From e624fd2d2228325c252cd87e8a894601350ea614 Mon Sep 17 00:00:00 2001 From: awstools Date: Tue, 25 Jul 2023 20:10:55 +0000 Subject: [PATCH] feat(client-securityhub): Add support for CONTAINS and NOT_CONTAINS comparison operators for Automation Rules string filters and map filters --- .../BatchGetAutomationRulesCommand.ts | 16 +- .../commands/BatchImportFindingsCommand.ts | 19 + .../BatchUpdateAutomationRulesCommand.ts | 16 +- .../commands/CreateAutomationRuleCommand.ts | 16 +- .../src/commands/CreateInsightCommand.ts | 18 +- .../src/commands/GetFindingsCommand.ts | 37 +- .../src/commands/GetInsightsCommand.ts | 18 +- .../src/commands/UpdateFindingsCommand.ts | 18 +- .../src/commands/UpdateInsightCommand.ts | 18 +- .../client-securityhub/src/models/models_0.ts | 399 +++--- .../client-securityhub/src/models/models_1.ts | 1091 +++-------------- .../client-securityhub/src/models/models_2.ts | 956 ++++++++++++++- .../src/protocols/Aws_restJson1.ts | 49 +- .../sdk-codegen/aws-models/securityhub.json | 162 ++- 14 files changed, 1618 insertions(+), 1215 deletions(-) diff --git a/clients/client-securityhub/src/commands/BatchGetAutomationRulesCommand.ts b/clients/client-securityhub/src/commands/BatchGetAutomationRulesCommand.ts index bdc566a3c455..3c797426ed5e 100644 --- a/clients/client-securityhub/src/commands/BatchGetAutomationRulesCommand.ts +++ b/clients/client-securityhub/src/commands/BatchGetAutomationRulesCommand.ts @@ -66,31 +66,31 @@ export interface BatchGetAutomationRulesCommandOutput extends BatchGetAutomation * // ProductArn: [ // StringFilterList * // { // StringFilter * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // AwsAccountId: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // Id: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // GeneratorId: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // Type: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // FirstObservedAt: [ // DateFilterList @@ -161,14 +161,14 @@ export interface BatchGetAutomationRulesCommandOutput extends BatchGetAutomation * // { // MapFilter * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // ResourceDetailsOther: [ * // { * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // ComplianceStatus: "", @@ -195,7 +195,7 @@ export interface BatchGetAutomationRulesCommandOutput extends BatchGetAutomation * // { * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // }, diff --git a/clients/client-securityhub/src/commands/BatchImportFindingsCommand.ts b/clients/client-securityhub/src/commands/BatchImportFindingsCommand.ts index 795ed3e5838a..d3a9f27709cb 100644 --- a/clients/client-securityhub/src/commands/BatchImportFindingsCommand.ts +++ b/clients/client-securityhub/src/commands/BatchImportFindingsCommand.ts @@ -2064,6 +2064,12 @@ export interface BatchImportFindingsCommandOutput extends BatchImportFindingsRes * DbClusterIdentifier: "STRING_VALUE", * DbClusterSnapshotIdentifier: "STRING_VALUE", * IamDatabaseAuthenticationEnabled: true || false, + * DbClusterSnapshotAttributes: [ // AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes + * { // AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute + * AttributeName: "STRING_VALUE", + * AttributeValues: "", + * }, + * ], * }, * AwsRdsDbCluster: { // AwsRdsDbClusterDetails * AllocatedStorage: Number("int"), @@ -3822,6 +3828,19 @@ export interface BatchImportFindingsCommandOutput extends BatchImportFindingsRes * }, * Type: "STRING_VALUE", * }, + * AwsAthenaWorkGroup: { // AwsAthenaWorkGroupDetails + * Name: "STRING_VALUE", + * Description: "STRING_VALUE", + * State: "STRING_VALUE", + * Configuration: { // AwsAthenaWorkGroupConfigurationDetails + * ResultConfiguration: { // AwsAthenaWorkGroupConfigurationResultConfigurationDetails + * EncryptionConfiguration: { // AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails + * EncryptionOption: "STRING_VALUE", + * KmsKey: "STRING_VALUE", + * }, + * }, + * }, + * }, * }, * }, * ], diff --git a/clients/client-securityhub/src/commands/BatchUpdateAutomationRulesCommand.ts b/clients/client-securityhub/src/commands/BatchUpdateAutomationRulesCommand.ts index f0946bca5906..7a065c85f166 100644 --- a/clients/client-securityhub/src/commands/BatchUpdateAutomationRulesCommand.ts +++ b/clients/client-securityhub/src/commands/BatchUpdateAutomationRulesCommand.ts @@ -59,31 +59,31 @@ export interface BatchUpdateAutomationRulesCommandOutput extends BatchUpdateAuto * ProductArn: [ // StringFilterList * { // StringFilter * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * AwsAccountId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Id: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * GeneratorId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Type: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * FirstObservedAt: [ // DateFilterList @@ -154,14 +154,14 @@ export interface BatchUpdateAutomationRulesCommandOutput extends BatchUpdateAuto * { // MapFilter * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ResourceDetailsOther: [ * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ComplianceStatus: "", @@ -188,7 +188,7 @@ export