PatchSummary - AWS Security Hub

PatchSummary

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

Contents

Id

The identifier of the compliance standard that was used to determine the patch compliance status.

Length Constraints: Minimum length of 1. Maximum length of 256.

Type: String

Pattern: .*\S.*

Required: Yes

FailedCount

The number of patches from the compliance standard that failed to install.

The value can be an integer from 0 to 100000.

Type: Integer

Required: No

InstalledCount

The number of patches from the compliance standard that were installed successfully.

The value can be an integer from 0 to 100000.

Type: Integer

Required: No

InstalledOtherCount

The number of installed patches that are not part of the compliance standard.

The value can be an integer from 0 to 100000.

Type: Integer

Required: No

InstalledPendingReboot

The number of patches that were applied, but that require the instance to be rebooted in order to be marked as installed.

The value can be an integer from 0 to 100000.

Type: Integer

Required: No

InstalledRejectedCount

The number of patches that are installed but are also on a list of patches that the customer rejected.

The value can be an integer from 0 to 100000.

Type: Integer

Required: No

MissingCount

The number of patches that are part of the compliance standard but are not installed. The count includes patches that failed to install.

The value can be an integer from 0 to 100000.

Type: Integer

Required: No

Operation

The type of patch operation performed. For Patch Manager, the values are SCAN and INSTALL.

Length Constraints: Minimum length of 1. Maximum length of 256.

Type: String

Pattern: .*\S.*

Required: No

OperationEndTime

Indicates when the operation completed.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

OperationStartTime

Indicates when the operation started.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

RebootOption

The reboot option specified for the instance.

Length Constraints: Minimum length of 1. Maximum length of 256.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: