}) ⇒ `Types::DescribeOrganizationConfigurationResponse`

Returns information about the way your organization is configured in Security Hub CSPM. Only the Security Hub CSPM administrator account can invoke this operation.

Examples:

Example: To get information about organization configuration


# This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub
# administrator account can invoke this operation.

resp = client.describe_organization_configuration({
})

resp.to_h outputs the following:
{
  auto_enable: false, 
  auto_enable_standards: "NONE", 
  member_account_limit_reached: false, 
  organization_configuration: {
    configuration_type: "CENTRAL", 
    status: "ENABLED", 
  }, 
}

Response structure


resp.auto_enable #=> Boolean
resp.member_account_limit_reached #=> Boolean
resp.auto_enable_standards #=> String, one of "NONE", "DEFAULT"
resp.organization_configuration.configuration_type #=> String, one of "CENTRAL", "LOCAL"
resp.organization_configuration.status #=> String, one of "PENDING", "ENABLED", "FAILED"
resp.organization_configuration.status_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Types::DescribeOrganizationConfigurationResponse) —
Returns a response object which responds to the following methods:
- #auto_enable => Boolean
- #member_account_limit_reached => Boolean
- #auto_enable_standards => String
- #organization_configuration => Types::OrganizationConfiguration

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 4928

def describe_organization_configuration(params = {}, options = {})
  req = build_request(:describe_organization_configuration, params)
  req.send_request(options)
end

#describe_products(params = {}) ⇒ `Types::DescribeProductsResponse`

Returns information about product integrations in Security Hub CSPM.

You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

If you don't provide an integration ARN, then the results include all of the available product integrations.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get information about Security Hub integrations


# The following example returns details about AWS services and third-party products that Security Hub integrates with.

resp = client.describe_products({
  max_results: 1, 
  next_token: "NULL", 
  product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
})

resp.to_h outputs the following:
{
  next_token: "U2FsdGVkX18vvPlOqb7RDrWRWVFBJI46MOIAb+nZmRJmR15NoRi2gm13sdQEn3O/pq/78dGs+bKpgA+7HMPHO0qX33/zoRI+uIG/F9yLNhcOrOWzFUdy36JcXLQji3Rpnn/cD1SVkGA98qI3zPOSDg==", 
  products: [
    {
      activation_url: "https://falcon.crowdstrike.com/support/documentation", 
      categories: [
        "Endpoint Detection and Response (EDR)", 
        "AV Scanning and Sandboxing", 
        "Threat Intelligence Feeds and Reports", 
        "Endpoint Forensics", 
        "Network Forensics", 
      ], 
      company_name: "CrowdStrike", 
      description: "CrowdStrike Falcon's single lightweight sensor unifies next-gen antivirus, endpoint detection and response, and 24/7 managed hunting, via the cloud.", 
      integration_types: [
        "SEND_FINDINGS_TO_SECURITY_HUB", 
      ], 
      marketplace_url: "https://aws.amazon.com/marketplace/seller-profile?id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
      product_name: "CrowdStrike Falcon", 
      product_subscription_resource_policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789333\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789012\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789333:product/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}}]}", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.describe_products({
  next_token: "NextToken",
  max_results: 1,
  product_arn: "NonEmptyString",
})

Response structure


resp.products #=> Array
resp.products[0].product_arn #=> String
resp.products[0].product_name #=> String
resp.products[0].company_name #=> String
resp.products[0].description #=> String
resp.products[0].categories #=> Array
resp.products[0].categories[0] #=> String
resp.products[0].integration_types #=> Array
resp.products[0].integration_types[0] #=> String, one of "SEND_FINDINGS_TO_SECURITY_HUB", "RECEIVE_FINDINGS_FROM_SECURITY_HUB", "UPDATE_FINDINGS_IN_SECURITY_HUB"
resp.products[0].marketplace_url #=> String
resp.products[0].activation_url #=> String
resp.products[0].product_subscription_resource_policy #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token that is required for pagination. On your first call to the DescribeProducts operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of results to return.
:product_arn (String) —
The ARN of the integration to return.

Returns:

(Types::DescribeProductsResponse) —
Returns a response object which responds to the following methods:
- #products => Array<Types::Product>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5028

def describe_products(params = {}, options = {})
  req = build_request(:describe_products, params)
  req.send_request(options)
end

#describe_products_v2(params = {}) ⇒ `Types::DescribeProductsV2Response`

Gets information about the product integration.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.describe_products_v2({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.products_v2 #=> Array
resp.products_v2[0].product_v2_name #=> String
resp.products_v2[0].company_name #=> String
resp.products_v2[0].description #=> String
resp.products_v2[0].categories #=> Array
resp.products_v2[0].categories[0] #=> String
resp.products_v2[0].integration_v2_types #=> Array
resp.products_v2[0].integration_v2_types[0] #=> String, one of "SEND_FINDINGS_TO_SECURITY_HUB", "RECEIVE_FINDINGS_FROM_SECURITY_HUB", "UPDATE_FINDINGS_IN_SECURITY_HUB", "EXTENDED_PLAN"
resp.products_v2[0].marketplace_url #=> String
resp.products_v2[0].activation_url #=> String
resp.products_v2[0].marketplace_product_id #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.
:max_results (Integer) —
The maximum number of results to return.

Returns:

(Types::DescribeProductsV2Response) —
Returns a response object which responds to the following methods:
- #products_v2 => Array<Types::ProductV2>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5077

def describe_products_v2(params = {}, options = {})
  req = build_request(:describe_products_v2, params)
  req.send_request(options)
end

#describe_security_hub_v2(params = {}) ⇒ `Types::DescribeSecurityHubV2Response`

Returns details about the service resource in your account.

Examples:

Response structure


resp.hub_v2_arn #=> String
resp.subscribed_at #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Types::DescribeSecurityHubV2Response) —
Returns a response object which responds to the following methods:
- #hub_v2_arn => String
- #subscribed_at => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5098

def describe_security_hub_v2(params = {}, options = {})
  req = build_request(:describe_security_hub_v2, params)
  req.send_request(options)
end

#describe_standards(params = {}) ⇒ `Types::DescribeStandardsResponse`

Returns a list of the available standards in Security Hub CSPM.

For each standard, the results include the standard ARN, the name, and a description.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get available Security Hub standards


# The following example returns a list of available security standards in Security Hub.

resp = client.describe_standards({
})

resp.to_h outputs the following:
{
  standards: [
    {
      description: "The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS's most popular and foundational services.", 
      enabled_by_default: true, 
      name: "AWS Foundational Security Best Practices v1.0.0", 
      standards_arn: "arn:aws:securityhub:us-west-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
    }, 
    {
      description: "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.", 
      enabled_by_default: true, 
      name: "CIS AWS Foundations Benchmark v1.2.0", 
      standards_arn: "arn:aws:securityhub:us-west-1::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
    }, 
    {
      description: "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.", 
      enabled_by_default: false, 
      name: "CIS AWS Foundations Benchmark v1.4.0", 
      standards_arn: "arn:aws::securityhub:us-west-1::standards/cis-aws-foundations-benchmark/v/1.4.0", 
    }, 
    {
      description: "The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data. This Security Hub standard automatically checks for your compliance readiness against a subset of PCI DSS requirements.", 
      enabled_by_default: false, 
      name: "PCI DSS v3.2.1", 
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.describe_standards({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.standards #=> Array
resp.standards[0].standards_arn #=> String
resp.standards[0].name #=> String
resp.standards[0].description #=> String
resp.standards[0].enabled_by_default #=> Boolean
resp.standards[0].standards_managed_by.company #=> String
resp.standards[0].standards_managed_by.product #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of standards to return.

Returns:

(Types::DescribeStandardsResponse) —
Returns a response object which responds to the following methods:
- #standards => Array<Types::Standard>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5187

def describe_standards(params = {}, options = {})
  req = build_request(:describe_standards, params)
  req.send_request(options)
end

#describe_standards_controls(params = {}) ⇒ `Types::DescribeStandardsControlsResponse`

Returns a list of security standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

This operation returns an empty list for standard subscriptions where StandardsControlsUpdatable has value NOT_READY_FOR_UPDATES.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get a list of controls for a security standard


# The following example returns a list of security controls and control details that apply to a specified security
# standard. The list includes controls that are enabled and disabled in the standard.

resp = client.describe_standards_controls({
  max_results: 2, 
  next_token: "NULL", 
  standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
})

resp.to_h outputs the following:
{
  controls: [
    {
      control_id: "PCI.AutoScaling.1", 
      control_status: "ENABLED", 
      control_status_updated_at: Time.parse("2020-05-15T18:49:04.473000+00:00"), 
      description: "This AWS control checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.", 
      related_requirements: [
        "PCI DSS 2.2", 
      ], 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/PCI.AutoScaling.1/remediation", 
      severity_rating: "LOW", 
      standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1", 
      title: "Auto scaling groups associated with a load balancer should use health checks", 
    }, 
    {
      control_id: "PCI.CW.1", 
      control_status: "ENABLED", 
      control_status_updated_at: Time.parse("2020-05-15T18:49:04.498000+00:00"), 
      description: "This control checks for the CloudWatch metric filters using the following pattern { $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" } It checks that the log group name is configured for use with active multi-region CloudTrail, that there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All, and that there is at least one active subscriber to an SNS topic associated with the alarm.", 
      related_requirements: [
        "PCI DSS 7.2.1", 
      ], 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/PCI.CW.1/remediation", 
      severity_rating: "MEDIUM", 
      standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.CW.1", 
      title: "A log metric filter and alarm should exist for usage of the \"root\" user", 
    }, 
  ], 
  next_token: "U2FsdGVkX1+eNkPoZHVl11ip5HUYQPWSWZGmftcmJiHL8JoKEsCDuaKayiPDyLK+LiTkShveoOdvfxXCkOBaGhohIXhsIedN+LSjQV/l7kfCfJcq4PziNC1N9xe9aq2pjlLVZnznTfSImrodT5bRNHe4fELCQq/z+5ka+5Lzmc11axcwTd5lKgQyQqmUVoeriHZhyIiBgWKf7oNYdBVG8OEortVWvSkoUTt+B2ThcnC7l43kI0UNxlkZ6sc64AsW", 
}

Request syntax with placeholder values


resp = client.describe_standards_controls({
  standards_subscription_arn: "NonEmptyString", # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.controls #=> Array
resp.controls[0].standards_control_arn #=> String
resp.controls[0].control_status #=> String, one of "ENABLED", "DISABLED"
resp.controls[0].disabled_reason #=> String
resp.controls[0].control_status_updated_at #=> Time
resp.controls[0].control_id #=> String
resp.controls[0].title #=> String
resp.controls[0].description #=> String
resp.controls[0].remediation_url #=> String
resp.controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.controls[0].related_requirements #=> Array
resp.controls[0].related_requirements[0] #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_subscription_arn (required, String) —
The ARN of a resource that represents your subscription to a supported standard. To get the subscription ARNs of the standards you have enabled, use the GetEnabledStandards operation.
:next_token (String) —
The token that is required for pagination. On your first call to the DescribeStandardsControls operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of security standard controls to return.

Returns:

(Types::DescribeStandardsControlsResponse) —
Returns a response object which responds to the following methods:
- #controls => Array<Types::StandardsControl>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5298

def describe_standards_controls(params = {}, options = {})
  req = build_request(:describe_standards_controls, params)
  req.send_request(options)
end

#disable_import_findings_for_product(params = {}) ⇒ `Struct`

Disables the integration of the specified product with Security Hub CSPM. After the integration is disabled, findings from that product are no longer sent to Security Hub CSPM.

Examples:

Example: To end a Security Hub integration


# The following example ends an integration between Security Hub and the specified product that sends findings to Security
# Hub. After the integration ends, the product no longer sends findings to Security  Hub.

resp = client.disable_import_findings_for_product({
  product_subscription_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
})

Request syntax with placeholder values


resp = client.disable_import_findings_for_product({
  product_subscription_arn: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:product_subscription_arn (required, String) —
The ARN of the integrated product to disable the integration for.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5332

def disable_import_findings_for_product(params = {}, options = {})
  req = build_request(:disable_import_findings_for_product, params)
  req.send_request(options)
end

#disable_organization_admin_account(params = {}) ⇒ `Struct`

Disables a Security Hub CSPM administrator account. Can only be called by the organization management account.

Examples:

Example: To remove a Security Hub administrator account


# The following example removes the Security Hub administrator account in the Region from which the operation was
# executed. This operation doesn't remove the delegated administrator account in AWS Organizations.

resp = client.disable_organization_admin_account({
  admin_account_id: "123456789012", 
})

Request syntax with placeholder values


resp = client.disable_organization_admin_account({
  admin_account_id: "NonEmptyString", # required
  feature: "SecurityHub", # accepts SecurityHub, SecurityHubV2
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:admin_account_id (required, String) —
The Amazon Web Services account identifier of the Security Hub CSPM administrator account.
:feature (String) —
The feature for which the delegated admin account is disabled. Defaults to Security Hub CSPM if not specified.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5371

def disable_organization_admin_account(params = {}, options = {})
  req = build_request(:disable_organization_admin_account, params)
  req.send_request(options)
end

#disable_security_hub(params = {}) ⇒ `Struct`

Disables Security Hub CSPM in your account only in the current Amazon Web Services Region. To disable Security Hub CSPM in all Regions, you must submit one request per Region where you have enabled Security Hub CSPM.

You can't disable Security Hub CSPM in an account that is currently the Security Hub CSPM administrator.

When you disable Security Hub CSPM, your existing findings and insights and any Security Hub CSPM configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your administrator and member account associations are removed.

If you want to save your existing findings, you must export them before you disable Security Hub CSPM.

Examples:

Example: To deactivate Security Hub


# The following example deactivates Security Hub for the current account and Region.

resp = client.disable_security_hub({
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5407

def disable_security_hub(params = {}, options = {})
  req = build_request(:disable_security_hub, params)
  req.send_request(options)
end

#disable_security_hub_v2(params = {}) ⇒ `Struct`

Disable the service for the current Amazon Web Services Region or specified Amazon Web Services Region.

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5421

def disable_security_hub_v2(params = {}, options = {})
  req = build_request(:disable_security_hub_v2, params)
  req.send_request(options)
end

#disassociate_from_administrator_account(params = {}) ⇒ `Struct`

Disassociates the current Security Hub CSPM member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

Examples:

Example: To disassociate requesting account from administrator account


# The following example dissociates the requesting account from its associated administrator account.

resp = client.disassociate_from_administrator_account({
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5447

def disassociate_from_administrator_account(params = {}, options = {})
  req = build_request(:disassociate_from_administrator_account, params)
  req.send_request(options)
end

#disassociate_from_master_account(params = {}) ⇒ `Struct`

This method is deprecated. Instead, use DisassociateFromAdministratorAccount.

The Security Hub CSPM console continues to use DisassociateFromMasterAccount. It will eventually change to use DisassociateFromAdministratorAccount. Any IAM policies that specifically control access to this function must continue to use DisassociateFromMasterAccount. You should also add DisassociateFromAdministratorAccount to your policies to ensure that the correct permissions are in place after the console begins to use DisassociateFromAdministratorAccount.

Disassociates the current Security Hub CSPM member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5477

def disassociate_from_master_account(params = {}, options = {})
  req = build_request(:disassociate_from_master_account, params)
  req.send_request(options)
end

#disassociate_members(params = {}) ⇒ `Struct`

Disassociates the specified member accounts from the associated administrator account.

Can be used to disassociate both accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Example: To disassociate member accounts from administrator account


# The following example dissociates the specified member accounts from the associated administrator account.

resp = client.disassociate_members({
  account_ids: [
    "123456789012", 
    "111122223333", 
  ], 
})

Request syntax with placeholder values


resp = client.disassociate_members({
  account_ids: ["NonEmptyString"], # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_ids (required, Array<String>) —
The account IDs of the member accounts to disassociate from the administrator account.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5516

def disassociate_members(params = {}, options = {})
  req = build_request(:disassociate_members, params)
  req.send_request(options)
end

#enable_import_findings_for_product(params = {}) ⇒ `Types::EnableImportFindingsForProductResponse`

Enables the integration of a partner product with Security Hub CSPM. Integrated products send findings to Security Hub CSPM.

When you enable a product integration, a permissions policy that grants permission for the product to send findings to Security Hub CSPM is applied.

Examples:

Example: To activate an integration


# The following example activates an integration between Security Hub and a third party partner product that sends
# findings to Security Hub.

resp = client.enable_import_findings_for_product({
  product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
})

resp.to_h outputs the following:
{
  product_subscription_arn: "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon", 
}

Request syntax with placeholder values


resp = client.enable_import_findings_for_product({
  product_arn: "NonEmptyString", # required
})

Response structure


resp.product_subscription_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:product_arn (required, String) —
The ARN of the product to enable the integration for.

Returns:

(Types::EnableImportFindingsForProductResponse) —
Returns a response object which responds to the following methods:
- #product_subscription_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5564

def enable_import_findings_for_product(params = {}, options = {})
  req = build_request(:enable_import_findings_for_product, params)
  req.send_request(options)
end

#enable_organization_admin_account(params = {}) ⇒ `Types::EnableOrganizationAdminAccountResponse`

Designates the Security Hub CSPM administrator account for an organization. Can only be called by the organization management account.