interface BatchUpdateAutomationRulesCommandOutput extends BatchUpdateAuto * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * }, diff --git a/clients/client-securityhub/src/commands/CreateAutomationRuleCommand.ts b/clients/client-securityhub/src/commands/CreateAutomationRuleCommand.ts index 4cf7b398cf7b..fa7f09185a53 100644 --- a/clients/client-securityhub/src/commands/CreateAutomationRuleCommand.ts +++ b/clients/client-securityhub/src/commands/CreateAutomationRuleCommand.ts @@ -58,31 +58,31 @@ export interface CreateAutomationRuleCommandOutput extends CreateAutomationRuleR * ProductArn: [ // StringFilterList * { // StringFilter * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * AwsAccountId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Id: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * GeneratorId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Type: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * FirstObservedAt: [ // DateFilterList @@ -153,14 +153,14 @@ export interface CreateAutomationRuleCommandOutput extends CreateAutomationRuleR * { // MapFilter * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ResourceDetailsOther: [ * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ComplianceStatus: "", @@ -187,7 +187,7 @@ export interface CreateAutomationRuleCommandOutput extends CreateAutomationRuleR * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * }, diff --git a/clients/client-securityhub/src/commands/CreateInsightCommand.ts b/clients/client-securityhub/src/commands/CreateInsightCommand.ts index a02c89b990d9..4f19c54b05bf 100644 --- a/clients/client-securityhub/src/commands/CreateInsightCommand.ts +++ b/clients/client-securityhub/src/commands/CreateInsightCommand.ts @@ -52,31 +52,31 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met * ProductArn: [ // StringFilterList * { // StringFilter * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * AwsAccountId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Id: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * GeneratorId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Region: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Type: "", @@ -157,7 +157,7 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met * { // MapFilter * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ProductName: "", @@ -166,7 +166,7 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * MalwareName: "", @@ -235,7 +235,7 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ResourceAwsEc2InstanceType: "", @@ -266,7 +266,7 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ComplianceStatus: "", diff --git a/clients/client-securityhub/src/commands/GetFindingsCommand.ts b/clients/client-securityhub/src/commands/GetFindingsCommand.ts index 93cc2dcda182..8f06eaa5ed56 100644 --- a/clients/client-securityhub/src/commands/GetFindingsCommand.ts +++ b/clients/client-securityhub/src/commands/GetFindingsCommand.ts @@ -49,31 +49,31 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * ProductArn: [ // StringFilterList * { // StringFilter * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * AwsAccountId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Id: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * GeneratorId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Region: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Type: "", @@ -154,7 +154,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * { // MapFilter * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ProductName: "", @@ -163,7 +163,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * MalwareName: "", @@ -232,7 +232,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ResourceAwsEc2InstanceType: "", @@ -263,7 +263,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ComplianceStatus: "", @@ -2254,6 +2254,12 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * // DbClusterIdentifier: "STRING_VALUE", * // DbClusterSnapshotIdentifier: "STRING_VALUE", * // IamDatabaseAuthenticationEnabled: true || false, + * // DbClusterSnapshotAttributes: [ // AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes + * // { // AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute + * // AttributeName: "STRING_VALUE", + * // AttributeValues: "", + * // }, + * // ], * // }, * // AwsRdsDbCluster: { // AwsRdsDbClusterDetails * // AllocatedStorage: Number("int"), @@ -4012,6 +4018,19 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * // }, * // Type: "STRING_VALUE", * // }, + * // AwsAthenaWorkGroup: { // AwsAthenaWorkGroupDetails + * // Name: "STRING_VALUE", + * // Description: "STRING_VALUE", + * // State: "STRING_VALUE", + * // Configuration: { // AwsAthenaWorkGroupConfigurationDetails + * // ResultConfiguration: { // AwsAthenaWorkGroupConfigurationResultConfigurationDetails + * // EncryptionConfiguration: { // AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails + * // EncryptionOption: "STRING_VALUE", + * // KmsKey: "STRING_VALUE", + * // }, + * // }, + * // }, + * // }, * // }, * // }, * // ], diff --git a/clients/client-securityhub/src/commands/GetInsightsCommand.ts