lib/aws-sdk-securityhub/client.rb in aws-sdk-securityhub-1.95.0 vs lib/aws-sdk-securityhub/client.rb in aws-sdk-securityhub-1.96.0

- old
+ new

@@ -843,14 +843,18 @@ # resp.rules[0].criteria.updated_at[0].date_range.unit #=> String, one of "DAYS" # resp.rules[0].criteria.confidence #=> Array # resp.rules[0].criteria.confidence[0].gte #=> Float # resp.rules[0].criteria.confidence[0].lte #=> Float # resp.rules[0].criteria.confidence[0].eq #=> Float + # resp.rules[0].criteria.confidence[0].gt #=> Float + # resp.rules[0].criteria.confidence[0].lt #=> Float # resp.rules[0].criteria.criticality #=> Array # resp.rules[0].criteria.criticality[0].gte #=> Float # resp.rules[0].criteria.criticality[0].lte #=> Float # resp.rules[0].criteria.criticality[0].eq #=> Float + # resp.rules[0].criteria.criticality[0].gt #=> Float + # resp.rules[0].criteria.criticality[0].lt #=> Float # resp.rules[0].criteria.title #=> Array # resp.rules[0].criteria.title[0].value #=> String # resp.rules[0].criteria.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.rules[0].criteria.description #=> Array # resp.rules[0].criteria.description[0].value #=> String @@ -989,25 +993,45 @@ # resp.to_h outputs the following: # { # security_controls: [ # { # description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", + # last_update_reason: "Stayed with default value", + # parameters: { + # "daysToExpiration" => { + # value: { + # integer: 30, + # }, + # value_type: "DEFAULT", + # }, + # }, # remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", # security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1", # security_control_id: "ACM.1", # security_control_status: "ENABLED", # severity_rating: "MEDIUM", # title: "Imported and ACM-issued certificates should be renewed after a specified time period", + # update_status: "UPDATING", # }, # { # description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", + # last_update_reason: "Updated control parameters to comply with internal requirements", + # parameters: { + # "loggingLevel" => { + # value: { + # enum: "ERROR", + # }, + # value_type: "CUSTOM", + # }, + # }, # remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", # security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1", # security_control_id: "APIGateway.1", # security_control_status: "ENABLED", # severity_rating: "MEDIUM", # title: "API Gateway REST and WebSocket API execution logging should be enabled", + # update_status: "UPDATING", # }, # ], # } # # @example Request syntax with placeholder values @@ -1024,10 +1048,25 @@ # resp.security_controls[0].title #=> String # resp.security_controls[0].description #=> String # resp.security_controls[0].remediation_url #=> String # resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL" # resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED" + # resp.security_controls[0].update_status #=> String, one of "READY", "UPDATING" + # resp.security_controls[0].parameters #=> Hash + # resp.security_controls[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM" + # resp.security_controls[0].parameters["NonEmptyString"].value.integer #=> Integer + # resp.security_controls[0].parameters["NonEmptyString"].value.integer_list #=> Array + # resp.security_controls[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer + # resp.security_controls[0].parameters["NonEmptyString"].value.double #=> Float + # resp.security_controls[0].parameters["NonEmptyString"].value.string #=> String + # resp.security_controls[0].parameters["NonEmptyString"].value.string_list #=> Array + # resp.security_controls[0].parameters["NonEmptyString"].value.string_list[0] #=> String + # resp.security_controls[0].parameters["NonEmptyString"].value.boolean #=> Boolean + # resp.security_controls[0].parameters["NonEmptyString"].value.enum #=> String + # resp.security_controls[0].parameters["NonEmptyString"].value.enum_list #=> Array + # resp.security_controls[0].parameters["NonEmptyString"].value.enum_list[0] #=> String + # resp.security_controls[0].last_update_reason #=> String # resp.unprocessed_ids #=> Array # resp.unprocessed_ids[0].security_control_id #=> String # resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED" # resp.unprocessed_ids[0].error_reason #=> String # @@ -1401,17 +1440,21 @@ # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", @@ -2190,17 +2233,21 @@ # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", @@ -2639,17 +2686,21 @@ # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", @@ -2659,17 +2710,21 @@ # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", @@ -2769,10 +2824,12 @@ # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", @@ -2798,10 +2855,12 @@ # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", @@ -2823,17 +2882,21 @@ # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", @@ -3134,17 +3197,21 @@ # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", @@ -3190,10 +3257,34 @@ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS # }, # ], + # vulnerabilities_exploit_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # vulnerabilities_fix_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_name: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_value: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], # }, # group_by_attribute: "NonEmptyString", # required # }) # # @example Response structure @@ -5007,17 +5098,21 @@ # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", @@ -5027,17 +5122,21 @@ # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", @@ -5137,10 +5236,12 @@ # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", @@ -5166,10 +5267,12 @@ # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", @@ -5191,17 +5294,21 @@ # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", @@ -5502,17 +5609,21 @@ # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", @@ -5558,10 +5669,34 @@ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS # }, # ], + # vulnerabilities_exploit_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # vulnerabilities_fix_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_name: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_value: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], # }, # sort_criteria: [ # { # field: "NonEmptyString", # sort_order: "asc", # accepts asc, desc @@ -5754,25 +5889,33 @@ # resp.insights[0].filters.updated_at[0].date_range.unit #=> String, one of "DAYS" # resp.insights[0].filters.severity_product #=> Array # resp.insights[0].filters.severity_product[0].gte #=> Float # resp.insights[0].filters.severity_product[0].lte #=> Float # resp.insights[0].filters.severity_product[0].eq #=> Float + # resp.insights[0].filters.severity_product[0].gt #=> Float + # resp.insights[0].filters.severity_product[0].lt #=> Float # resp.insights[0].filters.severity_normalized #=> Array # resp.insights[0].filters.severity_normalized[0].gte #=> Float # resp.insights[0].filters.severity_normalized[0].lte #=> Float # resp.insights[0].filters.severity_normalized[0].eq #=> Float + # resp.insights[0].filters.severity_normalized[0].gt #=> Float + # resp.insights[0].filters.severity_normalized[0].lt #=> Float # resp.insights[0].filters.severity_label #=> Array # resp.insights[0].filters.severity_label[0].value #=> String # resp.insights[0].filters.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.confidence #=> Array # resp.insights[0].filters.confidence[0].gte #=> Float # resp.insights[0].filters.confidence[0].lte #=> Float # resp.insights[0].filters.confidence[0].eq #=> Float + # resp.insights[0].filters.confidence[0].gt #=> Float + # resp.insights[0].filters.confidence[0].lt #=> Float # resp.insights[0].filters.criticality #=> Array # resp.insights[0].filters.criticality[0].gte #=> Float # resp.insights[0].filters.criticality[0].lte #=> Float # resp.insights[0].filters.criticality[0].eq #=> Float + # resp.insights[0].filters.criticality[0].gt #=> Float + # resp.insights[0].filters.criticality[0].lt #=> Float # resp.insights[0].filters.title #=> Array # resp.insights[0].filters.title[0].value #=> String # resp.insights[0].filters.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.description #=> Array # resp.insights[0].filters.description[0].value #=> String @@ -5821,10 +5964,12 @@ # resp.insights[0].filters.network_source_ip_v6[0].cidr #=> String # resp.insights[0].filters.network_source_port #=> Array # resp.insights[0].filters.network_source_port[0].gte #=> Float # resp.insights[0].filters.network_source_port[0].lte #=> Float # resp.insights[0].filters.network_source_port[0].eq #=> Float + # resp.insights[0].filters.network_source_port[0].gt #=> Float + # resp.insights[0].filters.network_source_port[0].lt #=> Float # resp.insights[0].filters.network_source_domain #=> Array # resp.insights[0].filters.network_source_domain[0].value #=> String # resp.insights[0].filters.network_source_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.network_source_mac #=> Array # resp.insights[0].filters.network_source_mac[0].value #=> String @@ -5835,10 +5980,12 @@ # resp.insights[0].filters.network_destination_ip_v6[0].cidr #=> String # resp.insights[0].filters.network_destination_port #=> Array # resp.insights[0].filters.network_destination_port[0].gte #=> Float # resp.insights[0].filters.network_destination_port[0].lte #=> Float # resp.insights[0].filters.network_destination_port[0].eq #=> Float + # resp.insights[0].filters.network_destination_port[0].gt #=> Float + # resp.insights[0].filters.network_destination_port[0].lt #=> Float # resp.insights[0].filters.network_destination_domain #=> Array # resp.insights[0].filters.network_destination_domain[0].value #=> String # resp.insights[0].filters.network_destination_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.process_name #=> Array # resp.insights[0].filters.process_name[0].value #=> String @@ -5848,14 +5995,18 @@ # resp.insights[0].filters.process_path[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.process_pid #=> Array # resp.insights[0].filters.process_pid[0].gte #=> Float # resp.insights[0].filters.process_pid[0].lte #=> Float # resp.insights[0].filters.process_pid[0].eq #=> Float + # resp.insights[0].filters.process_pid[0].gt #=> Float + # resp.insights[0].filters.process_pid[0].lt #=> Float # resp.insights[0].filters.process_parent_pid #=> Array # resp.insights[0].filters.process_parent_pid[0].gte #=> Float # resp.insights[0].filters.process_parent_pid[0].lte #=> Float # resp.insights[0].filters.process_parent_pid[0].eq #=> Float + # resp.insights[0].filters.process_parent_pid[0].gt #=> Float + # resp.insights[0].filters.process_parent_pid[0].lt #=> Float # resp.insights[0].filters.process_launched_at #=> Array # resp.insights[0].filters.process_launched_at[0].start #=> String # resp.insights[0].filters.process_launched_at[0].end #=> String # resp.insights[0].filters.process_launched_at[0].date_range.value #=> Integer # resp.insights[0].filters.process_launched_at[0].date_range.unit #=> String, one of "DAYS" @@ -6004,14 +6155,18 @@ # resp.insights[0].filters.keyword[0].value #=> String # resp.insights[0].filters.finding_provider_fields_confidence #=> Array # resp.insights[0].filters.finding_provider_fields_confidence[0].gte #=> Float # resp.insights[0].filters.finding_provider_fields_confidence[0].lte #=> Float # resp.insights[0].filters.finding_provider_fields_confidence[0].eq #=> Float + # resp.insights[0].filters.finding_provider_fields_confidence[0].gt #=> Float + # resp.insights[0].filters.finding_provider_fields_confidence[0].lt #=> Float # resp.insights[0].filters.finding_provider_fields_criticality #=> Array # resp.insights[0].filters.finding_provider_fields_criticality[0].gte #=> Float # resp.insights[0].filters.finding_provider_fields_criticality[0].lte #=> Float # resp.insights[0].filters.finding_provider_fields_criticality[0].eq #=> Float + # resp.insights[0].filters.finding_provider_fields_criticality[0].gt #=> Float + # resp.insights[0].filters.finding_provider_fields_criticality[0].lt #=> Float # resp.insights[0].filters.finding_provider_fields_related_findings_id #=> Array # resp.insights[0].filters.finding_provider_fields_related_findings_id[0].value #=> String # resp.insights[0].filters.finding_provider_fields_related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.finding_provider_fields_related_findings_product_arn #=> Array # resp.insights[0].filters.finding_provider_fields_related_findings_product_arn[0].value #=> String @@ -6031,10 +6186,22 @@ # resp.insights[0].filters.compliance_security_control_id[0].value #=> String # resp.insights[0].filters.compliance_security_control_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].filters.compliance_associated_standards_id #=> Array # resp.insights[0].filters.compliance_associated_standards_id[0].value #=> String # resp.insights[0].filters.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" + # resp.insights[0].filters.vulnerabilities_exploit_available #=> Array + # resp.insights[0].filters.vulnerabilities_exploit_available[0].value #=> String + # resp.insights[0].filters.vulnerabilities_exploit_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" + # resp.insights[0].filters.vulnerabilities_fix_available #=> Array + # resp.insights[0].filters.vulnerabilities_fix_available[0].value #=> String + # resp.insights[0].filters.vulnerabilities_fix_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" + # resp.insights[0].filters.compliance_security_control_parameters_name #=> Array + # resp.insights[0].filters.compliance_security_control_parameters_name[0].value #=> String + # resp.insights[0].filters.compliance_security_control_parameters_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" + # resp.insights[0].filters.compliance_security_control_parameters_value #=> Array + # resp.insights[0].filters.compliance_security_control_parameters_value[0].value #=> String + # resp.insights[0].filters.compliance_security_control_parameters_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS" # resp.insights[0].group_by_attribute #=> String # resp.next_token #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsights AWS API Documentation # @@ -6199,10 +6366,111 @@ def get_members(params = {}, options = {}) req = build_request(:get_members, params) req.send_request(options) end + # Retrieves the definition of a security control. The definition + # includes the control title, description, Region