Examples:

Example: To designate a Security Hub administrator


# The following example designates the specified account as the Security Hub administrator account. The requesting account
# must be the organization management account.

resp = client.enable_organization_admin_account({
  admin_account_id: "123456789012", 
})

Request syntax with placeholder values


resp = client.enable_organization_admin_account({
  admin_account_id: "NonEmptyString", # required
  feature: "SecurityHub", # accepts SecurityHub, SecurityHubV2
})

Response structure


resp.admin_account_id #=> String
resp.feature #=> String, one of "SecurityHub", "SecurityHubV2"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:admin_account_id (required, String) —
The Amazon Web Services account identifier of the account to designate as the Security Hub CSPM administrator account.
:feature (String) —
The feature for which the delegated admin account is enabled. Defaults to Security Hub CSPM if not specified.

Returns:

(Types::EnableOrganizationAdminAccountResponse) —
Returns a response object which responds to the following methods:
- #admin_account_id => String
- #feature => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5612

def enable_organization_admin_account(params = {}, options = {})
  req = build_request(:enable_organization_admin_account, params)
  req.send_request(options)
end

#enable_security_hub(params = {}) ⇒ `Struct`

Enables Security Hub CSPM for your account in the current Region or the Region you specify in the request.

When you enable Security Hub CSPM, you grant to Security Hub CSPM the permissions necessary to gather findings from other services that are integrated with Security Hub CSPM.

When you use the EnableSecurityHub operation to enable Security Hub CSPM, you also automatically enable the following standards:

Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark v1.2.0
Amazon Web Services Foundational Security Best Practices

Other standards are not automatically enabled.

To opt out of automatically enabled standards, set EnableDefaultStandards to false.

After you enable Security Hub CSPM, to enable a standard, use the BatchEnableStandards operation. To disable a standard, use the BatchDisableStandards operation.

To learn more, see the setup information in the Security Hub CSPM User Guide.

Examples:

Example: To activate Security Hub


# The following example activates the Security Hub service in the requesting AWS account. The service is activated in the
# current AWS Region or the Region that you specify in the request. Some standards are automatically turned on in your
# account unless you opt out. To determine which standards are automatically turned on, see the Security Hub
# documentation.

resp = client.enable_security_hub({
  enable_default_standards: true, 
  tags: {
    "Department" => "Security", 
  }, 
})

Request syntax with placeholder values


resp = client.enable_security_hub({
  tags: {
    "TagKey" => "TagValue",
  },
  enable_default_standards: false,
  control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:tags (Hash<String,String>) —
The tags to add to the hub resource when you enable Security Hub CSPM.
:enable_default_standards (Boolean) —
Whether to enable the security standards that Security Hub CSPM has designated as automatically enabled. If you don't provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.
:control_finding_generator (String) —
This field, used when enabling Security Hub CSPM, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub CSPM generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL, Security Hub CSPM generates separate findings for a control check when the check applies to multiple enabled standards.

The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub CSPM on or after February 23, 2023.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5705

def enable_security_hub(params = {}, options = {})
  req = build_request(:enable_security_hub, params)
  req.send_request(options)
end

#enable_security_hub_v2(params = {}) ⇒ `Types::EnableSecurityHubV2Response`

Enables the service in account for the current Amazon Web Services Region or specified Amazon Web Services Region.

Examples:

Request syntax with placeholder values


resp = client.enable_security_hub_v2({
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.hub_v2_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:tags (Hash<String,String>) —
The tags to add to the hub V2 resource when you enable Security Hub.

Returns:

(Types::EnableSecurityHubV2Response) —
Returns a response object which responds to the following methods:
- #hub_v2_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5736

def enable_security_hub_v2(params = {}, options = {})
  req = build_request(:enable_security_hub_v2, params)
  req.send_request(options)
end

#generate_recommended_policy_v2(params = {}) ⇒ `Struct`

Begins the recommended policy generation to remediate a Security Hub finding. GenerateRecommendedPolicyV2 only supports findings for unused permissions.

Examples:

Request syntax with placeholder values


resp = client.generate_recommended_policy_v2({
  metadata_uid: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:metadata_uid (required, String) —
The unique identifier (ID) of Security Hub OCSF findings found under the metadata.uid field of the finding.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5761

def generate_recommended_policy_v2(params = {}, options = {})
  req = build_request(:generate_recommended_policy_v2, params)
  req.send_request(options)
end

#get_administrator_account(params = {}) ⇒ `Types::GetAdministratorAccountResponse`

Provides the details for the Security Hub CSPM administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Example: To get details about the Security Hub administrator account


# The following example provides details about the Security Hub administrator account for the requesting member account.

resp = client.get_administrator_account({
})

resp.to_h outputs the following:
{
  administrator: {
    account_id: "123456789012", 
    invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb", 
    invited_at: Time.parse("2020-06-01T20:21:18.042000+00:00"), 
    member_status: "ASSOCIATED", 
  }, 
}

Response structure


resp.administrator.account_id #=> String
resp.administrator.invitation_id #=> String
resp.administrator.invited_at #=> Time
resp.administrator.member_status #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Types::GetAdministratorAccountResponse) —
Returns a response object which responds to the following methods:
- #administrator => Types::Invitation

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5805

def get_administrator_account(params = {}, options = {})
  req = build_request(:get_administrator_account, params)
  req.send_request(options)
end

#get_aggregator_v2(params = {}) ⇒ `Types::GetAggregatorV2Response`

Returns the configuration of the specified Aggregator V2.

Examples:

Request syntax with placeholder values


resp = client.get_aggregator_v2({
  aggregator_v2_arn: "NonEmptyString", # required
})

Response structure


resp.aggregator_v2_arn #=> String
resp.aggregation_region #=> String
resp.region_linking_mode #=> String
resp.linked_regions #=> Array
resp.linked_regions[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:aggregator_v2_arn (required, String) —
The ARN of the Aggregator V2.

Returns:

(Types::GetAggregatorV2Response) —
Returns a response object which responds to the following methods:
- #aggregator_v2_arn => String
- #aggregation_region => String
- #region_linking_mode => String
- #linked_regions => Array<String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5840

def get_aggregator_v2(params = {}, options = {})
  req = build_request(:get_aggregator_v2, params)
  req.send_request(options)
end

#get_automation_rule_v2(params = {}) ⇒ `Types::GetAutomationRuleV2Response`

Returns an automation rule for the V2 service.

Examples:

Request syntax with placeholder values


resp = client.get_automation_rule_v2({
  identifier: "NonEmptyString", # required
})

Response structure


resp.rule_arn #=> String
resp.rule_id #=> String
resp.rule_order #=> Float
resp.rule_name #=> String
resp.rule_status #=> String, one of "ENABLED", "DISABLED"
resp.description #=> String
resp.criteria.ocsf_finding_criteria.composite_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters[0].field_name #=> String, one of "metadata.uid", "activity_name", "cloud.account.uid", "cloud.provider", "cloud.region", "compliance.assessments.category", "compliance.assessments.name", "compliance.control", "compliance.status", "compliance.standards", "finding_info.desc", "finding_info.src_url", "finding_info.title", "finding_info.types", "finding_info.uid", "finding_info.related_events.traits.category", "finding_info.related_events.uid", "finding_info.related_events.product.uid", "finding_info.related_events.title", "metadata.product.name", "metadata.product.uid", "metadata.product.vendor_name", "remediation.desc", "remediation.references", "resources.cloud_partition", "resources.region", "resources.type", "resources.uid", "severity", "status", "comment", "vulnerabilities.fix_coverage", "class_name", "databucket.encryption_details.algorithm", "databucket.encryption_details.key_uid", "databucket.file.data_classifications.classifier_details.type", "evidences.actor.user.account.uid", "evidences.api.operation", "evidences.api.response.error_message", "evidences.api.service.name", "evidences.connection_info.direction", "evidences.connection_info.protocol_name", "evidences.dst_endpoint.autonomous_system.name", "evidences.dst_endpoint.location.city", "evidences.dst_endpoint.location.country", "evidences.src_endpoint.autonomous_system.name", "evidences.src_endpoint.hostname", "evidences.src_endpoint.location.city", "evidences.src_endpoint.location.country", "finding_info.analytic.name", "malware.name", "malware_scan_info.uid", "malware.severity", "resources.cloud_function.layers.uid_alt", "resources.cloud_function.runtime", "resources.cloud_function.user.uid", "resources.device.encryption_details.key_uid", "resources.device.image.uid", "resources.image.architecture", "resources.image.registry_uid", "resources.image.repository_name", "resources.image.uid", "resources.subnet_info.uid", "resources.vpc_uid", "vulnerabilities.affected_code.file.path", "vulnerabilities.affected_packages.name", "vulnerabilities.cve.epss.score", "vulnerabilities.cve.uid", "vulnerabilities.related_vulnerabilities", "cloud.account.name", "vendor_attributes.severity"
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters[0].filter.value #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters[0].filter.comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].field_name #=> String, one of "finding_info.created_time_dt", "finding_info.first_seen_time_dt", "finding_info.last_seen_time_dt", "finding_info.modified_time_dt", "resources.image.created_time_dt", "resources.image.last_used_time_dt", "resources.modified_time_dt"
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.start #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.end #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.date_range.value #=> Integer
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.date_range.unit #=> String, one of "DAYS"
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.criteria.ocsf_finding_criteria.composite_filters[0].boolean_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].boolean_filters[0].field_name #=> String, one of "compliance.assessments.meets_criteria", "vulnerabilities.is_exploit_available", "vulnerabilities.is_fix_available"
resp.criteria.ocsf_finding_criteria.composite_filters[0].boolean_filters[0].filter.value #=> Boolean
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].field_name #=> String, one of "activity_id", "compliance.status_id", "confidence_score", "severity_id", "status_id", "finding_info.related_events_count", "evidences.api.response.code", "evidences.dst_endpoint.autonomous_system.number", "evidences.dst_endpoint.port", "evidences.src_endpoint.autonomous_system.number", "evidences.src_endpoint.port", "resources.image.in_use_count", "vulnerabilities.cve.cvss.base_score", "vendor_attributes.severity_id"
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.gte #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.lte #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.eq #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.gt #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.lt #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].field_name #=> String, one of "resources.tags", "compliance.control_parameters", "databucket.tags", "finding_info.tags"
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].filter.key #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].filter.value #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].filter.comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.criteria.ocsf_finding_criteria.composite_filters[0].ip_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].ip_filters[0].field_name #=> String, one of "evidences.dst_endpoint.ip", "evidences.src_endpoint.ip"
resp.criteria.ocsf_finding_criteria.composite_filters[0].ip_filters[0].filter.cidr #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].nested_composite_filters #=> Types::CompositeFilterList
resp.criteria.ocsf_finding_criteria.composite_filters[0].operator #=> String, one of "AND", "OR"
resp.criteria.ocsf_finding_criteria.composite_operator #=> String, one of "AND", "OR"
resp.actions #=> Array
resp.actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE", "EXTERNAL_INTEGRATION"
resp.actions[0].finding_fields_update.severity_id #=> Integer
resp.actions[0].finding_fields_update.comment #=> String
resp.actions[0].finding_fields_update.status_id #=> Integer
resp.actions[0].external_integration_configuration.connector_arn #=> String
resp.created_at #=> Time
resp.updated_at #=> Time

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:identifier (required, String) —
The ARN of the V2 automation rule.

Returns:

(Types::GetAutomationRuleV2Response) —
Returns a response object which responds to the following methods:
- #rule_arn => String
- #rule_id => String
- #rule_order => Float
- #rule_name => String
- #rule_status => String
- #description => String
- #criteria => Types::Criteria
- #actions => Array<Types::AutomationRulesActionV2>
- #created_at => Time
- #updated_at => Time

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 5923

def get_automation_rule_v2(params = {}, options = {})
  req = build_request(:get_automation_rule_v2, params)
  req.send_request(options)
end

#get_configuration_policy(params = {}) ⇒ `Types::GetConfigurationPolicyResponse`

Provides information about a configuration policy. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To get details about a configuration policy


# This operation provides details about the specified configuration policy.

resp = client.get_configuration_policy({
  identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 14, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  created_at: Time.parse("2023-01-11T06:17:17.154Z"), 
  description: "Configuration policy for testing FSBP and CIS", 
  id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values


resp = client.get_configuration_policy({
  identifier: "NonEmptyString", # required
})

Response structure


resp.arn #=> String
resp.id #=> String
resp.name #=> String
resp.description #=> String
resp.updated_at #=> Time
resp.created_at #=> Time
resp.configuration_policy.security_hub.service_enabled #=> Boolean
resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:identifier (required, String) —
The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Returns:

(Types::GetConfigurationPolicyResponse) —
Returns a response object which responds to the following methods:
- #arn => String
- #id => String
- #name => String
- #description => String
- #updated_at => Time
- #created_at => Time
- #configuration_policy => Types::Policy

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6033

def get_configuration_policy(params = {}, options = {})
  req = build_request(:get_configuration_policy, params)
  req.send_request(options)
end

#get_configuration_policy_association(params = {}) ⇒ `Types::GetConfigurationPolicyAssociationResponse`

Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To get details about a configuration association


# This operation provides details about configuration associations for a specific target account, organizational unit, or
# the root.

resp = client.get_configuration_policy_association({
  target: {
    account_id: "111122223333", 
  }, 
})

resp.to_h outputs the following:
{
  association_status: "FAILED", 
  association_status_message: "Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn't be applied to account 111122223333 in us-east-1 Region. Retry your request.", 
  association_type: "INHERITED", 
  configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  target_id: "111122223333", 
  target_type: "ACCOUNT", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values


resp = client.get_configuration_policy_association({
  target: { # required
    account_id: "NonEmptyString",
    organizational_unit_id: "NonEmptyString",
    root_id: "NonEmptyString",
  },
})

Response structure


resp.configuration_policy_id #=> String
resp.target_id #=> String
resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.association_type #=> String, one of "INHERITED", "APPLIED"
resp.updated_at #=> Time
resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.association_status_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:target (required, Types::Target) —
The target account ID, organizational unit ID, or the root ID to retrieve the association for.

Returns:

(Types::GetConfigurationPolicyAssociationResponse) —
Returns a response object which responds to the following methods:
- #configuration_policy_id => String
- #target_id => String
- #target_type => String
- #association_type => String
- #updated_at => Time
- #association_status => String
- #association_status_message => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6105

def get_configuration_policy_association(params = {}, options = {})
  req = build_request(:get_configuration_policy_association, params)
  req.send_request(options)
end

#get_connector_v2(params = {}) ⇒ `Types::GetConnectorV2Response`

Grants permission to retrieve details for a connectorV2 based on connector id.

Examples:

Request syntax with placeholder values


resp = client.get_connector_v2({
  connector_id: "NonEmptyString", # required
})

Response structure


resp.connector_arn #=> String
resp.connector_id #=> String
resp.name #=> String
resp.description #=> String
resp.kms_key_arn #=> String
resp.created_at #=> Time
resp.last_updated_at #=> Time
resp.health.connector_status #=> String, one of "CONNECTED", "FAILED_TO_CONNECT", "PENDING_CONFIGURATION", "PENDING_AUTHORIZATION"
resp.health.message #=> String
resp.health.last_checked_at #=> Time
resp.provider_detail.jira_cloud.cloud_id #=> String
resp.provider_detail.jira_cloud.project_key #=> String
resp.provider_detail.jira_cloud.domain #=> String
resp.provider_detail.jira_cloud.auth_url #=> String
resp.provider_detail.jira_cloud.auth_status #=> String, one of "ACTIVE", "FAILED"
resp.provider_detail.service_now.instance_name #=> String
resp.provider_detail.service_now.secret_arn #=> String
resp.provider_detail.service_now.auth_status #=> String, one of "ACTIVE", "FAILED"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:connector_id (required, String) —
The UUID of the connectorV2 to identify connectorV2 resource.

Returns:

(Types::GetConnectorV2Response) —
Returns a response object which responds to the following methods:
- #connector_arn => String
- #connector_id => String
- #name => String
- #description => String
- #kms_key_arn => String
- #created_at => Time
- #last_updated_at => Time
- #health => Types::HealthCheck
- #provider_detail => Types::ProviderDetail

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6159

def get_connector_v2(params = {}, options = {})
  req = build_request(:get_connector_v2, params)
  req.send_request(options)
end

#get_enabled_standards(params = {}) ⇒ `Types::GetEnabledStandardsResponse`

Returns a list of the standards that are currently enabled.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To return a list of enabled standards


# The following example returns a list of Security Hub standards that are currently enabled in your account.  

resp = client.get_enabled_standards({
  standards_subscription_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
  ], 
})

resp.to_h outputs the following:
{
  standards_subscriptions: [
    {
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
      standards_input: {
      }, 
      standards_status: "READY", 
      standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.get_enabled_standards({
  standards_subscription_arns: ["NonEmptyString"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.standards_subscriptions #=> Array
resp.standards_subscriptions[0].standards_subscription_arn #=> String
resp.standards_subscriptions[0].standards_arn #=> String
resp.standards_subscriptions[0].standards_input #=> Hash
resp.standards_subscriptions[0].standards_input["NonEmptyString"] #=> String
resp.standards_subscriptions[0].standards_status #=> String, one of "PENDING", "READY", "FAILED", "DELETING", "INCOMPLETE"
resp.standards_subscriptions[0].standards_controls_updatable #=> String, one of "READY_FOR_UPDATES", "NOT_READY_FOR_UPDATES"
resp.standards_subscriptions[0].standards_status_reason.status_reason_code #=> String, one of "NO_AVAILABLE_CONFIGURATION_RECORDER", "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR"
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_subscription_arns (Array<String>) —
The list of the standards subscription ARNs for the standards to retrieve.
:next_token (String) —
The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of results to return in the response.

Returns:

(Types::GetEnabledStandardsResponse) —
Returns a response object which responds to the following methods:
- #standards_subscriptions => Array<Types::StandardsSubscription>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6237

def get_enabled_standards(params = {}, options = {})
  req = build_request(:get_enabled_standards, params)
  req.send_request(options)
end

#get_finding_aggregator(params = {}) ⇒ `Types::GetFindingAggregatorResponse`

The aggregation Region is now called the home Region.

Returns the current configuration in the calling account for cross-Region aggregation. A finding aggregator is a resource that establishes the home Region and any linked Regions.

Examples:

Example: To get cross-Region aggregation details


# The following example returns cross-Region aggregation details for the requesting account. 

resp = client.get_finding_aggregator({
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  finding_aggregation_region: "us-east-1", 
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
}

Request syntax with placeholder values


resp = client.get_finding_aggregator({
  finding_aggregator_arn: "NonEmptyString", # required
})

Response structure


resp.finding_aggregator_arn #=> String
resp.finding_aggregation_region #=> String
resp.region_linking_mode #=> String
resp.regions #=> Array
resp.regions[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:finding_aggregator_arn (required, String) —
The ARN of the finding aggregator to return details for. To obtain the ARN, use ListFindingAggregators.

Returns:

(Types::GetFindingAggregatorResponse) —
Returns a response object which responds to the following methods:
- #finding_aggregator_arn => String
- #finding_aggregation_region => String
- #region_linking_mode => String
- #regions => Array<String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6299

def get_finding_aggregator(params = {}, options = {})
  req = build_request(:get_finding_aggregator, params)
  req.send_request(options)
end

#get_finding_history(params = {}) ⇒ `Types::GetFindingHistoryResponse`

Returns the history of a Security Hub CSPM finding. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF) except top-level timestamp fields, such as the CreatedAt and UpdatedAt fields.

This operation might return fewer results than the maximum number of results (MaxResults) specified in a request, even when more results are available. If this occurs, the response includes a NextToken value, which you should use to retrieve the next set of results in the response. The presence of a NextToken value in a response doesn't necessarily indicate that the results are incomplete. However, you should continue to specify a NextToken value until you receive a response that doesn't include this value.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get finding history


# The following example retrieves the history of the specified finding during the specified time frame. If the time frame
# permits, Security Hub returns finding history for the last 90 days.

resp = client.get_finding_history({
  end_time: Time.parse("2021-09-31T15:53:35.573Z"), 
  finding_identifier: {
    id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    product_arn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", 
  }, 
  max_results: 2, 
  start_time: Time.parse("2021-09-30T15:53:35.573Z"), 
})

resp.to_h outputs the following:
{
  records: [
    {
      finding_created: false, 
      finding_identifier: {
        id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
        product_arn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", 
      }, 
      update_source: {
        identity: "arn:aws:iam::444455556666:role/Admin", 
        type: "BATCH_UPDATE_FINDINGS", 
      }, 
      update_time: Time.parse("2021-09-31T15:52:25.573Z"), 
      updates: [
        {
          new_value: "MEDIUM", 
          old_value: "HIGH", 
          updated_field: "Severity", 
        }, 
      ], 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.get_finding_history({
  finding_identifier: { # required
    id: "NonEmptyString", # required
    product_arn: "NonEmptyString", # required
  },
  start_time: Time.now,
  end_time: Time.now,
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.records #=> Array
resp.records[0].finding_identifier.id #=> String
resp.records[0].finding_identifier.product_arn #=> String
resp.records[0].update_time #=> Time
resp.records[0].finding_created #=> Boolean
resp.records[0].update_source.type #=> String, one of "BATCH_UPDATE_FINDINGS", "BATCH_IMPORT_FINDINGS"
resp.records[0].update_source.identity #=> String
resp.records[0].updates #=> Array
resp.records[0].updates[0].updated_field #=> String
resp.records[0].updates[0].old_value #=> String
resp.records[0].updates[0].new_value #=> String
resp.records[0].next_token #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:finding_identifier (required, Types::AwsSecurityFindingIdentifier) —
Identifies which finding to get the finding history for.
:start_time (Time, DateTime, Date, Integer, String) —
A timestamp that indicates the start time of the requested finding history.

If you provide values for both StartTime and EndTime, Security Hub CSPM returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub CSPM returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub CSPM returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub CSPM returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.
:end_time (Time, DateTime, Date, Integer, String) —
An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

If you provide values for both StartTime and EndTime, Security Hub CSPM returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub CSPM returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub CSPM returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub CSPM returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see Timestamps.
:next_token (String) —
A token for pagination purposes. Provide NULL as the initial value. In subsequent requests, provide the token included in the response to get up to an additional 100 results of finding history. If you don’t provide NextToken, Security Hub CSPM returns up to 100 results of finding history for each request.
:max_results (Integer) —
The maximum number of results to be returned. If you don’t provide it, Security Hub CSPM returns up to 100 results of finding history.

Returns:

(Types::GetFindingHistoryResponse) —
Returns a response object which responds to the following methods:
- #records => Array<Types::FindingHistoryRecord>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6461

def get_finding_history(params = {}, options = {})
  req = build_request(:get_finding_history, params)
  req.send_request(options)
end

#get_finding_statistics_v2(params = {}) ⇒ `Types::GetFindingStatisticsV2Response`

Returns aggregated statistical data about findings.

You can use the Scopes parameter to define the data boundary for the query. Currently, Scopes supports AwsOrganizations, which lets you aggregate findings from your entire organization or from specific organizational units. Only the delegated administrator account can use Scopes.

GetFindingStatisticsV2 uses securityhub:GetAdhocInsightResults in the Action element of an IAM policy statement. You must have permission to perform the securityhub:GetAdhocInsightResults action.

Examples:

Request syntax with placeholder values


resp = client.get_finding_statistics_v2({
  group_by_rules: [ # required
    {
      filters: {
        composite_filters: [
          {
            string_filters: [
              {
                field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
                filter: {
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
                },
              },
            ],
            date_filters: [
              {
                field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
                filter: {
                  start: "NonEmptyString",
                  end: "NonEmptyString",
                  date_range: {
                    value: 1,
                    unit: "DAYS", # accepts DAYS
                    comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                  },
                },
              },
            ],
            boolean_filters: [
              {
                field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
                filter: {
                  value: false,
                },
              },
            ],
            number_filters: [
              {
                field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
                filter: {
                  gte: 1.0,
                  lte: 1.0,
                  eq: 1.0,
                  gt: 1.0,
                  lt: 1.0,
                },
              },
            ],
            map_filters: [
              {
                field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
                filter: {
                  key: "NonEmptyString",
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
                },
              },
            ],
            ip_filters: [
              {
                field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
                filter: {
                  cidr: "NonEmptyString",
                },
              },
            ],
            nested_composite_filters: {
              # recursive CompositeFilterList
            },
            operator: "AND", # accepts AND, OR
          },
        ],
        composite_operator: "AND", # accepts AND, OR
      },
      group_by_field: "activity_name", # required, accepts activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.name, compliance.status, compliance.control, finding_info.title, finding_info.related_events.traits.category, finding_info.types, metadata.product.name, metadata.product.uid, resources.type, resources.uid, severity, status, vulnerabilities.fix_coverage, class_name, vulnerabilities.affected_packages.name, finding_info.analytic.name, compliance.standards, cloud.account.name, vendor_attributes.severity, metadata.product.vendor_name
    },
  ],
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_order: "asc", # accepts asc, desc
  max_statistic_results: 1,
})

Response structure


resp.group_by_results #=> Array
resp.group_by_results[0].group_by_field #=> String
resp.group_by_results[0].group_by_values #=> Array
resp.group_by_results[0].group_by_values[0].field_value #=> String
resp.group_by_results[0].group_by_values[0].count #=> Integer

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:group_by_rules (required, Array<Types::GroupByRule>) —
Specifies how security findings should be aggregated and organized in the statistical analysis. It can accept up to 5 groupBy fields in a single call.
:scopes (Types::FindingScopes) —
Limits the results to findings from specific organizational units or from the delegated administrator's organization. Only the delegated administrator account can use this parameter. Other accounts receive an AccessDeniedException.

This parameter is optional. If you omit it, the delegated administrator sees statistics from all accounts across the entire organization. Other accounts see only statistics for their own findings.

You can specify up to 10 entries in Scopes.AwsOrganizations. If multiple entries are specified, the entries are combined using OR logic.
:sort_order (String) —
Orders the aggregation count in descending or ascending order. Descending order is the default.
:max_statistic_results (Integer) —
The maximum number of results to be returned.

Returns:

(Types::GetFindingStatisticsV2Response) —
Returns a response object which responds to the following methods:
- #group_by_results => Array<Types::GroupByResult>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 6613

def get_finding_statistics_v2(params = {}, options = {})
  req = build_request(:get_finding_statistics_v2, params)
  req.send_request(options)
end

#get_findings(params = {}) ⇒ `Types::GetFindingsResponse`

Returns a list of findings that match the specified criteria.

If cross-Region aggregation is enabled, then when you call GetFindings from the home Region, the results include all of the matching findings from both the home Region and linked Regions.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get a list of findings


# The following example returns a filtered and sorted list of Security Hub findings.

resp = client.get_findings({
  filters: {
    aws_account_id: [
      {
        comparison: "PREFIX", 
        value: "123456789012", 
      }, 
    ], 
  }, 
  max_results: 1, 
})

resp.to_h outputs the following:
{
  findings: [
    {
      aws_account_id: "123456789012", 
      company_name: "AWS", 
      compliance: {
        associated_standards: [
          {
            standards_id: "standards/aws-foundational-security-best-practices/v/1.0.0", 
          }, 
          {
            standards_id: "standards/pci-dss/v/3.2.1", 
          }, 
          {
            standards_id: "ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
          }, 
          {
            standards_id: "standards/cis-aws-foundations-benchmark/v/1.4.0", 
          }, 
          {
            standards_id: "standards/service-managed-aws-control-tower/v/1.0.0", 
          }, 
        ], 
        related_requirements: [
          "PCI DSS v3.2.1/3.4", 
          "CIS AWS Foundations Benchmark v1.2.0/2.7", 
          "CIS AWS Foundations Benchmark v1.4.0/3.7", 
        ], 
        security_control_id: "CloudTrail.2", 
        status: "FAILED", 
      }, 
      created_at: "2022-10-06T02:18:23.076Z", 
      description: "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.", 
      finding_provider_fields: {
        severity: {
          label: "MEDIUM", 
          original: "MEDIUM", 
        }, 
        types: [
          "Software and Configuration Checks/Industry and Regulatory Standards", 
        ], 
      }, 
      first_observed_at: "2022-10-06T02:18:23.076Z", 
      generator_id: "security-control/CloudTrail.2", 
      id: "arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      last_observed_at: "2022-10-28T16:10:06.956Z", 
      product_arn: "arn:aws:securityhub:us-east-2::product/aws/securityhub", 
      product_fields: {
        "RelatedAWSResources:0/name" => "securityhub-cloud-trail-encryption-enabled-fe95bf3f", 
        "RelatedAWSResources:0/type" => "AWS::Config::ConfigRule", 
        "Resources:0/Id" => "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT", 
        "aws/securityhub/CompanyName" => "AWS", 
        "aws/securityhub/FindingId" => "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
        "aws/securityhub/ProductName" => "Security Hub", 
      }, 
      product_name: "Security Hub", 
      record_state: "ACTIVE", 
      region: "us-east-2", 
      remediation: {
        recommendation: {
          text: "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", 
          url: "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", 
        }, 
      }, 
      resources: [
        {
          id: "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT", 
          partition: "aws", 
          region: "us-east-2", 
          type: "AwsCloudTrailTrail", 
        }, 
      ], 
      schema_version: "2018-10-08", 
      severity: {
        label: "MEDIUM", 
        normalized: 40, 
        original: "MEDIUM", 
      }, 
      title: "CloudTrail should have encryption at-rest enabled", 
      types: [
        "Software and Configuration Checks/Industry and Regulatory Standards", 
      ], 
      updated_at: "2022-10-28T16:10:00.093Z", 
      workflow: {
        status: "NEW", 
      }, 
      workflow_state: "NEW", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.get_findings({
  filters: {
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  sort_criteria: [
    {
      field: "NonEmptyString",
      sort_order: "asc", # accepts asc, desc
    },
  ],
  next_token: "NextToken",
  max_results: 1,
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:filters (Types::AwsSecurityFindingFilters) —
The finding attributes used to define a condition to filter the returned findings.

You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

Note that in the available filter fields, WorkflowState is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.
:sort_criteria (Array<Types::SortCriterion>) —
The finding attributes used to sort the list of returned findings.
:next_token (String) —
The token that is required for pagination. On your first call to the GetFindings operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of findings to return.

Returns:

(Types::GetFindingsResponse) —
Returns a response object which responds to the following methods:
- #findings => Array<Types::AwsSecurityFinding>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 7489

def get_findings(params = {}, options = {})
  req = build_request(:get_findings, params)
  req.send_request(options)
end

#get_findings_trends_v2(params = {}) ⇒ `Types::GetFindingsTrendsV2Response`

Returns findings trend data based on the specified criteria. This operation helps you analyze patterns and changes in findings over time.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.get_findings_trends_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "account_id", # accepts account_id, region, finding_types, finding_status, finding_cve_ids, finding_compliance_status, finding_control_id, finding_class_name, finding_provider, finding_activity_name
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        nested_composite_filters: {
          # recursive FindingsTrendsCompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  start_time: Time.now, # required
  end_time: Time.now, # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.granularity #=> String, one of "Daily", "Weekly", "Monthly"
resp.trends_metrics #=> Array
resp.trends_metrics[0].timestamp #=> Time
resp.trends_metrics[0].trends_values.severity_trends.unknown #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.informational #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.low #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.medium #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.high #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.critical #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.fatal #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.other #=> Integer
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:filters (Types::FindingsTrendsFilters) —
The filters to apply to the findings trend data.
:start_time (required, Time, DateTime, Date, Integer, String) —
The starting timestamp for the time period to analyze findings trends, in ISO 8601 format.
:end_time (required, Time, DateTime, Date, Integer, String) —
The ending timestamp for the time period to analyze findings trends, in ISO 8601 format.
:next_token (String) —
The token to use for paginating results. This value is returned in the response if more results are available.
:max_results (Integer) —
The maximum number of trend data points to return in a single response.

Returns:

(Types::GetFindingsTrendsV2Response) —
Returns a response object which responds to the following methods:
- #granularity => String
- #trends_metrics => Array<Types::TrendsMetricsResult>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 7573

def get_findings_trends_v2(params = {}, options = {})
  req = build_request(:get_findings_trends_v2, params)
  req.send_request(options)
end

#get_findings_v2(params = {}) ⇒ `Types::GetFindingsV2Response`

Returns a list of findings that match the specified criteria.

You can use the Scopes parameter to define the data boundary for the query. Currently, Scopes supports AwsOrganizations, which lets you retrieve findings from your entire organization or from specific organizational units. Only the delegated administrator account can use Scopes.

You can use the Filters parameter to refine results based on finding attributes. You can use Scopes and Filters independently or together. When both are provided, Scopes narrows the data set first, and then Filters refines results within that scoped data set.

GetFindings and GetFindingsV2 both use securityhub:GetFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:GetFindings action.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.get_findings_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        date_filters: [
          {
            field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
            filter: {
              start: "NonEmptyString",
              end: "NonEmptyString",
              date_range: {
                value: 1,
                unit: "DAYS", # accepts DAYS
                comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
              },
            },
          },
        ],
        boolean_filters: [
          {
            field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
            filter: {
              value: false,
            },
          },
        ],
        number_filters: [
          {
            field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
            filter: {
              gte: 1.0,
              lte: 1.0,
              eq: 1.0,
              gt: 1.0,
              lt: 1.0,
            },
          },
        ],
        map_filters: [
          {
            field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
            filter: {
              key: "NonEmptyString",
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
            },
          },
        ],
        ip_filters: [
          {
            field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
            filter: {
              cidr: "NonEmptyString",
            },
          },
        ],
        nested_composite_filters: {
          # recursive CompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_criteria: [
    {
      field: "NonEmptyString",
      sort_order: "asc", # accepts asc, desc
    },
  ],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.findings #=> Array
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:filters (Types::OcsfFindingFilters) —
The finding attributes used to define a condition to filter the returned OCSF findings. You can filter up to 10 composite filters. For each filter type inside of a composite filter, you can provide up to 20 filters.
:scopes (Types::FindingScopes) —
Limits the results to findings from specific organizational units or from the delegated administrator's organization. Only the delegated administrator account can use this parameter. Other accounts receive an AccessDeniedException.

This parameter is optional. If you omit it, the delegated administrator sees findings from all accounts across the entire organization. Other accounts see only their own findings.

You can specify up to 10 entries in Scopes.AwsOrganizations. If multiple entries are specified, the entries are combined using OR logic.
:sort_criteria (Array<Types::SortCriterion>) —
The finding attributes used to sort the list of returned findings.
:next_token (String) —
The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.
:max_results (Integer) —
The maximum number of results to return.

Returns:

(Types::GetFindingsV2Response) —
Returns a response object which responds to the following methods:
- #findings => Array<Hash,Array,String,Numeric,Boolean>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 7736

def get_findings_v2(params = {}, options = {})
  req = build_request(:get_findings_v2, params)
  req.send_request(options)
end

#get_insight_results(params = {}) ⇒ `Types::GetInsightResultsResponse`

Lists the results of the Security Hub CSPM insight specified by the insight ARN.

Examples:

Example: To get the results of a Security Hub insight


# The following example returns the results of the Security Hub insight specified by the insight ARN.

resp = client.get_insight_results({
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  insight_results: {
    group_by_attribute: "ResourceId", 
    insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    result_values: [
      {
        count: 10, 
        group_by_attribute_value: "AWS::::Account:111122223333", 
      }, 
      {
        count: 3, 
        group_by_attribute_value: "AWS::::Account:444455556666", 
      }, 
    ], 
  }, 
}

Request syntax with placeholder values


resp = client.get_insight_results({
  insight_arn: "NonEmptyString", # required
})

Response structure


resp.insight_results.insight_arn #=> String
resp.insight_results.group_by_attribute #=> String
resp.insight_results.result_values #=> Array
resp.insight_results.result_values[0].group_by_attribute_value #=> String
resp.insight_results.result_values[0].count #=> Integer

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:insight_arn (required, String) —
The ARN of the insight for which to return results.

Returns:

(Types::GetInsightResultsResponse) —
Returns a response object which responds to the following methods:
- #insight_results => Types::InsightResults

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 7796

def get_insight_results(params = {}, options = {})
  req = build_request(:get_insight_results, params)
  req.send_request(options)
end

#get_insights(params = {}) ⇒ `Types::GetInsightsResponse`

Lists and describes insights for the specified insight ARNs.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get details of a Security Hub insight


# The following example returns details of the Security Hub insight with the specified ARN.

resp = client.get_insights({
  insight_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  ], 
})

resp.to_h outputs the following:
{
  insights: [
    {
      filters: {
        resource_type: [
          {
            comparison: "EQUALS", 
            value: "AwsIamRole", 
          }, 
        ], 
        severity_label: [
          {
            comparison: "EQUALS", 
            value: "CRITICAL", 
          }, 
        ], 
      }, 
      group_by_attribute: "ResourceId", 
      insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      name: "Critical role findings", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.get_insights({
  insight_arns: ["NonEmptyString"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.insights #=> Array
resp.insights[0].insight_arn #=> String
resp.insights[0].name #=> String
resp.insights[0].filters.product_arn #=> Array
resp.insights[0].filters.product_arn[0].value #=> String
resp.insights[0].filters.product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.aws_account_id #=> Array
resp.insights[0].filters.aws_account_id[0].value #=> String
resp.insights[0].filters.aws_account_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.id #=> Array
resp.insights[0].filters.id[0].value #=> String
resp.insights[0].filters.id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.generator_id #=> Array
resp.insights[0].filters.generator_id[0].value #=> String
resp.insights[0].filters.generator_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.region #=> Array
resp.insights[0].filters.region[0].value #=> String
resp.insights[0].filters.region[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.type #=> Array
resp.insights[0].filters.type[0].value #=> String
resp.insights[0].filters.type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.first_observed_at #=> Array
resp.insights[0].filters.first_observed_at[0].start #=> String
resp.insights[0].filters.first_observed_at[0].end #=> String
resp.insights[0].filters.first_observed_at[0].date_range.value #=> Integer
resp.insights[0].filters.first_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.first_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.last_observed_at #=> Array
resp.insights[0].filters.last_observed_at[0].start #=> String
resp.insights[0].filters.last_observed_at[0].end #=> String
resp.insights[0].filters.last_observed_at[0].date_range.value #=> Integer
resp.insights[0].filters.last_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.last_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.created_at #=> Array
resp.insights[0].filters.created_at[0].start #=> String
resp.insights[0].filters.created_at[0].end #=> String
resp.insights[0].filters.created_at[0].date_range.value #=> Integer
resp.insights[0].filters.created_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.created_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.updated_at #=> Array
resp.insights[0].filters.updated_at[0].start #=> String
resp.insights[0].filters.updated_at[0].end #=> String
resp.insights[0].filters.updated_at[0].date_range.value #=> Integer
resp.insights[0].filters.updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.severity_product #=> Array
resp.insights[0].filters.severity_product[0].gte #=> Float
resp.insights[0].filters.severity_product[0].lte #=> Float
resp.insights[0].filters.severity_product[0].eq #=> Float
resp.insights[0].filters.severity_product[0].gt #=> Float
resp.insights[0].filters.severity_product[0].lt #=> Float
resp.insights[0].filters.severity_normalized #=> Array
resp.insights[0].filters.severity_normalized[0].gte #=> Float
resp.insights[0].filters.severity_normalized[0].lte #=> Float
resp.insights[0].filters.severity_normalized[0].eq #=> Float
resp.insights[0].filters.severity_normalized[0].gt #=> Float
resp.insights[0].filters.severity_normalized[0].lt #=> Float
resp.insights[0].filters.severity_label #=> Array
resp.insights[0].filters.severity_label[0].value #=> String
resp.insights[0].filters.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.confidence #=> Array
resp.insights[0].filters.confidence[0].gte #=> Float
resp.insights[0].filters.confidence[0].lte #=> Float
resp.insights[0].filters.confidence[0].eq #=> Float
resp.insights[0].filters.confidence[0].gt #=> Float
resp.insights[0].filters.confidence[0].lt #=> Float
resp.insights[0].filters.criticality #=> Array
resp.insights[0].filters.criticality[0].gte #=> Float
resp.insights[0].filters.criticality[0].lte #=> Float
resp.insights[0].filters.criticality[0].eq #=> Float
resp.insights[0].filters.criticality[0].gt #=> Float
resp.insights[0].filters.criticality[0].lt #=> Float
resp.insights[0].filters.title #=> Array
resp.insights[0].filters.title[0].value #=> String
resp.insights[0].filters.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.description #=> Array
resp.insights[0].filters.description[0].value #=> String
resp.insights[0].filters.description[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.recommendation_text #=> Array
resp.insights[0].filters.recommendation_text[0].value #=> String
resp.insights[0].filters.recommendation_text[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.source_url #=> Array
resp.insights[0].filters.source_url[0].value #=> String
resp.insights[0].filters.source_url[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.product_fields #=> Array
resp.insights[0].filters.product_fields[0].key #=> String
resp.insights[0].filters.product_fields[0].value #=> String
resp.insights[0].filters.product_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.product_name #=> Array
resp.insights[0].filters.product_name[0].value #=> String
resp.insights[0].filters.product_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.company_name #=> Array
resp.insights[0].filters.company_name[0].value #=> String
resp.insights[0].filters.company_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.user_defined_fields #=> Array
resp.insights[0].filters.user_defined_fields[0].key #=> String
resp.insights[0].filters.user_defined_fields[0].value #=> String
resp.insights[0].filters.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.malware_name #=> Array
resp.insights[0].filters.malware_name[0].value #=> String
resp.insights[0].filters.malware_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.malware_type #=> Array
resp.insights[0].filters.malware_type[0].value #=> String
resp.insights[0].filters.malware_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.malware_path #=> Array
resp.insights[0].filters.malware_path[0].value #=> String
resp.insights[0].filters.malware_path[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.malware_state #=> Array
resp.insights[0].filters.malware_state[0].value #=> String
resp.insights[0].filters.malware_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_direction #=> Array
resp.insights[0].filters.network_direction[0].value #=> String
resp.insights[0].filters.network_direction[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_protocol #=> Array
resp.insights[0].filters.network_protocol[0].value #=> String
resp.insights[0].filters.network_protocol[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_source_ip_v4 #=> Array
resp.insights[0].filters.network_source_ip_v4[0].cidr #=> String
resp.insights[0].filters.network_source_ip_v6 #=> Array
resp.insights[0].filters.network_source_ip_v6[0].cidr #=> String
resp.insights[0].filters.network_source_port #=> Array
resp.insights[0].filters.network_source_port[0].gte #=> Float
resp.insights[0].filters.network_source_port[0].lte #=> Float
resp.insights[0].filters.network_source_port[0].eq #=> Float
resp.insights[0].filters.network_source_port[0].gt #=> Float
resp.insights[0].filters.network_source_port[0].lt #=> Float
resp.insights[0].filters.network_source_domain #=> Array
resp.insights[0].filters.network_source_domain[0].value #=> String
resp.insights[0].filters.network_source_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_source_mac #=> Array
resp.insights[0].filters.network_source_mac[0].value #=> String
resp.insights[0].filters.network_source_mac[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_destination_ip_v4 #=> Array
resp.insights[0].filters.network_destination_ip_v4[0].cidr #=> String
resp.insights[0].filters.network_destination_ip_v6 #=> Array
resp.insights[0].filters.network_destination_ip_v6[0].cidr #=> String
resp.insights[0].filters.network_destination_port #=> Array
resp.insights[0].filters.network_destination_port[0].gte #=> Float
resp.insights[0].filters.network_destination_port[0].lte #=> Float
resp.insights[0].filters.network_destination_port[0].eq #=> Float
resp.insights[0].filters.network_destination_port[0].gt #=> Float
resp.insights[0].filters.network_destination_port[0].lt #=> Float
resp.insights[0].filters.network_destination_domain #=> Array
resp.insights[0].filters.network_destination_domain[0].value #=> String
resp.insights[0].filters.network_destination_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.process_name #=> Array
resp.insights[0].filters.process_name[0].value #=> String
resp.insights[0].filters.process_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.process_path #=> Array
resp.insights[0].filters.process_path[0].value #=> String
resp.insights[0].filters.process_path[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.process_pid #=> Array
resp.insights[0].filters.process_pid[0].gte #=> Float
resp.insights[0].filters.process_pid[0].lte #=> Float
resp.insights[0].filters.process_pid[0].eq #=> Float
resp.insights[0].filters.process_pid[0].gt #=> Float
resp.insights[0].filters.process_pid[0].lt #=> Float
resp.insights[0].filters.process_parent_pid #=> Array
resp.insights[0].filters.process_parent_pid[0].gte #=> Float
resp.insights[0].filters.process_parent_pid[0].lte #=> Float
resp.insights[0].filters.process_parent_pid[0].eq #=> Float
resp.insights[0].filters.process_parent_pid[0].gt #=> Float
resp.insights[0].filters.process_parent_pid[0].lt #=> Float
resp.insights[0].filters.process_launched_at #=> Array
resp.insights[0].filters.process_launched_at[0].start #=> String
resp.insights[0].filters.process_launched_at[0].end #=> String
resp.insights[0].filters.process_launched_at[0].date_range.value #=> Integer
resp.insights[0].filters.process_launched_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.process_launched_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.process_terminated_at #=> Array
resp.insights[0].filters.process_terminated_at[0].start #=> String
resp.insights[0].filters.process_terminated_at[0].end #=> String
resp.insights[0].filters.process_terminated_at[0].date_range.value #=> Integer
resp.insights[0].filters.process_terminated_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.process_terminated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.threat_intel_indicator_type #=> Array
resp.insights[0].filters.threat_intel_indicator_type[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_value #=> Array
resp.insights[0].filters.threat_intel_indicator_value[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_category #=> Array
resp.insights[0].filters.threat_intel_indicator_category[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_category[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_last_observed_at #=> Array
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].start #=> String
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].end #=> String
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].date_range.value #=> Integer
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.threat_intel_indicator_source #=> Array
resp.insights[0].filters.threat_intel_indicator_source[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_source[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_source_url #=> Array
resp.insights[0].filters.threat_intel_indicator_source_url[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_source_url[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_type #=> Array
resp.insights[0].filters.resource_type[0].value #=> String
resp.insights[0].filters.resource_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_id #=> Array
resp.insights[0].filters.resource_id[0].value #=> String
resp.insights[0].filters.resource_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_partition #=> Array
resp.insights[0].filters.resource_partition[0].value #=> String
resp.insights[0].filters.resource_partition[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_region #=> Array
resp.insights[0].filters.resource_region[0].value #=> String
resp.insights[0].filters.resource_region[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_tags #=> Array
resp.insights[0].filters.resource_tags[0].key #=> String
resp.insights[0].filters.resource_tags[0].value #=> String
resp.insights[0].filters.resource_tags[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.resource_aws_ec2_instance_type #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_type[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_image_id #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_image_id[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_image_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_ip_v4_addresses #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_ip_v4_addresses[0].cidr #=> String
resp.insights[0].filters.resource_aws_ec2_instance_ip_v6_addresses #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_ip_v6_addresses[0].cidr #=> String
resp.insights[0].filters.resource_aws_ec2_instance_key_name #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_key_name[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_key_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_iam_instance_profile_arn #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_iam_instance_profile_arn[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_iam_instance_profile_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_vpc_id #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_vpc_id[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_vpc_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_subnet_id #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_subnet_id[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_subnet_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_launched_at #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].start #=> String
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].end #=> String
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].date_range.value #=> Integer
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.resource_aws_s3_bucket_owner_id #=> Array
resp.insights[0].filters.resource_aws_s3_bucket_owner_id[0].value #=> String
resp.insights[0].filters.resource_aws_s3_bucket_owner_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_s3_bucket_owner_name #=> Array
resp.insights[0].filters.resource_aws_s3_bucket_owner_name[0].value #=> String
resp.insights[0].filters.resource_aws_s3_bucket_owner_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_user_name #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_user_name[0].value #=> String
resp.insights[0].filters.resource_aws_iam_access_key_user_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_principal_name #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_principal_name[0].value #=> String
resp.insights[0].filters.resource_aws_iam_access_key_principal_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_status #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_status[0].value #=> String
resp.insights[0].filters.resource_aws_iam_access_key_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_created_at #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].start #=> String
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].end #=> String
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].date_range.value #=> Integer
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.resource_aws_iam_user_user_name #=> Array
resp.insights[0].filters.resource_aws_iam_user_user_name[0].value #=> String
resp.insights[0].filters.resource_aws_iam_user_user_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_name #=> Array
resp.insights[0].filters.resource_container_name[0].value #=> String
resp.insights[0].filters.resource_container_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_image_id #=> Array
resp.insights[0].filters.resource_container_image_id[0].value #=> String
resp.insights[0].filters.resource_container_image_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_image_name #=> Array
resp.insights[0].filters.resource_container_image_name[0].value #=> String
resp.insights[0].filters.resource_container_image_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_launched_at #=> Array
resp.insights[0].filters.resource_container_launched_at[0].start #=> String
resp.insights[0].filters.resource_container_launched_at[0].end #=> String
resp.insights[0].filters.resource_container_launched_at[0].date_range.value #=> Integer
resp.insights[0].filters.resource_container_launched_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.resource_container_launched_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.resource_details_other #=> Array
resp.insights[0].filters.resource_details_other[0].key #=> String
resp.insights[0].filters.resource_details_other[0].value #=> String
resp.insights[0].filters.resource_details_other[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.compliance_status #=> Array
resp.insights[0].filters.compliance_status[0].value #=> String
resp.insights[0].filters.compliance_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.verification_state #=> Array
resp.insights[0].filters.verification_state[0].value #=> String
resp.insights[0].filters.verification_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.workflow_state #=> Array
resp.insights[0].filters.workflow_state[0].value #=> String
resp.insights[0].filters.workflow_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.workflow_status #=> Array
resp.insights[0].filters.workflow_status[0].value #=> String
resp.insights[0].filters.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.record_state #=> Array
resp.insights[0].filters.record_state[0].value #=> String
resp.insights[0].filters.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.related_findings_product_arn #=> Array
resp.insights[0].filters.related_findings_product_arn[0].value #=> String
resp.insights[0].filters.related_findings_product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.related_findings_id #=> Array
resp.insights[0].filters.related_findings_id[0].value #=> String
resp.insights[0].filters.related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.note_text #=> Array
resp.insights[0].filters.note_text[0].value #=> String
resp.insights[0].filters.note_text[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.note_updated_at #=> Array
resp.insights[0].filters.note_updated_at[0].start #=> String
resp.insights[0].filters.note_updated_at[0].end #=> String
resp.insights[0].filters.note_updated_at[0].date_range.value #=> Integer
resp.insights[0].filters.note_updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.note_updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.note_updated_by #=> Array
resp.insights[0].filters.note_updated_by[0].value #=> String
resp.insights[0].filters.note_updated_by[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.keyword #=> Array
resp.insights[0].filters.keyword[0].value #=> String
resp.insights[0].filters.finding_provider_fields_confidence #=> Array
resp.insights[0].filters.finding_provider_fields_confidence[0].gte #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].lte #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].eq #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].gt #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].lt #=> Float
resp.insights[0].filters.finding_provider_fields_criticality #=> Array
resp.insights[0].filters.finding_provider_fields_criticality[0].gte #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].lte #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].eq #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].gt #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].lt #=> Float
resp.insights[0].filters.finding_provider_fields_related_findings_id #=> Array
resp.insights[0].filters.finding_provider_fields_related_findings_id[0].value #=> String
resp.insights[0].filters.finding_provider_fields_related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_related_findings_product_arn #=> Array
resp.insights[0].filters.finding_provider_fields_related_findings_product_arn[0].value #=> String
resp.insights[0].filters.finding_provider_fields_related_findings_product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_severity_label #=> Array
resp.insights[0].filters.finding_provider_fields_severity_label[0].value #=> String
resp.insights[0].filters.finding_provider_fields_severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_severity_original #=> Array
resp.insights[0].filters.finding_provider_fields_severity_original[0].value #=> String
resp.insights[0].filters.finding_provider_fields_severity_original[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_types #=> Array
resp.insights[0].filters.finding_provider_fields_types[0].value #=> String
resp.insights[0].filters.finding_provider_fields_types[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.sample #=> Array
resp.insights[0].filters.sample[0].value #=> Boolean
resp.insights[0].filters.compliance_security_control_id #=> Array
resp.insights[0].filters.compliance_security_control_id[0].value #=> String
resp.insights[0].filters.compliance_security_control_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.compliance_associated_standards_id #=> Array
resp.insights[0].filters.compliance_associated_standards_id[0].value #=> String
resp.insights[0].filters.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.vulnerabilities_exploit_available #=> Array
resp.insights[0].filters.vulnerabilities_exploit_available[0].value #=> String
resp.insights[0].filters.vulnerabilities_exploit_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.vulnerabilities_fix_available #=> Array
resp.insights[0].filters.vulnerabilities_fix_available[0].value #=> String
resp.insights[0].filters.vulnerabilities_fix_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.compliance_security_control_parameters_name #=> Array
resp.insights[0].filters.compliance_security_control_parameters_name[0].value #=> String
resp.insights[0].filters.compliance_security_control_parameters_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.compliance_security_control_parameters_value #=> Array
resp.insights[0].filters.compliance_security_control_parameters_value[0].value #=> String
resp.insights[0].filters.compliance_security_control_parameters_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.aws_account_name #=> Array
resp.insights[0].filters.aws_account_name[0].value #=> String
resp.insights[0].filters.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_application_name #=> Array
resp.insights[0].filters.resource_application_name[0].value #=> String
resp.insights[0].filters.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_application_arn #=> Array
resp.insights[0].filters.resource_application_arn[0].value #=> String
resp.insights[0].filters.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].group_by_attribute #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:insight_arns (Array<String>) —
The ARNs of the insights to describe. If you don't provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.
:next_token (String) —
The token that is required for pagination. On your first call to the GetInsights operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of items to return in the response.

Returns:

(Types::GetInsightsResponse) —
Returns a response object which responds to the following methods:
- #insights => Array<Types::Insight>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8253

def get_insights(params = {}, options = {})
  req = build_request(:get_insights, params)
  req.send_request(options)
end

#get_invitations_count(params = {}) ⇒ `Types::GetInvitationsCountResponse`

Returns the count of all Security Hub CSPM membership invitations that were sent to the calling member account, not including the currently accepted invitation.

Examples:

Example: To get a count of membership invitations


# The following example returns a count of invitations that the Security Hub administrator sent to the current member
# account, not including the currently accepted invitation.

resp = client.get_invitations_count({
})

resp.to_h outputs the following:
{
  invitations_count: 3, 
}

Response structure


resp.invitations_count #=> Integer

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Types::GetInvitationsCountResponse) —
Returns a response object which responds to the following methods:
- #invitations_count => Integer

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8299

def get_invitations_count(params = {}, options = {})
  req = build_request(:get_invitations_count, params)
  req.send_request(options)
end

#get_master_account(params = {}) ⇒ `Types::GetMasterAccountResponse`

This method is deprecated. Instead, use GetAdministratorAccount.

The Security Hub CSPM console continues to use GetMasterAccount. It will eventually change to use GetAdministratorAccount. Any IAM policies that specifically control access to this function must continue to use GetMasterAccount. You should also add GetAdministratorAccount to your policies to ensure that the correct permissions are in place after the console begins to use GetAdministratorAccount.

Provides the details for the Security Hub CSPM administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Response structure


resp.master.account_id #=> String
resp.master.invitation_id #=> String
resp.master.invited_at #=> Time
resp.master.member_status #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Returns:

(Types::GetMasterAccountResponse) —
Returns a response object which responds to the following methods:
- #master => Types::Invitation

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8335

def get_master_account(params = {}, options = {})
  req = build_request(:get_master_account, params)
  req.send_request(options)
end

#get_members(params = {}) ⇒ `Types::GetMembersResponse`

Returns the details for the Security Hub CSPM member accounts for the specified account IDs.

An administrator account can be either the delegated Security Hub CSPM administrator account for an organization or an administrator account that enabled Security Hub CSPM manually.

The results include both member accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Example: To get member account details


# The following example returns details for the Security Hub member accounts with the specified AWS account IDs. An
# administrator account may be the delegated Security Hub administrator account for an organization or an administrator
# account that enabled Security Hub manually. The Security Hub administrator must call this operation.

resp = client.get_members({
  account_ids: [
    "444455556666", 
    "777788889999", 
  ], 
})

resp.to_h outputs the following:
{
  members: [
    {
      account_id: "444455556666", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
    {
      account_id: "777788889999", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
  ], 
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values


resp = client.get_members({
  account_ids: ["NonEmptyString"], # required
})

Response structure


resp.members #=> Array
resp.members[0].account_id #=> String
resp.members[0].email #=> String
resp.members[0].master_id #=> String
resp.members[0].administrator_id #=> String
resp.members[0].member_status #=> String
resp.members[0].invited_at #=> Time
resp.members[0].updated_at #=> Time
resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_ids (required, Array<String>) —
The list of account IDs for the Security Hub CSPM member accounts to return the details for.

Returns:

(Types::GetMembersResponse) —
Returns a response object which responds to the following methods:
- #members => Array<Types::Member>
- #unprocessed_accounts => Array<Types::Result>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8421

def get_members(params = {}, options = {})
  req = build_request(:get_members, params)
  req.send_request(options)
end

#get_recommended_policy_v2(params = {}) ⇒ `Types::GetRecommendedPolicyV2Response`

Retrieves the recommended policy to remediate a Security Hub finding. GetRecommendedPolicyV2 only supports findings for unused permissions.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.get_recommended_policy_v2({
  metadata_uid: "NonEmptyString", # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.next_token #=> String
resp.recommendation_type #=> String, one of "UNUSED_PERMISSION_RECOMMENDATION"
resp.recommendation_steps #=> Array
resp.recommendation_steps[0].unused_permissions.recommended_action #=> String
resp.recommendation_steps[0].unused_permissions.existing_policy #=> String
resp.recommendation_steps[0].unused_permissions.existing_policy_id #=> String
resp.recommendation_steps[0].unused_permissions.policy_updated_at #=> Time
resp.recommendation_steps[0].unused_permissions.recommended_policy #=> String
resp.error.code #=> String
resp.error.message #=> String
resp.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
resp.resource_arn #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:metadata_uid (required, String) —
The unique identifier (ID) of Security Hub OCSF findings found under the metadata.uid field of the finding.
:next_token (String) —
The token used to paginate the RecommendationSteps list returned. On your first call to GetRecommendedPolicyV2, omit this parameter or set it to NULL. For subsequent calls, use the NextToken value returned in the previous response to retrieve the next page of results.
:max_results (Integer) —
The maximum number of recommendation steps to return.

Returns:

(Types::GetRecommendedPolicyV2Response) —
Returns a response object which responds to the following methods:
- #next_token => String
- #recommendation_type => String
- #recommendation_steps => Array<Types::RecommendationStep>
- #error => Types::RecommendationError
- #status => String
- #resource_arn => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8482

def get_recommended_policy_v2(params = {}, options = {})
  req = build_request(:get_recommended_policy_v2, params)
  req.send_request(options)
end

#get_resources_statistics_v2(params = {}) ⇒ `Types::GetResourcesStatisticsV2Response`

Retrieves statistical information about Amazon Web Services resources and their associated security findings.

You can use the Scopes parameter to define the data boundary for the query. Currently, Scopes supports AwsOrganizations, which lets you aggregate resources from your entire organization or from specific organizational units. Only the delegated administrator account can use Scopes.

Examples:

Request syntax with placeholder values


resp = client.get_resources_statistics_v2({
  group_by_rules: [ # required
    {
      group_by_field: "AccountId", # required, accepts AccountId, Region, ResourceCategory, ResourceType, ResourceName, FindingsSummary.FindingType
      filters: {
        composite_filters: [
          {
            string_filters: [
              {
                field_name: "ResourceGuid", # accepts ResourceGuid, ResourceId, AccountId, Region, ResourceCategory, ResourceType, ResourceName, FindingsSummary.FindingType, FindingsSummary.ProductName
                filter: {
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
                },
              },
            ],
            date_filters: [
              {
                field_name: "ResourceDetailCaptureTime", # accepts ResourceDetailCaptureTime, ResourceCreationTime
                filter: {
                  start: "NonEmptyString",
                  end: "NonEmptyString",
                  date_range: {
                    value: 1,
                    unit: "DAYS", # accepts DAYS
                    comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                  },
                },
              },
            ],
            number_filters: [
              {
                field_name: "FindingsSummary.TotalFindings", # accepts FindingsSummary.TotalFindings, FindingsSummary.Severities.Other, FindingsSummary.Severities.Fatal, FindingsSummary.Severities.Critical, FindingsSummary.Severities.High, FindingsSummary.Severities.Medium, FindingsSummary.Severities.Low, FindingsSummary.Severities.Informational, FindingsSummary.Severities.Unknown
                filter: {
                  gte: 1.0,
                  lte: 1.0,
                  eq: 1.0,
                  gt: 1.0,
                  lt: 1.0,
                },
              },
            ],
            map_filters: [
              {
                field_name: "ResourceTags", # accepts ResourceTags
                filter: {
                  key: "NonEmptyString",
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
                },
              },
            ],
            nested_composite_filters: {
              # recursive ResourcesCompositeFilterList
            },
            operator: "AND", # accepts AND, OR
          },
        ],
        composite_operator: "AND", # accepts AND, OR
      },
    },
  ],
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_order: "asc", # accepts asc, desc
  max_statistic_results: 1,
})

Response structure


resp.group_by_results #=> Array
resp.group_by_results[0].group_by_field #=> String
resp.group_by_results[0].group_by_values #=> Array
resp.group_by_results[0].group_by_values[0].field_value #=> String
resp.group_by_results[0].group_by_values[0].count #=> Integer

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:group_by_rules (required, Array<Types::ResourceGroupByRule>) —
How resource statistics should be aggregated and organized in the response.
:scopes (Types::ResourceScopes) —
Limits the results to resources from specific organizational units or from the delegated administrator's organization. Only the delegated administrator account can use this parameter. Other accounts receive an AccessDeniedException.

This parameter is optional. If you omit it, the delegated administrator sees statistics from all accounts across the entire organization. Other accounts see only statistics for their own resources.

You can specify up to 10 entries in Scopes.AwsOrganizations. If multiple entries are specified, the entries are combined using OR logic.
:sort_order (String) —
Sorts aggregated statistics.
:max_statistic_results (Integer) —
The maximum number of results to be returned.

Returns:

(Types::GetResourcesStatisticsV2Response) —
Returns a response object which responds to the following methods:
- #group_by_results => Array<Types::GroupByResult>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8613

def get_resources_statistics_v2(params = {}, options = {})
  req = build_request(:get_resources_statistics_v2, params)
  req.send_request(options)
end

#get_resources_trends_v2(params = {}) ⇒ `Types::GetResourcesTrendsV2Response`

Returns resource trend data based on the specified criteria. This operation helps you analyze patterns and changes in resource compliance over time.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.get_resources_trends_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "account_id", # accepts account_id, region, resource_type, resource_category
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        nested_composite_filters: {
          # recursive ResourcesTrendsCompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  start_time: Time.now, # required
  end_time: Time.now, # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.granularity #=> String, one of "Daily", "Weekly", "Monthly"
resp.trends_metrics #=> Array
resp.trends_metrics[0].timestamp #=> Time
resp.trends_metrics[0].trends_values.resources_count.all_resources #=> Integer
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:filters (Types::ResourcesTrendsFilters) —
The filters to apply to the resources trend data.
:start_time (required, Time, DateTime, Date, Integer, String) —
The starting timestamp for the time period to analyze resources trends, in ISO 8601 format.
:end_time (required, Time, DateTime, Date, Integer, String) —
The ending timestamp for the time period to analyze resources trends, in ISO 8601 format.
:next_token (String) —
The token to use for paginating results. This value is returned in the response if more results are available.
:max_results (Integer) —
The maximum number of trend data points to return in a single response.

Returns:

(Types::GetResourcesTrendsV2Response) —
Returns a response object which responds to the following methods:
- #granularity => String
- #trends_metrics => Array<Types::ResourcesTrendsMetricsResult>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8690

def get_resources_trends_v2(params = {}, options = {})
  req = build_request(:get_resources_trends_v2, params)
  req.send_request(options)
end

#get_resources_v2(params = {}) ⇒ `Types::GetResourcesV2Response`

Returns a list of resources.

You can use the Scopes parameter to define the data boundary for the query. Currently, Scopes supports AwsOrganizations, which lets you retrieve resources from your entire organization or from specific organizational units. Only the delegated administrator account can use Scopes.

You can use the Filters parameter to refine results based on resource attributes. You can use Scopes and Filters independently or together. When both are provided, Scopes narrows the data set first, and then Filters refines results within that scoped data set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.get_resources_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "ResourceGuid", # accepts ResourceGuid, ResourceId, AccountId, Region, ResourceCategory, ResourceType, ResourceName, FindingsSummary.FindingType, FindingsSummary.ProductName
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        date_filters: [
          {
            field_name: "ResourceDetailCaptureTime", # accepts ResourceDetailCaptureTime, ResourceCreationTime
            filter: {
              start: "NonEmptyString",
              end: "NonEmptyString",
              date_range: {
                value: 1,
                unit: "DAYS", # accepts DAYS
                comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
              },
            },
          },
        ],
        number_filters: [
          {
            field_name: "FindingsSummary.TotalFindings", # accepts FindingsSummary.TotalFindings, FindingsSummary.Severities.Other, FindingsSummary.Severities.Fatal, FindingsSummary.Severities.Critical, FindingsSummary.Severities.High, FindingsSummary.Severities.Medium, FindingsSummary.Severities.Low, FindingsSummary.Severities.Informational, FindingsSummary.Severities.Unknown
            filter: {
              gte: 1.0,
              lte: 1.0,
              eq: 1.0,
              gt: 1.0,
              lt: 1.0,
            },
          },
        ],
        map_filters: [
          {
            field_name: "ResourceTags", # accepts ResourceTags
            filter: {
              key: "NonEmptyString",
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
            },
          },
        ],
        nested_composite_filters: {
          # recursive ResourcesCompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_criteria: [
    {
      field: "NonEmptyString",
      sort_order: "asc", # accepts asc, desc
    },
  ],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.resources #=> Array
resp.resources[0].resource_guid #=> String
resp.resources[0].resource_id #=> String
resp.resources[0].account_id #=> String
resp.resources[0].region #=> String
resp.resources[0].resource_category #=> String, one of "Compute", "Database", "Storage", "Code", "AI/ML", "Identity", "Network", "Other"
resp.resources[0].resource_type #=> String
resp.resources[0].resource_name #=> String
resp.resources[0].resource_creation_time_dt #=> String
resp.resources[0].resource_detail_capture_time_dt #=> String
resp.resources[0].findings_summary #=> Array
resp.resources[0].findings_summary[0].finding_type #=> String
resp.resources[0].findings_summary[0].product_name #=> String
resp.resources[0].findings_summary[0].total_findings #=> Integer
resp.resources[0].findings_summary[0].severities.other #=> Integer
resp.resources[0].findings_summary[0].severities.fatal #=> Integer
resp.resources[0].findings_summary[0].severities.critical #=> Integer
resp.resources[0].findings_summary[0].severities.high #=> Integer
resp.resources[0].findings_summary[0].severities.medium #=> Integer
resp.resources[0].findings_summary[0].severities.low #=> Integer
resp.resources[0].findings_summary[0].severities.informational #=> Integer
resp.resources[0].findings_summary[0].severities.unknown #=> Integer
resp.resources[0].resource_tags #=> Array
resp.resources[0].resource_tags[0].key #=> String
resp.resources[0].resource_tags[0].value #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:filters (Types::ResourcesFilters) —
Filters resources based on a set of criteria.
:scopes (Types::ResourceScopes) —
Limits the results to resources from specific organizational units or from the delegated administrator's organization. Only the delegated administrator account can use this parameter. Other accounts receive an AccessDeniedException.

This parameter is optional. If you omit it, the delegated administrator sees resources from all accounts across the entire organization. Other accounts see only their own resources.

You can specify up to 10 entries in Scopes.AwsOrganizations. If multiple entries are specified, the entries are combined using OR logic.
:sort_criteria (Array<Types::SortCriterion>) —
The resource attributes used to sort the list of returned resources.
:next_token (String) —
The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.
:max_results (Integer) —
The maximum number of results to return.

Returns:

(Types::GetResourcesV2Response) —
Returns a response object which responds to the following methods:
- #resources => Array<Types::ResourceResult>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8854

def get_resources_v2(params = {}, options = {})
  req = build_request(:get_resources_v2, params)
  req.send_request(options)
end

#get_security_control_definition(params = {}) ⇒ `Types::GetSecurityControlDefinitionResponse`

Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

Examples:

Example: To get the definition of a security control.


# The following example retrieves definition details for the specified security control.

resp = client.get_security_control_definition({
  security_control_id: "EC2.4", 
})

resp.to_h outputs the following:
{
  security_control_definition: {
    current_region_availability: "AVAILABLE", 
    description: "This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.", 
    parameter_definitions: {
      "AllowedDays" => {
        configuration_options: {
          integer: {
            default_value: 30, 
            max: 365, 
            min: 1, 
          }, 
        }, 
        description: "Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding", 
      }, 
    }, 
    remediation_url: "https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation", 
    security_control_id: "EC2.4", 
    severity_rating: "MEDIUM", 
    title: "Stopped Amazon EC2 instances should be removed after a specified time period", 
  }, 
}

Request syntax with placeholder values


resp = client.get_security_control_definition({
  security_control_id: "NonEmptyString", # required
})

Response structure


resp.security_control_definition.security_control_id #=> String
resp.security_control_definition.title #=> String
resp.security_control_definition.description #=> String
resp.security_control_definition.remediation_url #=> String
resp.security_control_definition.severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.security_control_definition.current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
resp.security_control_definition.customizable_properties #=> Array
resp.security_control_definition.customizable_properties[0] #=> String, one of "Parameters"
resp.security_control_definition.parameter_definitions #=> Hash
resp.security_control_definition.parameter_definitions["NonEmptyString"].description #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:security_control_id (required, String) —
The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).

Returns:

(Types::GetSecurityControlDefinitionResponse) —
Returns a response object which responds to the following methods:
- #security_control_definition => Types::SecurityControlDefinition

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 8955

def get_security_control_definition(params = {}, options = {})
  req = build_request(:get_security_control_definition, params)
  req.send_request(options)
end

#invite_members(params = {}) ⇒ `Types::InviteMembersResponse`

Invites other Amazon Web Services accounts to become member accounts for the Security Hub CSPM administrator account that the invitation is sent from.

This operation is only used to invite accounts that don't belong to an Amazon Web Services organization. Organization accounts don't receive invitations.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub CSPM.

When the account owner enables Security Hub CSPM and accepts the invitation to become a member account, the administrator account can view the findings generated in the member account.

Examples:

Example: To invite accounts to become members


# The following example invites the specified AWS accounts to become member accounts associated with the calling Security
# Hub administrator account. You only use this operation to invite accounts that don't belong to an AWS Organizations
# organization.

resp = client.invite_members({
  account_ids: [
    "111122223333", 
    "444455556666", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values


resp = client.invite_members({
  account_ids: ["NonEmptyString"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:account_ids (required, Array<String>) —
The list of account IDs of the Amazon Web Services accounts to invite to Security Hub CSPM as members.

Returns:

(Types::InviteMembersResponse) —
Returns a response object which responds to the following methods:
- #unprocessed_accounts => Array<Types::Result>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9031

def invite_members(params = {}, options = {})
  req = build_request(:invite_members, params)
  req.send_request(options)
end

#list_aggregators_v2(params = {}) ⇒ `Types::ListAggregatorsV2Response`

Retrieves a list of V2 aggregators.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_aggregators_v2({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.aggregators_v2 #=> Array
resp.aggregators_v2[0].aggregator_v2_arn #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.
:max_results (Integer) —
The maximum number of results to return.

Returns:

(Types::ListAggregatorsV2Response) —
Returns a response object which responds to the following methods:
- #aggregators_v2 => Array<Types::AggregatorV2>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9071

def list_aggregators_v2(params = {}, options = {})
  req = build_request(:list_aggregators_v2, params)
  req.send_request(options)
end

#list_automation_rules(params = {}) ⇒ `Types::ListAutomationRulesResponse`

A list of automation rules and their metadata for the calling account.

Examples:

Example: To list automation rules


# The following example lists automation rules and rule metadata in the calling account.

resp = client.list_automation_rules({
  max_results: 2, 
  next_token: "example-token", 
})

resp.to_h outputs the following:
{
  automation_rules_metadata: [
    {
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      description: "IAM.8 is a known issue and can be resolved", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      rule_name: "sample-rule-name-1", 
      rule_order: 1, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
    {
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      description: "Lambda.2 is a known issue and can be resolved", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      rule_name: "sample-rule-name-2", 
      rule_order: 2, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
  ], 
  next_token: "example-token", 
}

Request syntax with placeholder values


resp = client.list_automation_rules({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.automation_rules_metadata #=> Array
resp.automation_rules_metadata[0].rule_arn #=> String
resp.automation_rules_metadata[0].rule_status #=> String, one of "ENABLED", "DISABLED"
resp.automation_rules_metadata[0].rule_order #=> Integer
resp.automation_rules_metadata[0].rule_name #=> String
resp.automation_rules_metadata[0].description #=> String
resp.automation_rules_metadata[0].is_terminal #=> Boolean
resp.automation_rules_metadata[0].created_at #=> Time
resp.automation_rules_metadata[0].updated_at #=> Time
resp.automation_rules_metadata[0].created_by #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
A token to specify where to start paginating the response. This is the NextToken from a previously truncated response. On your first call to the ListAutomationRules API, set the value of this parameter to NULL.
:max_results (Integer) —
The maximum number of rules to return in the response. This currently ranges from 1 to 100.

Returns:

(Types::ListAutomationRulesResponse) —
Returns a response object which responds to the following methods:
- #automation_rules_metadata => Array<Types::AutomationRulesMetadata>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9155

def list_automation_rules(params = {}, options = {})
  req = build_request(:list_automation_rules, params)
  req.send_request(options)
end

#list_automation_rules_v2(params = {}) ⇒ `Types::ListAutomationRulesV2Response`

Returns a list of automation rules and metadata for the calling account.

Examples:

Request syntax with placeholder values


resp = client.list_automation_rules_v2({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.rules #=> Array
resp.rules[0].rule_arn #=> String
resp.rules[0].rule_id #=> String
resp.rules[0].rule_order #=> Float
resp.rules[0].rule_name #=> String
resp.rules[0].rule_status #=> String, one of "ENABLED", "DISABLED"
resp.rules[0].description #=> String
resp.rules[0].actions #=> Array
resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE", "EXTERNAL_INTEGRATION"
resp.rules[0].created_at #=> Time
resp.rules[0].updated_at #=> Time
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.
:max_results (Integer) —
The maximum number of results to return.

Returns:

(Types::ListAutomationRulesV2Response) —
Returns a response object which responds to the following methods:
- #rules => Array<Types::AutomationRulesMetadataV2>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9203

def list_automation_rules_v2(params = {}, options = {})
  req = build_request(:list_automation_rules_v2, params)
  req.send_request(options)
end

#list_configuration_policies(params = {}) ⇒ `Types::ListConfigurationPoliciesResponse`

Lists the configuration policies that the Security Hub CSPM delegated administrator has created for your organization. Only the delegated administrator can invoke this operation from the home Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To view a list of configuration policies


# This operation provides a list of your configuration policies, including metadata for each policy.

resp = client.list_configuration_policies({
  max_results: 1, 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf", 
})

resp.to_h outputs the following:
{
  configuration_policy_summaries: [
    {
      arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      description: "Configuration policy for testing FSBP and CIS", 
      id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      name: "TestConfigurationPolicy", 
      service_enabled: true, 
      updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
    }, 
  ], 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef", 
}

Request syntax with placeholder values


resp = client.list_configuration_policies({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.configuration_policy_summaries #=> Array
resp.configuration_policy_summaries[0].arn #=> String
resp.configuration_policy_summaries[0].id #=> String
resp.configuration_policy_summaries[0].name #=> String
resp.configuration_policy_summaries[0].description #=> String
resp.configuration_policy_summaries[0].updated_at #=> Time
resp.configuration_policy_summaries[0].service_enabled #=> Boolean
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The NextToken value that's returned from a previous paginated ListConfigurationPolicies request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.
:max_results (Integer) —
The maximum number of results that's returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicies returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicies request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.

Returns:

(Types::ListConfigurationPoliciesResponse) —
Returns a response object which responds to the following methods:
- #configuration_policy_summaries => Array<Types::ConfigurationPolicySummary>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9285

def list_configuration_policies(params = {}, options = {})
  req = build_request(:list_configuration_policies, params)
  req.send_request(options)
end

#list_configuration_policy_associations(params = {}) ⇒ `Types::ListConfigurationPolicyAssociationsResponse`

Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list configuration associations


# This operation lists all of the associations between targets and configuration policies or self-managed behavior.
# Targets can include accounts, organizational units, or the root.

resp = client.list_configuration_policy_associations({
  filters: {
    association_type: "APPLIED", 
  }, 
  max_results: 1, 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf", 
})

resp.to_h outputs the following:
{
  configuration_policy_association_summaries: [
    {
      association_status: "PENDING", 
      association_type: "APPLIED", 
      configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      target_id: "123456789012", 
      target_type: "ACCOUNT", 
      updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
    }, 
  ], 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef", 
}

Request syntax with placeholder values


resp = client.list_configuration_policy_associations({
  next_token: "NextToken",
  max_results: 1,
  filters: {
    configuration_policy_id: "NonEmptyString",
    association_type: "INHERITED", # accepts INHERITED, APPLIED
    association_status: "PENDING", # accepts PENDING, SUCCESS, FAILED
  },
})

Response structure


resp.configuration_policy_association_summaries #=> Array
resp.configuration_policy_association_summaries[0].configuration_policy_id #=> String
resp.configuration_policy_association_summaries[0].target_id #=> String
resp.configuration_policy_association_summaries[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.configuration_policy_association_summaries[0].association_type #=> String, one of "INHERITED", "APPLIED"
resp.configuration_policy_association_summaries[0].updated_at #=> Time
resp.configuration_policy_association_summaries[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.configuration_policy_association_summaries[0].association_status_message #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The NextToken value that's returned from a previous paginated ListConfigurationPolicyAssociations request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.
:max_results (Integer) —
The maximum number of results that's returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicyAssociations returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicyAssociations request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.
:filters (Types::AssociationFilters) —
Options for filtering the ListConfigurationPolicyAssociations response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration, AssociationType, or AssociationStatus.

Returns:

(Types::ListConfigurationPolicyAssociationsResponse) —
Returns a response object which responds to the following methods:
- #configuration_policy_association_summaries => Array<Types::ConfigurationPolicyAssociationSummary>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9383

def list_configuration_policy_associations(params = {}, options = {})
  req = build_request(:list_configuration_policy_associations, params)
  req.send_request(options)
end

#list_connectors_v2(params = {}) ⇒ `Types::ListConnectorsV2Response`

Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account.

Examples:

Request syntax with placeholder values


resp = client.list_connectors_v2({
  next_token: "NextToken",
  max_results: 1,
  provider_name: "JIRA_CLOUD", # accepts JIRA_CLOUD, SERVICENOW
  connector_status: "CONNECTED", # accepts CONNECTED, FAILED_TO_CONNECT, PENDING_CONFIGURATION, PENDING_AUTHORIZATION
})

Response structure


resp.next_token #=> String
resp.connectors #=> Array
resp.connectors[0].connector_arn #=> String
resp.connectors[0].connector_id #=> String
resp.connectors[0].name #=> String
resp.connectors[0].description #=> String
resp.connectors[0].provider_summary.provider_name #=> String, one of "JIRA_CLOUD", "SERVICENOW"
resp.connectors[0].provider_summary.connector_status #=> String, one of "CONNECTED", "FAILED_TO_CONNECT", "PENDING_CONFIGURATION", "PENDING_AUTHORIZATION"
resp.connectors[0].created_at #=> Time

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The pagination token per the Amazon Web Services Pagination standard
:max_results (Integer) —
The maximum number of results to be returned.
:provider_name (String) —
The name of the third-party provider.
:connector_status (String) —
The status for the connectorV2.

Returns:

(Types::ListConnectorsV2Response) —
Returns a response object which responds to the following methods:
- #next_token => String
- #connectors => Array<Types::ConnectorSummary>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9433

def list_connectors_v2(params = {}, options = {})
  req = build_request(:list_connectors_v2, params)
  req.send_request(options)
end

#list_enabled_products_for_import(params = {}) ⇒ `Types::ListEnabledProductsForImportResponse`

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub CSPM.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list ARNs for enabled integrations


# The following example returns a list of subscription Amazon Resource Names (ARNs) for the product integrations that you
# have currently enabled in Security Hub.

resp = client.list_enabled_products_for_import({
})

resp.to_h outputs the following:
{
  product_subscriptions: [
    "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon", 
    "arn:aws:securityhub:us-east-1::product/3coresec/3coresec", 
  ], 
}

Request syntax with placeholder values


resp = client.list_enabled_products_for_import({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.product_subscriptions #=> Array
resp.product_subscriptions[0] #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token that is required for pagination. On your first call to the ListEnabledProductsForImport operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:max_results (Integer) —
The maximum number of items to return in the response.

Returns:

(Types::ListEnabledProductsForImportResponse) —
Returns a response object which responds to the following methods:
- #product_subscriptions => Array<String>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9494

def list_enabled_products_for_import(params = {}, options = {})
  req = build_request(:list_enabled_products_for_import, params)
  req.send_request(options)
end

#list_finding_aggregators(params = {}) ⇒ `Types::ListFindingAggregatorsResponse`

If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator. You can run this operation from any Amazon Web Services Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To update the enablement status of a standard control


# The following example disables the specified control in the specified security standard.

resp = client.list_finding_aggregators({
})

resp.to_h outputs the following:
{
  finding_aggregators: [
    {
      finding_aggregator_arn: "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_finding_aggregators({
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.finding_aggregators #=> Array
resp.finding_aggregators[0].finding_aggregator_arn #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:next_token (String) —
The token returned with the previous set of results. Identifies the next set of results to return.
:max_results (Integer) —
The maximum number of results to return. This operation currently only returns a single result.

Returns:

(Types::ListFindingAggregatorsResponse) —
Returns a response object which responds to the following methods:
- #finding_aggregators => Array<Types::FindingAggregator>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9552

def list_finding_aggregators(params = {}, options = {})
  req = build_request(:list_finding_aggregators, params)
  req.send_request(options)
end

#list_invitations(params = {}) ⇒ `Types::ListInvitationsResponse`

Lists all Security Hub CSPM membership invitations that were sent to the calling account.

Only accounts that are managed by invitation can use this operation. Accounts that are managed using the integration with Organizations don't receive invitations.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list membership invitations to calling account


# The following example returns a list of Security Hub member invitations sent to the calling AWS account. Only accounts
# that are invited manually use this operation. It's not for use by accounts that are managed through AWS Organizations.

resp = client.list_invitations({
})

resp.to_h outputs the following:
{
  invitations: [
    {
      account_id: "123456789012", 
      invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb", 
      invited_at: Time.parse("2020-06-01T20:21:18.042000+00:00"), 
      member_status: "ASSOCIATED", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_invitations({
  max_results: 1,
  next_token: "NextToken",
})

Response structure


resp.invitations #=> Array
resp.invitations[0].account_id #=> String
resp.invitations[0].invitation_id #=> String
resp.invitations[0].invited_at #=> Time
resp.invitations[0].member_status #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:max_results (Integer) —
The maximum number of items to return in the response.
:next_token (String) —
The token that is required for pagination. On your first call to the ListInvitations operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Returns:

(Types::ListInvitationsResponse) —
Returns a response object which responds to the following methods:
- #invitations => Array<Types::Invitation>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9635

def list_invitations(params = {}, options = {})
  req = build_request(:list_invitations, params)
  req.send_request(options)
end

#list_members(params = {}) ⇒ `Types::ListMembersResponse`

Lists details about all member accounts for the current Security Hub CSPM administrator account.

The results include both member accounts that belong to an organization and member accounts that were invited manually.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list member account details


# The following example returns details about member accounts for the calling Security Hub administrator account. The
# response includes member accounts that are managed through AWS Organizations and those that were invited manually.

resp = client.list_members({
})

resp.to_h outputs the following:
{
  members: [
    {
      account_id: "111122223333", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
    {
      account_id: "444455556666", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_members({
  only_associated: false,
  max_results: 1,
  next_token: "NextToken",
})

Response structure


resp.members #=> Array
resp.members[0].account_id #=> String
resp.members[0].email #=> String
resp.members[0].master_id #=> String
resp.members[0].administrator_id #=> String
resp.members[0].member_status #=> String
resp.members[0].invited_at #=> Time
resp.members[0].updated_at #=> Time
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:only_associated (Boolean) —
Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE.

If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the administrator account is set to ENABLED.

If OnlyAssociated is set to FALSE, the response includes all existing member accounts.
:max_results (Integer) —
The maximum number of items to return in the response.
:next_token (String) —
The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Returns:

(Types::ListMembersResponse) —
Returns a response object which responds to the following methods:
- #members => Array<Types::Member>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9731

def list_members(params = {}, options = {})
  req = build_request(:list_members, params)
  req.send_request(options)
end

#list_organization_admin_accounts(params = {}) ⇒ `Types::ListOrganizationAdminAccountsResponse`

Lists the Security Hub CSPM administrator accounts. Can only be called by the organization management account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list administrator acccounts for an organization


# The following example lists the Security  Hub administrator accounts for an organization. Only the organization
# management account can call this operation.

resp = client.list_organization_admin_accounts({
})

resp.to_h outputs the following:
{
  admin_accounts: [
    {
      account_id: "777788889999", 
    }, 
    {
      status: "ENABLED", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_organization_admin_accounts({
  max_results: 1,
  next_token: "NextToken",
  feature: "SecurityHub", # accepts SecurityHub, SecurityHubV2
})

Response structure


resp.admin_accounts #=> Array
resp.admin_accounts[0].account_id #=> String
resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
resp.next_token #=> String
resp.feature #=> String, one of "SecurityHub", "SecurityHubV2"

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:max_results (Integer) —
The maximum number of items to return in the response.
:next_token (String) —
The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
:feature (String) —
The feature where the delegated administrator account is listed. Defaults to Security Hub CSPM if not specified.