b/clients/client-securityhub/src/commands/GetInsightsCommand.ts index e38de9a2d416..9d16303adcf2 100644 --- a/clients/client-securityhub/src/commands/GetInsightsCommand.ts +++ b/clients/client-securityhub/src/commands/GetInsightsCommand.ts @@ -61,31 +61,31 @@ export interface GetInsightsCommandOutput extends GetInsightsResponse, __Metadat * // ProductArn: [ // StringFilterList * // { // StringFilter * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // AwsAccountId: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // Id: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // GeneratorId: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // Region: [ * // { * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * // Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // Type: "", @@ -166,7 +166,7 @@ export interface GetInsightsCommandOutput extends GetInsightsResponse, __Metadat * // { // MapFilter * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // ProductName: "", @@ -175,7 +175,7 @@ export interface GetInsightsCommandOutput extends GetInsightsResponse, __Metadat * // { * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // MalwareName: "", @@ -244,7 +244,7 @@ export interface GetInsightsCommandOutput extends GetInsightsResponse, __Metadat * // { * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // ResourceAwsEc2InstanceType: "", @@ -275,7 +275,7 @@ export interface GetInsightsCommandOutput extends GetInsightsResponse, __Metadat * // { * // Key: "STRING_VALUE", * // Value: "STRING_VALUE", - * // Comparison: "EQUALS" || "NOT_EQUALS", + * // Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * // }, * // ], * // ComplianceStatus: "", diff --git a/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts b/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts index 457609829f6d..432873460f47 100644 --- a/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts +++ b/clients/client-securityhub/src/commands/UpdateFindingsCommand.ts @@ -53,31 +53,31 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M * ProductArn: [ // StringFilterList * { // StringFilter * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * AwsAccountId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Id: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * GeneratorId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Region: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Type: "", @@ -158,7 +158,7 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M * { // MapFilter * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ProductName: "", @@ -167,7 +167,7 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * MalwareName: "", @@ -236,7 +236,7 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ResourceAwsEc2InstanceType: "", @@ -267,7 +267,7 @@ export interface UpdateFindingsCommandOutput extends UpdateFindingsResponse, __M * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ComplianceStatus: "", diff --git a/clients/client-securityhub/src/commands/UpdateInsightCommand.ts b/clients/client-securityhub/src/commands/UpdateInsightCommand.ts index 019a589e9e0b..87213d1e6c53 100644 --- a/clients/client-securityhub/src/commands/UpdateInsightCommand.ts +++ b/clients/client-securityhub/src/commands/UpdateInsightCommand.ts @@ -50,31 +50,31 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met * ProductArn: [ // StringFilterList * { // StringFilter * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * AwsAccountId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Id: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * GeneratorId: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Region: [ * { * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS", + * Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * Type: "", @@ -155,7 +155,7 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met * { // MapFilter * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ProductName: "", @@ -164,7 +164,7 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * MalwareName: "", @@ -233,7 +233,7 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ResourceAwsEc2InstanceType: "", @@ -264,7 +264,7 @@ export interface UpdateInsightCommandOutput extends UpdateInsightResponse, __Met * { * Key: "STRING_VALUE", * Value: "STRING_VALUE", - * Comparison: "EQUALS" || "NOT_EQUALS", + * Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS", * }, * ], * ComplianceStatus: "", diff --git a/clients/client-securityhub/src/models/models_0.ts b/clients/client-securityhub/src/models/models_0.ts index 5e4648d02386..dede75593c9d 100644 --- a/clients/client-securityhub/src/models/models_0.ts +++ b/clients/client-securityhub/src/models/models_0.ts @@ -1082,7 +1082,9 @@ export type AutoEnableStandards = (typeof AutoEnableStandards)[keyof typeof Auto * @enum */ export const StringFilterComparison = { + CONTAINS: "CONTAINS", EQUALS: "EQUALS", + NOT_CONTAINS: "NOT_CONTAINS", NOT_EQUALS: "NOT_EQUALS", PREFIX: "PREFIX", PREFIX_NOT_EQUALS: "PREFIX_NOT_EQUALS", @@ -1095,74 +1097,75 @@ export type StringFilterComparison = (typeof StringFilterComparison)[keyof typeo /** * @public - *