availability, + # parameter definitions, and other details. + # + # @option params [required, String] :security_control_id + # The ID of the security control to retrieve the definition for. This + # field doesn’t accept an Amazon Resource Name (ARN). + # + # @return [Types::GetSecurityControlDefinitionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::GetSecurityControlDefinitionResponse#security_control_definition #security_control_definition} => Types::SecurityControlDefinition + # + # + # @example Example: To get the definition of a security control. + # + # # The following example retrieves definition details for the specified security control. + # + # resp = client.get_security_control_definition({ + # security_control_id: "EC2.4", + # }) + # + # resp.to_h outputs the following: + # { + # security_control_definition: { + # current_region_availability: "AVAILABLE", + # description: "This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.", + # parameter_definitions: { + # "AllowedDays" => { + # configuration_options: { + # integer: { + # default_value: 30, + # max: 365, + # min: 1, + # }, + # }, + # description: "Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding", + # }, + # }, + # remediation_url: "https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation", + # security_control_id: "EC2.4", + # severity_rating: "MEDIUM", + # title: "Stopped Amazon EC2 instances should be removed after a specified time period", + # }, + # } + # + # @example Request syntax with placeholder values + # + # resp = client.get_security_control_definition({ + # security_control_id: "NonEmptyString", # required + # }) + # + # @example Response structure + # + # resp.security_control_definition.security_control_id #=> String + # resp.security_control_definition.title #=> String + # resp.security_control_definition.description #=> String + # resp.security_control_definition.remediation_url #=> String + # resp.security_control_definition.severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL" + # resp.security_control_definition.current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE" + # resp.security_control_definition.customizable_properties #=> Array + # resp.security_control_definition.customizable_properties[0] #=> String, one of "Parameters" + # resp.security_control_definition.parameter_definitions #=> Hash + # resp.security_control_definition.parameter_definitions["NonEmptyString"].description #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array + # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinition AWS API Documentation + # + # @overload get_security_control_definition(params = {}) + # @param [Hash] params ({}) + def get_security_control_definition(params = {}, options = {}) + req = build_request(:get_security_control_definition, params) + req.send_request(options) + end + # Invites other Amazon Web Services accounts to become member accounts # for the Security Hub administrator account that the invitation is sent # from. # # This operation is only used to invite accounts that do not belong to @@ -6740,18 +7008,24 @@ # { # next_token: "U2FsdGVkX1...", # security_control_definitions: [ # { # current_region_availability: "AVAILABLE", + # customizable_properties: [ + # "Parameters", + # ], # description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", # remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", # security_control_id: "ACM.1", # severity_rating: "MEDIUM", # title: "Imported and ACM-issued certificates should be renewed after a specified time period", # }, # { # current_region_availability: "AVAILABLE", + # customizable_properties: [ + # "Parameters", + # ], # description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", # remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", # security_control_id: "APIGateway.1", # severity_rating: "MEDIUM", # title: "API Gateway REST and WebSocket API execution logging should be enabled", @@ -6782,10 +7056,42 @@ # resp.security_control_definitions[0].title #=> String # resp.security_control_definitions[0].description #=> String # resp.security_control_definitions[0].remediation_url #=> String # resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL" # resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE" + # resp.security_control_definitions[0].customizable_properties #=> Array + # resp.security_control_definitions[0].customizable_properties[0] #=> String, one of "Parameters" + # resp.security_control_definitions[0].parameter_definitions #=> Hash + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].description #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array + # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String # resp.next_token #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions AWS