Returns:

(Types::ListOrganizationAdminAccountsResponse) —
Returns a response object which responds to the following methods:
- #admin_accounts => Array<Types::AdminAccount>
- #next_token => String
- #feature => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9802

def list_organization_admin_accounts(params = {}, options = {})
  req = build_request(:list_organization_admin_accounts, params)
  req.send_request(options)
end

#list_security_control_definitions(params = {}) ⇒ `Types::ListSecurityControlDefinitionsResponse`

Lists all of the security controls that apply to a specified standard.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list security controls that apply to a standard


# The following example lists security controls that apply to a specified Security Hub standard. 

resp = client.list_security_control_definitions({
  max_results: 3, 
  next_token: "NULL", 
  standards_arn: "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0", 
})

resp.to_h outputs the following:
{
  next_token: "U2FsdGVkX1...", 
  security_control_definitions: [
    {
      current_region_availability: "AVAILABLE", 
      customizable_properties: [
        "Parameters", 
      ], 
      description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", 
      security_control_id: "ACM.1", 
      severity_rating: "MEDIUM", 
      title: "Imported and ACM-issued certificates should be renewed after a specified time period", 
    }, 
    {
      current_region_availability: "AVAILABLE", 
      customizable_properties: [
        "Parameters", 
      ], 
      description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", 
      security_control_id: "APIGateway.1", 
      severity_rating: "MEDIUM", 
      title: "API Gateway REST and WebSocket API execution logging should be enabled", 
    }, 
    {
      current_region_availability: "AVAILABLE", 
      description: "This control checks whether Amazon API Gateway REST API stages have SSL certificates configured that backend systems can use to authenticate that incoming requests are from the API Gateway.", 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.2/remediation", 
      security_control_id: "APIGateway.2", 
      severity_rating: "MEDIUM", 
      title: "API Gateway REST API stages should be configured to use SSL certificates for backend authentication", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_security_control_definitions({
  standards_arn: "NonEmptyString",
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.security_control_definitions #=> Array
resp.security_control_definitions[0].security_control_id #=> String
resp.security_control_definitions[0].title #=> String
resp.security_control_definitions[0].description #=> String
resp.security_control_definitions[0].remediation_url #=> String
resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
resp.security_control_definitions[0].customizable_properties #=> Array
resp.security_control_definitions[0].customizable_properties[0] #=> String, one of "Parameters"
resp.security_control_definitions[0].parameter_definitions #=> Hash
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].description #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_arn (String) —
The Amazon Resource Name (ARN) of the standard that you want to view controls for.
:next_token (String) —
Optional pagination parameter.
:max_results (Integer) —
An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.

Returns:

(Types::ListSecurityControlDefinitionsResponse) —
Returns a response object which responds to the following methods:
- #security_control_definitions => Array<Types::SecurityControlDefinition>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 9935

def list_security_control_definitions(params = {}, options = {})
  req = build_request(:list_security_control_definitions, params)
  req.send_request(options)
end

#list_standards_control_associations(params = {}) ⇒ `Types::ListStandardsControlAssociationsResponse`

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

This operation omits standards control associations for standard subscriptions where StandardsControlsUpdatable has value NOT_READY_FOR_UPDATES.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To say whether standard


# The following example specifies whether a control is currently enabled or disabled in each enabled standard in the
# calling account. The response also provides other details about the control.

resp = client.list_standards_control_associations({
  security_control_id: "S3.1", 
})

resp.to_h outputs the following:
{
  standards_control_association_summaries: [
    {
      association_status: "ENABLED", 
      related_requirements: [
        "PCI DSS 1.2.1", 
        "PCI DSS 1.3.1", 
        "PCI DSS 1.3.2", 
        "PCI DSS 1.3.4", 
        "PCI DSS 1.3.6", 
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1", 
      security_control_id: "S3.1", 
      standards_arn: "arn:aws:securityhub:us-west-2::standards/pci-dss/v/3.2.1", 
      standards_control_description: "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.", 
      standards_control_title: "S3 Block Public Access setting should be enabled", 
      updated_at: Time.parse("2022-01-13T23:03:46.648000+00:00"), 
    }, 
    {
      association_status: "DISABLED", 
      related_requirements: [
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1", 
      security_control_id: "S3.1", 
      standards_arn: "arn:aws:securityhub:us-west-2::standards/aws-foundational-security-best-practices/v/1.0.0", 
      standards_control_description: "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.", 
      standards_control_title: "S3 Block Public Access setting should be enabled", 
      updated_at: Time.parse("2022-08-12T22:59:04.924000+00:00"), 
      updated_reason: "Not relevant to environment", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_standards_control_associations({
  security_control_id: "NonEmptyString", # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.standards_control_association_summaries #=> Array
resp.standards_control_association_summaries[0].standards_arn #=> String
resp.standards_control_association_summaries[0].security_control_id #=> String
resp.standards_control_association_summaries[0].security_control_arn #=> String
resp.standards_control_association_summaries[0].association_status #=> String, one of "ENABLED", "DISABLED"
resp.standards_control_association_summaries[0].related_requirements #=> Array
resp.standards_control_association_summaries[0].related_requirements[0] #=> String
resp.standards_control_association_summaries[0].updated_at #=> Time
resp.standards_control_association_summaries[0].updated_reason #=> String
resp.standards_control_association_summaries[0].standards_control_title #=> String
resp.standards_control_association_summaries[0].standards_control_description #=> String
resp.next_token #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:security_control_id (required, String) —
The identifier of the control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) that you want to determine the enablement status of in each enabled standard.
:next_token (String) —
Optional pagination parameter.
:max_results (Integer) —
An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 standard and control associations. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub CSPM standards that you've enabled in the calling account.

Returns:

(Types::ListStandardsControlAssociationsResponse) —
Returns a response object which responds to the following methods:
- #standards_control_association_summaries => Array<Types::StandardsControlAssociationSummary>
- #next_token => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10044

def list_standards_control_associations(params = {}, options = {})
  req = build_request(:list_standards_control_associations, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ `Types::ListTagsForResourceResponse`

Returns a list of tags associated with a resource.

Examples:

Example: To get a list of tags for a resource


# The following example returns a list of tags associated with the specified resource.

resp = client.list_tags_for_resource({
  resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
})

resp.to_h outputs the following:
{
  tags: {
    "Area" => "USMidwest", 
    "Department" => "Operations", 
  }, 
}

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  resource_arn: "ResourceArn", # required
})

Response structure


resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:resource_arn (required, String) —
The ARN of the resource to retrieve tags for.

Returns:

(Types::ListTagsForResourceResponse) —
Returns a response object which responds to the following methods:
- #tags => Hash<String,String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10090

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#register_connector_v2(params = {}) ⇒ `Types::RegisterConnectorV2Response`

Grants permission to complete the authorization based on input parameters.

Examples:

Request syntax with placeholder values


resp = client.register_connector_v2({
  auth_code: "NonEmptyString", # required
  auth_state: "NonEmptyString", # required
})

Response structure


resp.connector_arn #=> String
resp.connector_id #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:auth_code (required, String) —
The authCode retrieved from authUrl to complete the OAuth 2.0 authorization code flow.
:auth_state (required, String) —
The authState retrieved from authUrl to complete the OAuth 2.0 authorization code flow.

Returns:

(Types::RegisterConnectorV2Response) —
Returns a response object which responds to the following methods:
- #connector_arn => String
- #connector_id => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10127

def register_connector_v2(params = {}, options = {})
  req = build_request(:register_connector_v2, params)
  req.send_request(options)
end

#start_configuration_policy_association(params = {}) ⇒ `Types::StartConfigurationPolicyAssociationResponse`

Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To associate a configuration with a target


# This operation associates a configuration policy or self-managed behavior with the target account, organizational unit,
# or the root.

resp = client.start_configuration_policy_association({
  configuration_policy_identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  target: {
    account_id: "111122223333", 
  }, 
})

resp.to_h outputs the following:
{
  association_status: "SUCCESS", 
  association_status_message: "This field is populated only if the association fails", 
  association_type: "APPLIED", 
  configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  target_id: "111122223333", 
  target_type: "ACCOUNT", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values


resp = client.start_configuration_policy_association({
  configuration_policy_identifier: "NonEmptyString", # required
  target: { # required
    account_id: "NonEmptyString",
    organizational_unit_id: "NonEmptyString",
    root_id: "NonEmptyString",
  },
})

Response structure


resp.configuration_policy_id #=> String
resp.target_id #=> String
resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.association_type #=> String, one of "INHERITED", "APPLIED"
resp.updated_at #=> Time
resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.association_status_message #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:configuration_policy_identifier (required, String) —
The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.
:target (required, Types::Target) —
The identifier of the target account, organizational unit, or the root to associate with the specified configuration.

Returns:

(Types::StartConfigurationPolicyAssociationResponse) —
Returns a response object which responds to the following methods:
- #configuration_policy_id => String
- #target_id => String
- #target_type => String
- #association_type => String
- #updated_at => Time
- #association_status => String
- #association_status_message => String

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10206

def start_configuration_policy_association(params = {}, options = {})
  req = build_request(:start_configuration_policy_association, params)
  req.send_request(options)
end

#start_configuration_policy_disassociation(params = {}) ⇒ `Struct`

Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To disassociate a configuration from a target


# This operation disassociates a configuration policy or self-managed behavior from the target account, organizational
# unit, or the root.

resp = client.start_configuration_policy_disassociation({
  configuration_policy_identifier: "SELF_MANAGED_SECURITY_HUB", 
  target: {
    root_id: "r-f6g7h8i9j0example", 
  }, 
})

Request syntax with placeholder values


resp = client.start_configuration_policy_disassociation({
  target: {
    account_id: "NonEmptyString",
    organizational_unit_id: "NonEmptyString",
    root_id: "NonEmptyString",
  },
  configuration_policy_identifier: "NonEmptyString", # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:target (Types::Target) —
The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.
:configuration_policy_identifier (required, String) —
The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10259

def start_configuration_policy_disassociation(params = {}, options = {})
  req = build_request(:start_configuration_policy_disassociation, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ `Struct`

Adds one or more tags to a resource.

Examples:

Example: To tag a resource


# The following example adds the 'Department' and 'Area' tags to the specified resource.

resp = client.tag_resource({
  resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
  tags: {
    "Area" => "USMidwest", 
    "Department" => "Operations", 
  }, 
})

Request syntax with placeholder values


resp = client.tag_resource({
  resource_arn: "ResourceArn", # required
  tags: { # required
    "TagKey" => "TagValue",
  },
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:resource_arn (required, String) —
The ARN of the resource to apply the tags to.
:tags (required, Hash<String,String>) —
The tags to add to the resource. You can add up to 50 tags at a time. The tag keys can be no longer than 128 characters. The tag values can be no longer than 256 characters.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10302

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ `Struct`

Removes one or more tags from a resource.

Examples:

Example: To remove tags from a resource


# The following example removes the 'Department' tag from the specified resource.

resp = client.untag_resource({
  resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
  tag_keys: [
    "Department", 
  ], 
})

Request syntax with placeholder values


resp = client.untag_resource({
  resource_arn: "ResourceArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:resource_arn (required, String) —
The ARN of the resource to remove the tags from.
:tag_keys (required, Array<String>) —
The tag keys associated with the tags to remove from the resource. You can remove up to 50 tags at a time.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10341

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_action_target(params = {}) ⇒ `Struct`

Updates the name and description of a custom action target in Security Hub CSPM.

Examples:

Example: To update the name and description of a custom action target


# The following example updates the name and description of a custom action target in Security Hub. You can create custom
# actions to automatically respond to Security Hub findings using Amazon EventBridge. 

resp = client.update_action_target({
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
  description: "Sends specified findings to customer service chat", 
  name: "Chat custom action", 
})

Request syntax with placeholder values


resp = client.update_action_target({
  action_target_arn: "NonEmptyString", # required
  name: "NonEmptyString",
  description: "NonEmptyString",
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:action_target_arn (required, String) —
The ARN of the custom action target to update.
:name (String) —
The updated name of the custom action target.
:description (String) —
The updated description for the custom action target.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10384

def update_action_target(params = {}, options = {})
  req = build_request(:update_action_target, params)
  req.send_request(options)
end

#update_aggregator_v2(params = {}) ⇒ `Types::UpdateAggregatorV2Response`

Udpates the configuration for the Aggregator V2.

Examples:

Request syntax with placeholder values


resp = client.update_aggregator_v2({
  aggregator_v2_arn: "NonEmptyString", # required
  region_linking_mode: "NonEmptyString", # required
  linked_regions: ["NonEmptyString"],
})

Response structure


resp.aggregator_v2_arn #=> String
resp.aggregation_region #=> String
resp.region_linking_mode #=> String
resp.linked_regions #=> Array
resp.linked_regions[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:aggregator_v2_arn (required, String) —
The ARN of the Aggregator V2.
:region_linking_mode (required, String) —
Determines how Amazon Web Services Regions should be linked to the Aggregator V2.
:linked_regions (Array<String>) —
A list of Amazon Web Services Regions linked to the aggegation Region.

Returns:

(Types::UpdateAggregatorV2Response) —
Returns a response object which responds to the following methods:
- #aggregator_v2_arn => String
- #aggregation_region => String
- #region_linking_mode => String
- #linked_regions => Array<String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10428

def update_aggregator_v2(params = {}, options = {})
  req = build_request(:update_aggregator_v2, params)
  req.send_request(options)
end

#update_automation_rule_v2(params = {}) ⇒ `Struct`

Updates a V2 automation rule.

Examples:

Request syntax with placeholder values


resp = client.update_automation_rule_v2({
  identifier: "NonEmptyString", # required
  rule_status: "ENABLED", # accepts ENABLED, DISABLED
  rule_order: 1.0,
  description: "NonEmptyString",
  rule_name: "NonEmptyString",
  criteria: {
    ocsf_finding_criteria: {
      composite_filters: [
        {
          string_filters: [
            {
              field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
              filter: {
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
              },
            },
          ],
          date_filters: [
            {
              field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
              filter: {
                start: "NonEmptyString",
                end: "NonEmptyString",
                date_range: {
                  value: 1,
                  unit: "DAYS", # accepts DAYS
                  comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                },
              },
            },
          ],
          boolean_filters: [
            {
              field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
              filter: {
                value: false,
              },
            },
          ],
          number_filters: [
            {
              field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
              filter: {
                gte: 1.0,
                lte: 1.0,
                eq: 1.0,
                gt: 1.0,
                lt: 1.0,
              },
            },
          ],
          map_filters: [
            {
              field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
              filter: {
                key: "NonEmptyString",
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
              },
            },
          ],
          ip_filters: [
            {
              field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
              filter: {
                cidr: "NonEmptyString",
              },
            },
          ],
          nested_composite_filters: {
            # recursive CompositeFilterList
          },
          operator: "AND", # accepts AND, OR
        },
      ],
      composite_operator: "AND", # accepts AND, OR
    },
  },
  actions: [
    {
      type: "FINDING_FIELDS_UPDATE", # required, accepts FINDING_FIELDS_UPDATE, EXTERNAL_INTEGRATION
      finding_fields_update: {
        severity_id: 1,
        comment: "NonEmptyString",
        status_id: 1,
      },
      external_integration_configuration: {
        connector_arn: "NonEmptyString",
      },
    },
  ],
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:identifier (required, String) —
The ARN of the automation rule.
:rule_status (String) —
The status of the automation rule.
:rule_order (Float) —
Represents a value for the rule priority.
:description (String) —
A description of the automation rule.
:rule_name (String) —
The name of the automation rule.
:criteria (Types::Criteria) —
The filtering type and configuration of the automation rule.
:actions (Array<Types::AutomationRulesActionV2>) —
A list of actions to be performed when the rule criteria is met.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10559

def update_automation_rule_v2(params = {}, options = {})
  req = build_request(:update_automation_rule_v2, params)
  req.send_request(options)
end

#update_configuration_policy(params = {}) ⇒ `Types::UpdateConfigurationPolicyResponse`

Updates a configuration policy. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To update a configuration policy


# This operation updates the specified configuration policy.

resp = client.update_configuration_policy({
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
          "CloudWatch.2", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 21, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  description: "Updated configuration policy for testing FSBP and CIS", 
  identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_reason: "Enabling ACM.2", 
})

resp.to_h outputs the following:
{
  arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
          "CloudWatch.2", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 21, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  created_at: Time.parse("2023-01-11T06:17:17.154Z"), 
  description: "Updated configuration policy for testing FSBP and CIS", 
  id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_at: Time.parse("2023-01-12T06:17:17.154Z"), 
}

Request syntax with placeholder values


resp = client.update_configuration_policy({
  identifier: "NonEmptyString", # required
  name: "NonEmptyString",
  description: "NonEmptyString",
  updated_reason: "NonEmptyString",
  configuration_policy: {
    security_hub: {
      service_enabled: false,
      enabled_standard_identifiers: ["NonEmptyString"],
      security_controls_configuration: {
        enabled_security_control_identifiers: ["NonEmptyString"],
        disabled_security_control_identifiers: ["NonEmptyString"],
        security_control_custom_parameters: [
          {
            security_control_id: "NonEmptyString",
            parameters: {
              "NonEmptyString" => {
                value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
                value: {
                  integer: 1,
                  integer_list: [1],
                  double: 1.0,
                  string: "NonEmptyString",
                  string_list: ["NonEmptyString"],
                  boolean: false,
                  enum: "NonEmptyString",
                  enum_list: ["NonEmptyString"],
                },
              },
            },
          },
        ],
      },
    },
  },
})

Response structure


resp.arn #=> String
resp.id #=> String
resp.name #=> String
resp.description #=> String
resp.updated_at #=> Time
resp.created_at #=> Time
resp.configuration_policy.security_hub.service_enabled #=> Boolean
resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:identifier (required, String) —
The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
:name (String) —
The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.
:description (String) —
The description of the configuration policy.
:updated_reason (String) —
The reason for updating the configuration policy.
:configuration_policy (Types::Policy) —
An object that defines how Security Hub CSPM is configured. It includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).