A string filter for querying findings.

+ *

A string filter for filtering Security Hub findings.

*/ export interface StringFilter { /** *

The string filter value. Filter values are case sensitive. For example, the product name * for control-based findings is Security Hub. If you provide security hub - * as the filter text, then there is no match.

+ * as the filter value, there's no match.

*/ Value?: string; /** - *

The condition to apply to a string value when querying for findings. To search for - * values that contain the filter criteria value, use one of the following comparison - * operators:

+ *

The condition to apply to a string value when filtering Security Hub findings.

+ *

To search for values that have the filter value, use one of the following comparison operators:

*
    *
  • - *

    To search for values that exactly match the filter value, use - * EQUALS.

    - *

    For example, the filter ResourceType EQUALS AwsEc2SecurityGroup only - * matches findings that have a resource type of - * AwsEc2SecurityGroup.

    + *

    To search for values that include the filter value, use CONTAINS. For example, the + * filter Title CONTAINS CloudFront matches findings that have a Title that + * includes the string CloudFront.

    *
    • *
  • - *

    To search for values that start with the filter value, use - * PREFIX.

    - *

    For example, the filter ResourceType PREFIX AwsIam matches findings - * that have a resource type that starts with AwsIam. Findings with a - * resource type of AwsIamPolicy, AwsIamRole, or - * AwsIamUser would all match.

    + *

    To search for values that exactly match the filter value, use EQUALS. For example, + * the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of + * 123456789012.

    + *
    • + *
  • + *

    To search for values that start with the filter value, use PREFIX. For example, the + * filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts + * with us. A ResourceRegion that starts with a different value, such as af, + * ap, or ca, doesn't match.

    *
    • *
*

- * EQUALS and PREFIX filters on the same field are joined by - * OR. A finding matches if it matches any one of those filters.

- *

To search for values that do not contain the filter criteria value, use one of the - * following comparison operators:

+ * CONTAINS, EQUALS, and PREFIX filters on the same field are joined by + * OR. A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR + * Title CONTAINS CloudWatch match a finding that includes either CloudFront, + * CloudWatch, or both strings in the title.

+ *

To search for values that don’t have the filter value, use one of the following comparison operators:

*
    *
  • - *

    To search for values that do not exactly match the filter value, use - * NOT_EQUALS.

    - *

    For example, the filter ResourceType NOT_EQUALS AwsIamPolicy matches - * findings that have a resource type other than AwsIamPolicy.

    + *

    To search for values that exclude the filter value, use NOT_CONTAINS. For example, the + * filter Title NOT_CONTAINS CloudFront matches findings that have a Title that + * excludes the string CloudFront.

    + *
    • + *
  • + *

    To search for values other than the filter value, use NOT_EQUALS. For + * example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account + * ID other than 123456789012.

    *
    • *
  • - *

    To search for values that do not start with the filter value, use - * PREFIX_NOT_EQUALS.

    - *

    For example, the filter ResourceType PREFIX_NOT_EQUALS AwsIam matches - * findings that have a resource type that does not start with AwsIam. - * Findings with a resource type of AwsIamPolicy, AwsIamRole, - * or AwsIamUser would all be excluded from the results.

    + *

    To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS. For + * example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a + * ResourceRegion that starts with a value other than us.

    *
    • *
*

- * NOT_EQUALS and PREFIX_NOT_EQUALS filters on the same field are - * joined by AND. A finding matches only if it matches all of those - * filters.

- *

For filters on the same field, you cannot provide both an EQUALS filter and - * a NOT_EQUALS or PREFIX_NOT_EQUALS filter. Combining filters in - * this way always returns an error, even if the provided filter values would return valid - * results.

- *

You can combine PREFIX filters with NOT_EQUALS or - * PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the - * PREFIX filters, then the NOT_EQUALS or - * PREFIX_NOT_EQUALS filters.

- *

For example, for the following filter, Security Hub first identifies findings that have - * resource types that start with either AwsIAM or AwsEc2. It then - * excludes findings that have a resource type of AwsIamPolicy and findings that - * have a resource type of AwsEc2NetworkInterface.

+ * NOT_CONTAINS, NOT_EQUALS, and PREFIX_NOT_EQUALS filters on the same field + * are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND + * Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and + * CloudWatch in the title.

+ *

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, + * you can't provide both an EQUALS filter and a NOT_EQUALS or + * PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters + * can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with + * other NOT_CONTAINS filters.

+ *

You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. + * Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

+ *

For example, for the following filters, Security Hub first identifies findings that have resource types + * that start with either AwsIam or AwsEc2. It then excludes findings that have a resource + * type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface.

*
    *
  • *

    @@ -1185,6 +1188,9 @@ export interface StringFilter { *

    *
    • *
+ *

+ * CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, + * see Automation rules in the Security Hub User Guide.

*/ Comparison?: StringFilterComparison | string; } @@ -1272,7 +1278,9 @@ export interface DateFilter { * @enum */ export const MapFilterComparison = { + CONTAINS: "CONTAINS", EQUALS: "EQUALS", + NOT_CONTAINS: "NOT_CONTAINS", NOT_EQUALS: "NOT_EQUALS", } as const; @@ -1283,8 +1291,8 @@ export type MapFilterComparison = (typeof MapFilterComparison)[keyof typeof MapF /** * @public - *

A map filter for querying findings. Each map filter provides the field to check, the - * value to look for, and the comparison operator.

+ *

A map filter for filtering Security Hub findings. Each map filter provides the field to check for, the + * value to check for, and the comparison operator.

*/ export interface MapFilter { /** @@ -1297,29 +1305,60 @@ export interface MapFilter { /** *

The value for the key in the map filter. Filter values are case sensitive. For example, * one of the values for a tag called Department might be Security. - * If you provide security as the filter value, then there is no match.

+ * If you provide security as the filter value, then there's no match.

*/ Value?: string; /** - *

The condition to apply to the key value when querying for findings with a map + *

The condition to apply to the key value when filtering Security Hub findings with a map * filter.

- *

To search for values that exactly match the filter value, use EQUALS. For - * example, for the ResourceTags field, the filter Department EQUALS - * Security matches findings that have the value Security for the tag - * Department.

- *

To search for values other than the filter value, use NOT_EQUALS. For - * example, for the ResourceTags field, the filter Department NOT_EQUALS - * Finance matches findings that do not have the value Finance for the - * tag Department.

+ *

To search for values that have the filter value, use one of the following comparison operators:

+ *
    + *
  • + *

    To search for values that include the filter value, use CONTAINS. For example, for the + * ResourceTags field, the filter Department CONTAINS Security matches findings that + * include the value Security for the Department tag. In the same example, a finding with a value of + * Security team for the Department tag is a match.

    + *
    • + *
  • + *

    To search for values that exactly match the filter value, use EQUALS. For example, for + * the ResourceTags field, the filter Department EQUALS Security matches findings that + * have the value Security for the Department tag.

    + *
    • + *
*

- * EQUALS filters on the same field are joined by OR. A finding - * matches if it matches any one of those filters.

+ * CONTAINS and EQUALS filters on the same field are joined by OR. A + * finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR + * Department CONTAINS Finance match a finding that includes either Security, + * Finance, or both values.

+ *

To search for values that don't have the filter value, use one of the following comparison operators:

+ *
    + *
  • + *

    To search for values that exclude the filter value, use NOT_CONTAINS. For example, for + * the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings + * that exclude the value Finance for the Department tag.

    + *
    • + *
  • + *

    To search for values other than the filter value, use NOT_EQUALS. For example, for the + * ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that + * don’t have the value Finance for the Department tag.

    + *
    • + *
*

- * NOT_EQUALS filters on the same field are joined by AND. A - * finding matches only if it matches all of those filters.

- *

You cannot have both an EQUALS filter and a NOT_EQUALS filter - * on the same field.

+ * NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND. + * A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND + * Department NOT_CONTAINS Finance match a finding that excludes both the Security and + * Finance values.

+ *

+ * CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS + * filters can only be used with other NOT_CONTAINS filters.

+ *

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. + * Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. + * Combining filters in this way returns an error. + *

+ *

+ * CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, + * see Automation rules in the Security Hub User Guide.