API Documentation # # @overload list_security_control_definitions(params = {}) @@ -7277,17 +7583,21 @@ # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", @@ -7297,17 +7607,21 @@ # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", @@ -7407,10 +7721,12 @@ # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", @@ -7436,10 +7752,12 @@ # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", @@ -7461,17 +7779,21 @@ # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", @@ -7772,17 +8094,21 @@ # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", @@ -7828,10 +8154,34 @@ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS # }, # ], + # vulnerabilities_exploit_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # vulnerabilities_fix_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_name: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_value: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], # }, # note: { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # }, @@ -7973,17 +8323,21 @@ # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", @@ -7993,17 +8347,21 @@ # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", @@ -8103,10 +8461,12 @@ # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", @@ -8132,10 +8492,12 @@ # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", @@ -8157,17 +8519,21 @@ # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", @@ -8468,17 +8834,21 @@ # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, + # gt: 1.0, + # lt: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", @@ -8524,10 +8894,34 @@ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS # }, # ], + # vulnerabilities_exploit_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # vulnerabilities_fix_available: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_name: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], + # compliance_security_control_parameters_value: [ + # { + # value: "NonEmptyString", + # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS + # }, + # ], # }, # group_by_attribute: "NonEmptyString", # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateInsight AWS API Documentation @@ -8593,10 +8987,78 @@ def update_organization_configuration(params = {}, options = {}) req = build_request(:update_organization_configuration, params) req.send_request(options) end + # Updates the properties of a security control. + # + # @option params [required, String] :security_control_id + # The Amazon Resource Name (ARN) or ID of the control to update. + # + # @option params [required, Hash<String,Types::ParameterConfiguration>] :parameters + # An object that specifies which security control parameters to update. + # + # @option params [String] :last_update_reason + # The most recent reason for updating the properties of the security + # control. This field accepts alphanumeric characters in addition to + # white spaces, dashes, and underscores. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # + # @example Example: To update security control properties + # + # # The following example updates the specified security control. Specifically, this example updates control parameters. + # + # resp = client.update_security_control({ + # last_update_reason: "Comply with internal requirements", + # parameters: { + # "maxCredentialUsageAge" => { + # value: { + # integer: 15, + # }, + # value_type: "CUSTOM", + # }, + # }, + # security_control_id: "ACM.1", + # }) + # + # resp.to_h outputs the following: + # { + # } + # + # @example Request syntax with placeholder values + # + # resp = client.update_security_control({ + # security_control_id: "NonEmptyString", # required + # parameters: { # required + # "NonEmptyString" => { + # value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM + # value: { + # integer: 1, + # integer_list: [1], + # double: 1.0, + # string: "NonEmptyString", + # string_list: ["NonEmptyString"], + # boolean: false, + # enum: "NonEmptyString", + # enum_list: ["NonEmptyString"], + # }, + # }, + # }, + # last_update_reason: "AlphaNumericNonEmptyString", + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControl AWS API Documentation + # + # @overload update_security_control(params = {}) + # @param [Hash] params ({}) + def update_security_control(params = {}, options = {}) + req = build_request(:update_security_control, params) + req.send_request(options) + end + # Updates configuration options for Security Hub. # # @option params [Boolean] :auto_enable_controls # Whether to automatically enable new controls when they are added to # standards that are enabled. @@ -8701,10 +9163,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-securityhub' - context[:gem_version] = '1.95.0' + context[:gem_version] = '1.96.0' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated