Class: Aws::SecurityHub::Client

Inherits:

Seahorse::Client::Base

• Object
• Seahorse::Client::Base
• Aws::SecurityHub::Client

Includes:

ClientStubs

Defined in:

lib/aws-sdk-securityhub/client.rb

Overview

An API client for SecurityHub. To construct a client, you need to configure a ‘:region` and `:credentials`.

client = Aws::SecurityHub::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).

See #initialize for a full list of supported configuration options.

Class Attribute Summary

• .identifier ⇒ Object readonly private

API Operations

• #accept_administrator_invitation(params = {}) ⇒ Struct

  <note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.

• #accept_invitation(params = {}) ⇒ Struct

  This method is deprecated.

• #batch_delete_automation_rules(params = {}) ⇒ Types::BatchDeleteAutomationRulesResponse

  Deletes one or more automation rules.

• #batch_disable_standards(params = {}) ⇒ Types::BatchDisableStandardsResponse

  Disables the standards specified by the provided ‘StandardsSubscriptionArns`.

• #batch_enable_standards(params = {}) ⇒ Types::BatchEnableStandardsResponse

  Enables the standards specified by the provided ‘StandardsArn`.

• #batch_get_automation_rules(params = {}) ⇒ Types::BatchGetAutomationRulesResponse

  Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).

• #batch_get_configuration_policy_associations(params = {}) ⇒ Types::BatchGetConfigurationPolicyAssociationsResponse

  Returns associations between an Security Hub CSPM configuration and a batch of target accounts, organizational units, or the root.

• #batch_get_security_controls(params = {}) ⇒ Types::BatchGetSecurityControlsResponse

  Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

• #batch_get_standards_control_associations(params = {}) ⇒ Types::BatchGetStandardsControlAssociationsResponse

  For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

• #batch_import_findings(params = {}) ⇒ Types::BatchImportFindingsResponse

  Imports security findings generated by a finding provider into Security Hub CSPM.

• #batch_update_automation_rules(params = {}) ⇒ Types::BatchUpdateAutomationRulesResponse

  Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.

• #batch_update_findings(params = {}) ⇒ Types::BatchUpdateFindingsResponse

  Used by Security Hub CSPM customers to update information about their investigation into one or more findings.

• #batch_update_findings_v2(params = {}) ⇒ Types::BatchUpdateFindingsV2Response

  Updates information about a customer’s investigation into a finding.

• #batch_update_standards_control_associations(params = {}) ⇒ Types::BatchUpdateStandardsControlAssociationsResponse

  For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

• #create_action_target(params = {}) ⇒ Types::CreateActionTargetResponse

  Creates a custom action target in Security Hub CSPM.

• #create_aggregator_v2(params = {}) ⇒ Types::CreateAggregatorV2Response

  Enables aggregation across Amazon Web Services Regions.

• #create_automation_rule(params = {}) ⇒ Types::CreateAutomationRuleResponse

  Creates an automation rule based on input parameters.

• #create_automation_rule_v2(params = {}) ⇒ Types::CreateAutomationRuleV2Response

  Creates a V2 automation rule.

• #create_configuration_policy(params = {}) ⇒ Types::CreateConfigurationPolicyResponse

  Creates a configuration policy with the defined configuration.

• #create_connector_v2(params = {}) ⇒ Types::CreateConnectorV2Response

  Grants permission to create a connectorV2 based on input parameters.

• #create_finding_aggregator(params = {}) ⇒ Types::CreateFindingAggregatorResponse

  <note markdown=“1”> The *aggregation Region* is now called the *home Region*.

• #create_insight(params = {}) ⇒ Types::CreateInsightResponse

  Creates a custom insight in Security Hub CSPM.

• #create_members(params = {}) ⇒ Types::CreateMembersResponse

  Creates a member association in Security Hub CSPM between the specified accounts and the account used to make the request, which is the administrator account.

• #create_ticket_v2(params = {}) ⇒ Types::CreateTicketV2Response

  Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID.

• #decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse

  <note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.

• #delete_action_target(params = {}) ⇒ Types::DeleteActionTargetResponse

  Deletes a custom action target from Security Hub CSPM.

• #delete_aggregator_v2(params = {}) ⇒ Struct

  Deletes the Aggregator V2.

• #delete_automation_rule_v2(params = {}) ⇒ Struct

  Deletes a V2 automation rule.

• #delete_configuration_policy(params = {}) ⇒ Struct

  Deletes a configuration policy.

• #delete_connector_v2(params = {}) ⇒ Struct

  Grants permission to delete a connectorV2.

• #delete_finding_aggregator(params = {}) ⇒ Struct

  <note markdown=“1”> The *aggregation Region* is now called the *home Region*.

• #delete_insight(params = {}) ⇒ Types::DeleteInsightResponse

  Deletes the insight specified by the ‘InsightArn`.

• #delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse

  <note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.

• #delete_members(params = {}) ⇒ Types::DeleteMembersResponse

  Deletes the specified member accounts from Security Hub CSPM.

• #describe_action_targets(params = {}) ⇒ Types::DescribeActionTargetsResponse

  Returns a list of the custom action targets in Security Hub CSPM in your account.

• #describe_hub(params = {}) ⇒ Types::DescribeHubResponse

  Returns details about the Hub resource in your account, including the ‘HubArn` and the time when you enabled Security Hub CSPM.

• #describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse

  Returns information about the way your organization is configured in Security Hub CSPM.

• #describe_products(params = {}) ⇒ Types::DescribeProductsResponse

  Returns information about product integrations in Security Hub CSPM.

• #describe_products_v2(params = {}) ⇒ Types::DescribeProductsV2Response

  Gets information about the product integration.

• #describe_security_hub_v2(params = {}) ⇒ Types::DescribeSecurityHubV2Response

  Returns details about the service resource in your account.

• #describe_standards(params = {}) ⇒ Types::DescribeStandardsResponse

  Returns a list of the available standards in Security Hub CSPM.

• #describe_standards_controls(params = {}) ⇒ Types::DescribeStandardsControlsResponse

  Returns a list of security standards controls.

• #disable_import_findings_for_product(params = {}) ⇒ Struct

  Disables the integration of the specified product with Security Hub CSPM.

• #disable_organization_admin_account(params = {}) ⇒ Struct

  Disables a Security Hub CSPM administrator account.

• #disable_security_hub(params = {}) ⇒ Struct

  Disables Security Hub CSPM in your account only in the current Amazon Web Services Region.

• #disable_security_hub_v2(params = {}) ⇒ Struct

  Disable the service for the current Amazon Web Services Region or specified Amazon Web Services Region.

• #disassociate_from_administrator_account(params = {}) ⇒ Struct

  Disassociates the current Security Hub CSPM member account from the associated administrator account.

• #disassociate_from_master_account(params = {}) ⇒ Struct

  This method is deprecated.

• #disassociate_members(params = {}) ⇒ Struct

  Disassociates the specified member accounts from the associated administrator account.

• #enable_import_findings_for_product(params = {}) ⇒ Types::EnableImportFindingsForProductResponse

  Enables the integration of a partner product with Security Hub CSPM.

• #enable_organization_admin_account(params = {}) ⇒ Types::EnableOrganizationAdminAccountResponse

  Designates the Security Hub CSPM administrator account for an organization.

• #enable_security_hub(params = {}) ⇒ Struct

  Enables Security Hub CSPM for your account in the current Region or the Region you specify in the request.

• #enable_security_hub_v2(params = {}) ⇒ Types::EnableSecurityHubV2Response

  Enables the service in account for the current Amazon Web Services Region or specified Amazon Web Services Region.

• #generate_recommended_policy_v2(params = {}) ⇒ Struct

  Begins the recommended policy generation to remediate a Security Hub finding.

• #get_administrator_account(params = {}) ⇒ Types::GetAdministratorAccountResponse

  Provides the details for the Security Hub CSPM administrator account for the current member account.

• #get_aggregator_v2(params = {}) ⇒ Types::GetAggregatorV2Response

  Returns the configuration of the specified Aggregator V2.

• #get_automation_rule_v2(params = {}) ⇒ Types::GetAutomationRuleV2Response

  Returns an automation rule for the V2 service.

• #get_configuration_policy(params = {}) ⇒ Types::GetConfigurationPolicyResponse

  Provides information about a configuration policy.

• #get_configuration_policy_association(params = {}) ⇒ Types::GetConfigurationPolicyAssociationResponse

  Returns the association between a configuration and a target account, organizational unit, or the root.

• #get_connector_v2(params = {}) ⇒ Types::GetConnectorV2Response

  Grants permission to retrieve details for a connectorV2 based on connector id.

• #get_enabled_standards(params = {}) ⇒ Types::GetEnabledStandardsResponse

  Returns a list of the standards that are currently enabled.

• #get_finding_aggregator(params = {}) ⇒ Types::GetFindingAggregatorResponse

  <note markdown=“1”> The *aggregation Region* is now called the *home Region*.

• #get_finding_history(params = {}) ⇒ Types::GetFindingHistoryResponse

  Returns the history of a Security Hub CSPM finding.

• #get_finding_statistics_v2(params = {}) ⇒ Types::GetFindingStatisticsV2Response

  Returns aggregated statistical data about findings.

• #get_findings(params = {}) ⇒ Types::GetFindingsResponse

  Returns a list of findings that match the specified criteria.

• #get_findings_trends_v2(params = {}) ⇒ Types::GetFindingsTrendsV2Response

  Returns findings trend data based on the specified criteria.

• #get_findings_v2(params = {}) ⇒ Types::GetFindingsV2Response

  Returns a list of findings that match the specified criteria.

• #get_insight_results(params = {}) ⇒ Types::GetInsightResultsResponse

  Lists the results of the Security Hub CSPM insight specified by the insight ARN.

• #get_insights(params = {}) ⇒ Types::GetInsightsResponse

  Lists and describes insights for the specified insight ARNs.

• #get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse

  <note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.

• #get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse

  This method is deprecated.

• #get_members(params = {}) ⇒ Types::GetMembersResponse

  Returns the details for the Security Hub CSPM member accounts for the specified account IDs.

• #get_recommended_policy_v2(params = {}) ⇒ Types::GetRecommendedPolicyV2Response

  Retrieves the recommended policy to remediate a Security Hub finding.

• #get_resources_statistics_v2(params = {}) ⇒ Types::GetResourcesStatisticsV2Response

  Retrieves statistical information about Amazon Web Services resources and their associated security findings.

• #get_resources_trends_v2(params = {}) ⇒ Types::GetResourcesTrendsV2Response

  Returns resource trend data based on the specified criteria.

• #get_resources_v2(params = {}) ⇒ Types::GetResourcesV2Response

  Returns a list of resources.

• #get_security_control_definition(params = {}) ⇒ Types::GetSecurityControlDefinitionResponse

  Retrieves the definition of a security control.

• #invite_members(params = {}) ⇒ Types::InviteMembersResponse

  <note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.

• #list_aggregators_v2(params = {}) ⇒ Types::ListAggregatorsV2Response

  Retrieves a list of V2 aggregators.

• #list_automation_rules(params = {}) ⇒ Types::ListAutomationRulesResponse

  A list of automation rules and their metadata for the calling account.

• #list_automation_rules_v2(params = {}) ⇒ Types::ListAutomationRulesV2Response

  Returns a list of automation rules and metadata for the calling account.

• #list_configuration_policies(params = {}) ⇒ Types::ListConfigurationPoliciesResponse

  Lists the configuration policies that the Security Hub CSPM delegated administrator has created for your organization.

• #list_configuration_policy_associations(params = {}) ⇒ Types::ListConfigurationPolicyAssociationsResponse

  Provides information about the associations for your configuration policies and self-managed behavior.

• #list_connectors_v2(params = {}) ⇒ Types::ListConnectorsV2Response

  Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account.

• #list_enabled_products_for_import(params = {}) ⇒ Types::ListEnabledProductsForImportResponse

  Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub CSPM.

• #list_finding_aggregators(params = {}) ⇒ Types::ListFindingAggregatorsResponse

  If cross-Region aggregation is enabled, then ‘ListFindingAggregators` returns the Amazon Resource Name (ARN) of the finding aggregator.

• #list_invitations(params = {}) ⇒ Types::ListInvitationsResponse

  <note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts.

• #list_members(params = {}) ⇒ Types::ListMembersResponse

  Lists details about all member accounts for the current Security Hub CSPM administrator account.

• #list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse

  Lists the Security Hub CSPM administrator accounts.

• #list_security_control_definitions(params = {}) ⇒ Types::ListSecurityControlDefinitionsResponse

  Lists all of the security controls that apply to a specified standard.

• #list_standards_control_associations(params = {}) ⇒ Types::ListStandardsControlAssociationsResponse

  Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

• #list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

  Returns a list of tags associated with a resource.

• #register_connector_v2(params = {}) ⇒ Types::RegisterConnectorV2Response

  Grants permission to complete the authorization based on input parameters.

• #start_configuration_policy_association(params = {}) ⇒ Types::StartConfigurationPolicyAssociationResponse

  Associates a target account, organizational unit, or the root with a specified configuration.

• #start_configuration_policy_disassociation(params = {}) ⇒ Struct

  Disassociates a target account, organizational unit, or the root from a specified configuration.

• #tag_resource(params = {}) ⇒ Struct

  Adds one or more tags to a resource.

• #untag_resource(params = {}) ⇒ Struct

  Removes one or more tags from a resource.

• #update_action_target(params = {}) ⇒ Struct

  Updates the name and description of a custom action target in Security Hub CSPM.

• #update_aggregator_v2(params = {}) ⇒ Types::UpdateAggregatorV2Response

  Udpates the configuration for the Aggregator V2.

• #update_automation_rule_v2(params = {}) ⇒ Struct

  Updates a V2 automation rule.

• #update_configuration_policy(params = {}) ⇒ Types::UpdateConfigurationPolicyResponse

  Updates a configuration policy.

• #update_connector_v2(params = {}) ⇒ Struct

  Grants permission to update a connectorV2 based on its id and input parameters.

• #update_finding_aggregator(params = {}) ⇒ Types::UpdateFindingAggregatorResponse

  <note markdown=“1”> The *aggregation Region* is now called the *home Region*.

• #update_findings(params = {}) ⇒ Struct

  ‘UpdateFindings` is a deprecated operation.

• #update_insight(params = {}) ⇒ Struct

  Updates the Security Hub CSPM insight identified by the specified insight ARN.

• #update_organization_configuration(params = {}) ⇒ Struct

  Updates the configuration of your organization in Security Hub CSPM.

• #update_security_control(params = {}) ⇒ Struct

  Updates the properties of a security control.

• #update_security_hub_configuration(params = {}) ⇒ Struct

  Updates configuration options for Security Hub CSPM.

• #update_standards_control(params = {}) ⇒ Struct

  Used to control whether an individual security standard control is enabled or disabled.

Class Method Summary

• .errors_module ⇒ Object private

Instance Method Summary

• #build_request(operation_name, params = {}) ⇒ Object private
• #initialize(options) ⇒ Client constructor

  A new instance of Client.

• #waiter_names ⇒ Object deprecated private Deprecated.

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

• options (Hash)

Options Hash (options):

• :plugins (Array<Seahorse::Client::Plugin>) — default: []] —

  A list of plugins to apply to the client. Each plugin is either a class name or an instance of a plugin class.

• :credentials (required, Aws::CredentialProvider) —

  Your AWS credentials used for authentication. This can be any class that includes and implements ‘Aws::CredentialProvider`, or instance of any one of the following classes:

  • ‘Aws::Credentials` - Used for configuring static, non-refreshing credentials.

  • ‘Aws::SharedCredentials` - Used for loading static credentials from a shared file, such as `~/.aws/config`.

  • ‘Aws::AssumeRoleCredentials` - Used when you need to assume a role.

  • ‘Aws::AssumeRoleWebIdentityCredentials` - Used when you need to assume a role after providing credentials via the web.

  • ‘Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an access token generated from `aws login`.

  • ‘Aws::ProcessCredentials` - Used for loading credentials from a process that outputs to stdout.

  • ‘Aws::InstanceProfileCredentials` - Used for loading credentials from an EC2 IMDS on an EC2 instance.

  • ‘Aws::ECSCredentials` - Used for loading credentials from instances running in ECS.

  • ‘Aws::CognitoIdentityCredentials` - Used for loading credentials from the Cognito Identity service.

  When ‘:credentials` are not configured directly, the following locations will be searched for credentials:

  • ‘Aws.config`

  • The ‘:access_key_id`, `:secret_access_key`, `:session_token`, and `:account_id` options.

  • ‘ENV`, `ENV`, `ENV`, and `ENV`.

  • ‘~/.aws/credentials`

  • ‘~/.aws/config`

  • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of ‘Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting `ENV` to `true`.

• :region (required, String) —

  The AWS region to connect to. The configured ‘:region` is used to determine the service `:endpoint`. When not passed, a default `:region` is searched for in the following locations:

  • ‘Aws.config`

  • ‘ENV`

  • ‘ENV`

  • ‘ENV`

  • ‘~/.aws/credentials`

  • ‘~/.aws/config`

• :access_key_id (String)
• :account_id (String)
• :active_endpoint_cache (Boolean) — default: false —

  When set to ‘true`, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to `false`.

• :adaptive_retry_wait_to_fill (Boolean) — default: true —

  Used only in ‘adaptive` retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a `RetryCapacityNotAvailableError` and will not retry instead of sleeping.

• :auth_scheme_preference (Array<String>) —

  A list of preferred authentication schemes to use when making a request. Supported values are: ‘sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV` or in shared config as `auth_scheme_preference`, the value should be a comma-separated list.

• :client_side_monitoring (Boolean) — default: false —

  When ‘true`, client-side metrics will be collected for all API requests from this client.

• :client_side_monitoring_client_id (String) — default: "" —

  Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

• :client_side_monitoring_host (String) — default: "127.0.0.1" —

  Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

• :client_side_monitoring_port (Integer) — default: 31000 —

  Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

• :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher —

  Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

• :convert_params (Boolean) — default: true —

  When ‘true`, an attempt is made to coerce request parameters into the required types.

• :correct_clock_skew (Boolean) — default: true —

  Used only in ‘standard` and `adaptive` retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

• :defaults_mode (String) — default: "legacy" —

  See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

• :disable_host_prefix_injection (Boolean) — default: false —

  When ‘true`, the SDK will not prepend the modeled host prefix to the endpoint.

• :disable_request_compression (Boolean) — default: false —

  When set to ‘true’ the request body will not be compressed for supported operations.

• :endpoint (String, URI::HTTPS, URI::HTTP) —

  Normally you should not configure the ‘:endpoint` option directly. This is normally constructed from the `:region` option. Configuring `:endpoint` is normally reserved for connecting to test or custom endpoints. The endpoint should be a URI formatted like:

  'http://example.com'
  'https://example.com'
  'http://example.com:123'
  

• :endpoint_cache_max_entries (Integer) — default: 1000 —

  Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

• :endpoint_cache_max_threads (Integer) — default: 10 —

  Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

• :endpoint_cache_poll_interval (Integer) — default: 60 —

  When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

• :endpoint_discovery (Boolean) — default: false —

  When set to ‘true`, endpoint discovery will be enabled for operations when available.

• :ignore_configured_endpoint_urls (Boolean) —

  Setting to true disables use of endpoint URLs provided via environment variables and the shared configuration file.

• :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default —

  The log formatter.

• :log_level (Symbol) — default: :info —

  The log level to send messages to the ‘:logger` at.

• :logger (Logger) —

  The Logger instance to send log messages to. If this option is not set, logging will be disabled.

• :max_attempts (Integer) — default: 3 —

  An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in ‘standard` and `adaptive` retry modes.

• :profile (String) — default: "default" —

  Used when loading credentials from the shared credentials file at ‘HOME/.aws/credentials`. When not specified, ’default’ is used.

• :request_checksum_calculation (String) — default: "when_supported" —

  Determines when a checksum will be calculated for request payloads. Values are:

  • ‘when_supported` - (default) When set, a checksum will be calculated for all request payloads of operations modeled with the `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a `requestAlgorithmMember` is modeled.

  • ‘when_required` - When set, a checksum will only be calculated for request payloads of operations modeled with the `httpChecksum` trait where `requestChecksumRequired` is `true` or where a `requestAlgorithmMember` is modeled and supplied.

• :request_min_compression_size_bytes (Integer) — default: 10240 —

  The minimum size in bytes that triggers compression for request bodies. The value must be non-negative integer value between 0 and 10485780 bytes inclusive.

• :response_checksum_validation (String) — default: "when_supported" —

  Determines when checksum validation will be performed on response payloads. Values are:

  • ‘when_supported` - (default) When set, checksum validation is performed on all response payloads of operations modeled with the `httpChecksum` trait where `responseAlgorithms` is modeled, except when no modeled checksum algorithms are supported.

  • ‘when_required` - When set, checksum validation is not performed on response payloads of operations unless the checksum algorithm is supported and the `requestValidationModeMember` member is set to `ENABLED`.

• :retry_backoff (Proc) —

  A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the ‘legacy` retry mode.

• :retry_base_delay (Float) — default: 0.3 —

  The base delay in seconds used by the default backoff function. This option is only used in the ‘legacy` retry mode.

• :retry_jitter (Symbol) — default: :none —

  A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the ‘legacy` retry mode.

  @see www.awsarchitectureblog.com/2015/03/backoff.html

• :retry_limit (Integer) — default: 3 —

  The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the ‘legacy` retry mode.

• :retry_max_delay (Integer) — default: 0 —

  The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the ‘legacy` retry mode.

• :retry_mode (String) — default: "legacy" —

  Specifies which retry algorithm to use. Values are:

  • ‘legacy` - The pre-existing retry behavior. This is the default value if no retry mode is provided.

  • ‘standard` - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

  • ‘adaptive` - A retry mode that includes all the functionality of `standard` mode along with automatic client side throttling.

• :sdk_ua_app_id (String) —

  A unique and opaque application ID that is appended to the User-Agent header as app/sdk_ua_app_id. It should have a maximum length of 50. This variable is sourced from environment variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.

• :secret_access_key (String)
• :session_token (String)
• :sigv4a_signing_region_set (Array) —

  A list of regions that should be signed with SigV4a signing. When not passed, a default ‘:sigv4a_signing_region_set` is searched for in the following locations:

  • ‘Aws.config`

  • ‘ENV`

  • ‘~/.aws/config`

• :stub_responses (Boolean) — default: false —

  Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

  ** Please note ** When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

• :telemetry_provider (Aws::Telemetry::TelemetryProviderBase) — default: Aws::Telemetry::NoOpTelemetryProvider —

  Allows you to provide a telemetry provider, which is used to emit telemetry data. By default, uses ‘NoOpTelemetryProvider` which will not record or emit any telemetry data. The SDK supports the following telemetry providers:

  • OpenTelemetry (OTel) - To use the OTel provider, install and require the

  ‘opentelemetry-sdk` gem and then, pass in an instance of a `Aws::Telemetry::OTelProvider` for telemetry provider.

• :token_provider (Aws::TokenProvider) —

  Your Bearer token used for authentication. This can be any class that includes and implements ‘Aws::TokenProvider`, or instance of any one of the following classes:

  • ‘Aws::StaticTokenProvider` - Used for configuring static, non-refreshing tokens.

  • ‘Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an access token generated from `aws login`.

  When ‘:token_provider` is not configured directly, the `Aws::TokenProviderChain` will be used to search for tokens configured for your profile in shared configuration files.

• :use_dualstack_endpoint (Boolean) —

  When set to ‘true`, dualstack enabled endpoints (with `.aws` TLD) will be used if available.

• :use_fips_endpoint (Boolean) —

  When set to ‘true`, fips compatible endpoints will be used if available. When a `fips` region is used, the region is normalized and this config is set to `true`.

• :validate_params (Boolean) — default: true —

  When ‘true`, request parameters are validated before sending the request.

• :endpoint_provider (Aws::SecurityHub::EndpointProvider) —

  The endpoint provider used to resolve endpoints. Any object that responds to ‘#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SecurityHub::EndpointParameters`.

• :http_continue_timeout (Float) — default: 1 —

  The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has “Expect” header set to “100-continue”. Defaults to ‘nil` which disables this behaviour. This value can safely be set per request on the session.

• :http_idle_timeout (Float) — default: 5 —

  The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

• :http_open_timeout (Float) — default: 15 —

  The default number of seconds to wait for response data. This value can safely be set per-request on the session.

• :http_proxy (URI::HTTP, String) —

  A proxy to send requests through. Formatted like ‘proxy.com:123’.

• :http_read_timeout (Float) — default: 60 —

  The default number of seconds to wait for response data. This value can safely be set per-request on the session.

• :http_wire_trace (Boolean) — default: false —

  When ‘true`, HTTP debug output will be sent to the `:logger`.

• :on_chunk_received (Proc) —

  When a Proc object is provided, it will be used as callback when each chunk of the response body is received. It provides three arguments: the chunk, the number of bytes received, and the total number of bytes in the response (or nil if the server did not send a ‘content-length`).

• :on_chunk_sent (Proc) —

  When a Proc object is provided, it will be used as callback when each chunk of the request body is sent. It provides three arguments: the chunk, the number of bytes read from the body, and the total number of bytes in the body.

• :raise_response_errors (Boolean) — default: true —

  When ‘true`, response errors are raised.

• :ssl_ca_bundle (String) —

  Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass ‘:ssl_ca_bundle` or `:ssl_ca_directory` the the system default will be used if available.

• :ssl_ca_directory (String) —

  Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass ‘:ssl_ca_bundle` or `:ssl_ca_directory` the the system default will be used if available.

• :ssl_ca_store (String) —

  Sets the X509::Store to verify peer certificate.

• :ssl_cert (OpenSSL::X509::Certificate) —

  Sets a client certificate when creating http connections.

• :ssl_key (OpenSSL::PKey) —

  Sets a client key when creating http connections.

• :ssl_timeout (Float) —

  Sets the SSL timeout in seconds

• :ssl_verify_peer (Boolean) — default: true —

  When ‘true`, SSL peer certificates are verified when establishing a connection.

# File 'lib/aws-sdk-securityhub/client.rb', line 471

def initialize(*args)
  super
end

Class Attribute Details

.identifier ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-securityhub/client.rb', line 12725

def identifier
  @identifier
end

Class Method Details

.errors_module ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-securityhub/client.rb', line 12728

def errors_module
  Errors
end

Instance Method Details

#accept_administrator_invitation(params = {}) ⇒ Struct

<note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see [Managing Security Hub CSPM administrator and member accounts with Organizations] in the *Security Hub CSPM User Guide*.

</note>

Accepts the invitation to be a member account and be monitored by the Security Hub CSPM administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html

Examples:

Example: To accept an invitation be a member account

# The following example demonstrates how an account can accept an invitation from the Security Hub administrator account
# to be a member account. This operation is applicable only to member accounts that are not added through AWS
# Organizations.

resp = client.accept_administrator_invitation({
  administrator_id: "123456789012", 
  invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb", 
})

Request syntax with placeholder values

resp = client.accept_administrator_invitation({
  administrator_id: "NonEmptyString", # required
  invitation_id: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :administrator_id (required, String) —

  The account ID of the Security Hub CSPM administrator account that sent the invitation.

• :invitation_id (required, String) —

  The identifier of the invitation sent from the Security Hub CSPM administrator account.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 532

def accept_administrator_invitation(params = {}, options = {})
  req = build_request(:accept_administrator_invitation, params)
  req.send_request(options)
end

#accept_invitation(params = {}) ⇒ Struct

This method is deprecated. Instead, use ‘AcceptAdministratorInvitation`.

The Security Hub CSPM console continues to use ‘AcceptInvitation`. It will eventually change to use `AcceptAdministratorInvitation`. Any IAM policies that specifically control access to this function must continue to use `AcceptInvitation`. You should also add `AcceptAdministratorInvitation` to your policies to ensure that the correct permissions are in place after the console begins to use `AcceptAdministratorInvitation`.

Accepts the invitation to be a member account and be monitored by the Security Hub CSPM administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

Examples:

Request syntax with placeholder values

resp = client.accept_invitation({
  master_id: "NonEmptyString", # required
  invitation_id: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :master_id (required, String) —

  The account ID of the Security Hub CSPM administrator account that sent the invitation.

• :invitation_id (required, String) —

  The identifier of the invitation sent from the Security Hub CSPM administrator account.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 580

def accept_invitation(params = {}, options = {})
  req = build_request(:accept_invitation, params)
  req.send_request(options)
end

#batch_delete_automation_rules(params = {}) ⇒ Types::BatchDeleteAutomationRulesResponse

Deletes one or more automation rules.

Examples:

Example: To delete one or more automation rules

# The following example deletes the specified automation rules.

resp = client.batch_delete_automation_rules({
  automation_rules_arns: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
  ], 
})

resp.to_h outputs the following:
{
  processed_automation_rules: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  ], 
  unprocessed_automation_rules: [
    {
      error_code: 500, 
      error_message: "InternalException", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_delete_automation_rules({
  automation_rules_arns: ["NonEmptyString"], # required
})

Response structure

resp.processed_automation_rules #=> Array
resp.processed_automation_rules[0] #=> String
resp.unprocessed_automation_rules #=> Array
resp.unprocessed_automation_rules[0].rule_arn #=> String
resp.unprocessed_automation_rules[0].error_code #=> Integer
resp.unprocessed_automation_rules[0].error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :automation_rules_arns (required, Array<String>) —

  A list of Amazon Resource Names (ARNs) for the rules that are to be deleted.

Returns:

• (Types::BatchDeleteAutomationRulesResponse) —

  Returns a response object which responds to the following methods:

  • #processed_automation_rules => Array&lt;String&gt;

  • #unprocessed_automation_rules => Array&lt;Types::UnprocessedAutomationRule&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 641

def batch_delete_automation_rules(params = {}, options = {})
  req = build_request(:batch_delete_automation_rules, params)
  req.send_request(options)
end

#batch_disable_standards(params = {}) ⇒ Types::BatchDisableStandardsResponse

Disables the standards specified by the provided ‘StandardsSubscriptionArns`.

For more information, see [Security Standards] section of the *Security Hub CSPM User Guide*.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html

Examples:

Example: To disable one or more security standards

# The following example disables a security standard in Security Hub.

resp = client.batch_disable_standards({
  standards_subscription_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
  ], 
})

resp.to_h outputs the following:
{
  standards_subscriptions: [
    {
      standards_arn: "arn:aws:securityhub:eu-central-1::standards/pci-dss/v/3.2.1", 
      standards_input: {
      }, 
      standards_status: "DELETING", 
      standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_disable_standards({
  standards_subscription_arns: ["NonEmptyString"], # required
})

Response structure

resp.standards_subscriptions #=> Array
resp.standards_subscriptions[0].standards_subscription_arn #=> String
resp.standards_subscriptions[0].standards_arn #=> String
resp.standards_subscriptions[0].standards_input #=> Hash
resp.standards_subscriptions[0].standards_input["NonEmptyString"] #=> String
resp.standards_subscriptions[0].standards_status #=> String, one of "PENDING", "READY", "FAILED", "DELETING", "INCOMPLETE"
resp.standards_subscriptions[0].standards_controls_updatable #=> String, one of "READY_FOR_UPDATES", "NOT_READY_FOR_UPDATES"
resp.standards_subscriptions[0].standards_status_reason.status_reason_code #=> String, one of "NO_AVAILABLE_CONFIGURATION_RECORDER", "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_subscription_arns (required, Array<String>) —

  The ARNs of the standards subscriptions to disable.

Returns:

• (Types::BatchDisableStandardsResponse) —

  Returns a response object which responds to the following methods:

  • #standards_subscriptions => Array&lt;Types::StandardsSubscription&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 708

def batch_disable_standards(params = {}, options = {})
  req = build_request(:batch_disable_standards, params)
  req.send_request(options)
end

#batch_enable_standards(params = {}) ⇒ Types::BatchEnableStandardsResponse

Enables the standards specified by the provided ‘StandardsArn`. To obtain the ARN for a standard, use the `DescribeStandards` operation.

For more information, see the [Security Standards] section of the *Security Hub CSPM User Guide*.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html

Examples:

Example: To enable security standards

# The following example enables the security standard specified by the StandardArn. You can use this operation to enable
# one or more Security Hub standards.

resp = client.batch_enable_standards({
  standards_subscription_requests: [
    {
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  standards_subscriptions: [
    {
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
      standards_input: {
      }, 
      standards_status: "PENDING", 
      standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_enable_standards({
  standards_subscription_requests: [ # required
    {
      standards_arn: "NonEmptyString", # required
      standards_input: {
        "NonEmptyString" => "NonEmptyString",
      },
    },
  ],
})

Response structure

resp.standards_subscriptions #=> Array
resp.standards_subscriptions[0].standards_subscription_arn #=> String
resp.standards_subscriptions[0].standards_arn #=> String
resp.standards_subscriptions[0].standards_input #=> Hash
resp.standards_subscriptions[0].standards_input["NonEmptyString"] #=> String
resp.standards_subscriptions[0].standards_status #=> String, one of "PENDING", "READY", "FAILED", "DELETING", "INCOMPLETE"
resp.standards_subscriptions[0].standards_controls_updatable #=> String, one of "READY_FOR_UPDATES", "NOT_READY_FOR_UPDATES"
resp.standards_subscriptions[0].standards_status_reason.status_reason_code #=> String, one of "NO_AVAILABLE_CONFIGURATION_RECORDER", "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_subscription_requests (required, Array<Types::StandardsSubscriptionRequest>) —

  The list of standards checks to enable.

Returns:

• (Types::BatchEnableStandardsResponse) —

  Returns a response object which responds to the following methods:

  • #standards_subscriptions => Array&lt;Types::StandardsSubscription&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 785

def batch_enable_standards(params = {}, options = {})
  req = build_request(:batch_enable_standards, params)
  req.send_request(options)
end

#batch_get_automation_rules(params = {}) ⇒ Types::BatchGetAutomationRulesResponse

Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).

Examples:

Example: To update one ore more automation rules

# The following example updates the specified automation rules.

resp = client.batch_get_automation_rules({
  automation_rules_arns: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
  ], 
})

resp.to_h outputs the following:
{
  rules: [
    {
      actions: [
        {
          finding_fields_update: {
            workflow: {
              status: "RESOLVED", 
            }, 
          }, 
          type: "FINDING_FIELDS_UPDATE", 
        }, 
      ], 
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      criteria: {
        aws_account_id: [
          {
            comparison: "EQUALS", 
            value: "111122223333", 
          }, 
        ], 
        first_observed_at: [
          {
            date_range: {
              unit: "DAYS", 
              value: 5, 
            }, 
          }, 
        ], 
        type: [
          {
            comparison: "EQUALS", 
            value: "Software and Configuration Checks/Industry and Regulatory Standards", 
          }, 
        ], 
      }, 
      description: "sample rule description 1", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      rule_name: "sample-rule-name-1", 
      rule_order: 1, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
    {
      actions: [
        {
          finding_fields_update: {
            workflow: {
              status: "RESOLVED", 
            }, 
          }, 
          type: "FINDING_FIELDS_UPDATE", 
        }, 
      ], 
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      criteria: {
        resource_type: [
          {
            comparison: "EQUALS", 
            value: "Ec2Instance", 
          }, 
        ], 
        severity_label: [
          {
            comparison: "EQUALS", 
            value: "INFORMATIONAL", 
          }, 
        ], 
      }, 
      description: "Sample rule description 2", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      rule_name: "sample-rule-name-2", 
      rule_order: 2, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_get_automation_rules({
  automation_rules_arns: ["NonEmptyString"], # required
})

Response structure

resp.rules #=> Array
resp.rules[0].rule_arn #=> String
resp.rules[0].rule_status #=> String, one of "ENABLED", "DISABLED"
resp.rules[0].rule_order #=> Integer
resp.rules[0].rule_name #=> String
resp.rules[0].description #=> String
resp.rules[0].is_terminal #=> Boolean
resp.rules[0].criteria.product_arn #=> Array
resp.rules[0].criteria.product_arn[0].value #=> String
resp.rules[0].criteria.product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.aws_account_id #=> Array
resp.rules[0].criteria.aws_account_id[0].value #=> String
resp.rules[0].criteria.aws_account_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.id #=> Array
resp.rules[0].criteria.id[0].value #=> String
resp.rules[0].criteria.id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.generator_id #=> Array
resp.rules[0].criteria.generator_id[0].value #=> String
resp.rules[0].criteria.generator_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.type #=> Array
resp.rules[0].criteria.type[0].value #=> String
resp.rules[0].criteria.type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.first_observed_at #=> Array
resp.rules[0].criteria.first_observed_at[0].start #=> String
resp.rules[0].criteria.first_observed_at[0].end #=> String
resp.rules[0].criteria.first_observed_at[0].date_range.value #=> Integer
resp.rules[0].criteria.first_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.first_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.last_observed_at #=> Array
resp.rules[0].criteria.last_observed_at[0].start #=> String
resp.rules[0].criteria.last_observed_at[0].end #=> String
resp.rules[0].criteria.last_observed_at[0].date_range.value #=> Integer
resp.rules[0].criteria.last_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.last_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.created_at #=> Array
resp.rules[0].criteria.created_at[0].start #=> String
resp.rules[0].criteria.created_at[0].end #=> String
resp.rules[0].criteria.created_at[0].date_range.value #=> Integer
resp.rules[0].criteria.created_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.created_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.updated_at #=> Array
resp.rules[0].criteria.updated_at[0].start #=> String
resp.rules[0].criteria.updated_at[0].end #=> String
resp.rules[0].criteria.updated_at[0].date_range.value #=> Integer
resp.rules[0].criteria.updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.confidence #=> Array
resp.rules[0].criteria.confidence[0].gte #=> Float
resp.rules[0].criteria.confidence[0].lte #=> Float
resp.rules[0].criteria.confidence[0].eq #=> Float
resp.rules[0].criteria.confidence[0].gt #=> Float
resp.rules[0].criteria.confidence[0].lt #=> Float
resp.rules[0].criteria.criticality #=> Array
resp.rules[0].criteria.criticality[0].gte #=> Float
resp.rules[0].criteria.criticality[0].lte #=> Float
resp.rules[0].criteria.criticality[0].eq #=> Float
resp.rules[0].criteria.criticality[0].gt #=> Float
resp.rules[0].criteria.criticality[0].lt #=> Float
resp.rules[0].criteria.title #=> Array
resp.rules[0].criteria.title[0].value #=> String
resp.rules[0].criteria.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.description #=> Array
resp.rules[0].criteria.description[0].value #=> String
resp.rules[0].criteria.description[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.source_url #=> Array
resp.rules[0].criteria.source_url[0].value #=> String
resp.rules[0].criteria.source_url[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.product_name #=> Array
resp.rules[0].criteria.product_name[0].value #=> String
resp.rules[0].criteria.product_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.company_name #=> Array
resp.rules[0].criteria.company_name[0].value #=> String
resp.rules[0].criteria.company_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.severity_label #=> Array
resp.rules[0].criteria.severity_label[0].value #=> String
resp.rules[0].criteria.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_type #=> Array
resp.rules[0].criteria.resource_type[0].value #=> String
resp.rules[0].criteria.resource_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_id #=> Array
resp.rules[0].criteria.resource_id[0].value #=> String
resp.rules[0].criteria.resource_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_partition #=> Array
resp.rules[0].criteria.resource_partition[0].value #=> String
resp.rules[0].criteria.resource_partition[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_region #=> Array
resp.rules[0].criteria.resource_region[0].value #=> String
resp.rules[0].criteria.resource_region[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_tags #=> Array
resp.rules[0].criteria.resource_tags[0].key #=> String
resp.rules[0].criteria.resource_tags[0].value #=> String
resp.rules[0].criteria.resource_tags[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.rules[0].criteria.resource_details_other #=> Array
resp.rules[0].criteria.resource_details_other[0].key #=> String
resp.rules[0].criteria.resource_details_other[0].value #=> String
resp.rules[0].criteria.resource_details_other[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.rules[0].criteria.compliance_status #=> Array
resp.rules[0].criteria.compliance_status[0].value #=> String
resp.rules[0].criteria.compliance_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.compliance_security_control_id #=> Array
resp.rules[0].criteria.compliance_security_control_id[0].value #=> String
resp.rules[0].criteria.compliance_security_control_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.compliance_associated_standards_id #=> Array
resp.rules[0].criteria.compliance_associated_standards_id[0].value #=> String
resp.rules[0].criteria.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.verification_state #=> Array
resp.rules[0].criteria.verification_state[0].value #=> String
resp.rules[0].criteria.verification_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.workflow_status #=> Array
resp.rules[0].criteria.workflow_status[0].value #=> String
resp.rules[0].criteria.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.record_state #=> Array
resp.rules[0].criteria.record_state[0].value #=> String
resp.rules[0].criteria.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.related_findings_product_arn #=> Array
resp.rules[0].criteria.related_findings_product_arn[0].value #=> String
resp.rules[0].criteria.related_findings_product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.related_findings_id #=> Array
resp.rules[0].criteria.related_findings_id[0].value #=> String
resp.rules[0].criteria.related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.note_text #=> Array
resp.rules[0].criteria.note_text[0].value #=> String
resp.rules[0].criteria.note_text[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.note_updated_at #=> Array
resp.rules[0].criteria.note_updated_at[0].start #=> String
resp.rules[0].criteria.note_updated_at[0].end #=> String
resp.rules[0].criteria.note_updated_at[0].date_range.value #=> Integer
resp.rules[0].criteria.note_updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.rules[0].criteria.note_updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.rules[0].criteria.note_updated_by #=> Array
resp.rules[0].criteria.note_updated_by[0].value #=> String
resp.rules[0].criteria.note_updated_by[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.user_defined_fields #=> Array
resp.rules[0].criteria.user_defined_fields[0].key #=> String
resp.rules[0].criteria.user_defined_fields[0].value #=> String
resp.rules[0].criteria.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.rules[0].criteria.resource_application_arn #=> Array
resp.rules[0].criteria.resource_application_arn[0].value #=> String
resp.rules[0].criteria.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.resource_application_name #=> Array
resp.rules[0].criteria.resource_application_name[0].value #=> String
resp.rules[0].criteria.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].criteria.aws_account_name #=> Array
resp.rules[0].criteria.aws_account_name[0].value #=> String
resp.rules[0].criteria.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.rules[0].actions #=> Array
resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE"
resp.rules[0].actions[0].finding_fields_update.note.text #=> String
resp.rules[0].actions[0].finding_fields_update.note.updated_by #=> String
resp.rules[0].actions[0].finding_fields_update.severity.normalized #=> Integer
resp.rules[0].actions[0].finding_fields_update.severity.product #=> Float
resp.rules[0].actions[0].finding_fields_update.severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.rules[0].actions[0].finding_fields_update.verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
resp.rules[0].actions[0].finding_fields_update.confidence #=> Integer
resp.rules[0].actions[0].finding_fields_update.criticality #=> Integer
resp.rules[0].actions[0].finding_fields_update.types #=> Array
resp.rules[0].actions[0].finding_fields_update.types[0] #=> String
resp.rules[0].actions[0].finding_fields_update.user_defined_fields #=> Hash
resp.rules[0].actions[0].finding_fields_update.user_defined_fields["NonEmptyString"] #=> String
resp.rules[0].actions[0].finding_fields_update.workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
resp.rules[0].actions[0].finding_fields_update.related_findings #=> Array
resp.rules[0].actions[0].finding_fields_update.related_findings[0].product_arn #=> String
resp.rules[0].actions[0].finding_fields_update.related_findings[0].id #=> String
resp.rules[0].created_at #=> Time
resp.rules[0].updated_at #=> Time
resp.rules[0].created_by #=> String
resp.unprocessed_automation_rules #=> Array
resp.unprocessed_automation_rules[0].rule_arn #=> String
resp.unprocessed_automation_rules[0].error_code #=> Integer
resp.unprocessed_automation_rules[0].error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :automation_rules_arns (required, Array<String>) —

  A list of rule ARNs to get details for.

Returns:

• (Types::BatchGetAutomationRulesResponse) —

  Returns a response object which responds to the following methods:

  • #rules => Array&lt;Types::AutomationRulesConfig&gt;

  • #unprocessed_automation_rules => Array&lt;Types::UnprocessedAutomationRule&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 1078

def batch_get_automation_rules(params = {}, options = {})
  req = build_request(:batch_get_automation_rules, params)
  req.send_request(options)
end

#batch_get_configuration_policy_associations(params = {}) ⇒ Types::BatchGetConfigurationPolicyAssociationsResponse

Returns associations between an Security Hub CSPM configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

Examples:

Example: To get configuration associations for a batch of targets

# This operation provides details about configuration associations for a batch of target accounts, organizational units,
# or the root.

resp = client.batch_get_configuration_policy_associations({
  configuration_policy_association_identifiers: [
    {
      target: {
        account_id: "111122223333", 
      }, 
    }, 
    {
      target: {
        root_id: "r-f6g7h8i9j0example", 
      }, 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  configuration_policy_associations: [
    {
      association_status: "SUCCESS", 
      association_status_message: "This field is only populated for a failed association", 
      association_type: "INHERITED", 
      configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      target_id: "111122223333", 
      target_type: "ACCOUNT", 
      updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
    }, 
  ], 
  unprocessed_configuration_policy_associations: [
    {
      configuration_policy_association_identifiers: {
        target: {
          root_id: "r-f6g7h8i9j0example", 
        }, 
      }, 
      error_code: "400", 
      error_reason: "You do not have sufficient access to perform this action.", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_get_configuration_policy_associations({
  configuration_policy_association_identifiers: [ # required
    {
      target: {
        account_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
        root_id: "NonEmptyString",
      },
    },
  ],
})

Response structure

resp.configuration_policy_associations #=> Array
resp.configuration_policy_associations[0].configuration_policy_id #=> String
resp.configuration_policy_associations[0].target_id #=> String
resp.configuration_policy_associations[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.configuration_policy_associations[0].association_type #=> String, one of "INHERITED", "APPLIED"
resp.configuration_policy_associations[0].updated_at #=> Time
resp.configuration_policy_associations[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.configuration_policy_associations[0].association_status_message #=> String
resp.unprocessed_configuration_policy_associations #=> Array
resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.account_id #=> String
resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.organizational_unit_id #=> String
resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.root_id #=> String
resp.unprocessed_configuration_policy_associations[0].error_code #=> String
resp.unprocessed_configuration_policy_associations[0].error_reason #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :configuration_policy_association_identifiers (required, Array<Types::ConfigurationPolicyAssociation>) —

  Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

Returns:

• (Types::BatchGetConfigurationPolicyAssociationsResponse) —

  Returns a response object which responds to the following methods:

  • #configuration_policy_associations => Array&lt;Types::ConfigurationPolicyAssociationSummary&gt;

  • #unprocessed_configuration_policy_associations => Array&lt;Types::UnprocessedConfigurationPolicyAssociation&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 1180

def batch_get_configuration_policy_associations(params = {}, options = {})
  req = build_request(:batch_get_configuration_policy_associations, params)
  req.send_request(options)
end

#batch_get_security_controls(params = {}) ⇒ Types::BatchGetSecurityControlsResponse

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

Examples:

Example: To get security control details

# The following example gets details for the specified controls in the current AWS account and AWS Region.

resp = client.batch_get_security_controls({
  security_control_ids: [
    "ACM.1", 
    "APIGateway.1", 
  ], 
})

resp.to_h outputs the following:
{
  security_controls: [
    {
      description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", 
      last_update_reason: "Stayed with default value", 
      parameters: {
        "daysToExpiration" => {
          value: {
            integer: 30, 
          }, 
          value_type: "DEFAULT", 
        }, 
      }, 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", 
      security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1", 
      security_control_id: "ACM.1", 
      security_control_status: "ENABLED", 
      severity_rating: "MEDIUM", 
      title: "Imported and ACM-issued certificates should be renewed after a specified time period", 
      update_status: "UPDATING", 
    }, 
    {
      description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", 
      last_update_reason: "Updated control parameters to comply with internal requirements", 
      parameters: {
        "loggingLevel" => {
          value: {
            enum: "ERROR", 
          }, 
          value_type: "CUSTOM", 
        }, 
      }, 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", 
      security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1", 
      security_control_id: "APIGateway.1", 
      security_control_status: "ENABLED", 
      severity_rating: "MEDIUM", 
      title: "API Gateway REST and WebSocket API execution logging should be enabled", 
      update_status: "UPDATING", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_get_security_controls({
  security_control_ids: ["NonEmptyString"], # required
})

Response structure

resp.security_controls #=> Array
resp.security_controls[0].security_control_id #=> String
resp.security_controls[0].security_control_arn #=> String
resp.security_controls[0].title #=> String
resp.security_controls[0].description #=> String
resp.security_controls[0].remediation_url #=> String
resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED"
resp.security_controls[0].update_status #=> String, one of "READY", "UPDATING"
resp.security_controls[0].parameters #=> Hash
resp.security_controls[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.security_controls[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.security_controls[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.security_controls[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.security_controls[0].parameters["NonEmptyString"].value.double #=> Float
resp.security_controls[0].parameters["NonEmptyString"].value.string #=> String
resp.security_controls[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.security_controls[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.security_controls[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.security_controls[0].parameters["NonEmptyString"].value.enum #=> String
resp.security_controls[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.security_controls[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
resp.security_controls[0].last_update_reason #=> String
resp.unprocessed_ids #=> Array
resp.unprocessed_ids[0].security_control_id #=> String
resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED"
resp.unprocessed_ids[0].error_reason #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :security_control_ids (required, Array<String>) —

  A list of security controls (identified with ‘SecurityControlId`, `SecurityControlArn`, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.

Returns:

• (Types::BatchGetSecurityControlsResponse) —

  Returns a response object which responds to the following methods:

  • #security_controls => Array&lt;Types::SecurityControl&gt;

  • #unprocessed_ids => Array&lt;Types::UnprocessedSecurityControl&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 1294

def batch_get_security_controls(params = {}, options = {})
  req = build_request(:batch_get_security_controls, params)
  req.send_request(options)
end

#batch_get_standards_control_associations(params = {}) ⇒ Types::BatchGetStandardsControlAssociationsResponse

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

Calls to this operation return a ‘RESOURCE_NOT_FOUND_EXCEPTION` error when the standard subscription for the association has a `NOT_READY_FOR_UPDATES` value for `StandardsControlsUpdatable`.

Examples:

Example: To get enablement status of a batch of controls

# The following example retrieves the enablement status of the specified controls in the specified standards.

resp = client.batch_get_standards_control_associations({
  standards_control_association_ids: [
    {
      security_control_id: "CloudTrail.1", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
    }, 
    {
      security_control_id: "CloudWatch.12", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  standards_control_association_details: [
    {
      association_status: "ENABLED", 
      related_requirements: [
        "CIS AWS Foundations 2.1", 
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudTrail.1", 
      security_control_id: "CloudTrail.1", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      standards_control_description: "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", 
      standards_control_title: "Ensure CloudTrail is enabled in all regions", 
      updated_at: Time.parse("2022-01-13T18:52:29.539000+00:00"), 
    }, 
    {
      association_status: "ENABLED", 
      related_requirements: [
        "CIS AWS Foundations 3.12", 
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudWatch.12", 
      security_control_id: "CloudWatch.12", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      standards_control_description: "Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Network gateways are required to send/receive traffic to a destination outside of a VPC. It is recommended that a metric filter and alarm be established for changes to network gateways.", 
      standards_control_title: "Ensure a log metric filter and alarm exist for changes to network gateways", 
      updated_at: Time.parse("2022-01-13T18:52:29.686000+00:00"), 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_get_standards_control_associations({
  standards_control_association_ids: [ # required
    {
      security_control_id: "NonEmptyString", # required
      standards_arn: "NonEmptyString", # required
    },
  ],
})

Response structure

resp.standards_control_association_details #=> Array
resp.standards_control_association_details[0].standards_arn #=> String
resp.standards_control_association_details[0].security_control_id #=> String
resp.standards_control_association_details[0].security_control_arn #=> String
resp.standards_control_association_details[0].association_status #=> String, one of "ENABLED", "DISABLED"
resp.standards_control_association_details[0].related_requirements #=> Array
resp.standards_control_association_details[0].related_requirements[0] #=> String
resp.standards_control_association_details[0].updated_at #=> Time
resp.standards_control_association_details[0].updated_reason #=> String
resp.standards_control_association_details[0].standards_control_title #=> String
resp.standards_control_association_details[0].standards_control_description #=> String
resp.standards_control_association_details[0].standards_control_arns #=> Array
resp.standards_control_association_details[0].standards_control_arns[0] #=> String
resp.unprocessed_associations #=> Array
resp.unprocessed_associations[0].standards_control_association_id.security_control_id #=> String
resp.unprocessed_associations[0].standards_control_association_id.standards_arn #=> String
resp.unprocessed_associations[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED"
resp.unprocessed_associations[0].error_reason #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_control_association_ids (required, Array<Types::StandardsControlAssociationId>) —

  An array with one or more objects that includes a security control (identified with ‘SecurityControlId`, `SecurityControlArn`, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.

Returns:

• (Types::BatchGetStandardsControlAssociationsResponse) —

  Returns a response object which responds to the following methods:

  • #standards_control_association_details => Array&lt;Types::StandardsControlAssociationDetail&gt;

  • #unprocessed_associations => Array&lt;Types::UnprocessedStandardsControlAssociation&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 1403

def batch_get_standards_control_associations(params = {}, options = {})
  req = build_request(:batch_get_standards_control_associations, params)
  req.send_request(options)
end

#batch_import_findings(params = {}) ⇒ Types::BatchImportFindingsResponse

Imports security findings generated by a finding provider into Security Hub CSPM. This action is requested by the finding provider to import its findings into Security Hub CSPM.

‘BatchImportFindings` must be called by one of the following:

• The Amazon Web Services account that is associated with a finding if you are using the [default product ARN] or are a partner sending findings from within a customer’s Amazon Web Services account. In these cases, the identifier of the account that you are calling ‘BatchImportFindings` from needs to be the same as the `AwsAccountId` attribute for the finding.

• An Amazon Web Services account that Security Hub CSPM has allow-listed for an official partner integration. In this case, you can call ‘BatchImportFindings` from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, ‘BatchImportFindings` cannot be used to update the following finding fields and objects, which Security Hub CSPM customers use to manage their investigation workflow.

• ‘Note`

• ‘UserDefinedFields`

• ‘VerificationState`

• ‘Workflow`

Finding providers also should not use ‘BatchImportFindings` to update the following attributes.

• ‘Confidence`

• ‘Criticality`

• ‘RelatedFindings`

• ‘Severity`

• ‘Types`

Instead, finding providers use ‘FindingProviderFields` to provide values for these attributes.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html#securityhub-custom-providers-bfi-reqs

Examples:

Example: To import security findings from a third party provider to Security Hub

# The following example imports findings from a third party provider to Security Hub.

resp = client.batch_import_findings({
  findings: [
    {
      aws_account_id: "123456789012", 
      created_at: "2020-05-27T17:05:54.832Z", 
      description: "Vulnerability in a CloudTrail trail", 
      finding_provider_fields: {
        severity: {
          label: "LOW", 
          original: "10", 
        }, 
        types: [
          "Software and Configuration Checks/Vulnerabilities/CVE", 
        ], 
      }, 
      generator_id: "TestGeneratorId", 
      id: "Id1", 
      product_arn: "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default", 
      resources: [
        {
          id: "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName", 
          partition: "aws", 
          region: "us-west-1", 
          type: "AwsCloudTrailTrail", 
        }, 
      ], 
      schema_version: "2018-10-08", 
      title: "CloudTrail trail vulnerability", 
      updated_at: "2020-06-02T16:05:54.832Z", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  failed_count: 123, 
  failed_findings: [
  ], 
  success_count: 123, 
}

Response structure

resp.failed_count #=> Integer
resp.success_count #=> Integer
resp.failed_findings #=> Array
resp.failed_findings[0].id #=> String
resp.failed_findings[0].error_code #=> String
resp.failed_findings[0].error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :findings (required, Array<Types::AwsSecurityFinding>) —

  A list of findings to import. To successfully import a finding, it must follow the [Amazon Web Services Security Finding Format]. Maximum of 100 findings per request.

  [1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html

Returns:

• (Types::BatchImportFindingsResponse) —

  Returns a response object which responds to the following methods:

  • #failed_count => Integer

  • #success_count => Integer

  • #failed_findings => Array&lt;Types::ImportFindingsError&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 1535

def batch_import_findings(params = {}, options = {})
  req = build_request(:batch_import_findings, params)
  req.send_request(options)
end

#batch_update_automation_rules(params = {}) ⇒ Types::BatchUpdateAutomationRulesResponse

Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.

Examples:

Example: To update one ore more automation rules

# The following example updates the specified automation rules.

resp = client.batch_update_automation_rules({
  update_automation_rules_request_items: [
    {
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      rule_order: 15, 
      rule_status: "ENABLED", 
    }, 
    {
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      rule_status: "DISABLED", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  processed_automation_rules: [
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
  ], 
}

Request syntax with placeholder values

resp = client.batch_update_automation_rules({
  update_automation_rules_request_items: [ # required
    {
      rule_arn: "NonEmptyString", # required
      rule_status: "ENABLED", # accepts ENABLED, DISABLED
      rule_order: 1,
      description: "NonEmptyString",
      rule_name: "NonEmptyString",
      is_terminal: false,
      criteria: {
        product_arn: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        aws_account_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        generator_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        type: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        first_observed_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        last_observed_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        created_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        updated_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        confidence: [
          {
            gte: 1.0,
            lte: 1.0,
            eq: 1.0,
            gt: 1.0,
            lt: 1.0,
          },
        ],
        criticality: [
          {
            gte: 1.0,
            lte: 1.0,
            eq: 1.0,
            gt: 1.0,
            lt: 1.0,
          },
        ],
        title: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        description: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        source_url: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        product_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        company_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        severity_label: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_type: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_partition: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_region: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_tags: [
          {
            key: "NonEmptyString",
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
          },
        ],
        resource_details_other: [
          {
            key: "NonEmptyString",
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
          },
        ],
        compliance_status: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        compliance_security_control_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        compliance_associated_standards_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        verification_state: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        workflow_status: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        record_state: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        related_findings_product_arn: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        related_findings_id: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        note_text: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        note_updated_at: [
          {
            start: "NonEmptyString",
            end: "NonEmptyString",
            date_range: {
              value: 1,
              unit: "DAYS", # accepts DAYS
              comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
            },
          },
        ],
        note_updated_by: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        user_defined_fields: [
          {
            key: "NonEmptyString",
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
          },
        ],
        resource_application_arn: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        resource_application_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
        aws_account_name: [
          {
            value: "NonEmptyString",
            comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
          },
        ],
      },
      actions: [
        {
          type: "FINDING_FIELDS_UPDATE", # accepts FINDING_FIELDS_UPDATE
          finding_fields_update: {
            note: {
              text: "NonEmptyString", # required
              updated_by: "NonEmptyString", # required
            },
            severity: {
              normalized: 1,
              product: 1.0,
              label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
            },
            verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
            confidence: 1,
            criticality: 1,
            types: ["NonEmptyString"],
            user_defined_fields: {
              "NonEmptyString" => "NonEmptyString",
            },
            workflow: {
              status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
            },
            related_findings: [
              {
                product_arn: "NonEmptyString", # required
                id: "NonEmptyString", # required
              },
            ],
          },
        },
      ],
    },
  ],
})

Response structure

resp.processed_automation_rules #=> Array
resp.processed_automation_rules[0] #=> String
resp.unprocessed_automation_rules #=> Array
resp.unprocessed_automation_rules[0].rule_arn #=> String
resp.unprocessed_automation_rules[0].error_code #=> Integer
resp.unprocessed_automation_rules[0].error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :update_automation_rules_request_items (required, Array<Types::UpdateAutomationRulesRequestItem>) —

  An array of ARNs for the rules that are to be updated. Optionally, you can also include ‘RuleStatus` and `RuleOrder`.

Returns:

• (Types::BatchUpdateAutomationRulesResponse) —

  Returns a response object which responds to the following methods:

  • #processed_automation_rules => Array&lt;String&gt;

  • #unprocessed_automation_rules => Array&lt;Types::UnprocessedAutomationRule&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 1903

def batch_update_automation_rules(params = {}, options = {})
  req = build_request(:batch_update_automation_rules, params)
  req.send_request(options)
end

#batch_update_findings(params = {}) ⇒ Types::BatchUpdateFindingsResponse

Used by Security Hub CSPM customers to update information about their investigation into one or more findings. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. A member account can update findings only for their own account. Administrator and member accounts can use this operation to update the following fields and objects for one or more findings:

• ‘Confidence`

• ‘Criticality`

• ‘Note`

• ‘RelatedFindings`

• ‘Severity`

• ‘Types`

• ‘UserDefinedFields`

• ‘VerificationState`

• ‘Workflow`

If you use this operation to update a finding, your updates don’t affect the value for the ‘UpdatedAt` field of the finding. Also note that it can take several minutes for Security Hub CSPM to process your request and update each finding specified in the request.

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. For more information see [Configuring access to BatchUpdateFindings] in the *Security Hub CSPM User Guide*.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access

Examples:

Example: To update Security Hub findings

# The following example updates Security Hub findings. The finding identifier parameter specifies which findings to
# update. Only specific finding fields can be updated with this operation.

resp = client.batch_update_findings({
  confidence: 80, 
  criticality: 80, 
  finding_identifiers: [
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
  ], 
  note: {
    text: "Known issue that is not a risk.", 
    updated_by: "user1", 
  }, 
  related_findings: [
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
  ], 
  severity: {
    label: "LOW", 
  }, 
  types: [
    "Software and Configuration Checks/Vulnerabilities/CVE", 
  ], 
  user_defined_fields: {
    "reviewedByCio" => "true", 
  }, 
  verification_state: "TRUE_POSITIVE", 
  workflow: {
    status: "RESOLVED", 
  }, 
})

resp.to_h outputs the following:
{
  processed_findings: [
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
    {
      id: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      product_arn: "arn:aws:securityhub:us-west-1::product/aws/securityhub", 
    }, 
  ], 
  unprocessed_findings: [
  ], 
}

Request syntax with placeholder values

resp = client.batch_update_findings({
  finding_identifiers: [ # required
    {
      id: "NonEmptyString", # required
      product_arn: "NonEmptyString", # required
    },
  ],
  note: {
    text: "NonEmptyString", # required
    updated_by: "NonEmptyString", # required
  },
  severity: {
    normalized: 1,
    product: 1.0,
    label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
  },
  verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
  confidence: 1,
  criticality: 1,
  types: ["NonEmptyString"],
  user_defined_fields: {
    "NonEmptyString" => "NonEmptyString",
  },
  workflow: {
    status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
  },
  related_findings: [
    {
      product_arn: "NonEmptyString", # required
      id: "NonEmptyString", # required
    },
  ],
})

Response structure

resp.processed_findings #=> Array
resp.processed_findings[0].id #=> String
resp.processed_findings[0].product_arn #=> String
resp.unprocessed_findings #=> Array
resp.unprocessed_findings[0].finding_identifier.id #=> String
resp.unprocessed_findings[0].finding_identifier.product_arn #=> String
resp.unprocessed_findings[0].error_code #=> String
resp.unprocessed_findings[0].error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :finding_identifiers (required, Array<Types::AwsSecurityFindingIdentifier>) —

  The list of findings to update. ‘BatchUpdateFindings` can be used to update up to 100 findings at a time.

  For each finding, the list provides the finding identifier and the ARN of the finding provider.

• :note (Types::NoteUpdate) —

  The updated note.

• :severity (Types::SeverityUpdate) —

  Used to update the finding severity.

• :verification_state (String) —

  Indicates the veracity of a finding.

  The available values for ‘VerificationState` are as follows.

  • ‘UNKNOWN` – The default disposition of a security finding

  • ‘TRUE_POSITIVE` – The security finding is confirmed

  • ‘FALSE_POSITIVE` – The security finding was determined to be a false alarm

  • ‘BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the finding doesn’t pose any threat, is expected, or both

• :confidence (Integer) —

  The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

  Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

• :criticality (Integer) —

  The updated value for the level of importance assigned to the resources associated with the findings.

  A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

• :types (Array<String>) —

  One or more finding types in the format of namespace/category/classifier that classify a finding.

  Valid namespace values are as follows.

  • Software and Configuration Checks

  • TTPs

  • Effects

  • Unusual Behaviors

  • Sensitive Data Identifications

• :user_defined_fields (Hash<String,String>) —

  A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

• :workflow (Types::WorkflowUpdate) —

  Used to update the workflow status of a finding.

  The workflow status indicates the progress of the investigation into the finding.

• :related_findings (Array<Types::RelatedFinding>) —

  A list of findings that are related to the updated findings.

Returns:

• (Types::BatchUpdateFindingsResponse) —

  Returns a response object which responds to the following methods:

  • #processed_findings => Array&lt;Types::AwsSecurityFindingIdentifier&gt;

  • #unprocessed_findings => Array&lt;Types::BatchUpdateFindingsUnprocessedFinding&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 2137

def batch_update_findings(params = {}, options = {})
  req = build_request(:batch_update_findings, params)
  req.send_request(options)
end

#batch_update_findings_v2(params = {}) ⇒ Types::BatchUpdateFindingsV2Response

Updates information about a customer’s investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account.

‘BatchUpdateFindings` and `BatchUpdateFindingsV2` both use `securityhub:BatchUpdateFindings` in the `Action` element of an IAM policy statement. You must have permission to perform the `securityhub:BatchUpdateFindings` action. You can configure IAM policies to restrict access to specific finding fields or field values by using the `securityhub:OCSFSyntaxPath/<fieldName>` condition key, where `<fieldName>` is one of the following supported fields: `SeverityId`, `StatusId`, or `Comment`.

To prevent a user from updating a specific field, use a ‘Null` condition with `securityhub:OCSFSyntaxPath/<fieldName>` set to `“false”`. To prevent a user from setting a field to a specific value, use a `StringEquals` condition with `securityhub:OCSFSyntaxPath/<fieldName>` set to the disallowed value or list of values.

Updates from ‘BatchUpdateFindingsV2` don’t affect the value of ‘finding_info.modified_time`, `finding_info.modified_time_dt`, `time`, or `time_dt` for a finding.

Examples:

Request syntax with placeholder values

resp = client.batch_update_findings_v2({
  metadata_uids: ["NonEmptyString"],
  finding_identifiers: [
    {
      cloud_account_uid: "NonEmptyString", # required
      finding_info_uid: "NonEmptyString", # required
      metadata_product_uid: "NonEmptyString", # required
    },
  ],
  comment: "NonEmptyString",
  severity_id: 1,
  status_id: 1,
})

Response structure

resp.processed_findings #=> Array
resp.processed_findings[0].finding_identifier.cloud_account_uid #=> String
resp.processed_findings[0].finding_identifier.finding_info_uid #=> String
resp.processed_findings[0].finding_identifier.metadata_product_uid #=> String
resp.processed_findings[0].metadata_uid #=> String
resp.unprocessed_findings #=> Array
resp.unprocessed_findings[0].finding_identifier.cloud_account_uid #=> String
resp.unprocessed_findings[0].finding_identifier.finding_info_uid #=> String
resp.unprocessed_findings[0].finding_identifier.metadata_product_uid #=> String
resp.unprocessed_findings[0].metadata_uid #=> String
resp.unprocessed_findings[0].error_code #=> String, one of "ResourceNotFoundException", "ValidationException", "InternalServerException", "ConflictException"
resp.unprocessed_findings[0].error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :metadata_uids (Array<String>) —

  The list of finding ‘metadata.uid` to indicate findings to update. Finding `metadata.uid` is a globally unique identifier associated with the finding. Customers cannot use `MetadataUids` together with `FindingIdentifiers`.

• :finding_identifiers (Array<Types::OcsfFindingIdentifier>) —

  Provides information to identify a specific V2 finding.

• :comment (String) —

  The updated value for a user provided comment about the finding. Minimum character length 1. Maximum character length 512.

• :severity_id (Integer) —

  The updated value for the normalized severity identifier. The severity ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 6, 99]. When customer provides the updated severity ID, the string sibling severity will automatically be updated in the finding.

• :status_id (Integer) —

  The updated value for the normalized status identifier. The status ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 99]. When customer provides the updated status ID, the string sibling status will automatically be updated in the finding.

Returns:

• (Types::BatchUpdateFindingsV2Response) —

  Returns a response object which responds to the following methods:

  • #processed_findings => Array&lt;Types::BatchUpdateFindingsV2ProcessedFinding&gt;

  • #unprocessed_findings => Array&lt;Types::BatchUpdateFindingsV2UnprocessedFinding&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 2232

def batch_update_findings_v2(params = {}, options = {})
  req = build_request(:batch_update_findings_v2, params)
  req.send_request(options)
end

#batch_update_standards_control_associations(params = {}) ⇒ Types::BatchUpdateStandardsControlAssociationsResponse

For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

Examples:

Example: To update enablement status of a batch of controls

# The following example disables CloudWatch.12 in CIS AWS Foundations Benchmark v1.2.0. The example returns an error for
# CloudTrail.1 because an invalid standard ARN is provided.

resp = client.batch_update_standards_control_associations({
  standards_control_association_updates: [
    {
      association_status: "DISABLED", 
      security_control_id: "CloudTrail.1", 
      standards_arn: "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0", 
      updated_reason: "Not relevant to environment", 
    }, 
    {
      association_status: "DISABLED", 
      security_control_id: "CloudWatch.12", 
      standards_arn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      updated_reason: "Not relevant to environment", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_association_updates: [
    {
      error_code: "INVALID_INPUT", 
      error_reason: "Invalid Standards Arn: 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0'", 
      standards_control_association_update: {
        association_status: "DISABLED", 
        security_control_id: "CloudTrail.1", 
        standards_arn: "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0", 
        updated_reason: "Test Reason", 
      }, 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.batch_update_standards_control_associations({
  standards_control_association_updates: [ # required
    {
      standards_arn: "NonEmptyString", # required
      security_control_id: "NonEmptyString", # required
      association_status: "ENABLED", # required, accepts ENABLED, DISABLED
      updated_reason: "NonEmptyString",
    },
  ],
})

Response structure

resp.unprocessed_association_updates #=> Array
resp.unprocessed_association_updates[0].standards_control_association_update.standards_arn #=> String
resp.unprocessed_association_updates[0].standards_control_association_update.security_control_id #=> String
resp.unprocessed_association_updates[0].standards_control_association_update.association_status #=> String, one of "ENABLED", "DISABLED"
resp.unprocessed_association_updates[0].standards_control_association_update.updated_reason #=> String
resp.unprocessed_association_updates[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED"
resp.unprocessed_association_updates[0].error_reason #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_control_association_updates (required, Array<Types::StandardsControlAssociationUpdate>) —

  Updates the enablement status of a security control in a specified standard.

  Calls to this operation return a ‘RESOURCE_NOT_FOUND_EXCEPTION` error when the standard subscription for the control has `StandardsControlsUpdatable` value `NOT_READY_FOR_UPDATES`.

Returns:

• (Types::BatchUpdateStandardsControlAssociationsResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_association_updates => Array&lt;Types::UnprocessedStandardsControlAssociationUpdate&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 2318

def batch_update_standards_control_associations(params = {}, options = {})
  req = build_request(:batch_update_standards_control_associations, params)
  req.send_request(options)
end

#build_request(operation_name, params = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

• params ({}) (defaults to: {})

# File 'lib/aws-sdk-securityhub/client.rb', line 12698

def build_request(operation_name, params = {})
  handlers = @handlers.for(operation_name)
  tracer = config.telemetry_provider.tracer_provider.tracer(
    Aws::Telemetry.module_to_tracer_name('Aws::SecurityHub')
  )
  context = Seahorse::Client::RequestContext.new(
    operation_name: operation_name,
    operation: config.api.operation(operation_name),
    client: self,
    params: params,
    config: config,
    tracer: tracer
  )
  context[:gem_name] = 'aws-sdk-securityhub'
  context[:gem_version] = '1.158.0'
  Seahorse::Client::Request.new(handlers, context)
end

#create_action_target(params = {}) ⇒ Types::CreateActionTargetResponse

Creates a custom action target in Security Hub CSPM.

You can use custom actions on findings and insights in Security Hub CSPM to trigger target actions in Amazon CloudWatch Events.

Examples:

Example: To create a custom action target

# The following example creates a custom action target in Security Hub. Custom actions on findings and insights
# automatically trigger actions in Amazon CloudWatch Events.

resp = client.create_action_target({
  description: "Action to send the finding for remediation tracking", 
  id: "Remediation", 
  name: "Send to remediation", 
})

resp.to_h outputs the following:
{
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
}

Request syntax with placeholder values

resp = client.create_action_target({
  name: "NonEmptyString", # required
  description: "NonEmptyString", # required
  id: "NonEmptyString", # required
})

Response structure

resp.action_target_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The name of the custom action target. Can contain up to 20 characters.

• :description (required, String) —

  The description for the custom action target.

• :id (required, String) —

  The ID for the custom action target. Can contain up to 20 alphanumeric characters.

Returns:

• (Types::CreateActionTargetResponse) —

  Returns a response object which responds to the following methods:

  • #action_target_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 2375

def create_action_target(params = {}, options = {})
  req = build_request(:create_action_target, params)
  req.send_request(options)
end

#create_aggregator_v2(params = {}) ⇒ Types::CreateAggregatorV2Response

Enables aggregation across Amazon Web Services Regions.

Examples:

Request syntax with placeholder values

resp = client.create_aggregator_v2({
  region_linking_mode: "NonEmptyString", # required
  linked_regions: ["NonEmptyString"],
  tags: {
    "TagKey" => "TagValue",
  },
  client_token: "ClientToken",
})

Response structure

resp.aggregator_v2_arn #=> String
resp.aggregation_region #=> String
resp.region_linking_mode #=> String
resp.linked_regions #=> Array
resp.linked_regions[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :region_linking_mode (required, String) —

  Determines how Regions are linked to an Aggregator V2.

• :linked_regions (Array<String>) —

  The list of Regions that are linked to the aggregation Region.

• :tags (Hash<String,String>) —

  A list of key-value pairs to be applied to the AggregatorV2.

• :client_token (String) —

  A unique identifier used to ensure idempotency.

  **A suitable default value is auto-generated.** You should normally not need to pass this option.**

Returns:

• (Types::CreateAggregatorV2Response) —

  Returns a response object which responds to the following methods:

  • #aggregator_v2_arn => String

  • #aggregation_region => String

  • #region_linking_mode => String

  • #linked_regions => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 2427

def create_aggregator_v2(params = {}, options = {})
  req = build_request(:create_aggregator_v2, params)
  req.send_request(options)
end

#create_automation_rule(params = {}) ⇒ Types::CreateAutomationRuleResponse

Creates an automation rule based on input parameters.

Examples:

Example: To create an automation rule

# The following example creates an automation rule.

resp = client.create_automation_rule({
  actions: [
    {
      finding_fields_update: {
        note: {
          text: "This is a critical S3 bucket, please look into this ASAP", 
          updated_by: "test-user", 
        }, 
        severity: {
          label: "CRITICAL", 
        }, 
      }, 
      type: "FINDING_FIELDS_UPDATE", 
    }, 
  ], 
  criteria: {
    compliance_status: [
      {
        comparison: "EQUALS", 
        value: "FAILED", 
      }, 
    ], 
    product_name: [
      {
        comparison: "EQUALS", 
        value: "Security Hub", 
      }, 
    ], 
    record_state: [
      {
        comparison: "EQUALS", 
        value: "ACTIVE", 
      }, 
    ], 
    resource_id: [
      {
        comparison: "EQUALS", 
        value: "arn:aws:s3:::examplebucket/developers/design_info.doc", 
      }, 
    ], 
    workflow_status: [
      {
        comparison: "EQUALS", 
        value: "NEW", 
      }, 
    ], 
  }, 
  description: "Elevate finding severity to Critical for important resources", 
  is_terminal: false, 
  rule_name: "Elevate severity for important resources", 
  rule_order: 1, 
  rule_status: "ENABLED", 
  tags: {
    "important-resources-rule" => "s3-bucket", 
  }, 
})

resp.to_h outputs the following:
{
  rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
}

Request syntax with placeholder values

resp = client.create_automation_rule({
  tags: {
    "TagKey" => "TagValue",
  },
  rule_status: "ENABLED", # accepts ENABLED, DISABLED
  rule_order: 1, # required
  rule_name: "NonEmptyString", # required
  description: "NonEmptyString", # required
  is_terminal: false,
  criteria: { # required
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  actions: [ # required
    {
      type: "FINDING_FIELDS_UPDATE", # accepts FINDING_FIELDS_UPDATE
      finding_fields_update: {
        note: {
          text: "NonEmptyString", # required
          updated_by: "NonEmptyString", # required
        },
        severity: {
          normalized: 1,
          product: 1.0,
          label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
        },
        verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
        confidence: 1,
        criticality: 1,
        types: ["NonEmptyString"],
        user_defined_fields: {
          "NonEmptyString" => "NonEmptyString",
        },
        workflow: {
          status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
        },
        related_findings: [
          {
            product_arn: "NonEmptyString", # required
            id: "NonEmptyString", # required
          },
        ],
      },
    },
  ],
})

Response structure

resp.rule_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :tags (Hash<String,String>) —

  User-defined tags associated with an automation rule.

• :rule_status (String) —

  Whether the rule is active after it is created. If this parameter is equal to ‘ENABLED`, Security Hub CSPM starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use [ `BatchUpdateAutomationRules` ][1].

  [1]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html

• :rule_order (required, Integer) —

  An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub CSPM applies rules with lower values for this parameter first.

• :rule_name (required, String) —

  The name of the rule.

• :description (required, String) —

  A description of the rule.

• :is_terminal (Boolean) —

  Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub CSPM applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.

• :criteria (required, Types::AutomationRulesFindingFilters) —

  A set of ASFF finding field attributes and corresponding expected values that Security Hub CSPM uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub CSPM applies the rule action to the finding.

• :actions (required, Array<Types::AutomationRulesAction>) —

  One or more actions to update finding fields if a finding matches the conditions specified in ‘Criteria`.

Returns:

• (Types::CreateAutomationRuleResponse) —

  Returns a response object which responds to the following methods:

  • #rule_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 2866

def create_automation_rule(params = {}, options = {})
  req = build_request(:create_automation_rule, params)
  req.send_request(options)
end

#create_automation_rule_v2(params = {}) ⇒ Types::CreateAutomationRuleV2Response

Creates a V2 automation rule.

Examples:

Request syntax with placeholder values

resp = client.create_automation_rule_v2({
  rule_name: "NonEmptyString", # required
  rule_status: "ENABLED", # accepts ENABLED, DISABLED
  description: "NonEmptyString", # required
  rule_order: 1.0, # required
  criteria: { # required
    ocsf_finding_criteria: {
      composite_filters: [
        {
          string_filters: [
            {
              field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
              filter: {
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
              },
            },
          ],
          date_filters: [
            {
              field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
              filter: {
                start: "NonEmptyString",
                end: "NonEmptyString",
                date_range: {
                  value: 1,
                  unit: "DAYS", # accepts DAYS
                  comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                },
              },
            },
          ],
          boolean_filters: [
            {
              field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
              filter: {
                value: false,
              },
            },
          ],
          number_filters: [
            {
              field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
              filter: {
                gte: 1.0,
                lte: 1.0,
                eq: 1.0,
                gt: 1.0,
                lt: 1.0,
              },
            },
          ],
          map_filters: [
            {
              field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
              filter: {
                key: "NonEmptyString",
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
              },
            },
          ],
          ip_filters: [
            {
              field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
              filter: {
                cidr: "NonEmptyString",
              },
            },
          ],
          nested_composite_filters: {
            # recursive CompositeFilterList
          },
          operator: "AND", # accepts AND, OR
        },
      ],
      composite_operator: "AND", # accepts AND, OR
    },
  },
  actions: [ # required
    {
      type: "FINDING_FIELDS_UPDATE", # required, accepts FINDING_FIELDS_UPDATE, EXTERNAL_INTEGRATION
      finding_fields_update: {
        severity_id: 1,
        comment: "NonEmptyString",
        status_id: 1,
      },
      external_integration_configuration: {
        connector_arn: "NonEmptyString",
      },
    },
  ],
  tags: {
    "TagKey" => "TagValue",
  },
  client_token: "ClientToken",
})

Response structure

resp.rule_arn #=> String
resp.rule_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :rule_name (required, String) —

  The name of the V2 automation rule.

• :rule_status (String) —

  The status of the V2 automation rule.

• :description (required, String) —

  A description of the V2 automation rule.

• :rule_order (required, Float) —

  The value for the rule priority.

• :criteria (required, Types::Criteria) —

  The filtering type and configuration of the automation rule.

• :actions (required, Array<Types::AutomationRulesActionV2>) —

  A list of actions to be performed when the rule criteria is met.

• :tags (Hash<String,String>) —

  A list of key-value pairs associated with the V2 automation rule.

• :client_token (String) —

  A unique identifier used to ensure idempotency.

  **A suitable default value is auto-generated.** You should normally not need to pass this option.**

Returns:

• (Types::CreateAutomationRuleV2Response) —

  Returns a response object which responds to the following methods:

  • #rule_arn => String

  • #rule_id => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 3014

def create_automation_rule_v2(params = {}, options = {})
  req = build_request(:create_automation_rule_v2, params)
  req.send_request(options)
end

#create_configuration_policy(params = {}) ⇒ Types::CreateConfigurationPolicyResponse

Creates a configuration policy with the defined configuration. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To create a configuration policy

# This operation creates a configuration policy in Security Hub.

resp = client.create_configuration_policy({
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 14, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  description: "Configuration policy for testing FSBP and CIS", 
  name: "TestConfigurationPolicy", 
})

resp.to_h outputs the following:
{
  arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 14, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  created_at: Time.parse("2023-01-11T06:17:17.154Z"), 
  description: "Configuration policy for testing FSBP and CIS", 
  id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values

resp = client.create_configuration_policy({
  name: "NonEmptyString", # required
  description: "NonEmptyString",
  configuration_policy: { # required
    security_hub: {
      service_enabled: false,
      enabled_standard_identifiers: ["NonEmptyString"],
      security_controls_configuration: {
        enabled_security_control_identifiers: ["NonEmptyString"],
        disabled_security_control_identifiers: ["NonEmptyString"],
        security_control_custom_parameters: [
          {
            security_control_id: "NonEmptyString",
            parameters: {
              "NonEmptyString" => {
                value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
                value: {
                  integer: 1,
                  integer_list: [1],
                  double: 1.0,
                  string: "NonEmptyString",
                  string_list: ["NonEmptyString"],
                  boolean: false,
                  enum: "NonEmptyString",
                  enum_list: ["NonEmptyString"],
                },
              },
            },
          },
        ],
      },
    },
  },
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure

resp.arn #=> String
resp.id #=> String
resp.name #=> String
resp.description #=> String
resp.updated_at #=> Time
resp.created_at #=> Time
resp.configuration_policy.security_hub.service_enabled #=> Boolean
resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: ‘-, ., !, *, /`.

• :description (String) —

  The description of the configuration policy.

• :configuration_policy (required, Types::Policy) —

  An object that defines how Security Hub CSPM is configured. It includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).

• :tags (Hash<String,String>) —

  User-defined tags associated with a configuration policy. For more information, see [Tagging Security Hub CSPM resources] in the *Security Hub CSPM user guide*.

  [1]: docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html

Returns:

• (Types::CreateConfigurationPolicyResponse) —

  Returns a response object which responds to the following methods:

  • #arn => String

  • #id => String

  • #name => String

  • #description => String

  • #updated_at => Time

  • #created_at => Time

  • #configuration_policy => Types::Policy

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 3210

def create_configuration_policy(params = {}, options = {})
  req = build_request(:create_configuration_policy, params)
  req.send_request(options)
end

#create_connector_v2(params = {}) ⇒ Types::CreateConnectorV2Response

Grants permission to create a connectorV2 based on input parameters.

Examples:

Request syntax with placeholder values

resp = client.create_connector_v2({
  name: "NonEmptyString", # required
  description: "NonEmptyString",
  provider: { # required
    jira_cloud: {
      project_key: "NonEmptyString",
    },
    service_now: {
      instance_name: "NonEmptyString", # required
      secret_arn: "NonEmptyString", # required
    },
  },
  kms_key_arn: "NonEmptyString",
  tags: {
    "TagKey" => "TagValue",
  },
  client_token: "ClientToken",
})

Response structure

resp.connector_arn #=> String
resp.connector_id #=> String
resp.auth_url #=> String
resp.connector_status #=> String, one of "CONNECTED", "FAILED_TO_CONNECT", "PENDING_CONFIGURATION", "PENDING_AUTHORIZATION"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The unique name of the connectorV2.

• :description (String) —

  The description of the connectorV2.

• :provider (required, Types::ProviderConfiguration) —

  The third-party provider’s service configuration.

• :kms_key_arn (String) —

  The Amazon Resource Name (ARN) of KMS key used to encrypt secrets for the connectorV2.

• :tags (Hash<String,String>) —

  The tags to add to the connectorV2 when you create.

• :client_token (String) —

  A unique identifier used to ensure idempotency.

  **A suitable default value is auto-generated.** You should normally not need to pass this option.**

Returns:

• (Types::CreateConnectorV2Response) —

  Returns a response object which responds to the following methods:

  • #connector_arn => String

  • #connector_id => String

  • #auth_url => String

  • #connector_status => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 3278

def create_connector_v2(params = {}, options = {})
  req = build_request(:create_connector_v2, params)
  req.send_request(options)
end

#create_finding_aggregator(params = {}) ⇒ Types::CreateFindingAggregatorResponse

<note markdown=“1”> The *aggregation Region* is now called the *home Region*.

</note>

Used to enable cross-Region aggregation. This operation can be invoked from the home Region only.

For information about how cross-Region aggregation works, see

Understanding cross-Region aggregation in Security Hub CSPM][1

in

the *Security Hub CSPM User Guide*.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html

Examples:

Example: To enable cross-Region aggregation

# The following example creates a finding aggregator. This is required to enable cross-Region aggregation.

resp = client.create_finding_aggregator({
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
})

resp.to_h outputs the following:
{
  finding_aggregation_region: "us-east-1", 
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
}

Request syntax with placeholder values

resp = client.create_finding_aggregator({
  region_linking_mode: "NonEmptyString", # required
  regions: ["NonEmptyString"],
})

Response structure

resp.finding_aggregator_arn #=> String
resp.finding_aggregation_region #=> String
resp.region_linking_mode #=> String
resp.regions #=> Array
resp.regions[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :region_linking_mode (required, String) —

  Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub CSPM supports them and you opt into them.

  The selected option also determines how to use the Regions provided in the Regions list.

  The options are as follows:

  • ‘ALL_REGIONS` - Aggregates findings from all of the Regions where Security Hub CSPM is enabled. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.

  • ‘ALL_REGIONS_EXCEPT_SPECIFIED` - Aggregates findings from all of the Regions where Security Hub CSPM is enabled, except for the Regions listed in the `Regions` parameter. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.

  • ‘SPECIFIED_REGIONS` - Aggregates findings only from the Regions listed in the `Regions` parameter. Security Hub CSPM does not automatically aggregate findings from new Regions.

  • ‘NO_REGIONS` - Aggregates no data because no Regions are selected as linked Regions.

• :regions (Array<String>) —

  If ‘RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this is a space-separated list of Regions that don’t replicate and send findings to the home Region.

  If ‘RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

  An ‘InvalidInputException` error results if you populate this field while `RegionLinkingMode` is `NO_REGIONS`.

Returns:

• (Types::CreateFindingAggregatorResponse) —

  Returns a response object which responds to the following methods:

  • #finding_aggregator_arn => String

  • #finding_aggregation_region => String

  • #region_linking_mode => String

  • #regions => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 3389

def create_finding_aggregator(params = {}, options = {})
  req = build_request(:create_finding_aggregator, params)
  req.send_request(options)
end

#create_insight(params = {}) ⇒ Types::CreateInsightResponse

Creates a custom insight in Security Hub CSPM. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

To group the related findings in the insight, use the ‘GroupByAttribute`.

Examples:

Example: To create a custom insight

# The following example creates a custom insight in Security Hub. An insight is a collection of findings that relate to a
# security issue.

resp = client.create_insight({
  filters: {
    resource_type: [
      {
        comparison: "EQUALS", 
        value: "AwsIamRole", 
      }, 
    ], 
    severity_label: [
      {
        comparison: "EQUALS", 
        value: "CRITICAL", 
      }, 
    ], 
  }, 
  group_by_attribute: "ResourceId", 
  name: "Critical role findings", 
})

resp.to_h outputs the following:
{
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
}

Request syntax with placeholder values

resp = client.create_insight({
  name: "NonEmptyString", # required
  filters: { # required
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  group_by_attribute: "NonEmptyString", # required
})

Response structure

resp.insight_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The name of the custom insight to create.

• :filters (required, Types::AwsSecurityFindingFilters) —

  One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.

• :group_by_attribute (required, String) —

  The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.

Returns:

• (Types::CreateInsightResponse) —

  Returns a response object which responds to the following methods:

  • #insight_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4171

def create_insight(params = {}, options = {})
  req = build_request(:create_insight, params)
  req.send_request(options)
end

#create_members(params = {}) ⇒ Types::CreateMembersResponse

Creates a member association in Security Hub CSPM between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

‘CreateMembers` is always used to add accounts that are not organization members.

For accounts that are managed using Organizations, ‘CreateMembers` is only used in the following cases:

• Security Hub CSPM is not configured to automatically add new organization accounts.

• The account was disassociated or deleted in Security Hub CSPM.

This action can only be used by an account that has Security Hub CSPM enabled. To enable Security Hub CSPM, you can use the ‘EnableSecurityHub` operation.

For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the ‘InviteMembers` operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub CSPM.

Accounts that are managed using Organizations don’t receive an invitation. They automatically become a member account in Security Hub CSPM.

• If the organization account does not have Security Hub CSPM enabled, then Security Hub CSPM and the default standards are automatically enabled. Note that Security Hub CSPM cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub CSPM before the administrator account enables it as a member account.

• For organization accounts that already have Security Hub CSPM enabled, Security Hub CSPM does not make any other changes to those accounts. It does not change their enabled standards or controls.

A permissions policy is added that permits the administrator account to view the findings generated in the member account.

To remove the association between the administrator and member accounts, use the ‘DisassociateFromMasterAccount` or `DisassociateMembers` operation.

Examples:

Example: To add a member account

# The following example creates a member association between the specified accounts and the administrator account (the
# account that makes the request). This operation is used to add accounts that aren't part of an organization.

resp = client.create_members({
  account_details: [
    {
      account_id: "123456789012", 
    }, 
    {
      account_id: "111122223333", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values

resp = client.create_members({
  account_details: [ # required
    {
      account_id: "AccountId", # required
      email: "NonEmptyString",
    },
  ],
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_details (required, Array<Types::AccountDetails>) —

  The list of accounts to associate with the Security Hub CSPM administrator account. For each account, the list includes the account ID and optionally the email address.

Returns:

• (Types::CreateMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::Result&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4278

def create_members(params = {}, options = {})
  req = build_request(:create_members, params)
  req.send_request(options)
end

#create_ticket_v2(params = {}) ⇒ Types::CreateTicketV2Response

Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID.

Examples:

Request syntax with placeholder values

resp = client.create_ticket_v2({
  connector_id: "NonEmptyString", # required
  finding_metadata_uid: "NonEmptyString", # required
  client_token: "ClientToken",
  mode: "DRYRUN", # accepts DRYRUN
})

Response structure

resp.ticket_id #=> String
resp.ticket_src_url #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :connector_id (required, String) —

  The UUID of the connectorV2 to identify connectorV2 resource.

• :finding_metadata_uid (required, String) —

  The the unique ID for the finding.

• :client_token (String) —

  The client idempotency token.

  **A suitable default value is auto-generated.** You should normally not need to pass this option.**

• :mode (String) —

  The mode for ticket creation. When set to DRYRUN, the ticket is created using a Security Hub owned template test finding to verify the integration is working correctly.

Returns:

• (Types::CreateTicketV2Response) —

  Returns a response object which responds to the following methods:

  • #ticket_id => String

  • #ticket_src_url => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4326

def create_ticket_v2(params = {}, options = {})
  req = build_request(:create_ticket_v2, params)
  req.send_request(options)
end

#decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse

<note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see [Managing Security Hub CSPM administrator and member accounts with Organizations] in the *Security Hub CSPM User Guide*.

</note>

Declines invitations to become a Security Hub CSPM member account.

A prospective member account uses this operation to decline an invitation to become a member.

Only member accounts that aren’t part of an Amazon Web Services organization should use this operation. Organization accounts don’t receive invitations.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html

Examples:

Example: To decline invitation to become a member account

# The following example declines an invitation from the Security Hub administrator account to become a member account. The
# invited account makes the request.

resp = client.decline_invitations({
  account_ids: [
    "123456789012", 
    "111122223333", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values

resp = client.decline_invitations({
  account_ids: ["NonEmptyString"], # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  The list of prospective member account IDs for which to decline an invitation.

Returns:

• (Types::DeclineInvitationsResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::Result&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4394

def decline_invitations(params = {}, options = {})
  req = build_request(:decline_invitations, params)
  req.send_request(options)
end

#delete_action_target(params = {}) ⇒ Types::DeleteActionTargetResponse

Deletes a custom action target from Security Hub CSPM.

Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.

Examples:

Example: To delete a custom action target

# The following example deletes a custom action target that triggers target actions in Amazon CloudWatch Events. Deleting
# a custom action target doesn't affect findings or insights that were already sent to CloudWatch Events based on the
# custom action.

resp = client.delete_action_target({
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
})

resp.to_h outputs the following:
{
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
}

Request syntax with placeholder values

resp = client.delete_action_target({
  action_target_arn: "NonEmptyString", # required
})

Response structure

resp.action_target_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :action_target_arn (required, String) —

  The Amazon Resource Name (ARN) of the custom action target to delete.

Returns:

• (Types::DeleteActionTargetResponse) —

  Returns a response object which responds to the following methods:

  • #action_target_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4442

def delete_action_target(params = {}, options = {})
  req = build_request(:delete_action_target, params)
  req.send_request(options)
end

#delete_aggregator_v2(params = {}) ⇒ Struct

Deletes the Aggregator V2.

Examples:

Request syntax with placeholder values

resp = client.delete_aggregator_v2({
  aggregator_v2_arn: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :aggregator_v2_arn (required, String) —

  The ARN of the Aggregator V2.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4464

def delete_aggregator_v2(params = {}, options = {})
  req = build_request(:delete_aggregator_v2, params)
  req.send_request(options)
end

#delete_automation_rule_v2(params = {}) ⇒ Struct

Deletes a V2 automation rule.

Examples:

Request syntax with placeholder values

resp = client.delete_automation_rule_v2({
  identifier: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :identifier (required, String) —

  The ARN of the V2 automation rule.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4486

def delete_automation_rule_v2(params = {}, options = {})
  req = build_request(:delete_automation_rule_v2, params)
  req.send_request(options)
end

#delete_configuration_policy(params = {}) ⇒ Struct

Deletes a configuration policy. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region. For the deletion to succeed, you must first disassociate a configuration policy from target accounts, organizational units, or the root by invoking the ‘StartConfigurationPolicyDisassociation` operation.

Examples:

Example: To delete a configuration policy

# This operation deletes the specified configuration policy.

resp = client.delete_configuration_policy({
  identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

Request syntax with placeholder values

resp = client.delete_configuration_policy({
  identifier: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :identifier (required, String) —

  The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4522

def delete_configuration_policy(params = {}, options = {})
  req = build_request(:delete_configuration_policy, params)
  req.send_request(options)
end

#delete_connector_v2(params = {}) ⇒ Struct

Grants permission to delete a connectorV2.

Examples:

Request syntax with placeholder values

resp = client.delete_connector_v2({
  connector_id: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :connector_id (required, String) —

  The UUID of the connectorV2 to identify connectorV2 resource.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4544

def delete_connector_v2(params = {}, options = {})
  req = build_request(:delete_connector_v2, params)
  req.send_request(options)
end

#delete_finding_aggregator(params = {}) ⇒ Struct

<note markdown=“1”> The *aggregation Region* is now called the *home Region*.

</note>

Deletes a finding aggregator. When you delete the finding aggregator, you stop cross-Region aggregation. Finding replication stops occurring from the linked Regions to the home Region.

When you stop cross-Region aggregation, findings that were already replicated and sent to the home Region are still visible from the home Region. However, new findings and finding updates are no longer replicated and sent to the home Region.

Examples:

Example: To delete a finding aggregator

# The following example deletes a finding aggregator in Security Hub. Deleting the finding aggregator stops cross-Region
# aggregation. This operation produces no output.

resp = client.delete_finding_aggregator({
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

Request syntax with placeholder values

resp = client.delete_finding_aggregator({
  finding_aggregator_arn: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :finding_aggregator_arn (required, String) —

  The ARN of the finding aggregator to delete. To obtain the ARN, use ‘ListFindingAggregators`.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4588

def delete_finding_aggregator(params = {}, options = {})
  req = build_request(:delete_finding_aggregator, params)
  req.send_request(options)
end

#delete_insight(params = {}) ⇒ Types::DeleteInsightResponse

Deletes the insight specified by the ‘InsightArn`.

Examples:

Example: To delete a custom insight

# The following example deletes a custom insight in Security Hub.

resp = client.delete_insight({
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  insight_arn: "arn:aws:securityhub:eu-central-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
}

Request syntax with placeholder values

resp = client.delete_insight({
  insight_arn: "NonEmptyString", # required
})

Response structure

resp.insight_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :insight_arn (required, String) —

  The ARN of the insight to delete.

Returns:

• (Types::DeleteInsightResponse) —

  Returns a response object which responds to the following methods:

  • #insight_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4630

def delete_insight(params = {}, options = {})
  req = build_request(:delete_insight, params)
  req.send_request(options)
end

#delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse

<note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see [Managing Security Hub CSPM administrator and member accounts with Organizations] in the *Security Hub CSPM User Guide*.

</note>

Deletes invitations to become a Security Hub CSPM member account.

A Security Hub CSPM administrator account can use this operation to delete invitations sent to one or more prospective member accounts.

This operation is only used to delete invitations that are sent to prospective member accounts that aren’t part of an Amazon Web Services organization. Organization accounts don’t receive invitations.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html

Examples:

Example: To delete a custom insight

# The following example deletes an invitation sent by the Security Hub administrator account to a prospective member
# account. This operation is used only for invitations sent to accounts that aren't part of an organization. Organization
# accounts don't receive invitations.

resp = client.delete_invitations({
  account_ids: [
    "123456789012", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values

resp = client.delete_invitations({
  account_ids: ["NonEmptyString"], # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  The list of member account IDs that received the invitations you want to delete.

Returns:

• (Types::DeleteInvitationsResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::Result&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4699

def delete_invitations(params = {}, options = {})
  req = build_request(:delete_invitations, params)
  req.send_request(options)
end

#delete_members(params = {}) ⇒ Types::DeleteMembersResponse

Deletes the specified member accounts from Security Hub CSPM.

You can invoke this API only to delete accounts that became members through invitation. You can’t invoke this API to delete accounts that belong to an Organizations organization.

Examples:

Example: To delete a member account

# The following example deletes the specified member account from Security Hub. This operation can be used to delete
# member accounts that are part of an organization or that were invited manually.

resp = client.delete_members({
  account_ids: [
    "123456789111", 
    "123456789222", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values

resp = client.delete_members({
  account_ids: ["NonEmptyString"], # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  The list of account IDs for the member accounts to delete.

Returns:

• (Types::DeleteMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::Result&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4752

def delete_members(params = {}, options = {})
  req = build_request(:delete_members, params)
  req.send_request(options)
end

#describe_action_targets(params = {}) ⇒ Types::DescribeActionTargetsResponse

Returns a list of the custom action targets in Security Hub CSPM in your account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To return custom action targets

# The following example returns a list of custom action targets. You use custom actions on findings and insights in
# Security Hub to trigger target actions in Amazon CloudWatch Events.

resp = client.describe_action_targets({
  action_target_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
  ], 
})

resp.to_h outputs the following:
{
  action_targets: [
    {
      action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
      description: "Action to send the finding for remediation tracking", 
      name: "Send to remediation", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.describe_action_targets({
  action_target_arns: ["NonEmptyString"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.action_targets #=> Array
resp.action_targets[0].action_target_arn #=> String
resp.action_targets[0].name #=> String
resp.action_targets[0].description #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :action_target_arns (Array<String>) —

  A list of custom action target ARNs for the custom action targets to retrieve.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘DescribeActionTargets` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::DescribeActionTargetsResponse) —

  Returns a response object which responds to the following methods:

  • #action_targets => Array&lt;Types::ActionTarget&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4826

def describe_action_targets(params = {}, options = {})
  req = build_request(:describe_action_targets, params)
  req.send_request(options)
end

#describe_hub(params = {}) ⇒ Types::DescribeHubResponse

Returns details about the Hub resource in your account, including the ‘HubArn` and the time when you enabled Security Hub CSPM.

Examples:

Example: To return details about Hub resource

# The following example returns details about the Hub resource in the calling account. The Hub resource represents the
# implementation of  the AWS Security Hub service in the calling account.

resp = client.describe_hub({
  hub_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
})

resp.to_h outputs the following:
{
  auto_enable_controls: true, 
  control_finding_generator: "SECURITY_CONTROL", 
  hub_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
  subscribed_at: "2019-11-19T23:15:10.046Z", 
}

Request syntax with placeholder values

resp = client.describe_hub({
  hub_arn: "NonEmptyString",
})

Response structure

resp.hub_arn #=> String
resp.subscribed_at #=> String
resp.auto_enable_controls #=> Boolean
resp.control_finding_generator #=> String, one of "STANDARD_CONTROL", "SECURITY_CONTROL"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :hub_arn (String) —

  The ARN of the Hub resource to retrieve.

Returns:

• (Types::DescribeHubResponse) —

  Returns a response object which responds to the following methods:

  • #hub_arn => String

  • #subscribed_at => String

  • #auto_enable_controls => Boolean

  • #control_finding_generator => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4879

def describe_hub(params = {}, options = {})
  req = build_request(:describe_hub, params)
  req.send_request(options)
end

#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse

Returns information about the way your organization is configured in Security Hub CSPM. Only the Security Hub CSPM administrator account can invoke this operation.

Examples:

Example: To get information about organization configuration

# This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub
# administrator account can invoke this operation.

resp = client.describe_organization_configuration({
})

resp.to_h outputs the following:
{
  auto_enable: false, 
  auto_enable_standards: "NONE", 
  member_account_limit_reached: false, 
  organization_configuration: {
    configuration_type: "CENTRAL", 
    status: "ENABLED", 
  }, 
}

Response structure

resp.auto_enable #=> Boolean
resp.member_account_limit_reached #=> Boolean
resp.auto_enable_standards #=> String, one of "NONE", "DEFAULT"
resp.organization_configuration.configuration_type #=> String, one of "CENTRAL", "LOCAL"
resp.organization_configuration.status #=> String, one of "PENDING", "ENABLED", "FAILED"
resp.organization_configuration.status_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::DescribeOrganizationConfigurationResponse) —

  Returns a response object which responds to the following methods:

  • #auto_enable => Boolean

  • #member_account_limit_reached => Boolean

  • #auto_enable_standards => String

  • #organization_configuration => Types::OrganizationConfiguration

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 4928

def describe_organization_configuration(params = {}, options = {})
  req = build_request(:describe_organization_configuration, params)
  req.send_request(options)
end

#describe_products(params = {}) ⇒ Types::DescribeProductsResponse

Returns information about product integrations in Security Hub CSPM.

You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

If you don’t provide an integration ARN, then the results include all of the available product integrations.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get information about Security Hub integrations

# The following example returns details about AWS services and third-party products that Security Hub integrates with.

resp = client.describe_products({
  max_results: 1, 
  next_token: "NULL", 
  product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
})

resp.to_h outputs the following:
{
  next_token: "U2FsdGVkX18vvPlOqb7RDrWRWVFBJI46MOIAb+nZmRJmR15NoRi2gm13sdQEn3O/pq/78dGs+bKpgA+7HMPHO0qX33/zoRI+uIG/F9yLNhcOrOWzFUdy36JcXLQji3Rpnn/cD1SVkGA98qI3zPOSDg==", 
  products: [
    {
      activation_url: "https://falcon.crowdstrike.com/support/documentation", 
      categories: [
        "Endpoint Detection and Response (EDR)", 
        "AV Scanning and Sandboxing", 
        "Threat Intelligence Feeds and Reports", 
        "Endpoint Forensics", 
        "Network Forensics", 
      ], 
      company_name: "CrowdStrike", 
      description: "CrowdStrike Falcon's single lightweight sensor unifies next-gen antivirus, endpoint detection and response, and 24/7 managed hunting, via the cloud.", 
      integration_types: [
        "SEND_FINDINGS_TO_SECURITY_HUB", 
      ], 
      marketplace_url: "https://aws.amazon.com/marketplace/seller-profile?id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
      product_name: "CrowdStrike Falcon", 
      product_subscription_resource_policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789333\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789012\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789333:product/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}}]}", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.describe_products({
  next_token: "NextToken",
  max_results: 1,
  product_arn: "NonEmptyString",
})

Response structure

resp.products #=> Array
resp.products[0].product_arn #=> String
resp.products[0].product_name #=> String
resp.products[0].company_name #=> String
resp.products[0].description #=> String
resp.products[0].categories #=> Array
resp.products[0].categories[0] #=> String
resp.products[0].integration_types #=> Array
resp.products[0].integration_types[0] #=> String, one of "SEND_FINDINGS_TO_SECURITY_HUB", "RECEIVE_FINDINGS_FROM_SECURITY_HUB", "UPDATE_FINDINGS_IN_SECURITY_HUB"
resp.products[0].marketplace_url #=> String
resp.products[0].activation_url #=> String
resp.products[0].product_subscription_resource_policy #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘DescribeProducts` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

• :product_arn (String) —

  The ARN of the integration to return.

Returns:

• (Types::DescribeProductsResponse) —

  Returns a response object which responds to the following methods:

  • #products => Array&lt;Types::Product&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5028

def describe_products(params = {}, options = {})
  req = build_request(:describe_products, params)
  req.send_request(options)
end

#describe_products_v2(params = {}) ⇒ Types::DescribeProductsV2Response

Gets information about the product integration.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.describe_products_v2({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.products_v2 #=> Array
resp.products_v2[0].product_v2_name #=> String
resp.products_v2[0].company_name #=> String
resp.products_v2[0].description #=> String
resp.products_v2[0].categories #=> Array
resp.products_v2[0].categories[0] #=> String
resp.products_v2[0].integration_v2_types #=> Array
resp.products_v2[0].integration_v2_types[0] #=> String, one of "SEND_FINDINGS_TO_SECURITY_HUB", "RECEIVE_FINDINGS_FROM_SECURITY_HUB", "UPDATE_FINDINGS_IN_SECURITY_HUB", "EXTENDED_PLAN"
resp.products_v2[0].marketplace_url #=> String
resp.products_v2[0].activation_url #=> String
resp.products_v2[0].marketplace_product_id #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token required for pagination. On your first call, set the value of this parameter to ‘NULL`. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::DescribeProductsV2Response) —

  Returns a response object which responds to the following methods:

  • #products_v2 => Array&lt;Types::ProductV2&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5077

def describe_products_v2(params = {}, options = {})
  req = build_request(:describe_products_v2, params)
  req.send_request(options)
end

#describe_security_hub_v2(params = {}) ⇒ Types::DescribeSecurityHubV2Response

Returns details about the service resource in your account.

Examples:

Response structure

resp.hub_v2_arn #=> String
resp.subscribed_at #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::DescribeSecurityHubV2Response) —

  Returns a response object which responds to the following methods:

  • #hub_v2_arn => String

  • #subscribed_at => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5098

def describe_security_hub_v2(params = {}, options = {})
  req = build_request(:describe_security_hub_v2, params)
  req.send_request(options)
end

#describe_standards(params = {}) ⇒ Types::DescribeStandardsResponse

Returns a list of the available standards in Security Hub CSPM.

For each standard, the results include the standard ARN, the name, and a description.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get available Security Hub standards

# The following example returns a list of available security standards in Security Hub.

resp = client.describe_standards({
})

resp.to_h outputs the following:
{
  standards: [
    {
      description: "The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS's most popular and foundational services.", 
      enabled_by_default: true, 
      name: "AWS Foundational Security Best Practices v1.0.0", 
      standards_arn: "arn:aws:securityhub:us-west-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
    }, 
    {
      description: "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.", 
      enabled_by_default: true, 
      name: "CIS AWS Foundations Benchmark v1.2.0", 
      standards_arn: "arn:aws:securityhub:us-west-1::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
    }, 
    {
      description: "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.", 
      enabled_by_default: false, 
      name: "CIS AWS Foundations Benchmark v1.4.0", 
      standards_arn: "arn:aws::securityhub:us-west-1::standards/cis-aws-foundations-benchmark/v/1.4.0", 
    }, 
    {
      description: "The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data. This Security Hub standard automatically checks for your compliance readiness against a subset of PCI DSS requirements.", 
      enabled_by_default: false, 
      name: "PCI DSS v3.2.1", 
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.describe_standards({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.standards #=> Array
resp.standards[0].standards_arn #=> String
resp.standards[0].name #=> String
resp.standards[0].description #=> String
resp.standards[0].enabled_by_default #=> Boolean
resp.standards[0].standards_managed_by.company #=> String
resp.standards[0].standards_managed_by.product #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘DescribeStandards` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of standards to return.

Returns:

• (Types::DescribeStandardsResponse) —

  Returns a response object which responds to the following methods:

  • #standards => Array&lt;Types::Standard&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5187

def describe_standards(params = {}, options = {})
  req = build_request(:describe_standards, params)
  req.send_request(options)
end

#describe_standards_controls(params = {}) ⇒ Types::DescribeStandardsControlsResponse

Returns a list of security standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

This operation returns an empty list for standard subscriptions where ‘StandardsControlsUpdatable` has value `NOT_READY_FOR_UPDATES`.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get a list of controls for a security standard

# The following example returns a list of security controls and control details that apply to a specified security
# standard. The list includes controls that are enabled and disabled in the standard.

resp = client.describe_standards_controls({
  max_results: 2, 
  next_token: "NULL", 
  standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
})

resp.to_h outputs the following:
{
  controls: [
    {
      control_id: "PCI.AutoScaling.1", 
      control_status: "ENABLED", 
      control_status_updated_at: Time.parse("2020-05-15T18:49:04.473000+00:00"), 
      description: "This AWS control checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.", 
      related_requirements: [
        "PCI DSS 2.2", 
      ], 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/PCI.AutoScaling.1/remediation", 
      severity_rating: "LOW", 
      standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1", 
      title: "Auto scaling groups associated with a load balancer should use health checks", 
    }, 
    {
      control_id: "PCI.CW.1", 
      control_status: "ENABLED", 
      control_status_updated_at: Time.parse("2020-05-15T18:49:04.498000+00:00"), 
      description: "This control checks for the CloudWatch metric filters using the following pattern { $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" } It checks that the log group name is configured for use with active multi-region CloudTrail, that there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All, and that there is at least one active subscriber to an SNS topic associated with the alarm.", 
      related_requirements: [
        "PCI DSS 7.2.1", 
      ], 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/PCI.CW.1/remediation", 
      severity_rating: "MEDIUM", 
      standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.CW.1", 
      title: "A log metric filter and alarm should exist for usage of the \"root\" user", 
    }, 
  ], 
  next_token: "U2FsdGVkX1+eNkPoZHVl11ip5HUYQPWSWZGmftcmJiHL8JoKEsCDuaKayiPDyLK+LiTkShveoOdvfxXCkOBaGhohIXhsIedN+LSjQV/l7kfCfJcq4PziNC1N9xe9aq2pjlLVZnznTfSImrodT5bRNHe4fELCQq/z+5ka+5Lzmc11axcwTd5lKgQyQqmUVoeriHZhyIiBgWKf7oNYdBVG8OEortVWvSkoUTt+B2ThcnC7l43kI0UNxlkZ6sc64AsW", 
}

Request syntax with placeholder values

resp = client.describe_standards_controls({
  standards_subscription_arn: "NonEmptyString", # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.controls #=> Array
resp.controls[0].standards_control_arn #=> String
resp.controls[0].control_status #=> String, one of "ENABLED", "DISABLED"
resp.controls[0].disabled_reason #=> String
resp.controls[0].control_status_updated_at #=> Time
resp.controls[0].control_id #=> String
resp.controls[0].title #=> String
resp.controls[0].description #=> String
resp.controls[0].remediation_url #=> String
resp.controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.controls[0].related_requirements #=> Array
resp.controls[0].related_requirements[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_subscription_arn (required, String) —

  The ARN of a resource that represents your subscription to a supported standard. To get the subscription ARNs of the standards you have enabled, use the ‘GetEnabledStandards` operation.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘DescribeStandardsControls` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of security standard controls to return.

Returns:

• (Types::DescribeStandardsControlsResponse) —

  Returns a response object which responds to the following methods:

  • #controls => Array&lt;Types::StandardsControl&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5298

def describe_standards_controls(params = {}, options = {})
  req = build_request(:describe_standards_controls, params)
  req.send_request(options)
end

#disable_import_findings_for_product(params = {}) ⇒ Struct

Disables the integration of the specified product with Security Hub CSPM. After the integration is disabled, findings from that product are no longer sent to Security Hub CSPM.

Examples:

Example: To end a Security Hub integration

# The following example ends an integration between Security Hub and the specified product that sends findings to Security
# Hub. After the integration ends, the product no longer sends findings to Security  Hub.

resp = client.disable_import_findings_for_product({
  product_subscription_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
})

Request syntax with placeholder values

resp = client.disable_import_findings_for_product({
  product_subscription_arn: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :product_subscription_arn (required, String) —

  The ARN of the integrated product to disable the integration for.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5332

def disable_import_findings_for_product(params = {}, options = {})
  req = build_request(:disable_import_findings_for_product, params)
  req.send_request(options)
end

#disable_organization_admin_account(params = {}) ⇒ Struct

Disables a Security Hub CSPM administrator account. Can only be called by the organization management account.

Examples:

Example: To remove a Security Hub administrator account

# The following example removes the Security Hub administrator account in the Region from which the operation was
# executed. This operation doesn't remove the delegated administrator account in AWS Organizations.

resp = client.disable_organization_admin_account({
  admin_account_id: "123456789012", 
})

Request syntax with placeholder values

resp = client.disable_organization_admin_account({
  admin_account_id: "NonEmptyString", # required
  feature: "SecurityHub", # accepts SecurityHub, SecurityHubV2
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :admin_account_id (required, String) —

  The Amazon Web Services account identifier of the Security Hub CSPM administrator account.

• :feature (String) —

  The feature for which the delegated admin account is disabled. Defaults to Security Hub CSPM if not specified.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5371

def disable_organization_admin_account(params = {}, options = {})
  req = build_request(:disable_organization_admin_account, params)
  req.send_request(options)
end

#disable_security_hub(params = {}) ⇒ Struct

Disables Security Hub CSPM in your account only in the current Amazon Web Services Region. To disable Security Hub CSPM in all Regions, you must submit one request per Region where you have enabled Security Hub CSPM.

You can’t disable Security Hub CSPM in an account that is currently the Security Hub CSPM administrator.

When you disable Security Hub CSPM, your existing findings and insights and any Security Hub CSPM configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your administrator and member account associations are removed.

If you want to save your existing findings, you must export them before you disable Security Hub CSPM.

Examples:

Example: To deactivate Security Hub

# The following example deactivates Security Hub for the current account and Region.

resp = client.disable_security_hub({
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5407

def disable_security_hub(params = {}, options = {})
  req = build_request(:disable_security_hub, params)
  req.send_request(options)
end

#disable_security_hub_v2(params = {}) ⇒ Struct

Disable the service for the current Amazon Web Services Region or specified Amazon Web Services Region.

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5421

def disable_security_hub_v2(params = {}, options = {})
  req = build_request(:disable_security_hub_v2, params)
  req.send_request(options)
end

#disassociate_from_administrator_account(params = {}) ⇒ Struct

Disassociates the current Security Hub CSPM member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

Examples:

Example: To disassociate requesting account from administrator account

# The following example dissociates the requesting account from its associated administrator account.

resp = client.disassociate_from_administrator_account({
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5447

def disassociate_from_administrator_account(params = {}, options = {})
  req = build_request(:disassociate_from_administrator_account, params)
  req.send_request(options)
end

#disassociate_from_master_account(params = {}) ⇒ Struct

This method is deprecated. Instead, use ‘DisassociateFromAdministratorAccount`.

The Security Hub CSPM console continues to use ‘DisassociateFromMasterAccount`. It will eventually change to use `DisassociateFromAdministratorAccount`. Any IAM policies that specifically control access to this function must continue to use `DisassociateFromMasterAccount`. You should also add `DisassociateFromAdministratorAccount` to your policies to ensure that the correct permissions are in place after the console begins to use `DisassociateFromAdministratorAccount`.

Disassociates the current Security Hub CSPM member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5477

def disassociate_from_master_account(params = {}, options = {})
  req = build_request(:disassociate_from_master_account, params)
  req.send_request(options)
end

#disassociate_members(params = {}) ⇒ Struct

Disassociates the specified member accounts from the associated administrator account.

Can be used to disassociate both accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Example: To disassociate member accounts from administrator account

# The following example dissociates the specified member accounts from the associated administrator account.

resp = client.disassociate_members({
  account_ids: [
    "123456789012", 
    "111122223333", 
  ], 
})

Request syntax with placeholder values

resp = client.disassociate_members({
  account_ids: ["NonEmptyString"], # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  The account IDs of the member accounts to disassociate from the administrator account.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5516

def disassociate_members(params = {}, options = {})
  req = build_request(:disassociate_members, params)
  req.send_request(options)
end

#enable_import_findings_for_product(params = {}) ⇒ Types::EnableImportFindingsForProductResponse

Enables the integration of a partner product with Security Hub CSPM. Integrated products send findings to Security Hub CSPM.

When you enable a product integration, a permissions policy that grants permission for the product to send findings to Security Hub CSPM is applied.

Examples:

Example: To activate an integration

# The following example activates an integration between Security Hub and a third party partner product that sends
# findings to Security Hub.

resp = client.enable_import_findings_for_product({
  product_arn: "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", 
})

resp.to_h outputs the following:
{
  product_subscription_arn: "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon", 
}

Request syntax with placeholder values

resp = client.enable_import_findings_for_product({
  product_arn: "NonEmptyString", # required
})

Response structure

resp.product_subscription_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :product_arn (required, String) —

  The ARN of the product to enable the integration for.

Returns:

• (Types::EnableImportFindingsForProductResponse) —

  Returns a response object which responds to the following methods:

  • #product_subscription_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5564

def enable_import_findings_for_product(params = {}, options = {})
  req = build_request(:enable_import_findings_for_product, params)
  req.send_request(options)
end

#enable_organization_admin_account(params = {}) ⇒ Types::EnableOrganizationAdminAccountResponse

Designates the Security Hub CSPM administrator account for an organization. Can only be called by the organization management account.

Examples:

Example: To designate a Security Hub administrator

# The following example designates the specified account as the Security Hub administrator account. The requesting account
# must be the organization management account.

resp = client.enable_organization_admin_account({
  admin_account_id: "123456789012", 
})

Request syntax with placeholder values

resp = client.enable_organization_admin_account({
  admin_account_id: "NonEmptyString", # required
  feature: "SecurityHub", # accepts SecurityHub, SecurityHubV2
})

Response structure

resp.admin_account_id #=> String
resp.feature #=> String, one of "SecurityHub", "SecurityHubV2"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :admin_account_id (required, String) —

  The Amazon Web Services account identifier of the account to designate as the Security Hub CSPM administrator account.

• :feature (String) —

  The feature for which the delegated admin account is enabled. Defaults to Security Hub CSPM if not specified.

Returns:

• (Types::EnableOrganizationAdminAccountResponse) —

  Returns a response object which responds to the following methods:

  • #admin_account_id => String

  • #feature => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5612

def enable_organization_admin_account(params = {}, options = {})
  req = build_request(:enable_organization_admin_account, params)
  req.send_request(options)
end

#enable_security_hub(params = {}) ⇒ Struct

Enables Security Hub CSPM for your account in the current Region or the Region you specify in the request.

When you enable Security Hub CSPM, you grant to Security Hub CSPM the permissions necessary to gather findings from other services that are integrated with Security Hub CSPM.

When you use the ‘EnableSecurityHub` operation to enable Security Hub CSPM, you also automatically enable the following standards:

• Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark v1.2.0

• Amazon Web Services Foundational Security Best Practices

Other standards are not automatically enabled.

To opt out of automatically enabled standards, set ‘EnableDefaultStandards` to `false`.

After you enable Security Hub CSPM, to enable a standard, use the ‘BatchEnableStandards` operation. To disable a standard, use the `BatchDisableStandards` operation.

To learn more, see the [setup information] in the *Security Hub CSPM User Guide*.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html

Examples:

Example: To activate Security Hub

# The following example activates the Security Hub service in the requesting AWS account. The service is activated in the
# current AWS Region or the Region that you specify in the request. Some standards are automatically turned on in your
# account unless you opt out. To determine which standards are automatically turned on, see the Security Hub
# documentation.

resp = client.enable_security_hub({
  enable_default_standards: true, 
  tags: {
    "Department" => "Security", 
  }, 
})

Request syntax with placeholder values

resp = client.enable_security_hub({
  tags: {
    "TagKey" => "TagValue",
  },
  enable_default_standards: false,
  control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :tags (Hash<String,String>) —

  The tags to add to the hub resource when you enable Security Hub CSPM.

• :enable_default_standards (Boolean) —

  Whether to enable the security standards that Security Hub CSPM has designated as automatically enabled. If you don’t provide a value for ‘EnableDefaultStandards`, it is set to `true`. To not enable the automatically enabled standards, set `EnableDefaultStandards` to `false`.

• :control_finding_generator (String) —

  This field, used when enabling Security Hub CSPM, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to ‘SECURITY_CONTROL`, Security Hub CSPM generates a single finding for a control check even when the check applies to multiple enabled standards.

  If the value for this field is set to ‘STANDARD_CONTROL`, Security Hub CSPM generates separate findings for a control check when the check applies to multiple enabled standards.

  The value for this field in a member account matches the value in the administrator account. For accounts that aren’t part of an organization, the default value of this field is ‘SECURITY_CONTROL` if you enabled Security Hub CSPM on or after February 23, 2023.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5705

def enable_security_hub(params = {}, options = {})
  req = build_request(:enable_security_hub, params)
  req.send_request(options)
end

#enable_security_hub_v2(params = {}) ⇒ Types::EnableSecurityHubV2Response

Enables the service in account for the current Amazon Web Services Region or specified Amazon Web Services Region.

Examples:

Request syntax with placeholder values

resp = client.enable_security_hub_v2({
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure

resp.hub_v2_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :tags (Hash<String,String>) —

  The tags to add to the hub V2 resource when you enable Security Hub.

Returns:

• (Types::EnableSecurityHubV2Response) —

  Returns a response object which responds to the following methods:

  • #hub_v2_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5736

def enable_security_hub_v2(params = {}, options = {})
  req = build_request(:enable_security_hub_v2, params)
  req.send_request(options)
end

#generate_recommended_policy_v2(params = {}) ⇒ Struct

Begins the recommended policy generation to remediate a Security Hub finding. ‘GenerateRecommendedPolicyV2` only supports findings for unused permissions.

Examples:

Request syntax with placeholder values

resp = client.generate_recommended_policy_v2({
  metadata_uid: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :metadata_uid (required, String) —

  The unique identifier (ID) of Security Hub OCSF findings found under the ‘metadata.uid` field of the finding.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5761

def generate_recommended_policy_v2(params = {}, options = {})
  req = build_request(:generate_recommended_policy_v2, params)
  req.send_request(options)
end

#get_administrator_account(params = {}) ⇒ Types::GetAdministratorAccountResponse

Provides the details for the Security Hub CSPM administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Example: To get details about the Security Hub administrator account

# The following example provides details about the Security Hub administrator account for the requesting member account.

resp = client.get_administrator_account({
})

resp.to_h outputs the following:
{
  administrator: {
    account_id: "123456789012", 
    invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb", 
    invited_at: Time.parse("2020-06-01T20:21:18.042000+00:00"), 
    member_status: "ASSOCIATED", 
  }, 
}

Response structure

resp.administrator.account_id #=> String
resp.administrator.invitation_id #=> String
resp.administrator.invited_at #=> Time
resp.administrator.member_status #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::GetAdministratorAccountResponse) —

  Returns a response object which responds to the following methods:

  • #administrator => Types::Invitation

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5805

def get_administrator_account(params = {}, options = {})
  req = build_request(:get_administrator_account, params)
  req.send_request(options)
end

#get_aggregator_v2(params = {}) ⇒ Types::GetAggregatorV2Response

Returns the configuration of the specified Aggregator V2.

Examples:

Request syntax with placeholder values

resp = client.get_aggregator_v2({
  aggregator_v2_arn: "NonEmptyString", # required
})

Response structure

resp.aggregator_v2_arn #=> String
resp.aggregation_region #=> String
resp.region_linking_mode #=> String
resp.linked_regions #=> Array
resp.linked_regions[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :aggregator_v2_arn (required, String) —

  The ARN of the Aggregator V2.

Returns:

• (Types::GetAggregatorV2Response) —

  Returns a response object which responds to the following methods:

  • #aggregator_v2_arn => String

  • #aggregation_region => String

  • #region_linking_mode => String

  • #linked_regions => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5840

def get_aggregator_v2(params = {}, options = {})
  req = build_request(:get_aggregator_v2, params)
  req.send_request(options)
end

#get_automation_rule_v2(params = {}) ⇒ Types::GetAutomationRuleV2Response

Returns an automation rule for the V2 service.

Examples:

Request syntax with placeholder values

resp = client.get_automation_rule_v2({
  identifier: "NonEmptyString", # required
})

Response structure

resp.rule_arn #=> String
resp.rule_id #=> String
resp.rule_order #=> Float
resp.rule_name #=> String
resp.rule_status #=> String, one of "ENABLED", "DISABLED"
resp.description #=> String
resp.criteria.ocsf_finding_criteria.composite_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters[0].field_name #=> String, one of "metadata.uid", "activity_name", "cloud.account.uid", "cloud.provider", "cloud.region", "compliance.assessments.category", "compliance.assessments.name", "compliance.control", "compliance.status", "compliance.standards", "finding_info.desc", "finding_info.src_url", "finding_info.title", "finding_info.types", "finding_info.uid", "finding_info.related_events.traits.category", "finding_info.related_events.uid", "finding_info.related_events.product.uid", "finding_info.related_events.title", "metadata.product.name", "metadata.product.uid", "metadata.product.vendor_name", "remediation.desc", "remediation.references", "resources.cloud_partition", "resources.region", "resources.type", "resources.uid", "severity", "status", "comment", "vulnerabilities.fix_coverage", "class_name", "databucket.encryption_details.algorithm", "databucket.encryption_details.key_uid", "databucket.file.data_classifications.classifier_details.type", "evidences.actor.user.account.uid", "evidences.api.operation", "evidences.api.response.error_message", "evidences.api.service.name", "evidences.connection_info.direction", "evidences.connection_info.protocol_name", "evidences.dst_endpoint.autonomous_system.name", "evidences.dst_endpoint.location.city", "evidences.dst_endpoint.location.country", "evidences.src_endpoint.autonomous_system.name", "evidences.src_endpoint.hostname", "evidences.src_endpoint.location.city", "evidences.src_endpoint.location.country", "finding_info.analytic.name", "malware.name", "malware_scan_info.uid", "malware.severity", "resources.cloud_function.layers.uid_alt", "resources.cloud_function.runtime", "resources.cloud_function.user.uid", "resources.device.encryption_details.key_uid", "resources.device.image.uid", "resources.image.architecture", "resources.image.registry_uid", "resources.image.repository_name", "resources.image.uid", "resources.subnet_info.uid", "resources.vpc_uid", "vulnerabilities.affected_code.file.path", "vulnerabilities.affected_packages.name", "vulnerabilities.cve.epss.score", "vulnerabilities.cve.uid", "vulnerabilities.related_vulnerabilities", "cloud.account.name", "vendor_attributes.severity"
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters[0].filter.value #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].string_filters[0].filter.comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].field_name #=> String, one of "finding_info.created_time_dt", "finding_info.first_seen_time_dt", "finding_info.last_seen_time_dt", "finding_info.modified_time_dt", "resources.image.created_time_dt", "resources.image.last_used_time_dt", "resources.modified_time_dt"
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.start #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.end #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.date_range.value #=> Integer
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.date_range.unit #=> String, one of "DAYS"
resp.criteria.ocsf_finding_criteria.composite_filters[0].date_filters[0].filter.date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.criteria.ocsf_finding_criteria.composite_filters[0].boolean_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].boolean_filters[0].field_name #=> String, one of "compliance.assessments.meets_criteria", "vulnerabilities.is_exploit_available", "vulnerabilities.is_fix_available"
resp.criteria.ocsf_finding_criteria.composite_filters[0].boolean_filters[0].filter.value #=> Boolean
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].field_name #=> String, one of "activity_id", "compliance.status_id", "confidence_score", "severity_id", "status_id", "finding_info.related_events_count", "evidences.api.response.code", "evidences.dst_endpoint.autonomous_system.number", "evidences.dst_endpoint.port", "evidences.src_endpoint.autonomous_system.number", "evidences.src_endpoint.port", "resources.image.in_use_count", "vulnerabilities.cve.cvss.base_score", "vendor_attributes.severity_id"
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.gte #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.lte #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.eq #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.gt #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].number_filters[0].filter.lt #=> Float
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].field_name #=> String, one of "resources.tags", "compliance.control_parameters", "databucket.tags", "finding_info.tags"
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].filter.key #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].filter.value #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].map_filters[0].filter.comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.criteria.ocsf_finding_criteria.composite_filters[0].ip_filters #=> Array
resp.criteria.ocsf_finding_criteria.composite_filters[0].ip_filters[0].field_name #=> String, one of "evidences.dst_endpoint.ip", "evidences.src_endpoint.ip"
resp.criteria.ocsf_finding_criteria.composite_filters[0].ip_filters[0].filter.cidr #=> String
resp.criteria.ocsf_finding_criteria.composite_filters[0].nested_composite_filters #=> Types::CompositeFilterList
resp.criteria.ocsf_finding_criteria.composite_filters[0].operator #=> String, one of "AND", "OR"
resp.criteria.ocsf_finding_criteria.composite_operator #=> String, one of "AND", "OR"
resp.actions #=> Array
resp.actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE", "EXTERNAL_INTEGRATION"
resp.actions[0].finding_fields_update.severity_id #=> Integer
resp.actions[0].finding_fields_update.comment #=> String
resp.actions[0].finding_fields_update.status_id #=> Integer
resp.actions[0].external_integration_configuration.connector_arn #=> String
resp.created_at #=> Time
resp.updated_at #=> Time

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :identifier (required, String) —

  The ARN of the V2 automation rule.

Returns:

• (Types::GetAutomationRuleV2Response) —

  Returns a response object which responds to the following methods:

  • #rule_arn => String

  • #rule_id => String

  • #rule_order => Float

  • #rule_name => String

  • #rule_status => String

  • #description => String

  • #criteria => Types::Criteria

  • #actions => Array&lt;Types::AutomationRulesActionV2&gt;

  • #created_at => Time

  • #updated_at => Time

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 5923

def get_automation_rule_v2(params = {}, options = {})
  req = build_request(:get_automation_rule_v2, params)
  req.send_request(options)
end

#get_configuration_policy(params = {}) ⇒ Types::GetConfigurationPolicyResponse

Provides information about a configuration policy. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To get details about a configuration policy

# This operation provides details about the specified configuration policy.

resp = client.get_configuration_policy({
  identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 14, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  created_at: Time.parse("2023-01-11T06:17:17.154Z"), 
  description: "Configuration policy for testing FSBP and CIS", 
  id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values

resp = client.get_configuration_policy({
  identifier: "NonEmptyString", # required
})

Response structure

resp.arn #=> String
resp.id #=> String
resp.name #=> String
resp.description #=> String
resp.updated_at #=> Time
resp.created_at #=> Time
resp.configuration_policy.security_hub.service_enabled #=> Boolean
resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :identifier (required, String) —

  The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Returns:

• (Types::GetConfigurationPolicyResponse) —

  Returns a response object which responds to the following methods:

  • #arn => String

  • #id => String

  • #name => String

  • #description => String

  • #updated_at => Time

  • #created_at => Time

  • #configuration_policy => Types::Policy

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6033

def get_configuration_policy(params = {}, options = {})
  req = build_request(:get_configuration_policy, params)
  req.send_request(options)
end

#get_configuration_policy_association(params = {}) ⇒ Types::GetConfigurationPolicyAssociationResponse

Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To get details about a configuration association

# This operation provides details about configuration associations for a specific target account, organizational unit, or
# the root.

resp = client.get_configuration_policy_association({
  target: {
    account_id: "111122223333", 
  }, 
})

resp.to_h outputs the following:
{
  association_status: "FAILED", 
  association_status_message: "Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn't be applied to account 111122223333 in us-east-1 Region. Retry your request.", 
  association_type: "INHERITED", 
  configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  target_id: "111122223333", 
  target_type: "ACCOUNT", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values

resp = client.get_configuration_policy_association({
  target: { # required
    account_id: "NonEmptyString",
    organizational_unit_id: "NonEmptyString",
    root_id: "NonEmptyString",
  },
})

Response structure

resp.configuration_policy_id #=> String
resp.target_id #=> String
resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.association_type #=> String, one of "INHERITED", "APPLIED"
resp.updated_at #=> Time
resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.association_status_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :target (required, Types::Target) —

  The target account ID, organizational unit ID, or the root ID to retrieve the association for.

Returns:

• (Types::GetConfigurationPolicyAssociationResponse) —

  Returns a response object which responds to the following methods:

  • #configuration_policy_id => String

  • #target_id => String

  • #target_type => String

  • #association_type => String

  • #updated_at => Time

  • #association_status => String

  • #association_status_message => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6105

def get_configuration_policy_association(params = {}, options = {})
  req = build_request(:get_configuration_policy_association, params)
  req.send_request(options)
end

#get_connector_v2(params = {}) ⇒ Types::GetConnectorV2Response

Grants permission to retrieve details for a connectorV2 based on connector id.

Examples:

Request syntax with placeholder values

resp = client.get_connector_v2({
  connector_id: "NonEmptyString", # required
})

Response structure

resp.connector_arn #=> String
resp.connector_id #=> String
resp.name #=> String
resp.description #=> String
resp.kms_key_arn #=> String
resp.created_at #=> Time
resp.last_updated_at #=> Time
resp.health.connector_status #=> String, one of "CONNECTED", "FAILED_TO_CONNECT", "PENDING_CONFIGURATION", "PENDING_AUTHORIZATION"
resp.health.message #=> String
resp.health.last_checked_at #=> Time
resp.provider_detail.jira_cloud.cloud_id #=> String
resp.provider_detail.jira_cloud.project_key #=> String
resp.provider_detail.jira_cloud.domain #=> String
resp.provider_detail.jira_cloud.auth_url #=> String
resp.provider_detail.jira_cloud.auth_status #=> String, one of "ACTIVE", "FAILED"
resp.provider_detail.service_now.instance_name #=> String
resp.provider_detail.service_now.secret_arn #=> String
resp.provider_detail.service_now.auth_status #=> String, one of "ACTIVE", "FAILED"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :connector_id (required, String) —

  The UUID of the connectorV2 to identify connectorV2 resource.

Returns:

• (Types::GetConnectorV2Response) —

  Returns a response object which responds to the following methods:

  • #connector_arn => String

  • #connector_id => String

  • #name => String

  • #description => String

  • #kms_key_arn => String

  • #created_at => Time

  • #last_updated_at => Time

  • #health => Types::HealthCheck

  • #provider_detail => Types::ProviderDetail

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6159

def get_connector_v2(params = {}, options = {})
  req = build_request(:get_connector_v2, params)
  req.send_request(options)
end

#get_enabled_standards(params = {}) ⇒ Types::GetEnabledStandardsResponse

Returns a list of the standards that are currently enabled.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To return a list of enabled standards

# The following example returns a list of Security Hub standards that are currently enabled in your account.  

resp = client.get_enabled_standards({
  standards_subscription_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
  ], 
})

resp.to_h outputs the following:
{
  standards_subscriptions: [
    {
      standards_arn: "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", 
      standards_input: {
      }, 
      standards_status: "READY", 
      standards_subscription_arn: "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.get_enabled_standards({
  standards_subscription_arns: ["NonEmptyString"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.standards_subscriptions #=> Array
resp.standards_subscriptions[0].standards_subscription_arn #=> String
resp.standards_subscriptions[0].standards_arn #=> String
resp.standards_subscriptions[0].standards_input #=> Hash
resp.standards_subscriptions[0].standards_input["NonEmptyString"] #=> String
resp.standards_subscriptions[0].standards_status #=> String, one of "PENDING", "READY", "FAILED", "DELETING", "INCOMPLETE"
resp.standards_subscriptions[0].standards_controls_updatable #=> String, one of "READY_FOR_UPDATES", "NOT_READY_FOR_UPDATES"
resp.standards_subscriptions[0].standards_status_reason.status_reason_code #=> String, one of "NO_AVAILABLE_CONFIGURATION_RECORDER", "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR"
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_subscription_arns (Array<String>) —

  The list of the standards subscription ARNs for the standards to retrieve.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘GetEnabledStandards` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of results to return in the response.

Returns:

• (Types::GetEnabledStandardsResponse) —

  Returns a response object which responds to the following methods:

  • #standards_subscriptions => Array&lt;Types::StandardsSubscription&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6237

def get_enabled_standards(params = {}, options = {})
  req = build_request(:get_enabled_standards, params)
  req.send_request(options)
end

#get_finding_aggregator(params = {}) ⇒ Types::GetFindingAggregatorResponse

<note markdown=“1”> The *aggregation Region* is now called the *home Region*.

</note>

Returns the current configuration in the calling account for cross-Region aggregation. A finding aggregator is a resource that establishes the home Region and any linked Regions.

Examples:

Example: To get cross-Region aggregation details

# The following example returns cross-Region aggregation details for the requesting account. 

resp = client.get_finding_aggregator({
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  finding_aggregation_region: "us-east-1", 
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
}

Request syntax with placeholder values

resp = client.get_finding_aggregator({
  finding_aggregator_arn: "NonEmptyString", # required
})

Response structure

resp.finding_aggregator_arn #=> String
resp.finding_aggregation_region #=> String
resp.region_linking_mode #=> String
resp.regions #=> Array
resp.regions[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :finding_aggregator_arn (required, String) —

  The ARN of the finding aggregator to return details for. To obtain the ARN, use ‘ListFindingAggregators`.

Returns:

• (Types::GetFindingAggregatorResponse) —

  Returns a response object which responds to the following methods:

  • #finding_aggregator_arn => String

  • #finding_aggregation_region => String

  • #region_linking_mode => String

  • #regions => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6299

def get_finding_aggregator(params = {}, options = {})
  req = build_request(:get_finding_aggregator, params)
  req.send_request(options)
end

#get_finding_history(params = {}) ⇒ Types::GetFindingHistoryResponse

Returns the history of a Security Hub CSPM finding. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF) except top-level timestamp fields, such as the ‘CreatedAt` and `UpdatedAt` fields.

This operation might return fewer results than the maximum number of results (‘MaxResults`) specified in a request, even when more results are available. If this occurs, the response includes a `NextToken` value, which you should use to retrieve the next set of results in the response. The presence of a `NextToken` value in a response doesn’t necessarily indicate that the results are incomplete. However, you should continue to specify a ‘NextToken` value until you receive a response that doesn’t include this value.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get finding history

# The following example retrieves the history of the specified finding during the specified time frame. If the time frame
# permits, Security Hub returns finding history for the last 90 days.

resp = client.get_finding_history({
  end_time: Time.parse("2021-09-31T15:53:35.573Z"), 
  finding_identifier: {
    id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    product_arn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", 
  }, 
  max_results: 2, 
  start_time: Time.parse("2021-09-30T15:53:35.573Z"), 
})

resp.to_h outputs the following:
{
  records: [
    {
      finding_created: false, 
      finding_identifier: {
        id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
        product_arn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", 
      }, 
      update_source: {
        identity: "arn:aws:iam::444455556666:role/Admin", 
        type: "BATCH_UPDATE_FINDINGS", 
      }, 
      update_time: Time.parse("2021-09-31T15:52:25.573Z"), 
      updates: [
        {
          new_value: "MEDIUM", 
          old_value: "HIGH", 
          updated_field: "Severity", 
        }, 
      ], 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.get_finding_history({
  finding_identifier: { # required
    id: "NonEmptyString", # required
    product_arn: "NonEmptyString", # required
  },
  start_time: Time.now,
  end_time: Time.now,
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.records #=> Array
resp.records[0].finding_identifier.id #=> String
resp.records[0].finding_identifier.product_arn #=> String
resp.records[0].update_time #=> Time
resp.records[0].finding_created #=> Boolean
resp.records[0].update_source.type #=> String, one of "BATCH_UPDATE_FINDINGS", "BATCH_IMPORT_FINDINGS"
resp.records[0].update_source.identity #=> String
resp.records[0].updates #=> Array
resp.records[0].updates[0].updated_field #=> String
resp.records[0].updates[0].old_value #=> String
resp.records[0].updates[0].new_value #=> String
resp.records[0].next_token #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :finding_identifier (required, Types::AwsSecurityFindingIdentifier) —

  Identifies which finding to get the finding history for.

• :start_time (Time, DateTime, Date, Integer, String) —

  A timestamp that indicates the start time of the requested finding history.

  If you provide values for both ‘StartTime` and `EndTime`, Security Hub CSPM returns finding history for the specified time period. If you provide a value for `StartTime` but not for `EndTime`, Security Hub CSPM returns finding history from the `StartTime` to the time at which the API is called. If you provide a value for `EndTime` but not for `StartTime`, Security Hub CSPM returns finding history from the

  CreatedAt][1

  timestamp of the finding to the ‘EndTime`. If you

  provide neither ‘StartTime` nor `EndTime`, Security Hub CSPM returns finding history from the `CreatedAt` timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

  For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see [Timestamps].

  [1]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt [2]: docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps

• :end_time (Time, DateTime, Date, Integer, String) —

  An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

  If you provide values for both ‘StartTime` and `EndTime`, Security Hub CSPM returns finding history for the specified time period. If you provide a value for `StartTime` but not for `EndTime`, Security Hub CSPM returns finding history from the `StartTime` to the time at which the API is called. If you provide a value for `EndTime` but not for `StartTime`, Security Hub CSPM returns finding history from the

  CreatedAt][1

  timestamp of the finding to the ‘EndTime`. If you

  provide neither ‘StartTime` nor `EndTime`, Security Hub CSPM returns finding history from the `CreatedAt` timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

  For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see [Timestamps].

  [1]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt [2]: docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps

• :next_token (String) —

  A token for pagination purposes. Provide ‘NULL` as the initial value. In subsequent requests, provide the token included in the response to get up to an additional 100 results of finding history. If you don’t provide `NextToken`, Security Hub CSPM returns up to 100 results of finding history for each request.

• :max_results (Integer) —

  The maximum number of results to be returned. If you don’t provide it, Security Hub CSPM returns up to 100 results of finding history.

Returns:

• (Types::GetFindingHistoryResponse) —

  Returns a response object which responds to the following methods:

  • #records => Array&lt;Types::FindingHistoryRecord&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6461

def get_finding_history(params = {}, options = {})
  req = build_request(:get_finding_history, params)
  req.send_request(options)
end

#get_finding_statistics_v2(params = {}) ⇒ Types::GetFindingStatisticsV2Response

Returns aggregated statistical data about findings.

You can use the ‘Scopes` parameter to define the data boundary for the query. Currently, `Scopes` supports `AwsOrganizations`, which lets you aggregate findings from your entire organization or from specific organizational units. Only the delegated administrator account can use `Scopes`.

‘GetFindingStatisticsV2` uses `securityhub:GetAdhocInsightResults` in the `Action` element of an IAM policy statement. You must have permission to perform the `securityhub:GetAdhocInsightResults` action.

Examples:

Request syntax with placeholder values

resp = client.get_finding_statistics_v2({
  group_by_rules: [ # required
    {
      filters: {
        composite_filters: [
          {
            string_filters: [
              {
                field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
                filter: {
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
                },
              },
            ],
            date_filters: [
              {
                field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
                filter: {
                  start: "NonEmptyString",
                  end: "NonEmptyString",
                  date_range: {
                    value: 1,
                    unit: "DAYS", # accepts DAYS
                    comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                  },
                },
              },
            ],
            boolean_filters: [
              {
                field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
                filter: {
                  value: false,
                },
              },
            ],
            number_filters: [
              {
                field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
                filter: {
                  gte: 1.0,
                  lte: 1.0,
                  eq: 1.0,
                  gt: 1.0,
                  lt: 1.0,
                },
              },
            ],
            map_filters: [
              {
                field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
                filter: {
                  key: "NonEmptyString",
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
                },
              },
            ],
            ip_filters: [
              {
                field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
                filter: {
                  cidr: "NonEmptyString",
                },
              },
            ],
            nested_composite_filters: {
              # recursive CompositeFilterList
            },
            operator: "AND", # accepts AND, OR
          },
        ],
        composite_operator: "AND", # accepts AND, OR
      },
      group_by_field: "activity_name", # required, accepts activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.name, compliance.status, compliance.control, finding_info.title, finding_info.related_events.traits.category, finding_info.types, metadata.product.name, metadata.product.uid, resources.type, resources.uid, severity, status, vulnerabilities.fix_coverage, class_name, vulnerabilities.affected_packages.name, finding_info.analytic.name, compliance.standards, cloud.account.name, vendor_attributes.severity, metadata.product.vendor_name
    },
  ],
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_order: "asc", # accepts asc, desc
  max_statistic_results: 1,
})

Response structure

resp.group_by_results #=> Array
resp.group_by_results[0].group_by_field #=> String
resp.group_by_results[0].group_by_values #=> Array
resp.group_by_results[0].group_by_values[0].field_value #=> String
resp.group_by_results[0].group_by_values[0].count #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :group_by_rules (required, Array<Types::GroupByRule>) —

  Specifies how security findings should be aggregated and organized in the statistical analysis. It can accept up to 5 ‘groupBy` fields in a single call.

• :scopes (Types::FindingScopes) —

  Limits the results to findings from specific organizational units or from the delegated administrator’s organization. Only the delegated administrator account can use this parameter. Other accounts receive an ‘AccessDeniedException`.

  This parameter is optional. If you omit it, the delegated administrator sees statistics from all accounts across the entire organization. Other accounts see only statistics for their own findings.

  You can specify up to 10 entries in ‘Scopes.AwsOrganizations`. If multiple entries are specified, the entries are combined using OR logic.

• :sort_order (String) —

  Orders the aggregation count in descending or ascending order. Descending order is the default.

• :max_statistic_results (Integer) —

  The maximum number of results to be returned.

Returns:

• (Types::GetFindingStatisticsV2Response) —

  Returns a response object which responds to the following methods:

  • #group_by_results => Array&lt;Types::GroupByResult&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 6613

def get_finding_statistics_v2(params = {}, options = {})
  req = build_request(:get_finding_statistics_v2, params)
  req.send_request(options)
end

#get_findings(params = {}) ⇒ Types::GetFindingsResponse

Returns a list of findings that match the specified criteria.

If cross-Region aggregation is enabled, then when you call ‘GetFindings` from the home Region, the results include all of the matching findings from both the home Region and linked Regions.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get a list of findings

# The following example returns a filtered and sorted list of Security Hub findings.

resp = client.get_findings({
  filters: {
    aws_account_id: [
      {
        comparison: "PREFIX", 
        value: "123456789012", 
      }, 
    ], 
  }, 
  max_results: 1, 
})

resp.to_h outputs the following:
{
  findings: [
    {
      aws_account_id: "123456789012", 
      company_name: "AWS", 
      compliance: {
        associated_standards: [
          {
            standards_id: "standards/aws-foundational-security-best-practices/v/1.0.0", 
          }, 
          {
            standards_id: "standards/pci-dss/v/3.2.1", 
          }, 
          {
            standards_id: "ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
          }, 
          {
            standards_id: "standards/cis-aws-foundations-benchmark/v/1.4.0", 
          }, 
          {
            standards_id: "standards/service-managed-aws-control-tower/v/1.0.0", 
          }, 
        ], 
        related_requirements: [
          "PCI DSS v3.2.1/3.4", 
          "CIS AWS Foundations Benchmark v1.2.0/2.7", 
          "CIS AWS Foundations Benchmark v1.4.0/3.7", 
        ], 
        security_control_id: "CloudTrail.2", 
        status: "FAILED", 
      }, 
      created_at: "2022-10-06T02:18:23.076Z", 
      description: "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.", 
      finding_provider_fields: {
        severity: {
          label: "MEDIUM", 
          original: "MEDIUM", 
        }, 
        types: [
          "Software and Configuration Checks/Industry and Regulatory Standards", 
        ], 
      }, 
      first_observed_at: "2022-10-06T02:18:23.076Z", 
      generator_id: "security-control/CloudTrail.2", 
      id: "arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      last_observed_at: "2022-10-28T16:10:06.956Z", 
      product_arn: "arn:aws:securityhub:us-east-2::product/aws/securityhub", 
      product_fields: {
        "RelatedAWSResources:0/name" => "securityhub-cloud-trail-encryption-enabled-fe95bf3f", 
        "RelatedAWSResources:0/type" => "AWS::Config::ConfigRule", 
        "Resources:0/Id" => "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT", 
        "aws/securityhub/CompanyName" => "AWS", 
        "aws/securityhub/FindingId" => "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
        "aws/securityhub/ProductName" => "Security Hub", 
      }, 
      product_name: "Security Hub", 
      record_state: "ACTIVE", 
      region: "us-east-2", 
      remediation: {
        recommendation: {
          text: "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", 
          url: "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", 
        }, 
      }, 
      resources: [
        {
          id: "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT", 
          partition: "aws", 
          region: "us-east-2", 
          type: "AwsCloudTrailTrail", 
        }, 
      ], 
      schema_version: "2018-10-08", 
      severity: {
        label: "MEDIUM", 
        normalized: 40, 
        original: "MEDIUM", 
      }, 
      title: "CloudTrail should have encryption at-rest enabled", 
      types: [
        "Software and Configuration Checks/Industry and Regulatory Standards", 
      ], 
      updated_at: "2022-10-28T16:10:00.093Z", 
      workflow: {
        status: "NEW", 
      }, 
      workflow_state: "NEW", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.get_findings({
  filters: {
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  sort_criteria: [
    {
      field: "NonEmptyString",
      sort_order: "asc", # accepts asc, desc
    },
  ],
  next_token: "NextToken",
  max_results: 1,
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filters (Types::AwsSecurityFindingFilters) —

  The finding attributes used to define a condition to filter the returned findings.

  You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

  Note that in the available filter fields, ‘WorkflowState` is deprecated. To search for a finding based on its workflow status, use `WorkflowStatus`.

• :sort_criteria (Array<Types::SortCriterion>) —

  The finding attributes used to sort the list of returned findings.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘GetFindings` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of findings to return.

Returns:

• (Types::GetFindingsResponse) —

  Returns a response object which responds to the following methods:

  • #findings => Array&lt;Types::AwsSecurityFinding&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 7489

def get_findings(params = {}, options = {})
  req = build_request(:get_findings, params)
  req.send_request(options)
end

#get_findings_trends_v2(params = {}) ⇒ Types::GetFindingsTrendsV2Response

Returns findings trend data based on the specified criteria. This operation helps you analyze patterns and changes in findings over time.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_findings_trends_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "account_id", # accepts account_id, region, finding_types, finding_status, finding_cve_ids, finding_compliance_status, finding_control_id, finding_class_name, finding_provider, finding_activity_name
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        nested_composite_filters: {
          # recursive FindingsTrendsCompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  start_time: Time.now, # required
  end_time: Time.now, # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.granularity #=> String, one of "Daily", "Weekly", "Monthly"
resp.trends_metrics #=> Array
resp.trends_metrics[0].timestamp #=> Time
resp.trends_metrics[0].trends_values.severity_trends.unknown #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.informational #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.low #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.medium #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.high #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.critical #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.fatal #=> Integer
resp.trends_metrics[0].trends_values.severity_trends.other #=> Integer
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filters (Types::FindingsTrendsFilters) —

  The filters to apply to the findings trend data.

• :start_time (required, Time, DateTime, Date, Integer, String) —

  The starting timestamp for the time period to analyze findings trends, in ISO 8601 format.

• :end_time (required, Time, DateTime, Date, Integer, String) —

  The ending timestamp for the time period to analyze findings trends, in ISO 8601 format.

• :next_token (String) —

  The token to use for paginating results. This value is returned in the response if more results are available.

• :max_results (Integer) —

  The maximum number of trend data points to return in a single response.

Returns:

• (Types::GetFindingsTrendsV2Response) —

  Returns a response object which responds to the following methods:

  • #granularity => String

  • #trends_metrics => Array&lt;Types::TrendsMetricsResult&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 7573

def get_findings_trends_v2(params = {}, options = {})
  req = build_request(:get_findings_trends_v2, params)
  req.send_request(options)
end

#get_findings_v2(params = {}) ⇒ Types::GetFindingsV2Response

Returns a list of findings that match the specified criteria.

You can use the ‘Scopes` parameter to define the data boundary for the query. Currently, `Scopes` supports `AwsOrganizations`, which lets you retrieve findings from your entire organization or from specific organizational units. Only the delegated administrator account can use `Scopes`.

You can use the ‘Filters` parameter to refine results based on finding attributes. You can use `Scopes` and `Filters` independently or together. When both are provided, `Scopes` narrows the data set first, and then `Filters` refines results within that scoped data set.

‘GetFindings` and `GetFindingsV2` both use `securityhub:GetFindings` in the `Action` element of an IAM policy statement. You must have permission to perform the `securityhub:GetFindings` action.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_findings_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        date_filters: [
          {
            field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
            filter: {
              start: "NonEmptyString",
              end: "NonEmptyString",
              date_range: {
                value: 1,
                unit: "DAYS", # accepts DAYS
                comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
              },
            },
          },
        ],
        boolean_filters: [
          {
            field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
            filter: {
              value: false,
            },
          },
        ],
        number_filters: [
          {
            field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
            filter: {
              gte: 1.0,
              lte: 1.0,
              eq: 1.0,
              gt: 1.0,
              lt: 1.0,
            },
          },
        ],
        map_filters: [
          {
            field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
            filter: {
              key: "NonEmptyString",
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
            },
          },
        ],
        ip_filters: [
          {
            field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
            filter: {
              cidr: "NonEmptyString",
            },
          },
        ],
        nested_composite_filters: {
          # recursive CompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_criteria: [
    {
      field: "NonEmptyString",
      sort_order: "asc", # accepts asc, desc
    },
  ],
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.findings #=> Array
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filters (Types::OcsfFindingFilters) —

  The finding attributes used to define a condition to filter the returned OCSF findings. You can filter up to 10 composite filters. For each filter type inside of a composite filter, you can provide up to 20 filters.

• :scopes (Types::FindingScopes) —

  Limits the results to findings from specific organizational units or from the delegated administrator’s organization. Only the delegated administrator account can use this parameter. Other accounts receive an ‘AccessDeniedException`.

  This parameter is optional. If you omit it, the delegated administrator sees findings from all accounts across the entire organization. Other accounts see only their own findings.

  You can specify up to 10 entries in ‘Scopes.AwsOrganizations`. If multiple entries are specified, the entries are combined using OR logic.

• :sort_criteria (Array<Types::SortCriterion>) —

  The finding attributes used to sort the list of returned findings.

• :next_token (String) —

  The token required for pagination. On your first call, set the value of this parameter to ‘NULL`. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::GetFindingsV2Response) —

  Returns a response object which responds to the following methods:

  • #findings => Array&lt;Hash,Array,String,Numeric,Boolean&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 7736

def get_findings_v2(params = {}, options = {})
  req = build_request(:get_findings_v2, params)
  req.send_request(options)
end

#get_insight_results(params = {}) ⇒ Types::GetInsightResultsResponse

Lists the results of the Security Hub CSPM insight specified by the insight ARN.

Examples:

Example: To get the results of a Security Hub insight

# The following example returns the results of the Security Hub insight specified by the insight ARN.

resp = client.get_insight_results({
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
})

resp.to_h outputs the following:
{
  insight_results: {
    group_by_attribute: "ResourceId", 
    insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    result_values: [
      {
        count: 10, 
        group_by_attribute_value: "AWS::::Account:111122223333", 
      }, 
      {
        count: 3, 
        group_by_attribute_value: "AWS::::Account:444455556666", 
      }, 
    ], 
  }, 
}

Request syntax with placeholder values

resp = client.get_insight_results({
  insight_arn: "NonEmptyString", # required
})

Response structure

resp.insight_results.insight_arn #=> String
resp.insight_results.group_by_attribute #=> String
resp.insight_results.result_values #=> Array
resp.insight_results.result_values[0].group_by_attribute_value #=> String
resp.insight_results.result_values[0].count #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :insight_arn (required, String) —

  The ARN of the insight for which to return results.

Returns:

• (Types::GetInsightResultsResponse) —

  Returns a response object which responds to the following methods:

  • #insight_results => Types::InsightResults

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 7796

def get_insight_results(params = {}, options = {})
  req = build_request(:get_insight_results, params)
  req.send_request(options)
end

#get_insights(params = {}) ⇒ Types::GetInsightsResponse

Lists and describes insights for the specified insight ARNs.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To get details of a Security Hub insight

# The following example returns details of the Security Hub insight with the specified ARN.

resp = client.get_insights({
  insight_arns: [
    "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  ], 
})

resp.to_h outputs the following:
{
  insights: [
    {
      filters: {
        resource_type: [
          {
            comparison: "EQUALS", 
            value: "AwsIamRole", 
          }, 
        ], 
        severity_label: [
          {
            comparison: "EQUALS", 
            value: "CRITICAL", 
          }, 
        ], 
      }, 
      group_by_attribute: "ResourceId", 
      insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      name: "Critical role findings", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.get_insights({
  insight_arns: ["NonEmptyString"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.insights #=> Array
resp.insights[0].insight_arn #=> String
resp.insights[0].name #=> String
resp.insights[0].filters.product_arn #=> Array
resp.insights[0].filters.product_arn[0].value #=> String
resp.insights[0].filters.product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.aws_account_id #=> Array
resp.insights[0].filters.aws_account_id[0].value #=> String
resp.insights[0].filters.aws_account_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.id #=> Array
resp.insights[0].filters.id[0].value #=> String
resp.insights[0].filters.id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.generator_id #=> Array
resp.insights[0].filters.generator_id[0].value #=> String
resp.insights[0].filters.generator_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.region #=> Array
resp.insights[0].filters.region[0].value #=> String
resp.insights[0].filters.region[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.type #=> Array
resp.insights[0].filters.type[0].value #=> String
resp.insights[0].filters.type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.first_observed_at #=> Array
resp.insights[0].filters.first_observed_at[0].start #=> String
resp.insights[0].filters.first_observed_at[0].end #=> String
resp.insights[0].filters.first_observed_at[0].date_range.value #=> Integer
resp.insights[0].filters.first_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.first_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.last_observed_at #=> Array
resp.insights[0].filters.last_observed_at[0].start #=> String
resp.insights[0].filters.last_observed_at[0].end #=> String
resp.insights[0].filters.last_observed_at[0].date_range.value #=> Integer
resp.insights[0].filters.last_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.last_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.created_at #=> Array
resp.insights[0].filters.created_at[0].start #=> String
resp.insights[0].filters.created_at[0].end #=> String
resp.insights[0].filters.created_at[0].date_range.value #=> Integer
resp.insights[0].filters.created_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.created_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.updated_at #=> Array
resp.insights[0].filters.updated_at[0].start #=> String
resp.insights[0].filters.updated_at[0].end #=> String
resp.insights[0].filters.updated_at[0].date_range.value #=> Integer
resp.insights[0].filters.updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.severity_product #=> Array
resp.insights[0].filters.severity_product[0].gte #=> Float
resp.insights[0].filters.severity_product[0].lte #=> Float
resp.insights[0].filters.severity_product[0].eq #=> Float
resp.insights[0].filters.severity_product[0].gt #=> Float
resp.insights[0].filters.severity_product[0].lt #=> Float
resp.insights[0].filters.severity_normalized #=> Array
resp.insights[0].filters.severity_normalized[0].gte #=> Float
resp.insights[0].filters.severity_normalized[0].lte #=> Float
resp.insights[0].filters.severity_normalized[0].eq #=> Float
resp.insights[0].filters.severity_normalized[0].gt #=> Float
resp.insights[0].filters.severity_normalized[0].lt #=> Float
resp.insights[0].filters.severity_label #=> Array
resp.insights[0].filters.severity_label[0].value #=> String
resp.insights[0].filters.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.confidence #=> Array
resp.insights[0].filters.confidence[0].gte #=> Float
resp.insights[0].filters.confidence[0].lte #=> Float
resp.insights[0].filters.confidence[0].eq #=> Float
resp.insights[0].filters.confidence[0].gt #=> Float
resp.insights[0].filters.confidence[0].lt #=> Float
resp.insights[0].filters.criticality #=> Array
resp.insights[0].filters.criticality[0].gte #=> Float
resp.insights[0].filters.criticality[0].lte #=> Float
resp.insights[0].filters.criticality[0].eq #=> Float
resp.insights[0].filters.criticality[0].gt #=> Float
resp.insights[0].filters.criticality[0].lt #=> Float
resp.insights[0].filters.title #=> Array
resp.insights[0].filters.title[0].value #=> String
resp.insights[0].filters.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.description #=> Array
resp.insights[0].filters.description[0].value #=> String
resp.insights[0].filters.description[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.recommendation_text #=> Array
resp.insights[0].filters.recommendation_text[0].value #=> String
resp.insights[0].filters.recommendation_text[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.source_url #=> Array
resp.insights[0].filters.source_url[0].value #=> String
resp.insights[0].filters.source_url[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.product_fields #=> Array
resp.insights[0].filters.product_fields[0].key #=> String
resp.insights[0].filters.product_fields[0].value #=> String
resp.insights[0].filters.product_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.product_name #=> Array
resp.insights[0].filters.product_name[0].value #=> String
resp.insights[0].filters.product_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.company_name #=> Array
resp.insights[0].filters.company_name[0].value #=> String
resp.insights[0].filters.company_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.user_defined_fields #=> Array
resp.insights[0].filters.user_defined_fields[0].key #=> String
resp.insights[0].filters.user_defined_fields[0].value #=> String
resp.insights[0].filters.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.malware_name #=> Array
resp.insights[0].filters.malware_name[0].value #=> String
resp.insights[0].filters.malware_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.malware_type #=> Array
resp.insights[0].filters.malware_type[0].value #=> String
resp.insights[0].filters.malware_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.malware_path #=> Array
resp.insights[0].filters.malware_path[0].value #=> String
resp.insights[0].filters.malware_path[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.malware_state #=> Array
resp.insights[0].filters.malware_state[0].value #=> String
resp.insights[0].filters.malware_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_direction #=> Array
resp.insights[0].filters.network_direction[0].value #=> String
resp.insights[0].filters.network_direction[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_protocol #=> Array
resp.insights[0].filters.network_protocol[0].value #=> String
resp.insights[0].filters.network_protocol[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_source_ip_v4 #=> Array
resp.insights[0].filters.network_source_ip_v4[0].cidr #=> String
resp.insights[0].filters.network_source_ip_v6 #=> Array
resp.insights[0].filters.network_source_ip_v6[0].cidr #=> String
resp.insights[0].filters.network_source_port #=> Array
resp.insights[0].filters.network_source_port[0].gte #=> Float
resp.insights[0].filters.network_source_port[0].lte #=> Float
resp.insights[0].filters.network_source_port[0].eq #=> Float
resp.insights[0].filters.network_source_port[0].gt #=> Float
resp.insights[0].filters.network_source_port[0].lt #=> Float
resp.insights[0].filters.network_source_domain #=> Array
resp.insights[0].filters.network_source_domain[0].value #=> String
resp.insights[0].filters.network_source_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_source_mac #=> Array
resp.insights[0].filters.network_source_mac[0].value #=> String
resp.insights[0].filters.network_source_mac[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.network_destination_ip_v4 #=> Array
resp.insights[0].filters.network_destination_ip_v4[0].cidr #=> String
resp.insights[0].filters.network_destination_ip_v6 #=> Array
resp.insights[0].filters.network_destination_ip_v6[0].cidr #=> String
resp.insights[0].filters.network_destination_port #=> Array
resp.insights[0].filters.network_destination_port[0].gte #=> Float
resp.insights[0].filters.network_destination_port[0].lte #=> Float
resp.insights[0].filters.network_destination_port[0].eq #=> Float
resp.insights[0].filters.network_destination_port[0].gt #=> Float
resp.insights[0].filters.network_destination_port[0].lt #=> Float
resp.insights[0].filters.network_destination_domain #=> Array
resp.insights[0].filters.network_destination_domain[0].value #=> String
resp.insights[0].filters.network_destination_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.process_name #=> Array
resp.insights[0].filters.process_name[0].value #=> String
resp.insights[0].filters.process_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.process_path #=> Array
resp.insights[0].filters.process_path[0].value #=> String
resp.insights[0].filters.process_path[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.process_pid #=> Array
resp.insights[0].filters.process_pid[0].gte #=> Float
resp.insights[0].filters.process_pid[0].lte #=> Float
resp.insights[0].filters.process_pid[0].eq #=> Float
resp.insights[0].filters.process_pid[0].gt #=> Float
resp.insights[0].filters.process_pid[0].lt #=> Float
resp.insights[0].filters.process_parent_pid #=> Array
resp.insights[0].filters.process_parent_pid[0].gte #=> Float
resp.insights[0].filters.process_parent_pid[0].lte #=> Float
resp.insights[0].filters.process_parent_pid[0].eq #=> Float
resp.insights[0].filters.process_parent_pid[0].gt #=> Float
resp.insights[0].filters.process_parent_pid[0].lt #=> Float
resp.insights[0].filters.process_launched_at #=> Array
resp.insights[0].filters.process_launched_at[0].start #=> String
resp.insights[0].filters.process_launched_at[0].end #=> String
resp.insights[0].filters.process_launched_at[0].date_range.value #=> Integer
resp.insights[0].filters.process_launched_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.process_launched_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.process_terminated_at #=> Array
resp.insights[0].filters.process_terminated_at[0].start #=> String
resp.insights[0].filters.process_terminated_at[0].end #=> String
resp.insights[0].filters.process_terminated_at[0].date_range.value #=> Integer
resp.insights[0].filters.process_terminated_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.process_terminated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.threat_intel_indicator_type #=> Array
resp.insights[0].filters.threat_intel_indicator_type[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_value #=> Array
resp.insights[0].filters.threat_intel_indicator_value[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_category #=> Array
resp.insights[0].filters.threat_intel_indicator_category[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_category[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_last_observed_at #=> Array
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].start #=> String
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].end #=> String
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].date_range.value #=> Integer
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.threat_intel_indicator_last_observed_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.threat_intel_indicator_source #=> Array
resp.insights[0].filters.threat_intel_indicator_source[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_source[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.threat_intel_indicator_source_url #=> Array
resp.insights[0].filters.threat_intel_indicator_source_url[0].value #=> String
resp.insights[0].filters.threat_intel_indicator_source_url[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_type #=> Array
resp.insights[0].filters.resource_type[0].value #=> String
resp.insights[0].filters.resource_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_id #=> Array
resp.insights[0].filters.resource_id[0].value #=> String
resp.insights[0].filters.resource_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_partition #=> Array
resp.insights[0].filters.resource_partition[0].value #=> String
resp.insights[0].filters.resource_partition[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_region #=> Array
resp.insights[0].filters.resource_region[0].value #=> String
resp.insights[0].filters.resource_region[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_tags #=> Array
resp.insights[0].filters.resource_tags[0].key #=> String
resp.insights[0].filters.resource_tags[0].value #=> String
resp.insights[0].filters.resource_tags[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.resource_aws_ec2_instance_type #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_type[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_type[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_image_id #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_image_id[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_image_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_ip_v4_addresses #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_ip_v4_addresses[0].cidr #=> String
resp.insights[0].filters.resource_aws_ec2_instance_ip_v6_addresses #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_ip_v6_addresses[0].cidr #=> String
resp.insights[0].filters.resource_aws_ec2_instance_key_name #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_key_name[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_key_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_iam_instance_profile_arn #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_iam_instance_profile_arn[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_iam_instance_profile_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_vpc_id #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_vpc_id[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_vpc_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_subnet_id #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_subnet_id[0].value #=> String
resp.insights[0].filters.resource_aws_ec2_instance_subnet_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_ec2_instance_launched_at #=> Array
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].start #=> String
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].end #=> String
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].date_range.value #=> Integer
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.resource_aws_ec2_instance_launched_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.resource_aws_s3_bucket_owner_id #=> Array
resp.insights[0].filters.resource_aws_s3_bucket_owner_id[0].value #=> String
resp.insights[0].filters.resource_aws_s3_bucket_owner_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_s3_bucket_owner_name #=> Array
resp.insights[0].filters.resource_aws_s3_bucket_owner_name[0].value #=> String
resp.insights[0].filters.resource_aws_s3_bucket_owner_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_user_name #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_user_name[0].value #=> String
resp.insights[0].filters.resource_aws_iam_access_key_user_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_principal_name #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_principal_name[0].value #=> String
resp.insights[0].filters.resource_aws_iam_access_key_principal_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_status #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_status[0].value #=> String
resp.insights[0].filters.resource_aws_iam_access_key_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_aws_iam_access_key_created_at #=> Array
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].start #=> String
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].end #=> String
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].date_range.value #=> Integer
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.resource_aws_iam_access_key_created_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.resource_aws_iam_user_user_name #=> Array
resp.insights[0].filters.resource_aws_iam_user_user_name[0].value #=> String
resp.insights[0].filters.resource_aws_iam_user_user_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_name #=> Array
resp.insights[0].filters.resource_container_name[0].value #=> String
resp.insights[0].filters.resource_container_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_image_id #=> Array
resp.insights[0].filters.resource_container_image_id[0].value #=> String
resp.insights[0].filters.resource_container_image_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_image_name #=> Array
resp.insights[0].filters.resource_container_image_name[0].value #=> String
resp.insights[0].filters.resource_container_image_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_container_launched_at #=> Array
resp.insights[0].filters.resource_container_launched_at[0].start #=> String
resp.insights[0].filters.resource_container_launched_at[0].end #=> String
resp.insights[0].filters.resource_container_launched_at[0].date_range.value #=> Integer
resp.insights[0].filters.resource_container_launched_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.resource_container_launched_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.resource_details_other #=> Array
resp.insights[0].filters.resource_details_other[0].key #=> String
resp.insights[0].filters.resource_details_other[0].value #=> String
resp.insights[0].filters.resource_details_other[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
resp.insights[0].filters.compliance_status #=> Array
resp.insights[0].filters.compliance_status[0].value #=> String
resp.insights[0].filters.compliance_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.verification_state #=> Array
resp.insights[0].filters.verification_state[0].value #=> String
resp.insights[0].filters.verification_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.workflow_state #=> Array
resp.insights[0].filters.workflow_state[0].value #=> String
resp.insights[0].filters.workflow_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.workflow_status #=> Array
resp.insights[0].filters.workflow_status[0].value #=> String
resp.insights[0].filters.workflow_status[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.record_state #=> Array
resp.insights[0].filters.record_state[0].value #=> String
resp.insights[0].filters.record_state[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.related_findings_product_arn #=> Array
resp.insights[0].filters.related_findings_product_arn[0].value #=> String
resp.insights[0].filters.related_findings_product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.related_findings_id #=> Array
resp.insights[0].filters.related_findings_id[0].value #=> String
resp.insights[0].filters.related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.note_text #=> Array
resp.insights[0].filters.note_text[0].value #=> String
resp.insights[0].filters.note_text[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.note_updated_at #=> Array
resp.insights[0].filters.note_updated_at[0].start #=> String
resp.insights[0].filters.note_updated_at[0].end #=> String
resp.insights[0].filters.note_updated_at[0].date_range.value #=> Integer
resp.insights[0].filters.note_updated_at[0].date_range.unit #=> String, one of "DAYS"
resp.insights[0].filters.note_updated_at[0].date_range.comparison #=> String, one of "WITHIN", "OLDER_THAN"
resp.insights[0].filters.note_updated_by #=> Array
resp.insights[0].filters.note_updated_by[0].value #=> String
resp.insights[0].filters.note_updated_by[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.keyword #=> Array
resp.insights[0].filters.keyword[0].value #=> String
resp.insights[0].filters.finding_provider_fields_confidence #=> Array
resp.insights[0].filters.finding_provider_fields_confidence[0].gte #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].lte #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].eq #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].gt #=> Float
resp.insights[0].filters.finding_provider_fields_confidence[0].lt #=> Float
resp.insights[0].filters.finding_provider_fields_criticality #=> Array
resp.insights[0].filters.finding_provider_fields_criticality[0].gte #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].lte #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].eq #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].gt #=> Float
resp.insights[0].filters.finding_provider_fields_criticality[0].lt #=> Float
resp.insights[0].filters.finding_provider_fields_related_findings_id #=> Array
resp.insights[0].filters.finding_provider_fields_related_findings_id[0].value #=> String
resp.insights[0].filters.finding_provider_fields_related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_related_findings_product_arn #=> Array
resp.insights[0].filters.finding_provider_fields_related_findings_product_arn[0].value #=> String
resp.insights[0].filters.finding_provider_fields_related_findings_product_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_severity_label #=> Array
resp.insights[0].filters.finding_provider_fields_severity_label[0].value #=> String
resp.insights[0].filters.finding_provider_fields_severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_severity_original #=> Array
resp.insights[0].filters.finding_provider_fields_severity_original[0].value #=> String
resp.insights[0].filters.finding_provider_fields_severity_original[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.finding_provider_fields_types #=> Array
resp.insights[0].filters.finding_provider_fields_types[0].value #=> String
resp.insights[0].filters.finding_provider_fields_types[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.sample #=> Array
resp.insights[0].filters.sample[0].value #=> Boolean
resp.insights[0].filters.compliance_security_control_id #=> Array
resp.insights[0].filters.compliance_security_control_id[0].value #=> String
resp.insights[0].filters.compliance_security_control_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.compliance_associated_standards_id #=> Array
resp.insights[0].filters.compliance_associated_standards_id[0].value #=> String
resp.insights[0].filters.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.vulnerabilities_exploit_available #=> Array
resp.insights[0].filters.vulnerabilities_exploit_available[0].value #=> String
resp.insights[0].filters.vulnerabilities_exploit_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.vulnerabilities_fix_available #=> Array
resp.insights[0].filters.vulnerabilities_fix_available[0].value #=> String
resp.insights[0].filters.vulnerabilities_fix_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.compliance_security_control_parameters_name #=> Array
resp.insights[0].filters.compliance_security_control_parameters_name[0].value #=> String
resp.insights[0].filters.compliance_security_control_parameters_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.compliance_security_control_parameters_value #=> Array
resp.insights[0].filters.compliance_security_control_parameters_value[0].value #=> String
resp.insights[0].filters.compliance_security_control_parameters_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.aws_account_name #=> Array
resp.insights[0].filters.aws_account_name[0].value #=> String
resp.insights[0].filters.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_application_name #=> Array
resp.insights[0].filters.resource_application_name[0].value #=> String
resp.insights[0].filters.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].filters.resource_application_arn #=> Array
resp.insights[0].filters.resource_application_arn[0].value #=> String
resp.insights[0].filters.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS", "CONTAINS_WORD"
resp.insights[0].group_by_attribute #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :insight_arns (Array<String>) —

  The ARNs of the insights to describe. If you don’t provide any insight ARNs, then ‘GetInsights` returns all of your custom insights. It does not return any managed insights.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘GetInsights` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of items to return in the response.

Returns:

• (Types::GetInsightsResponse) —

  Returns a response object which responds to the following methods:

  • #insights => Array&lt;Types::Insight&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8253

def get_insights(params = {}, options = {})
  req = build_request(:get_insights, params)
  req.send_request(options)
end

#get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse

<note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see [Managing Security Hub CSPM administrator and member accounts with Organizations] in the *Security Hub CSPM User Guide*.

</note>

Returns the count of all Security Hub CSPM membership invitations that were sent to the calling member account, not including the currently accepted invitation.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html

Examples:

Example: To get a count of membership invitations

# The following example returns a count of invitations that the Security Hub administrator sent to the current member
# account, not including the currently accepted invitation.

resp = client.get_invitations_count({
})

resp.to_h outputs the following:
{
  invitations_count: 3, 
}

Response structure

resp.invitations_count #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::GetInvitationsCountResponse) —

  Returns a response object which responds to the following methods:

  • #invitations_count => Integer

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8299

def get_invitations_count(params = {}, options = {})
  req = build_request(:get_invitations_count, params)
  req.send_request(options)
end

#get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse

This method is deprecated. Instead, use ‘GetAdministratorAccount`.

The Security Hub CSPM console continues to use ‘GetMasterAccount`. It will eventually change to use `GetAdministratorAccount`. Any IAM policies that specifically control access to this function must continue to use `GetMasterAccount`. You should also add `GetAdministratorAccount` to your policies to ensure that the correct permissions are in place after the console begins to use `GetAdministratorAccount`.

Provides the details for the Security Hub CSPM administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Response structure

resp.master.account_id #=> String
resp.master.invitation_id #=> String
resp.master.invited_at #=> Time
resp.master.member_status #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::GetMasterAccountResponse) —

  Returns a response object which responds to the following methods:

  • #master => Types::Invitation

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8335

def get_master_account(params = {}, options = {})
  req = build_request(:get_master_account, params)
  req.send_request(options)
end

#get_members(params = {}) ⇒ Types::GetMembersResponse

Returns the details for the Security Hub CSPM member accounts for the specified account IDs.

An administrator account can be either the delegated Security Hub CSPM administrator account for an organization or an administrator account that enabled Security Hub CSPM manually.

The results include both member accounts that are managed using Organizations and accounts that were invited manually.

Examples:

Example: To get member account details

# The following example returns details for the Security Hub member accounts with the specified AWS account IDs. An
# administrator account may be the delegated Security Hub administrator account for an organization or an administrator
# account that enabled Security Hub manually. The Security Hub administrator must call this operation.

resp = client.get_members({
  account_ids: [
    "444455556666", 
    "777788889999", 
  ], 
})

resp.to_h outputs the following:
{
  members: [
    {
      account_id: "444455556666", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
    {
      account_id: "777788889999", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
  ], 
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values

resp = client.get_members({
  account_ids: ["NonEmptyString"], # required
})

Response structure

resp.members #=> Array
resp.members[0].account_id #=> String
resp.members[0].email #=> String
resp.members[0].master_id #=> String
resp.members[0].administrator_id #=> String
resp.members[0].member_status #=> String
resp.members[0].invited_at #=> Time
resp.members[0].updated_at #=> Time
resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  The list of account IDs for the Security Hub CSPM member accounts to return the details for.

Returns:

• (Types::GetMembersResponse) —

  Returns a response object which responds to the following methods:

  • #members => Array&lt;Types::Member&gt;

  • #unprocessed_accounts => Array&lt;Types::Result&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8421

def get_members(params = {}, options = {})
  req = build_request(:get_members, params)
  req.send_request(options)
end

#get_recommended_policy_v2(params = {}) ⇒ Types::GetRecommendedPolicyV2Response

Retrieves the recommended policy to remediate a Security Hub finding. ‘GetRecommendedPolicyV2` only supports findings for unused permissions.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_recommended_policy_v2({
  metadata_uid: "NonEmptyString", # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.next_token #=> String
resp.recommendation_type #=> String, one of "UNUSED_PERMISSION_RECOMMENDATION"
resp.recommendation_steps #=> Array
resp.recommendation_steps[0].unused_permissions.recommended_action #=> String
resp.recommendation_steps[0].unused_permissions.existing_policy #=> String
resp.recommendation_steps[0].unused_permissions.existing_policy_id #=> String
resp.recommendation_steps[0].unused_permissions.policy_updated_at #=> Time
resp.recommendation_steps[0].unused_permissions.recommended_policy #=> String
resp.error.code #=> String
resp.error.message #=> String
resp.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
resp.resource_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :metadata_uid (required, String) —

  The unique identifier (ID) of Security Hub OCSF findings found under the ‘metadata.uid` field of the finding.

• :next_token (String) —

  The token used to paginate the ‘RecommendationSteps` list returned. On your first call to `GetRecommendedPolicyV2`, omit this parameter or set it to `NULL`. For subsequent calls, use the `NextToken` value returned in the previous response to retrieve the next page of results.

• :max_results (Integer) —

  The maximum number of recommendation steps to return.

Returns:

• (Types::GetRecommendedPolicyV2Response) —

  Returns a response object which responds to the following methods:

  • #next_token => String

  • #recommendation_type => String

  • #recommendation_steps => Array&lt;Types::RecommendationStep&gt;

  • #error => Types::RecommendationError

  • #status => String

  • #resource_arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8482

def get_recommended_policy_v2(params = {}, options = {})
  req = build_request(:get_recommended_policy_v2, params)
  req.send_request(options)
end

#get_resources_statistics_v2(params = {}) ⇒ Types::GetResourcesStatisticsV2Response

Retrieves statistical information about Amazon Web Services resources and their associated security findings.

You can use the ‘Scopes` parameter to define the data boundary for the query. Currently, `Scopes` supports `AwsOrganizations`, which lets you aggregate resources from your entire organization or from specific organizational units. Only the delegated administrator account can use `Scopes`.

Examples:

Request syntax with placeholder values

resp = client.get_resources_statistics_v2({
  group_by_rules: [ # required
    {
      group_by_field: "AccountId", # required, accepts AccountId, Region, ResourceCategory, ResourceType, ResourceName, FindingsSummary.FindingType
      filters: {
        composite_filters: [
          {
            string_filters: [
              {
                field_name: "ResourceGuid", # accepts ResourceGuid, ResourceId, AccountId, Region, ResourceCategory, ResourceType, ResourceName, FindingsSummary.FindingType, FindingsSummary.ProductName
                filter: {
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
                },
              },
            ],
            date_filters: [
              {
                field_name: "ResourceDetailCaptureTime", # accepts ResourceDetailCaptureTime, ResourceCreationTime
                filter: {
                  start: "NonEmptyString",
                  end: "NonEmptyString",
                  date_range: {
                    value: 1,
                    unit: "DAYS", # accepts DAYS
                    comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                  },
                },
              },
            ],
            number_filters: [
              {
                field_name: "FindingsSummary.TotalFindings", # accepts FindingsSummary.TotalFindings, FindingsSummary.Severities.Other, FindingsSummary.Severities.Fatal, FindingsSummary.Severities.Critical, FindingsSummary.Severities.High, FindingsSummary.Severities.Medium, FindingsSummary.Severities.Low, FindingsSummary.Severities.Informational, FindingsSummary.Severities.Unknown
                filter: {
                  gte: 1.0,
                  lte: 1.0,
                  eq: 1.0,
                  gt: 1.0,
                  lt: 1.0,
                },
              },
            ],
            map_filters: [
              {
                field_name: "ResourceTags", # accepts ResourceTags
                filter: {
                  key: "NonEmptyString",
                  value: "NonEmptyString",
                  comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
                },
              },
            ],
            nested_composite_filters: {
              # recursive ResourcesCompositeFilterList
            },
            operator: "AND", # accepts AND, OR
          },
        ],
        composite_operator: "AND", # accepts AND, OR
      },
    },
  ],
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_order: "asc", # accepts asc, desc
  max_statistic_results: 1,
})

Response structure

resp.group_by_results #=> Array
resp.group_by_results[0].group_by_field #=> String
resp.group_by_results[0].group_by_values #=> Array
resp.group_by_results[0].group_by_values[0].field_value #=> String
resp.group_by_results[0].group_by_values[0].count #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :group_by_rules (required, Array<Types::ResourceGroupByRule>) —

  How resource statistics should be aggregated and organized in the response.

• :scopes (Types::ResourceScopes) —

  Limits the results to resources from specific organizational units or from the delegated administrator’s organization. Only the delegated administrator account can use this parameter. Other accounts receive an ‘AccessDeniedException`.

  This parameter is optional. If you omit it, the delegated administrator sees statistics from all accounts across the entire organization. Other accounts see only statistics for their own resources.

  You can specify up to 10 entries in ‘Scopes.AwsOrganizations`. If multiple entries are specified, the entries are combined using OR logic.

• :sort_order (String) —

  Sorts aggregated statistics.

• :max_statistic_results (Integer) —

  The maximum number of results to be returned.

Returns:

• (Types::GetResourcesStatisticsV2Response) —

  Returns a response object which responds to the following methods:

  • #group_by_results => Array&lt;Types::GroupByResult&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8613

def get_resources_statistics_v2(params = {}, options = {})
  req = build_request(:get_resources_statistics_v2, params)
  req.send_request(options)
end

#get_resources_trends_v2(params = {}) ⇒ Types::GetResourcesTrendsV2Response

Returns resource trend data based on the specified criteria. This operation helps you analyze patterns and changes in resource compliance over time.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_resources_trends_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "account_id", # accepts account_id, region, resource_type, resource_category
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        nested_composite_filters: {
          # recursive ResourcesTrendsCompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  start_time: Time.now, # required
  end_time: Time.now, # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.granularity #=> String, one of "Daily", "Weekly", "Monthly"
resp.trends_metrics #=> Array
resp.trends_metrics[0].timestamp #=> Time
resp.trends_metrics[0].trends_values.resources_count.all_resources #=> Integer
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filters (Types::ResourcesTrendsFilters) —

  The filters to apply to the resources trend data.

• :start_time (required, Time, DateTime, Date, Integer, String) —

  The starting timestamp for the time period to analyze resources trends, in ISO 8601 format.

• :end_time (required, Time, DateTime, Date, Integer, String) —

  The ending timestamp for the time period to analyze resources trends, in ISO 8601 format.

• :next_token (String) —

  The token to use for paginating results. This value is returned in the response if more results are available.

• :max_results (Integer) —

  The maximum number of trend data points to return in a single response.

Returns:

• (Types::GetResourcesTrendsV2Response) —

  Returns a response object which responds to the following methods:

  • #granularity => String

  • #trends_metrics => Array&lt;Types::ResourcesTrendsMetricsResult&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8690

def get_resources_trends_v2(params = {}, options = {})
  req = build_request(:get_resources_trends_v2, params)
  req.send_request(options)
end

#get_resources_v2(params = {}) ⇒ Types::GetResourcesV2Response

Returns a list of resources.

You can use the ‘Scopes` parameter to define the data boundary for the query. Currently, `Scopes` supports `AwsOrganizations`, which lets you retrieve resources from your entire organization or from specific organizational units. Only the delegated administrator account can use `Scopes`.

You can use the ‘Filters` parameter to refine results based on resource attributes. You can use `Scopes` and `Filters` independently or together. When both are provided, `Scopes` narrows the data set first, and then `Filters` refines results within that scoped data set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_resources_v2({
  filters: {
    composite_filters: [
      {
        string_filters: [
          {
            field_name: "ResourceGuid", # accepts ResourceGuid, ResourceId, AccountId, Region, ResourceCategory, ResourceType, ResourceName, FindingsSummary.FindingType, FindingsSummary.ProductName
            filter: {
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
            },
          },
        ],
        date_filters: [
          {
            field_name: "ResourceDetailCaptureTime", # accepts ResourceDetailCaptureTime, ResourceCreationTime
            filter: {
              start: "NonEmptyString",
              end: "NonEmptyString",
              date_range: {
                value: 1,
                unit: "DAYS", # accepts DAYS
                comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
              },
            },
          },
        ],
        number_filters: [
          {
            field_name: "FindingsSummary.TotalFindings", # accepts FindingsSummary.TotalFindings, FindingsSummary.Severities.Other, FindingsSummary.Severities.Fatal, FindingsSummary.Severities.Critical, FindingsSummary.Severities.High, FindingsSummary.Severities.Medium, FindingsSummary.Severities.Low, FindingsSummary.Severities.Informational, FindingsSummary.Severities.Unknown
            filter: {
              gte: 1.0,
              lte: 1.0,
              eq: 1.0,
              gt: 1.0,
              lt: 1.0,
            },
          },
        ],
        map_filters: [
          {
            field_name: "ResourceTags", # accepts ResourceTags
            filter: {
              key: "NonEmptyString",
              value: "NonEmptyString",
              comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
            },
          },
        ],
        nested_composite_filters: {
          # recursive ResourcesCompositeFilterList
        },
        operator: "AND", # accepts AND, OR
      },
    ],
    composite_operator: "AND", # accepts AND, OR
  },
  scopes: {
    aws_organizations: [
      {
        organization_id: "NonEmptyString",
        organizational_unit_id: "NonEmptyString",
      },
    ],
  },
  sort_criteria: [
    {
      field: "NonEmptyString",
      sort_order: "asc", # accepts asc, desc
    },
  ],
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.resources #=> Array
resp.resources[0].resource_guid #=> String
resp.resources[0].resource_id #=> String
resp.resources[0].account_id #=> String
resp.resources[0].region #=> String
resp.resources[0].resource_category #=> String, one of "Compute", "Database", "Storage", "Code", "AI/ML", "Identity", "Network", "Other"
resp.resources[0].resource_type #=> String
resp.resources[0].resource_name #=> String
resp.resources[0].resource_creation_time_dt #=> String
resp.resources[0].resource_detail_capture_time_dt #=> String
resp.resources[0].findings_summary #=> Array
resp.resources[0].findings_summary[0].finding_type #=> String
resp.resources[0].findings_summary[0].product_name #=> String
resp.resources[0].findings_summary[0].total_findings #=> Integer
resp.resources[0].findings_summary[0].severities.other #=> Integer
resp.resources[0].findings_summary[0].severities.fatal #=> Integer
resp.resources[0].findings_summary[0].severities.critical #=> Integer
resp.resources[0].findings_summary[0].severities.high #=> Integer
resp.resources[0].findings_summary[0].severities.medium #=> Integer
resp.resources[0].findings_summary[0].severities.low #=> Integer
resp.resources[0].findings_summary[0].severities.informational #=> Integer
resp.resources[0].findings_summary[0].severities.unknown #=> Integer
resp.resources[0].resource_tags #=> Array
resp.resources[0].resource_tags[0].key #=> String
resp.resources[0].resource_tags[0].value #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filters (Types::ResourcesFilters) —

  Filters resources based on a set of criteria.

• :scopes (Types::ResourceScopes) —

  Limits the results to resources from specific organizational units or from the delegated administrator’s organization. Only the delegated administrator account can use this parameter. Other accounts receive an ‘AccessDeniedException`.

  This parameter is optional. If you omit it, the delegated administrator sees resources from all accounts across the entire organization. Other accounts see only their own resources.

  You can specify up to 10 entries in ‘Scopes.AwsOrganizations`. If multiple entries are specified, the entries are combined using OR logic.

• :sort_criteria (Array<Types::SortCriterion>) —

  The resource attributes used to sort the list of returned resources.

• :next_token (String) —

  The token required for pagination. On your first call, set the value of this parameter to ‘NULL`. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::GetResourcesV2Response) —

  Returns a response object which responds to the following methods:

  • #resources => Array&lt;Types::ResourceResult&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8854

def get_resources_v2(params = {}, options = {})
  req = build_request(:get_resources_v2, params)
  req.send_request(options)
end

#get_security_control_definition(params = {}) ⇒ Types::GetSecurityControlDefinitionResponse

Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

Examples:

Example: To get the definition of a security control.

# The following example retrieves definition details for the specified security control.

resp = client.get_security_control_definition({
  security_control_id: "EC2.4", 
})

resp.to_h outputs the following:
{
  security_control_definition: {
    current_region_availability: "AVAILABLE", 
    description: "This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.", 
    parameter_definitions: {
      "AllowedDays" => {
        configuration_options: {
          integer: {
            default_value: 30, 
            max: 365, 
            min: 1, 
          }, 
        }, 
        description: "Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding", 
      }, 
    }, 
    remediation_url: "https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation", 
    security_control_id: "EC2.4", 
    severity_rating: "MEDIUM", 
    title: "Stopped Amazon EC2 instances should be removed after a specified time period", 
  }, 
}

Request syntax with placeholder values

resp = client.get_security_control_definition({
  security_control_id: "NonEmptyString", # required
})

Response structure

resp.security_control_definition.security_control_id #=> String
resp.security_control_definition.title #=> String
resp.security_control_definition.description #=> String
resp.security_control_definition.remediation_url #=> String
resp.security_control_definition.severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.security_control_definition.current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
resp.security_control_definition.customizable_properties #=> Array
resp.security_control_definition.customizable_properties[0] #=> String, one of "Parameters"
resp.security_control_definition.parameter_definitions #=> Hash
resp.security_control_definition.parameter_definitions["NonEmptyString"].description #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :security_control_id (required, String) —

  The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).

Returns:

• (Types::GetSecurityControlDefinitionResponse) —

  Returns a response object which responds to the following methods:

  • #security_control_definition => Types::SecurityControlDefinition

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 8955

def get_security_control_definition(params = {}, options = {})
  req = build_request(:get_security_control_definition, params)
  req.send_request(options)
end

#invite_members(params = {}) ⇒ Types::InviteMembersResponse

<note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see [Managing Security Hub CSPM administrator and member accounts with Organizations] in the *Security Hub CSPM User Guide*.

</note>

Invites other Amazon Web Services accounts to become member accounts for the Security Hub CSPM administrator account that the invitation is sent from.

This operation is only used to invite accounts that don’t belong to an Amazon Web Services organization. Organization accounts don’t receive invitations.

Before you can use this action to invite a member, you must first use the ‘CreateMembers` action to create the member account in Security Hub CSPM.

When the account owner enables Security Hub CSPM and accepts the invitation to become a member account, the administrator account can view the findings generated in the member account.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html

Examples:

Example: To invite accounts to become members

# The following example invites the specified AWS accounts to become member accounts associated with the calling Security
# Hub administrator account. You only use this operation to invite accounts that don't belong to an AWS Organizations
# organization.

resp = client.invite_members({
  account_ids: [
    "111122223333", 
    "444455556666", 
  ], 
})

resp.to_h outputs the following:
{
  unprocessed_accounts: [
  ], 
}

Request syntax with placeholder values

resp = client.invite_members({
  account_ids: ["NonEmptyString"], # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].processing_result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  The list of account IDs of the Amazon Web Services accounts to invite to Security Hub CSPM as members.

Returns:

• (Types::InviteMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::Result&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9031

def invite_members(params = {}, options = {})
  req = build_request(:invite_members, params)
  req.send_request(options)
end

#list_aggregators_v2(params = {}) ⇒ Types::ListAggregatorsV2Response

Retrieves a list of V2 aggregators.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_aggregators_v2({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.aggregators_v2 #=> Array
resp.aggregators_v2[0].aggregator_v2_arn #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token required for pagination. On your first call, set the value of this parameter to ‘NULL`. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::ListAggregatorsV2Response) —

  Returns a response object which responds to the following methods:

  • #aggregators_v2 => Array&lt;Types::AggregatorV2&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9071

def list_aggregators_v2(params = {}, options = {})
  req = build_request(:list_aggregators_v2, params)
  req.send_request(options)
end

#list_automation_rules(params = {}) ⇒ Types::ListAutomationRulesResponse

A list of automation rules and their metadata for the calling account.

Examples:

Example: To list automation rules

# The following example lists automation rules and rule metadata in the calling account.

resp = client.list_automation_rules({
  max_results: 2, 
  next_token: "example-token", 
})

resp.to_h outputs the following:
{
  automation_rules_metadata: [
    {
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      description: "IAM.8 is a known issue and can be resolved", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      rule_name: "sample-rule-name-1", 
      rule_order: 1, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
    {
      created_at: Time.parse("2022-08-31T01:52:33.250Z"), 
      created_by: "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", 
      description: "Lambda.2 is a known issue and can be resolved", 
      rule_arn: "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", 
      rule_name: "sample-rule-name-2", 
      rule_order: 2, 
      rule_status: "ENABLED", 
      updated_at: Time.parse("2022-08-31T01:52:33.250Z"), 
    }, 
  ], 
  next_token: "example-token", 
}

Request syntax with placeholder values

resp = client.list_automation_rules({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.automation_rules_metadata #=> Array
resp.automation_rules_metadata[0].rule_arn #=> String
resp.automation_rules_metadata[0].rule_status #=> String, one of "ENABLED", "DISABLED"
resp.automation_rules_metadata[0].rule_order #=> Integer
resp.automation_rules_metadata[0].rule_name #=> String
resp.automation_rules_metadata[0].description #=> String
resp.automation_rules_metadata[0].is_terminal #=> Boolean
resp.automation_rules_metadata[0].created_at #=> Time
resp.automation_rules_metadata[0].updated_at #=> Time
resp.automation_rules_metadata[0].created_by #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  A token to specify where to start paginating the response. This is the ‘NextToken` from a previously truncated response. On your first call to the `ListAutomationRules` API, set the value of this parameter to `NULL`.

• :max_results (Integer) —

  The maximum number of rules to return in the response. This currently ranges from 1 to 100.

Returns:

• (Types::ListAutomationRulesResponse) —

  Returns a response object which responds to the following methods:

  • #automation_rules_metadata => Array&lt;Types::AutomationRulesMetadata&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9155

def list_automation_rules(params = {}, options = {})
  req = build_request(:list_automation_rules, params)
  req.send_request(options)
end

#list_automation_rules_v2(params = {}) ⇒ Types::ListAutomationRulesV2Response

Returns a list of automation rules and metadata for the calling account.

Examples:

Request syntax with placeholder values

resp = client.list_automation_rules_v2({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.rules #=> Array
resp.rules[0].rule_arn #=> String
resp.rules[0].rule_id #=> String
resp.rules[0].rule_order #=> Float
resp.rules[0].rule_name #=> String
resp.rules[0].rule_status #=> String, one of "ENABLED", "DISABLED"
resp.rules[0].description #=> String
resp.rules[0].actions #=> Array
resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE", "EXTERNAL_INTEGRATION"
resp.rules[0].created_at #=> Time
resp.rules[0].updated_at #=> Time
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token required for pagination. On your first call, set the value of this parameter to ‘NULL`. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::ListAutomationRulesV2Response) —

  Returns a response object which responds to the following methods:

  • #rules => Array&lt;Types::AutomationRulesMetadataV2&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9203

def list_automation_rules_v2(params = {}, options = {})
  req = build_request(:list_automation_rules_v2, params)
  req.send_request(options)
end

#list_configuration_policies(params = {}) ⇒ Types::ListConfigurationPoliciesResponse

Lists the configuration policies that the Security Hub CSPM delegated administrator has created for your organization. Only the delegated administrator can invoke this operation from the home Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To view a list of configuration policies

# This operation provides a list of your configuration policies, including metadata for each policy.

resp = client.list_configuration_policies({
  max_results: 1, 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf", 
})

resp.to_h outputs the following:
{
  configuration_policy_summaries: [
    {
      arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      description: "Configuration policy for testing FSBP and CIS", 
      id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      name: "TestConfigurationPolicy", 
      service_enabled: true, 
      updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
    }, 
  ], 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef", 
}

Request syntax with placeholder values

resp = client.list_configuration_policies({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.configuration_policy_summaries #=> Array
resp.configuration_policy_summaries[0].arn #=> String
resp.configuration_policy_summaries[0].id #=> String
resp.configuration_policy_summaries[0].name #=> String
resp.configuration_policy_summaries[0].description #=> String
resp.configuration_policy_summaries[0].updated_at #=> Time
resp.configuration_policy_summaries[0].service_enabled #=> Boolean
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The NextToken value that’s returned from a previous paginated ‘ListConfigurationPolicies` request where `MaxResults` was used but the results exceeded the value of that parameter. Pagination continues from the `MaxResults` was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the `NextToken` value. This value is `null` when there are no more results to return.

• :max_results (Integer) —

  The maximum number of results that’s returned by ‘ListConfigurationPolicies` in each page of the response. When this parameter is used, `ListConfigurationPolicies` returns the specified number of results in a single page and a `NextToken` response element. You can see the remaining results of the initial request by sending another `ListConfigurationPolicies` request with the returned `NextToken` value. A valid range for `MaxResults` is between 1 and 100.

Returns:

• (Types::ListConfigurationPoliciesResponse) —

  Returns a response object which responds to the following methods:

  • #configuration_policy_summaries => Array&lt;Types::ConfigurationPolicySummary&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9285

def list_configuration_policies(params = {}, options = {})
  req = build_request(:list_configuration_policies, params)
  req.send_request(options)
end

#list_configuration_policy_associations(params = {}) ⇒ Types::ListConfigurationPolicyAssociationsResponse

Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list configuration associations

# This operation lists all of the associations between targets and configuration policies or self-managed behavior.
# Targets can include accounts, organizational units, or the root.

resp = client.list_configuration_policy_associations({
  filters: {
    association_type: "APPLIED", 
  }, 
  max_results: 1, 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf", 
})

resp.to_h outputs the following:
{
  configuration_policy_association_summaries: [
    {
      association_status: "PENDING", 
      association_type: "APPLIED", 
      configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
      target_id: "123456789012", 
      target_type: "ACCOUNT", 
      updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
    }, 
  ], 
  next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef", 
}

Request syntax with placeholder values

resp = client.list_configuration_policy_associations({
  next_token: "NextToken",
  max_results: 1,
  filters: {
    configuration_policy_id: "NonEmptyString",
    association_type: "INHERITED", # accepts INHERITED, APPLIED
    association_status: "PENDING", # accepts PENDING, SUCCESS, FAILED
  },
})

Response structure

resp.configuration_policy_association_summaries #=> Array
resp.configuration_policy_association_summaries[0].configuration_policy_id #=> String
resp.configuration_policy_association_summaries[0].target_id #=> String
resp.configuration_policy_association_summaries[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.configuration_policy_association_summaries[0].association_type #=> String, one of "INHERITED", "APPLIED"
resp.configuration_policy_association_summaries[0].updated_at #=> Time
resp.configuration_policy_association_summaries[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.configuration_policy_association_summaries[0].association_status_message #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The ‘NextToken` value that’s returned from a previous paginated ‘ListConfigurationPolicyAssociations` request where `MaxResults` was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the `NextToken` value. This value is `null` when there are no more results to return.

• :max_results (Integer) —

  The maximum number of results that’s returned by ‘ListConfigurationPolicies` in each page of the response. When this parameter is used, `ListConfigurationPolicyAssociations` returns the specified number of results in a single page and a `NextToken` response element. You can see the remaining results of the initial request by sending another `ListConfigurationPolicyAssociations` request with the returned `NextToken` value. A valid range for `MaxResults` is between 1 and 100.

• :filters (Types::AssociationFilters) —

  Options for filtering the ‘ListConfigurationPolicyAssociations` response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration, `AssociationType`, or `AssociationStatus`.

Returns:

• (Types::ListConfigurationPolicyAssociationsResponse) —

  Returns a response object which responds to the following methods:

  • #configuration_policy_association_summaries => Array&lt;Types::ConfigurationPolicyAssociationSummary&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9383

def list_configuration_policy_associations(params = {}, options = {})
  req = build_request(:list_configuration_policy_associations, params)
  req.send_request(options)
end

#list_connectors_v2(params = {}) ⇒ Types::ListConnectorsV2Response

Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account.

Examples:

Request syntax with placeholder values

resp = client.list_connectors_v2({
  next_token: "NextToken",
  max_results: 1,
  provider_name: "JIRA_CLOUD", # accepts JIRA_CLOUD, SERVICENOW
  connector_status: "CONNECTED", # accepts CONNECTED, FAILED_TO_CONNECT, PENDING_CONFIGURATION, PENDING_AUTHORIZATION
})

Response structure

resp.next_token #=> String
resp.connectors #=> Array
resp.connectors[0].connector_arn #=> String
resp.connectors[0].connector_id #=> String
resp.connectors[0].name #=> String
resp.connectors[0].description #=> String
resp.connectors[0].provider_summary.provider_name #=> String, one of "JIRA_CLOUD", "SERVICENOW"
resp.connectors[0].provider_summary.connector_status #=> String, one of "CONNECTED", "FAILED_TO_CONNECT", "PENDING_CONFIGURATION", "PENDING_AUTHORIZATION"
resp.connectors[0].created_at #=> Time

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The pagination token per the Amazon Web Services Pagination standard

• :max_results (Integer) —

  The maximum number of results to be returned.

• :provider_name (String) —

  The name of the third-party provider.

• :connector_status (String) —

  The status for the connectorV2.

Returns:

• (Types::ListConnectorsV2Response) —

  Returns a response object which responds to the following methods:

  • #next_token => String

  • #connectors => Array&lt;Types::ConnectorSummary&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9433

def list_connectors_v2(params = {}, options = {})
  req = build_request(:list_connectors_v2, params)
  req.send_request(options)
end

#list_enabled_products_for_import(params = {}) ⇒ Types::ListEnabledProductsForImportResponse

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub CSPM.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list ARNs for enabled integrations

# The following example returns a list of subscription Amazon Resource Names (ARNs) for the product integrations that you
# have currently enabled in Security Hub.

resp = client.list_enabled_products_for_import({
})

resp.to_h outputs the following:
{
  product_subscriptions: [
    "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon", 
    "arn:aws:securityhub:us-east-1::product/3coresec/3coresec", 
  ], 
}

Request syntax with placeholder values

resp = client.list_enabled_products_for_import({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.product_subscriptions #=> Array
resp.product_subscriptions[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘ListEnabledProductsForImport` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :max_results (Integer) —

  The maximum number of items to return in the response.

Returns:

• (Types::ListEnabledProductsForImportResponse) —

  Returns a response object which responds to the following methods:

  • #product_subscriptions => Array&lt;String&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9494

def list_enabled_products_for_import(params = {}, options = {})
  req = build_request(:list_enabled_products_for_import, params)
  req.send_request(options)
end

#list_finding_aggregators(params = {}) ⇒ Types::ListFindingAggregatorsResponse

If cross-Region aggregation is enabled, then ‘ListFindingAggregators` returns the Amazon Resource Name (ARN) of the finding aggregator. You can run this operation from any Amazon Web Services Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To update the enablement status of a standard control

# The following example disables the specified control in the specified security standard.

resp = client.list_finding_aggregators({
})

resp.to_h outputs the following:
{
  finding_aggregators: [
    {
      finding_aggregator_arn: "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.list_finding_aggregators({
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.finding_aggregators #=> Array
resp.finding_aggregators[0].finding_aggregator_arn #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  The token returned with the previous set of results. Identifies the next set of results to return.

• :max_results (Integer) —

  The maximum number of results to return. This operation currently only returns a single result.

Returns:

• (Types::ListFindingAggregatorsResponse) —

  Returns a response object which responds to the following methods:

  • #finding_aggregators => Array&lt;Types::FindingAggregator&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9552

def list_finding_aggregators(params = {}, options = {})
  req = build_request(:list_finding_aggregators, params)
  req.send_request(options)
end

#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse

<note markdown=“1”> We recommend using Organizations instead of Security Hub CSPM invitations to manage your member accounts. For information, see [Managing Security Hub CSPM administrator and member accounts with Organizations] in the *Security Hub CSPM User Guide*.

</note>

Lists all Security Hub CSPM membership invitations that were sent to the calling account.

Only accounts that are managed by invitation can use this operation. Accounts that are managed using the integration with Organizations don’t receive invitations.

[1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list membership invitations to calling account

# The following example returns a list of Security Hub member invitations sent to the calling AWS account. Only accounts
# that are invited manually use this operation. It's not for use by accounts that are managed through AWS Organizations.

resp = client.list_invitations({
})

resp.to_h outputs the following:
{
  invitations: [
    {
      account_id: "123456789012", 
      invitation_id: "7ab938c5d52d7904ad09f9e7c20cc4eb", 
      invited_at: Time.parse("2020-06-01T20:21:18.042000+00:00"), 
      member_status: "ASSOCIATED", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.list_invitations({
  max_results: 1,
  next_token: "NextToken",
})

Response structure

resp.invitations #=> Array
resp.invitations[0].account_id #=> String
resp.invitations[0].invitation_id #=> String
resp.invitations[0].invited_at #=> Time
resp.invitations[0].member_status #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :max_results (Integer) —

  The maximum number of items to return in the response.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘ListInvitations` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Returns:

• (Types::ListInvitationsResponse) —

  Returns a response object which responds to the following methods:

  • #invitations => Array&lt;Types::Invitation&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9635

def list_invitations(params = {}, options = {})
  req = build_request(:list_invitations, params)
  req.send_request(options)
end

#list_members(params = {}) ⇒ Types::ListMembersResponse

Lists details about all member accounts for the current Security Hub CSPM administrator account.

The results include both member accounts that belong to an organization and member accounts that were invited manually.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list member account details

# The following example returns details about member accounts for the calling Security Hub administrator account. The
# response includes member accounts that are managed through AWS Organizations and those that were invited manually.

resp = client.list_members({
})

resp.to_h outputs the following:
{
  members: [
    {
      account_id: "111122223333", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
    {
      account_id: "444455556666", 
      administrator_id: "123456789012", 
      invited_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
      master_id: "123456789012", 
      member_status: "ASSOCIATED", 
      updated_at: Time.parse("2020-06-01T20:15:15.289000+00:00"), 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.list_members({
  only_associated: false,
  max_results: 1,
  next_token: "NextToken",
})

Response structure

resp.members #=> Array
resp.members[0].account_id #=> String
resp.members[0].email #=> String
resp.members[0].master_id #=> String
resp.members[0].administrator_id #=> String
resp.members[0].member_status #=> String
resp.members[0].invited_at #=> Time
resp.members[0].updated_at #=> Time
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :only_associated (Boolean) —

  Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is ‘TRUE`.

  If ‘OnlyAssociated` is set to `TRUE`, the response includes member accounts whose relationship status with the administrator account is set to `ENABLED`.

  If ‘OnlyAssociated` is set to `FALSE`, the response includes all existing member accounts.

• :max_results (Integer) —

  The maximum number of items to return in the response.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘ListMembers` operation, set the value of this parameter to `NULL`.

  For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Returns:

• (Types::ListMembersResponse) —

  Returns a response object which responds to the following methods:

  • #members => Array&lt;Types::Member&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9731

def list_members(params = {}, options = {})
  req = build_request(:list_members, params)
  req.send_request(options)
end

#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse

Lists the Security Hub CSPM administrator accounts. Can only be called by the organization management account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list administrator acccounts for an organization

# The following example lists the Security  Hub administrator accounts for an organization. Only the organization
# management account can call this operation.

resp = client.list_organization_admin_accounts({
})

resp.to_h outputs the following:
{
  admin_accounts: [
    {
      account_id: "777788889999", 
    }, 
    {
      status: "ENABLED", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.list_organization_admin_accounts({
  max_results: 1,
  next_token: "NextToken",
  feature: "SecurityHub", # accepts SecurityHub, SecurityHubV2
})

Response structure

resp.admin_accounts #=> Array
resp.admin_accounts[0].account_id #=> String
resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
resp.next_token #=> String
resp.feature #=> String, one of "SecurityHub", "SecurityHubV2"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :max_results (Integer) —

  The maximum number of items to return in the response.

• :next_token (String) —

  The token that is required for pagination. On your first call to the ‘ListOrganizationAdminAccounts` operation, set the value of this parameter to `NULL`. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

• :feature (String) —

  The feature where the delegated administrator account is listed. Defaults to Security Hub CSPM if not specified.

Returns:

• (Types::ListOrganizationAdminAccountsResponse) —

  Returns a response object which responds to the following methods:

  • #admin_accounts => Array&lt;Types::AdminAccount&gt;

  • #next_token => String

  • #feature => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9802

def list_organization_admin_accounts(params = {}, options = {})
  req = build_request(:list_organization_admin_accounts, params)
  req.send_request(options)
end

#list_security_control_definitions(params = {}) ⇒ Types::ListSecurityControlDefinitionsResponse

Lists all of the security controls that apply to a specified standard.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list security controls that apply to a standard

# The following example lists security controls that apply to a specified Security Hub standard. 

resp = client.list_security_control_definitions({
  max_results: 3, 
  next_token: "NULL", 
  standards_arn: "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0", 
})

resp.to_h outputs the following:
{
  next_token: "U2FsdGVkX1...", 
  security_control_definitions: [
    {
      current_region_availability: "AVAILABLE", 
      customizable_properties: [
        "Parameters", 
      ], 
      description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", 
      security_control_id: "ACM.1", 
      severity_rating: "MEDIUM", 
      title: "Imported and ACM-issued certificates should be renewed after a specified time period", 
    }, 
    {
      current_region_availability: "AVAILABLE", 
      customizable_properties: [
        "Parameters", 
      ], 
      description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", 
      security_control_id: "APIGateway.1", 
      severity_rating: "MEDIUM", 
      title: "API Gateway REST and WebSocket API execution logging should be enabled", 
    }, 
    {
      current_region_availability: "AVAILABLE", 
      description: "This control checks whether Amazon API Gateway REST API stages have SSL certificates configured that backend systems can use to authenticate that incoming requests are from the API Gateway.", 
      remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.2/remediation", 
      security_control_id: "APIGateway.2", 
      severity_rating: "MEDIUM", 
      title: "API Gateway REST API stages should be configured to use SSL certificates for backend authentication", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.list_security_control_definitions({
  standards_arn: "NonEmptyString",
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.security_control_definitions #=> Array
resp.security_control_definitions[0].security_control_id #=> String
resp.security_control_definitions[0].title #=> String
resp.security_control_definitions[0].description #=> String
resp.security_control_definitions[0].remediation_url #=> String
resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
resp.security_control_definitions[0].customizable_properties #=> Array
resp.security_control_definitions[0].customizable_properties[0] #=> String, one of "Parameters"
resp.security_control_definitions[0].parameter_definitions #=> Hash
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].description #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_arn (String) —

  The Amazon Resource Name (ARN) of the standard that you want to view controls for.

• :next_token (String) —

  Optional pagination parameter.

• :max_results (Integer) —

  An optional parameter that limits the total results of the API response to the specified number. If this parameter isn’t provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a ‘NextToken` parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.

Returns:

• (Types::ListSecurityControlDefinitionsResponse) —

  Returns a response object which responds to the following methods:

  • #security_control_definitions => Array&lt;Types::SecurityControlDefinition&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 9935

def list_security_control_definitions(params = {}, options = {})
  req = build_request(:list_security_control_definitions, params)
  req.send_request(options)
end

#list_standards_control_associations(params = {}) ⇒ Types::ListStandardsControlAssociationsResponse

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

This operation omits standards control associations for standard subscriptions where ‘StandardsControlsUpdatable` has value `NOT_READY_FOR_UPDATES`.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To say whether standard

# The following example specifies whether a control is currently enabled or disabled in each enabled standard in the
# calling account. The response also provides other details about the control.

resp = client.list_standards_control_associations({
  security_control_id: "S3.1", 
})

resp.to_h outputs the following:
{
  standards_control_association_summaries: [
    {
      association_status: "ENABLED", 
      related_requirements: [
        "PCI DSS 1.2.1", 
        "PCI DSS 1.3.1", 
        "PCI DSS 1.3.2", 
        "PCI DSS 1.3.4", 
        "PCI DSS 1.3.6", 
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1", 
      security_control_id: "S3.1", 
      standards_arn: "arn:aws:securityhub:us-west-2::standards/pci-dss/v/3.2.1", 
      standards_control_description: "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.", 
      standards_control_title: "S3 Block Public Access setting should be enabled", 
      updated_at: Time.parse("2022-01-13T23:03:46.648000+00:00"), 
    }, 
    {
      association_status: "DISABLED", 
      related_requirements: [
      ], 
      security_control_arn: "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1", 
      security_control_id: "S3.1", 
      standards_arn: "arn:aws:securityhub:us-west-2::standards/aws-foundational-security-best-practices/v/1.0.0", 
      standards_control_description: "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.", 
      standards_control_title: "S3 Block Public Access setting should be enabled", 
      updated_at: Time.parse("2022-08-12T22:59:04.924000+00:00"), 
      updated_reason: "Not relevant to environment", 
    }, 
  ], 
}

Request syntax with placeholder values

resp = client.list_standards_control_associations({
  security_control_id: "NonEmptyString", # required
  next_token: "NextToken",
  max_results: 1,
})

Response structure

resp.standards_control_association_summaries #=> Array
resp.standards_control_association_summaries[0].standards_arn #=> String
resp.standards_control_association_summaries[0].security_control_id #=> String
resp.standards_control_association_summaries[0].security_control_arn #=> String
resp.standards_control_association_summaries[0].association_status #=> String, one of "ENABLED", "DISABLED"
resp.standards_control_association_summaries[0].related_requirements #=> Array
resp.standards_control_association_summaries[0].related_requirements[0] #=> String
resp.standards_control_association_summaries[0].updated_at #=> Time
resp.standards_control_association_summaries[0].updated_reason #=> String
resp.standards_control_association_summaries[0].standards_control_title #=> String
resp.standards_control_association_summaries[0].standards_control_description #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :security_control_id (required, String) —

  The identifier of the control (identified with ‘SecurityControlId`, `SecurityControlArn`, or a mix of both parameters) that you want to determine the enablement status of in each enabled standard.

• :next_token (String) —

  Optional pagination parameter.

• :max_results (Integer) —

  An optional parameter that limits the total results of the API response to the specified number. If this parameter isn’t provided in the request, the results include the first 25 standard and control associations. The results also include a ‘NextToken` parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub CSPM standards that you’ve enabled in the calling account.

Returns:

• (Types::ListStandardsControlAssociationsResponse) —

  Returns a response object which responds to the following methods:

  • #standards_control_association_summaries => Array&lt;Types::StandardsControlAssociationSummary&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10044

def list_standards_control_associations(params = {}, options = {})
  req = build_request(:list_standards_control_associations, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

Returns a list of tags associated with a resource.

Examples:

Example: To get a list of tags for a resource

# The following example returns a list of tags associated with the specified resource.

resp = client.list_tags_for_resource({
  resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
})

resp.to_h outputs the following:
{
  tags: {
    "Area" => "USMidwest", 
    "Department" => "Operations", 
  }, 
}

Request syntax with placeholder values

resp = client.list_tags_for_resource({
  resource_arn: "ResourceArn", # required
})

Response structure

resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :resource_arn (required, String) —

  The ARN of the resource to retrieve tags for.

Returns:

• (Types::ListTagsForResourceResponse) —

  Returns a response object which responds to the following methods:

  • #tags => Hash&lt;String,String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10090

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#register_connector_v2(params = {}) ⇒ Types::RegisterConnectorV2Response

Grants permission to complete the authorization based on input parameters.

Examples:

Request syntax with placeholder values

resp = client.register_connector_v2({
  auth_code: "NonEmptyString", # required
  auth_state: "NonEmptyString", # required
})

Response structure

resp.connector_arn #=> String
resp.connector_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :auth_code (required, String) —

  The authCode retrieved from authUrl to complete the OAuth 2.0 authorization code flow.

• :auth_state (required, String) —

  The authState retrieved from authUrl to complete the OAuth 2.0 authorization code flow.

Returns:

• (Types::RegisterConnectorV2Response) —

  Returns a response object which responds to the following methods:

  • #connector_arn => String

  • #connector_id => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10127

def register_connector_v2(params = {}, options = {})
  req = build_request(:register_connector_v2, params)
  req.send_request(options)
end

#start_configuration_policy_association(params = {}) ⇒ Types::StartConfigurationPolicyAssociationResponse

Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To associate a configuration with a target

# This operation associates a configuration policy or self-managed behavior with the target account, organizational unit,
# or the root.

resp = client.start_configuration_policy_association({
  configuration_policy_identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  target: {
    account_id: "111122223333", 
  }, 
})

resp.to_h outputs the following:
{
  association_status: "SUCCESS", 
  association_status_message: "This field is populated only if the association fails", 
  association_type: "APPLIED", 
  configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  target_id: "111122223333", 
  target_type: "ACCOUNT", 
  updated_at: Time.parse("2023-01-11T06:17:17.154Z"), 
}

Request syntax with placeholder values

resp = client.start_configuration_policy_association({
  configuration_policy_identifier: "NonEmptyString", # required
  target: { # required
    account_id: "NonEmptyString",
    organizational_unit_id: "NonEmptyString",
    root_id: "NonEmptyString",
  },
})

Response structure

resp.configuration_policy_id #=> String
resp.target_id #=> String
resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
resp.association_type #=> String, one of "INHERITED", "APPLIED"
resp.updated_at #=> Time
resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
resp.association_status_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :configuration_policy_identifier (required, String) —

  The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of ‘SELF_MANAGED_SECURITY_HUB` for a self-managed configuration.

• :target (required, Types::Target) —

  The identifier of the target account, organizational unit, or the root to associate with the specified configuration.

Returns:

• (Types::StartConfigurationPolicyAssociationResponse) —

  Returns a response object which responds to the following methods:

  • #configuration_policy_id => String

  • #target_id => String

  • #target_type => String

  • #association_type => String

  • #updated_at => Time

  • #association_status => String

  • #association_status_message => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10206

def start_configuration_policy_association(params = {}, options = {})
  req = build_request(:start_configuration_policy_association, params)
  req.send_request(options)
end

#start_configuration_policy_disassociation(params = {}) ⇒ Struct

Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To disassociate a configuration from a target

# This operation disassociates a configuration policy or self-managed behavior from the target account, organizational
# unit, or the root.

resp = client.start_configuration_policy_disassociation({
  configuration_policy_identifier: "SELF_MANAGED_SECURITY_HUB", 
  target: {
    root_id: "r-f6g7h8i9j0example", 
  }, 
})

Request syntax with placeholder values

resp = client.start_configuration_policy_disassociation({
  target: {
    account_id: "NonEmptyString",
    organizational_unit_id: "NonEmptyString",
    root_id: "NonEmptyString",
  },
  configuration_policy_identifier: "NonEmptyString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :target (Types::Target) —

  The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.

• :configuration_policy_identifier (required, String) —

  The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of ‘SELF_MANAGED_SECURITY_HUB` for a self-managed configuration.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10259

def start_configuration_policy_disassociation(params = {}, options = {})
  req = build_request(:start_configuration_policy_disassociation, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Adds one or more tags to a resource.

Examples:

Example: To tag a resource

# The following example adds the 'Department' and 'Area' tags to the specified resource.

resp = client.tag_resource({
  resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
  tags: {
    "Area" => "USMidwest", 
    "Department" => "Operations", 
  }, 
})

Request syntax with placeholder values

resp = client.tag_resource({
  resource_arn: "ResourceArn", # required
  tags: { # required
    "TagKey" => "TagValue",
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :resource_arn (required, String) —

  The ARN of the resource to apply the tags to.

• :tags (required, Hash<String,String>) —

  The tags to add to the resource. You can add up to 50 tags at a time. The tag keys can be no longer than 128 characters. The tag values can be no longer than 256 characters.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10302

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Removes one or more tags from a resource.

Examples:

Example: To remove tags from a resource

# The following example removes the 'Department' tag from the specified resource.

resp = client.untag_resource({
  resource_arn: "arn:aws:securityhub:us-west-1:123456789012:hub/default", 
  tag_keys: [
    "Department", 
  ], 
})

Request syntax with placeholder values

resp = client.untag_resource({
  resource_arn: "ResourceArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :resource_arn (required, String) —

  The ARN of the resource to remove the tags from.

• :tag_keys (required, Array<String>) —

  The tag keys associated with the tags to remove from the resource. You can remove up to 50 tags at a time.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10341

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_action_target(params = {}) ⇒ Struct

Updates the name and description of a custom action target in Security Hub CSPM.

Examples:

Example: To update the name and description of a custom action target

# The following example updates the name and description of a custom action target in Security Hub. You can create custom
# actions to automatically respond to Security Hub findings using Amazon EventBridge. 

resp = client.update_action_target({
  action_target_arn: "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", 
  description: "Sends specified findings to customer service chat", 
  name: "Chat custom action", 
})

Request syntax with placeholder values

resp = client.update_action_target({
  action_target_arn: "NonEmptyString", # required
  name: "NonEmptyString",
  description: "NonEmptyString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :action_target_arn (required, String) —

  The ARN of the custom action target to update.

• :name (String) —

  The updated name of the custom action target.

• :description (String) —

  The updated description for the custom action target.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10384

def update_action_target(params = {}, options = {})
  req = build_request(:update_action_target, params)
  req.send_request(options)
end

#update_aggregator_v2(params = {}) ⇒ Types::UpdateAggregatorV2Response

Udpates the configuration for the Aggregator V2.

Examples:

Request syntax with placeholder values

resp = client.update_aggregator_v2({
  aggregator_v2_arn: "NonEmptyString", # required
  region_linking_mode: "NonEmptyString", # required
  linked_regions: ["NonEmptyString"],
})

Response structure

resp.aggregator_v2_arn #=> String
resp.aggregation_region #=> String
resp.region_linking_mode #=> String
resp.linked_regions #=> Array
resp.linked_regions[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :aggregator_v2_arn (required, String) —

  The ARN of the Aggregator V2.

• :region_linking_mode (required, String) —

  Determines how Amazon Web Services Regions should be linked to the Aggregator V2.

• :linked_regions (Array<String>) —

  A list of Amazon Web Services Regions linked to the aggegation Region.

Returns:

• (Types::UpdateAggregatorV2Response) —

  Returns a response object which responds to the following methods:

  • #aggregator_v2_arn => String

  • #aggregation_region => String

  • #region_linking_mode => String

  • #linked_regions => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10428

def update_aggregator_v2(params = {}, options = {})
  req = build_request(:update_aggregator_v2, params)
  req.send_request(options)
end

#update_automation_rule_v2(params = {}) ⇒ Struct

Updates a V2 automation rule.

Examples:

Request syntax with placeholder values

resp = client.update_automation_rule_v2({
  identifier: "NonEmptyString", # required
  rule_status: "ENABLED", # accepts ENABLED, DISABLED
  rule_order: 1.0,
  description: "NonEmptyString",
  rule_name: "NonEmptyString",
  criteria: {
    ocsf_finding_criteria: {
      composite_filters: [
        {
          string_filters: [
            {
              field_name: "metadata.uid", # accepts metadata.uid, activity_name, cloud.account.uid, cloud.provider, cloud.region, compliance.assessments.category, compliance.assessments.name, compliance.control, compliance.status, compliance.standards, finding_info.desc, finding_info.src_url, finding_info.title, finding_info.types, finding_info.uid, finding_info.related_events.traits.category, finding_info.related_events.uid, finding_info.related_events.product.uid, finding_info.related_events.title, metadata.product.name, metadata.product.uid, metadata.product.vendor_name, remediation.desc, remediation.references, resources.cloud_partition, resources.region, resources.type, resources.uid, severity, status, comment, vulnerabilities.fix_coverage, class_name, databucket.encryption_details.algorithm, databucket.encryption_details.key_uid, databucket.file.data_classifications.classifier_details.type, evidences.actor.user.account.uid, evidences.api.operation, evidences.api.response.error_message, evidences.api.service.name, evidences.connection_info.direction, evidences.connection_info.protocol_name, evidences.dst_endpoint.autonomous_system.name, evidences.dst_endpoint.location.city, evidences.dst_endpoint.location.country, evidences.src_endpoint.autonomous_system.name, evidences.src_endpoint.hostname, evidences.src_endpoint.location.city, evidences.src_endpoint.location.country, finding_info.analytic.name, malware.name, malware_scan_info.uid, malware.severity, resources.cloud_function.layers.uid_alt, resources.cloud_function.runtime, resources.cloud_function.user.uid, resources.device.encryption_details.key_uid, resources.device.image.uid, resources.image.architecture, resources.image.registry_uid, resources.image.repository_name, resources.image.uid, resources.subnet_info.uid, resources.vpc_uid, vulnerabilities.affected_code.file.path, vulnerabilities.affected_packages.name, vulnerabilities.cve.epss.score, vulnerabilities.cve.uid, vulnerabilities.related_vulnerabilities, cloud.account.name, vendor_attributes.severity
              filter: {
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
              },
            },
          ],
          date_filters: [
            {
              field_name: "finding_info.created_time_dt", # accepts finding_info.created_time_dt, finding_info.first_seen_time_dt, finding_info.last_seen_time_dt, finding_info.modified_time_dt, resources.image.created_time_dt, resources.image.last_used_time_dt, resources.modified_time_dt
              filter: {
                start: "NonEmptyString",
                end: "NonEmptyString",
                date_range: {
                  value: 1,
                  unit: "DAYS", # accepts DAYS
                  comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
                },
              },
            },
          ],
          boolean_filters: [
            {
              field_name: "compliance.assessments.meets_criteria", # accepts compliance.assessments.meets_criteria, vulnerabilities.is_exploit_available, vulnerabilities.is_fix_available
              filter: {
                value: false,
              },
            },
          ],
          number_filters: [
            {
              field_name: "activity_id", # accepts activity_id, compliance.status_id, confidence_score, severity_id, status_id, finding_info.related_events_count, evidences.api.response.code, evidences.dst_endpoint.autonomous_system.number, evidences.dst_endpoint.port, evidences.src_endpoint.autonomous_system.number, evidences.src_endpoint.port, resources.image.in_use_count, vulnerabilities.cve.cvss.base_score, vendor_attributes.severity_id
              filter: {
                gte: 1.0,
                lte: 1.0,
                eq: 1.0,
                gt: 1.0,
                lt: 1.0,
              },
            },
          ],
          map_filters: [
            {
              field_name: "resources.tags", # accepts resources.tags, compliance.control_parameters, databucket.tags, finding_info.tags
              filter: {
                key: "NonEmptyString",
                value: "NonEmptyString",
                comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
              },
            },
          ],
          ip_filters: [
            {
              field_name: "evidences.dst_endpoint.ip", # accepts evidences.dst_endpoint.ip, evidences.src_endpoint.ip
              filter: {
                cidr: "NonEmptyString",
              },
            },
          ],
          nested_composite_filters: {
            # recursive CompositeFilterList
          },
          operator: "AND", # accepts AND, OR
        },
      ],
      composite_operator: "AND", # accepts AND, OR
    },
  },
  actions: [
    {
      type: "FINDING_FIELDS_UPDATE", # required, accepts FINDING_FIELDS_UPDATE, EXTERNAL_INTEGRATION
      finding_fields_update: {
        severity_id: 1,
        comment: "NonEmptyString",
        status_id: 1,
      },
      external_integration_configuration: {
        connector_arn: "NonEmptyString",
      },
    },
  ],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :identifier (required, String) —

  The ARN of the automation rule.

• :rule_status (String) —

  The status of the automation rule.

• :rule_order (Float) —

  Represents a value for the rule priority.

• :description (String) —

  A description of the automation rule.

• :rule_name (String) —

  The name of the automation rule.

• :criteria (Types::Criteria) —

  The filtering type and configuration of the automation rule.

• :actions (Array<Types::AutomationRulesActionV2>) —

  A list of actions to be performed when the rule criteria is met.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10559

def update_automation_rule_v2(params = {}, options = {})
  req = build_request(:update_automation_rule_v2, params)
  req.send_request(options)
end

#update_configuration_policy(params = {}) ⇒ Types::UpdateConfigurationPolicyResponse

Updates a configuration policy. Only the Security Hub CSPM delegated administrator can invoke this operation from the home Region.

Examples:

Example: To update a configuration policy

# This operation updates the specified configuration policy.

resp = client.update_configuration_policy({
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
          "CloudWatch.2", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 21, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  description: "Updated configuration policy for testing FSBP and CIS", 
  identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_reason: "Enabling ACM.2", 
})

resp.to_h outputs the following:
{
  arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  configuration_policy: {
    security_hub: {
      enabled_standard_identifiers: [
        "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", 
        "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", 
      ], 
      security_controls_configuration: {
        disabled_security_control_identifiers: [
          "CloudWatch.1", 
          "CloudWatch.2", 
        ], 
        security_control_custom_parameters: [
          {
            parameters: {
              "daysToExpiration" => {
                value: {
                  integer: 21, 
                }, 
                value_type: "CUSTOM", 
              }, 
            }, 
            security_control_id: "ACM.1", 
          }, 
        ], 
      }, 
      service_enabled: true, 
    }, 
  }, 
  created_at: Time.parse("2023-01-11T06:17:17.154Z"), 
  description: "Updated configuration policy for testing FSBP and CIS", 
  id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "TestConfigurationPolicy", 
  updated_at: Time.parse("2023-01-12T06:17:17.154Z"), 
}

Request syntax with placeholder values

resp = client.update_configuration_policy({
  identifier: "NonEmptyString", # required
  name: "NonEmptyString",
  description: "NonEmptyString",
  updated_reason: "NonEmptyString",
  configuration_policy: {
    security_hub: {
      service_enabled: false,
      enabled_standard_identifiers: ["NonEmptyString"],
      security_controls_configuration: {
        enabled_security_control_identifiers: ["NonEmptyString"],
        disabled_security_control_identifiers: ["NonEmptyString"],
        security_control_custom_parameters: [
          {
            security_control_id: "NonEmptyString",
            parameters: {
              "NonEmptyString" => {
                value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
                value: {
                  integer: 1,
                  integer_list: [1],
                  double: 1.0,
                  string: "NonEmptyString",
                  string_list: ["NonEmptyString"],
                  boolean: false,
                  enum: "NonEmptyString",
                  enum_list: ["NonEmptyString"],
                },
              },
            },
          },
        ],
      },
    },
  },
})

Response structure

resp.arn #=> String
resp.id #=> String
resp.name #=> String
resp.description #=> String
resp.updated_at #=> Time
resp.created_at #=> Time
resp.configuration_policy.security_hub.service_enabled #=> Boolean
resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :identifier (required, String) —

  The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

• :name (String) —

  The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: ‘-, ., !, *, /`.

• :description (String) —

  The description of the configuration policy.

• :updated_reason (String) —

  The reason for updating the configuration policy.

• :configuration_policy (Types::Policy) —

  An object that defines how Security Hub CSPM is configured. It includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).

  When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list of controls that you want to enable or disable. The updated configuration replaces the current configuration.

Returns:

• (Types::UpdateConfigurationPolicyResponse) —

  Returns a response object which responds to the following methods:

  • #arn => String

  • #id => String

  • #name => String

  • #description => String

  • #updated_at => Time

  • #created_at => Time

  • #configuration_policy => Types::Policy

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10760

def update_configuration_policy(params = {}, options = {})
  req = build_request(:update_configuration_policy, params)
  req.send_request(options)
end

#update_connector_v2(params = {}) ⇒ Struct

Grants permission to update a connectorV2 based on its id and input parameters.

Examples:

Request syntax with placeholder values

resp = client.update_connector_v2({
  connector_id: "NonEmptyString", # required
  description: "NonEmptyString",
  provider: {
    jira_cloud: {
      project_key: "NonEmptyString",
    },
    service_now: {
      secret_arn: "NonEmptyString",
    },
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :connector_id (required, String) —

  The UUID of the connectorV2 to identify connectorV2 resource.

• :description (String) —

  The description of the connectorV2.

• :provider (Types::ProviderUpdateConfiguration) —

  The third-party provider’s service configuration.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10798

def update_connector_v2(params = {}, options = {})
  req = build_request(:update_connector_v2, params)
  req.send_request(options)
end

#update_finding_aggregator(params = {}) ⇒ Types::UpdateFindingAggregatorResponse

<note markdown=“1”> The *aggregation Region* is now called the *home Region*.

</note>

Updates cross-Region aggregation settings. You can use this operation to update the Region linking mode and the list of included or excluded Amazon Web Services Regions. However, you can’t use this operation to change the home Region.

You can invoke this operation from the current home Region only.

Examples:

Example: To update cross-Region aggregation settings

# The following example updates the cross-Region aggregation configuration. You use this operation to change the list of
# linked Regions and the treatment of new Regions. However, you cannot use this operation to change the aggregation
# Region.

resp = client.update_finding_aggregator({
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
})

resp.to_h outputs the following:
{
  finding_aggregation_region: "us-east-1", 
  finding_aggregator_arn: "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  region_linking_mode: "SPECIFIED_REGIONS", 
  regions: [
    "us-west-1", 
    "us-west-2", 
  ], 
}

Request syntax with placeholder values

resp = client.update_finding_aggregator({
  finding_aggregator_arn: "NonEmptyString", # required
  region_linking_mode: "NonEmptyString", # required
  regions: ["NonEmptyString"],
})

Response structure

resp.finding_aggregator_arn #=> String
resp.finding_aggregation_region #=> String
resp.region_linking_mode #=> String
resp.regions #=> Array
resp.regions[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :finding_aggregator_arn (required, String) —

  The ARN of the finding aggregator. To obtain the ARN, use ‘ListFindingAggregators`.

• :region_linking_mode (required, String) —

  Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub CSPM supports them and you opt into them.

  The selected option also determines how to use the Regions provided in the Regions list.

  The options are as follows:

  • ‘ALL_REGIONS` - Aggregates findings from all of the Regions where Security Hub CSPM is enabled. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.

  • ‘ALL_REGIONS_EXCEPT_SPECIFIED` - Aggregates findings from all of the Regions where Security Hub CSPM is enabled, except for the Regions listed in the `Regions` parameter. When you choose this option, Security Hub CSPM also automatically aggregates findings from new Regions as Security Hub CSPM supports them and you opt into them.

  • ‘SPECIFIED_REGIONS` - Aggregates findings only from the Regions listed in the `Regions` parameter. Security Hub CSPM does not automatically aggregate findings from new Regions.

  • ‘NO_REGIONS` - Aggregates no data because no Regions are selected as linked Regions.

• :regions (Array<String>) —

  If ‘RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this is a space-separated list of Regions that don’t replicate and send findings to the home Region.

  If ‘RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

  An ‘InvalidInputException` error results if you populate this field while `RegionLinkingMode` is `NO_REGIONS`.

Returns:

• (Types::UpdateFindingAggregatorResponse) —

  Returns a response object which responds to the following methods:

  • #finding_aggregator_arn => String

  • #finding_aggregation_region => String

  • #region_linking_mode => String

  • #regions => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 10913

def update_finding_aggregator(params = {}, options = {})
  req = build_request(:update_finding_aggregator, params)
  req.send_request(options)
end

#update_findings(params = {}) ⇒ Struct

‘UpdateFindings` is a deprecated operation. Instead of `UpdateFindings`, use the `BatchUpdateFindings` operation.

The ‘UpdateFindings` operation updates the `Note` and `RecordState` of the Security Hub CSPM aggregated findings that the filter attributes specify. Any member account that can view the finding can also see the update to the finding.

Finding updates made with ‘UpdateFindings` aren’t persisted if the same finding is later updated by the finding provider through the ‘BatchImportFindings` operation. In addition, Security Hub CSPM doesn’t record updates made with ‘UpdateFindings` in the finding history.

Examples:

Request syntax with placeholder values

resp = client.update_findings({
  filters: { # required
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  note: {
    text: "NonEmptyString", # required
    updated_by: "NonEmptyString", # required
  },
  record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filters (required, Types::AwsSecurityFindingFilters) —

  A collection of attributes that specify which findings you want to update.

• :note (Types::NoteUpdate) —

  The updated note for the finding.

• :record_state (String) —

  The updated record state for the finding.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 11665

def update_findings(params = {}, options = {})
  req = build_request(:update_findings, params)
  req.send_request(options)
end

#update_insight(params = {}) ⇒ Struct

Updates the Security Hub CSPM insight identified by the specified insight ARN.

Examples:

Example: To update an insight

# The following example updates the specified Security Hub insight.

resp = client.update_insight({
  filters: {
    resource_type: [
      {
        comparison: "EQUALS", 
        value: "AwsIamRole", 
      }, 
    ], 
    severity_label: [
      {
        comparison: "EQUALS", 
        value: "HIGH", 
      }, 
    ], 
  }, 
  insight_arn: "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", 
  name: "High severity role findings", 
})

Request syntax with placeholder values

resp = client.update_insight({
  insight_arn: "NonEmptyString", # required
  name: "NonEmptyString",
  filters: {
    product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    generator_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    first_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    severity_product: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_normalized: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    title: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    description: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    recommendation_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    product_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    product_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    company_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    user_defined_fields: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    malware_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    malware_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_direction: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_protocol: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_source_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_source_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_source_mac: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    network_destination_ip_v4: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_ip_v6: [
      {
        cidr: "NonEmptyString",
      },
    ],
    network_destination_port: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    network_destination_domain: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_path: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    process_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_parent_pid: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    process_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    process_terminated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_category: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_last_observed_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    threat_intel_indicator_source: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    threat_intel_indicator_source_url: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_partition: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_region: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_tags: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    resource_aws_ec2_instance_type: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_ip_v4_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_ip_v6_addresses: [
      {
        cidr: "NonEmptyString",
      },
    ],
    resource_aws_ec2_instance_key_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_iam_instance_profile_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_vpc_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_subnet_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_ec2_instance_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_s3_bucket_owner_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_s3_bucket_owner_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_principal_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_aws_iam_access_key_created_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_aws_iam_user_user_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_image_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_container_launched_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    resource_details_other: [
      {
        key: "NonEmptyString",
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
      },
    ],
    compliance_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    verification_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    workflow_status: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    record_state: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_text: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    note_updated_at: [
      {
        start: "NonEmptyString",
        end: "NonEmptyString",
        date_range: {
          value: 1,
          unit: "DAYS", # accepts DAYS
          comparison: "WITHIN", # accepts WITHIN, OLDER_THAN
        },
      },
    ],
    note_updated_by: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    keyword: [
      {
        value: "NonEmptyString",
      },
    ],
    finding_provider_fields_confidence: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_criticality: [
      {
        gte: 1.0,
        lte: 1.0,
        eq: 1.0,
        gt: 1.0,
        lt: 1.0,
      },
    ],
    finding_provider_fields_related_findings_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_related_findings_product_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_label: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_severity_original: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    finding_provider_fields_types: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    sample: [
      {
        value: false,
      },
    ],
    compliance_security_control_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_associated_standards_id: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_exploit_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    vulnerabilities_fix_available: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    compliance_security_control_parameters_value: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    aws_account_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_name: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
    resource_application_arn: [
      {
        value: "NonEmptyString",
        comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS, CONTAINS_WORD
      },
    ],
  },
  group_by_attribute: "NonEmptyString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :insight_arn (required, String) —

  The ARN of the insight that you want to update.

• :name (String) —

  The updated name for the insight.

• :filters (Types::AwsSecurityFindingFilters) —

  The updated filters that define this insight.

• :group_by_attribute (String) —

  The updated ‘GroupBy` attribute that defines this insight.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 12430

def update_insight(params = {}, options = {})
  req = build_request(:update_insight, params)
  req.send_request(options)
end

#update_organization_configuration(params = {}) ⇒ Struct

Updates the configuration of your organization in Security Hub CSPM. Only the Security Hub CSPM administrator account can invoke this operation.

Examples:

Example: To update organization configuration

# This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator
# account can invoke this operation.

resp = client.update_organization_configuration({
  auto_enable: false, 
  auto_enable_standards: "NONE", 
  organization_configuration: {
    configuration_type: "CENTRAL", 
  }, 
})

Request syntax with placeholder values

resp = client.update_organization_configuration({
  auto_enable: false, # required
  auto_enable_standards: "NONE", # accepts NONE, DEFAULT
  organization_configuration: {
    configuration_type: "CENTRAL", # accepts CENTRAL, LOCAL
    status: "PENDING", # accepts PENDING, ENABLED, FAILED
    status_message: "NonEmptyString",
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :auto_enable (required, Boolean) —

  Whether to automatically enable Security Hub CSPM in new member accounts when they join the organization.

  If set to ‘true`, then Security Hub CSPM is automatically enabled in new accounts. If set to `false`, then Security Hub CSPM isn’t enabled in new accounts automatically. The default value is ‘false`.

  If the ‘ConfigurationType` of your organization is set to `CENTRAL`, then this field is set to `false` and can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub CSPM is enabled and associate the policy with new organization accounts.

• :auto_enable_standards (String) —

  Whether to automatically enable Security Hub CSPM [default standards] in new member accounts when they join the organization.

  The default value of this parameter is equal to ‘DEFAULT`.

  If equal to ‘DEFAULT`, then Security Hub CSPM default standards are automatically enabled for new member accounts. If equal to `NONE`, then default standards are not automatically enabled for new member accounts.

  If the ‘ConfigurationType` of your organization is set to `CENTRAL`, then this field is set to `NONE` and can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.

  [1]: docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html

• :organization_configuration (Types::OrganizationConfiguration) —

  Provides information about the way an organization is configured in Security Hub CSPM.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 12512

def update_organization_configuration(params = {}, options = {})
  req = build_request(:update_organization_configuration, params)
  req.send_request(options)
end

#update_security_control(params = {}) ⇒ Struct

Updates the properties of a security control.

Examples:

Example: To update security control properties

# The following example updates the specified security control. Specifically, this example updates control parameters.

resp = client.update_security_control({
  last_update_reason: "Comply with internal requirements", 
  parameters: {
    "maxCredentialUsageAge" => {
      value: {
        integer: 15, 
      }, 
      value_type: "CUSTOM", 
    }, 
  }, 
  security_control_id: "ACM.1", 
})

resp.to_h outputs the following:
{
}

Request syntax with placeholder values

resp = client.update_security_control({
  security_control_id: "NonEmptyString", # required
  parameters: { # required
    "NonEmptyString" => {
      value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
      value: {
        integer: 1,
        integer_list: [1],
        double: 1.0,
        string: "NonEmptyString",
        string_list: ["NonEmptyString"],
        boolean: false,
        enum: "NonEmptyString",
        enum_list: ["NonEmptyString"],
      },
    },
  },
  last_update_reason: "AlphaNumericNonEmptyString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :security_control_id (required, String) —

  The Amazon Resource Name (ARN) or ID of the control to update.

• :parameters (required, Hash<String,Types::ParameterConfiguration>) —

  An object that specifies which security control parameters to update.

• :last_update_reason (String) —

  The most recent reason for updating the properties of the security control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 12580

def update_security_control(params = {}, options = {})
  req = build_request(:update_security_control, params)
  req.send_request(options)
end

#update_security_hub_configuration(params = {}) ⇒ Struct

Updates configuration options for Security Hub CSPM.

Examples:

Example: To update Security Hub settings

# The following example updates Security Hub settings to turn on consolidated control findings, and to automatically
# enable new controls in enabled standards.

resp = client.update_security_hub_configuration({
  auto_enable_controls: true, 
  control_finding_generator: "SECURITY_CONTROL", 
})

Request syntax with placeholder values

resp = client.update_security_hub_configuration({
  auto_enable_controls: false,
  control_finding_generator: "STANDARD_CONTROL", # accepts STANDARD_CONTROL, SECURITY_CONTROL
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :auto_enable_controls (Boolean) —

  Whether to automatically enable new controls when they are added to standards that are enabled.

  By default, this is set to ‘true`, and new controls are enabled automatically. To not automatically enable new controls, set this to `false`.

  When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of ‘DISABLED`. It can take up to several days for Security Hub CSPM to process the control release and designate the control as `ENABLED` in your account. During the processing period, you can manually enable or disable a control, and Security Hub CSPM will maintain that designation regardless of whether you have `AutoEnableControls` set to `true`.

• :control_finding_generator (String) —

  Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to ‘SECURITY_CONTROL`, Security Hub CSPM generates a single finding for a control check even when the check applies to multiple enabled standards.

  If the value for this field is set to ‘STANDARD_CONTROL`, Security Hub CSPM generates separate findings for a control check when the check applies to multiple enabled standards.

  For accounts that are part of an organization, this value can only be updated in the administrator account.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 12642

def update_security_hub_configuration(params = {}, options = {})
  req = build_request(:update_security_hub_configuration, params)
  req.send_request(options)
end

#update_standards_control(params = {}) ⇒ Struct

Used to control whether an individual security standard control is enabled or disabled.

Calls to this operation return a ‘RESOURCE_NOT_FOUND_EXCEPTION` error when the standard subscription for the control has `StandardsControlsUpdatable` value `NOT_READY_FOR_UPDATES`.

Examples:

Example: To update the enablement status of a standard control

# The following example disables the specified control in the specified security standard.

resp = client.update_standards_control({
  control_status: "DISABLED", 
  disabled_reason: "Not applicable to my service", 
  standards_control_arn: "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1", 
})

Request syntax with placeholder values

resp = client.update_standards_control({
  standards_control_arn: "NonEmptyString", # required
  control_status: "ENABLED", # accepts ENABLED, DISABLED
  disabled_reason: "NonEmptyString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :standards_control_arn (required, String) —

  The ARN of the security standard control to enable or disable.

• :control_status (String) —

  The updated status of the security standard control.

• :disabled_reason (String) —

  A description of the reason why you are disabling a security standard control. If you are disabling a control, then this is required.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-securityhub/client.rb', line 12689

def update_standards_control(params = {}, options = {})
  req = build_request(:update_standards_control, params)
  req.send_request(options)
end

#waiter_names ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-securityhub/client.rb', line 12718

def waiter_names
  []
end