When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list of controls that you want to enable or disable. The updated configuration replaces the current configuration.

Returns:

(Types::UpdateConfigurationPolicyResponse) —
Returns a response object which responds to the following methods:
- #arn => String
- #id => String
- #name => String
- #description => String
- #updated_at => Time
- #created_at => Time
- #configuration_policy => Types::Policy

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10760

def update_configuration_policy(params = {}, options = {})
  req = build_request(:update_configuration_policy, params)
  req.send_request(options)
end

#update_connector_v2(params = {}) ⇒ `Struct`

Grants permission to update a connectorV2 based on its id and input parameters.

Examples:

Request syntax with placeholder values


resp = client.update_connector_v2({
  connector_id: "NonEmptyString", # required
  description: "NonEmptyString",
  provider: {
    jira_cloud: {
      project_key: "NonEmptyString",
    },
    service_now: {
      secret_arn: "NonEmptyString",
    },
  },
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:connector_id (required, String) —
The UUID of the connectorV2 to identify connectorV2 resource.
:description (String) —
The description of the connectorV2.
:provider (Types::ProviderUpdateConfiguration) —
The third-party provider’s service configuration.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10798

def update_connector_v2(params = {}, options = {})
  req = build_request(:update_connector_v2, params)
  req.send_request(options)
end

#update_finding_aggregator(params = {}) ⇒ `Types::UpdateFindingAggregatorResponse`

The aggregation Region is now called the home Region.

Updates cross-Region aggregation settings. You can use this operation to update the Region linking mode and the list of included or excluded Amazon Web Services Regions. However, you can't use this operation to change the home Region.

You can invoke this operation from the current home Region only.

Examples:

Example: To update cross-Region aggregation settings


# The following example updates the cross-Region aggregation configuration. You use this operation to change the list of
# linked Regions and the treatment of new Regions. However, you cannot use this operation to change the aggregation
# Region.

resp = client.update_finding_aggregator({
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
})

resp.to_h outputs the following:
{
  finding_aggregation_region: "us-east-1", 
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
}

Request syntax with placeholder values


resp = client.update_finding_aggregator({
  finding_aggregator_arn: "NonEmptyString", # required
  region_linking_mode: "NonEmptyString", # required
  regions: ["NonEmptyString"],
})

Response structure


resp.finding_aggregator_arn #=> String
resp.finding_aggregation_region #=> String
resp.region_linking_mode #=> String
resp.regions #=> Array
resp.regions[0] #=> String

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:finding_aggregator_arn (required, String) —
The ARN of the finding aggregator. To obtain the ARN, use ListFindingAggregators.
:region_linking_mode (required, String) —
Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub CSPM supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:
- ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub CSPM is enabled. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.
- ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub CSPM is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.
- SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub CSPM does not automatically aggregate findings from new Regions.
- NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.
:regions (Array<String>) —
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

Returns:

(Types::UpdateFindingAggregatorResponse) —
Returns a response object which responds to the following methods:
- #finding_aggregator_arn => String
- #finding_aggregation_region => String
- #region_linking_mode => String
- #regions => Array<String>

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 10913

def update_finding_aggregator(params = {}, options = {})
  req = build_request(:update_finding_aggregator, params)
  req.send_request(options)
end

#update_findings(params = {}) ⇒ `Struct`

UpdateFindings is a deprecated operation. Instead of UpdateFindings, use the BatchUpdateFindings operation.

The UpdateFindings operation updates the Note and RecordState of the Security Hub CSPM aggregated findings that the filter attributes specify. Any member account that can view the finding can also see the update to the finding.

Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the finding provider through the BatchImportFindings operation. In addition, Security Hub CSPM doesn't record updates made with UpdateFindings in the finding history.

Examples:

Request syntax with placeholder values


resp = client.update_findings({
  filters: { # required
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  note: {
    text: "NonEmptyString", # required
    updated_by: "NonEmptyString", # required
  },
  record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:filters (required, Types::AwsSecurityFindingFilters) —
A collection of attributes that specify which findings you want to update.
:note (Types::NoteUpdate) —
The updated note for the finding.
:record_state (String) —
The updated record state for the finding.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 11665

def update_findings(params = {}, options = {})
  req = build_request(:update_findings, params)
  req.send_request(options)
end

#update_insight(params = {}) ⇒ `Struct`

Updates the Security Hub CSPM insight identified by the specified insight ARN.

Examples:

Example: To update an insight


# The following example updates the specified Security Hub insight.

resp = client.update_insight({
  filters: {
    resource_type: [
      {
        comparison: "EQUALS", 
        value: "AwsIamRole", 
      }, 
    ], 
    severity_label: [
      {
        comparison: "EQUALS", 
        value: "HIGH", 
      }, 
    ], 
  }, 
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "High severity role findings", 
})

Request syntax with placeholder values


resp = client.update_insight({
  insight_arn: "NonEmptyString", # required
  name: "NonEmptyString",
  filters: {
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  group_by_attribute: "NonEmptyString",
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:insight_arn (required, String) —
The ARN of the insight that you want to update.
:name (String) —
The updated name for the insight.
:filters (Types::AwsSecurityFindingFilters) —
The updated filters that define this insight.
:group_by_attribute (String) —
The updated GroupBy attribute that defines this insight.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 12430

def update_insight(params = {}, options = {})
  req = build_request(:update_insight, params)
  req.send_request(options)
end

#update_organization_configuration(params = {}) ⇒ `Struct`

Updates the configuration of your organization in Security Hub CSPM. Only the Security Hub CSPM administrator account can invoke this operation.

Examples:

Example: To update organization configuration


# This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator
# account can invoke this operation.

resp = client.update_organization_configuration({
  auto_enable: false, 
  auto_enable_standards: "NONE", 
  organization_configuration: {
    configuration_type: "CENTRAL", 
  }, 
})

Request syntax with placeholder values


resp = client.update_organization_configuration({
  auto_enable: false, # required
  auto_enable_standards: "NONE", # accepts NONE, DEFAULT
  organization_configuration: {
    configuration_type: "CENTRAL", # accepts CENTRAL, LOCAL
    status: "PENDING", # accepts PENDING, ENABLED, FAILED
    status_message: "NonEmptyString",
  },
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:auto_enable (required, Boolean) —
Whether to automatically enable Security Hub CSPM in new member accounts when they join the organization.

If set to true, then Security Hub CSPM is automatically enabled in new accounts. If set to false, then Security Hub CSPM isn't enabled in new accounts automatically. The default value is false.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to false and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub CSPM is enabled and associate the policy with new organization accounts.
:auto_enable_standards (String) —
Whether to automatically enable Security Hub CSPM default standards in new member accounts when they join the organization.

The default value of this parameter is equal to DEFAULT.

If equal to DEFAULT, then Security Hub CSPM default standards are automatically enabled for new member accounts. If equal to NONE, then default standards are not automatically enabled for new member accounts.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to NONE and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.
:organization_configuration (Types::OrganizationConfiguration) —
Provides information about the way an organization is configured in Security Hub CSPM.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 12512

def update_organization_configuration(params = {}, options = {})
  req = build_request(:update_organization_configuration, params)
  req.send_request(options)
end

#update_security_control(params = {}) ⇒ `Struct`

Updates the properties of a security control.

Examples:

Example: To update security control properties


# The following example updates the specified security control. Specifically, this example updates control parameters.

resp = client.update_security_control({
  last_update_reason: "Comply with internal requirements", 
  parameters: {
    "maxCredentialUsageAge" => {
      value: {
        integer: 15, 
      }, 
      value_type: "CUSTOM", 
    }, 
  }, 
  security_control_id: "ACM.1", 
})

resp.to_h outputs the following:
{
}

Request syntax with placeholder values


resp = client.update_security_control({
  security_control_id: "NonEmptyString", # required
  parameters: { # required
    "NonEmptyString" => {
      value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
      value: {
        integer: 1,
        integer_list: [1],
        double: 1.0,
        string: "NonEmptyString",
        string_list: ["NonEmptyString"],
        boolean: false,
        enum: "NonEmptyString",
        enum_list: ["NonEmptyString"],
      },
    },
  },
  last_update_reason: "AlphaNumericNonEmptyString",
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:security_control_id (required, String) —
The Amazon Resource Name (ARN) or ID of the control to update.
:parameters (required, Hash<String,Types::ParameterConfiguration>) —
An object that specifies which security control parameters to update.
:last_update_reason (String) —
The most recent reason for updating the properties of the security control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 12580

def update_security_control(params = {}, options = {})
  req = build_request(:update_security_control, params)
  req.send_request(options)
end

#update_security_hub_configuration(params = {}) ⇒ `Struct`

Updates configuration options for Security Hub CSPM.

Examples:

Example: To update Security Hub settings


# The following example updates Security Hub settings to turn on consolidated control findings, and to automatically
# enable new controls in enabled standards.

resp = client.update_security_hub_configuration({
  auto_enable_controls: true, 
  control_finding_generator: "SECURITY_CONTROL", 
})

Request syntax with placeholder values


resp = client.update_security_hub_configuration({
  auto_enable_controls: false,
  control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:auto_enable_controls (Boolean) —
Whether to automatically enable new controls when they are added to standards that are enabled.

By default, this is set to true, and new controls are enabled automatically. To not automatically enable new controls, set this to false.

When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of DISABLED. It can take up to several days for Security Hub CSPM to process the control release and designate the control as ENABLED in your account. During the processing period, you can manually enable or disable a control, and Security Hub CSPM will maintain that designation regardless of whether you have AutoEnableControls set to true.
:control_finding_generator (String) —
Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub CSPM generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL, Security Hub CSPM generates separate findings for a control check when the check applies to multiple enabled standards.

For accounts that are part of an organization, this value can only be updated in the administrator account.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 12642

def update_security_hub_configuration(params = {}, options = {})
  req = build_request(:update_security_hub_configuration, params)
  req.send_request(options)
end

#update_standards_control(params = {}) ⇒ `Struct`

Used to control whether an individual security standard control is enabled or disabled.

Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the control has StandardsControlsUpdatable value NOT_READY_FOR_UPDATES.

Examples:

Example: To update the enablement status of a standard control


# The following example disables the specified control in the specified security standard.

resp = client.update_standards_control({
  control_status: "DISABLED", 
  disabled_reason: "Not applicable to my service", 
  standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1", 
})

Request syntax with placeholder values


resp = client.update_standards_control({
  standards_control_arn: "NonEmptyString", # required
  control_status: "ENABLED", # accepts ENABLED, DISABLED
  disabled_reason: "NonEmptyString",
})

Parameters:

params (Hash) (defaults to: {}) —
({})

Options Hash (params):

:standards_control_arn (required, String) —
The ARN of the security standard control to enable or disable.
:control_status (String) —
The updated status of the security standard control.
:disabled_reason (String) —
A description of the reason why you are disabling a security standard control. If you are disabling a control, then this is required.

Returns:

(Struct) —
Returns an empty response.

See Also:

AWS API Documentation

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/client.rb', line 12689

def update_standards_control(params = {}, options = {})
  req = build_request(:update_standards_control, params)
  req.send_request(options)
end

Class: Aws::SecurityHub::Client

Overview

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

Methods inherited from Seahorse::Client::Base

Methods included from Seahorse::Client::HandlerBuilder

Constructor Details

#initialize(options) ⇒ Client

Instance Method Details

#accept_administrator_invitation(params = {}) ⇒ Struct

Examples:

Example: To accept an invitation be a member account

Request syntax with placeholder values

#accept_invitation(params = {}) ⇒ Struct

Examples:

Request syntax with placeholder values

#batch_delete_automation_rules(params = {}) ⇒ Types::BatchDeleteAutomationRulesResponse

Examples:

Example: To delete one or more automation rules

Request syntax with placeholder values

Response structure

#batch_disable_standards(params = {}) ⇒ Types::BatchDisableStandardsResponse

Examples:

Example: To disable one or more security standards

Request syntax with placeholder values

Response structure

#batch_enable_standards(params = {}) ⇒ Types::BatchEnableStandardsResponse

Examples:

Example: To enable security standards

Request syntax with placeholder values

Response structure

#batch_get_automation_rules(params = {}) ⇒ Types::BatchGetAutomationRulesResponse

Examples:

Example: To update one ore more automation rules

Request syntax with placeholder values

Response structure

#batch_get_configuration_policy_associations(params = {}) ⇒ Types::BatchGetConfigurationPolicyAssociationsResponse

Examples:

Example: To get configuration associations for a batch of targets

Request syntax with placeholder values

Response structure

#batch_get_security_controls(params = {}) ⇒ Types::BatchGetSecurityControlsResponse

Examples:

Example: To get security control details

Request syntax with placeholder values

Response structure

#batch_get_standards_control_associations(params = {}) ⇒ Types::BatchGetStandardsControlAssociationsResponse

Examples:

Example: To get enablement status of a batch of controls

Request syntax with placeholder values

Response structure

#batch_import_findings(params = {}) ⇒ Types::BatchImportFindingsResponse

Examples:

Example: To import security findings from a third party provider to Security Hub

Response structure

#batch_update_automation_rules(params = {}) ⇒ Types::BatchUpdateAutomationRulesResponse

Examples:

Example: To update one ore more automation rules

Request syntax with placeholder values

Response structure

#batch_update_findings(params = {}) ⇒ Types::BatchUpdateFindingsResponse

Examples:

Example: To update Security Hub findings

Request syntax with placeholder values

Response structure

#batch_update_findings_v2(params = {}) ⇒ Types::BatchUpdateFindingsV2Response

Examples:

Request syntax with placeholder values

Response structure

#batch_update_standards_control_associations(params = {}) ⇒ Types::BatchUpdateStandardsControlAssociationsResponse

Examples:

Example: To update enablement status of a batch of controls

Request syntax with placeholder values

Response structure

#create_action_target(params = {}) ⇒ Types::CreateActionTargetResponse

Examples:

Example: To create a custom action target

#initialize(options) ⇒ `Client`

#accept_administrator_invitation(params = {}) ⇒ `Struct`

#accept_invitation(params = {}) ⇒ `Struct`

#batch_delete_automation_rules(params = {}) ⇒ `Types::BatchDeleteAutomationRulesResponse`

#batch_disable_standards(params = {}) ⇒ `Types::BatchDisableStandardsResponse`

#batch_enable_standards(params = {}) ⇒ `Types::BatchEnableStandardsResponse`

#batch_get_automation_rules(params = {}) ⇒ `Types::BatchGetAutomationRulesResponse`

#batch_get_configuration_policy_associations(params = {}) ⇒ `Types::BatchGetConfigurationPolicyAssociationsResponse`

#batch_get_security_controls(params = {}) ⇒ `Types::BatchGetSecurityControlsResponse`

#batch_get_standards_control_associations(params = {}) ⇒ `Types::BatchGetStandardsControlAssociationsResponse`

#batch_import_findings(params = {}) ⇒ `Types::BatchImportFindingsResponse`

#batch_update_automation_rules(params = {}) ⇒ `Types::BatchUpdateAutomationRulesResponse`

#batch_update_findings(params = {}) ⇒ `Types::BatchUpdateFindingsResponse`

#batch_update_findings_v2(params = {}) ⇒ `Types::BatchUpdateFindingsV2Response`

#batch_update_standards_control_associations(params = {}) ⇒ `Types::BatchUpdateStandardsControlAssociationsResponse`

#create_action_target(params = {}) ⇒ `Types::CreateActionTargetResponse`

#create_aggregator_v2(params = {}) ⇒ `Types::CreateAggregatorV2Response`

#create_automation_rule(params = {}) ⇒ `Types::CreateAutomationRuleResponse`

#create_automation_rule_v2(params = {}) ⇒ `Types::CreateAutomationRuleV2Response`

#create_configuration_policy(params = {}) ⇒ `Types::CreateConfigurationPolicyResponse`

#create_connector_v2(params = {}) ⇒ `Types::CreateConnectorV2Response`

#create_finding_aggregator(params = {}) ⇒ `Types::CreateFindingAggregatorResponse`

#create_insight(params = {}) ⇒ `Types::CreateInsightResponse`

#create_members(params = {}) ⇒ `Types::CreateMembersResponse`

#create_ticket_v2(params = {}) ⇒ `Types::CreateTicketV2Response`

#decline_invitations(params = {}) ⇒ `Types::DeclineInvitationsResponse`

#delete_action_target(params = {}) ⇒ `Types::DeleteActionTargetResponse`

#delete_aggregator_v2(params = {}) ⇒ `Struct`

#delete_automation_rule_v2(params = {}) ⇒ `Struct`

#delete_configuration_policy(params = {}) ⇒ `Struct`

#delete_connector_v2(params = {}) ⇒ `Struct`

#delete_finding_aggregator(params = {}) ⇒ `Struct`