*/ Comparison?: MapFilterComparison | string; } @@ -1663,10 +1702,9 @@ export interface AutomationRulesConfig { Description?: string; /** - *

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful - * when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this - * field is set to true for a rule, Security Hub applies the rule action to a finding that matches - * the rule criteria and doesn't evaluate other rules for the finding.
 The default value of this field is false. + *

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding + * matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches + * the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. *

*/ IsTerminal?: boolean; @@ -1766,11 +1804,9 @@ export interface AutomationRulesMetadata { Description?: string; /** - *

- * Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful - * when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this - * field is set to true for a rule, Security Hub applies the rule action to a finding that matches - * the rule criteria and doesn't evaluate other rules for the finding.
 The default value of this field is false. + *

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding + * matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches + * the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. *

*/ IsTerminal?: boolean; @@ -2993,6 +3029,105 @@ export interface AwsAppSyncGraphQlApiDetails { WafWebAclArn?: string; } +/** + * @public + *

+ * Specifies the method used to encrypt the user’s data stores in the Athena workgroup. + *

+ */ +export interface AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails { + /** + *

+ * Indicates whether Amazon Simple Storage Service (Amazon S3) server-side encryption with Amazon S3 managed + * keys (SSE_S3), server-side encryption with KMS keys (SSE_KMS), or client-side encryption with + * KMS customer managed keys (CSE_KMS) is used. + *

+ */ + EncryptionOption?: string; + + /** + *

+ * For SSE_KMS and CSE_KMS, this is the KMS key Amazon Resource Name (ARN) or ID. + *

+ */ + KmsKey?: string; +} + +/** + * @public + *

+ * The location in Amazon Simple Storage Service (Amazon S3) where query and calculation results are stored and the encryption option, if any, + * used for query and calculation results. These are known as client-side settings. If workgroup settings override + * client-side settings, then the query uses the workgroup settings. + *

+ */ +export interface AwsAthenaWorkGroupConfigurationResultConfigurationDetails { + /** + *

+ * Specifies the method used to encrypt the user’s data stores in the Athena workgroup. + *

+ */ + EncryptionConfiguration?: AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails; +} + +/** + * @public + *

+ * The configuration of the workgroup, which includes the location in Amazon Simple Storage Service (Amazon S3) where + * query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch + * metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is + * specified. + *

+ */ +export interface AwsAthenaWorkGroupConfigurationDetails { + /** + *

+ * The location in Amazon S3 where query and calculation results are stored and the + * encryption option, if any, used for query and calculation results. These are known as client-side settings. If + * workgroup settings override client-side settings, then the query uses the workgroup settings.

+ */ + ResultConfiguration?: AwsAthenaWorkGroupConfigurationResultConfigurationDetails; +} + +/** + * @public + *

+ * Provides information about an Amazon Athena workgroup. + *

+ */ +export interface AwsAthenaWorkGroupDetails { + /** + *

+ * The workgroup name. + *

+ */ + Name?: string; + + /** + *

+ * The workgroup description. + *

+ */ + Description?: string; + + /** + *

+ * Whether the workgroup is enabled or disabled. + *

+ */ + State?: string; + + /** + *

+ * The configuration of the workgroup, which includes the location in Amazon Simple Storage Service (Amazon S3) + * where query results are stored, the encryption option, if any, used for query results, whether + * Amazon CloudWatch metrics are enabled for the workgroup, and the limit for the amount of bytes scanned + * (cutoff) per query, if it is specified. + *

+ */ + Configuration?: AwsAthenaWorkGroupConfigurationDetails; +} + /** * @public *

An Availability Zone for the automatic scaling group.

@@ -11138,123 +11273,3 @@ export interface AwsEfsAccessPointRootDirectoryCreationInfoDetails { */ Permissions?: string; } - -/** - * @public - *

Provides information about the directory on the Amazon EFS file system that the access point exposes - * as the root directory to NFS clients using the access point. - *

- */ -export interface AwsEfsAccessPointRootDirectoryDetails { - /** - *

Specifies the POSIX IDs and permissions to apply to the access point's root directory. - *

- */ - CreationInfo?: AwsEfsAccessPointRootDirectoryCreationInfoDetails; - - /** - *

Specifies the path on the Amazon EFS file system to expose as the root directory to NFS clients - * using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified - * path does not exist, you are required to provide CreationInfo. - *

- */ - Path?: string; -} - -/** - * @public - *

Provides information about an Amazon EFS access point. - *

- */ -export interface AwsEfsAccessPointDetails { - /** - *

The ID of the Amazon EFS access point. - *

- */ - AccessPointId?: string; - - /** - *

The Amazon Resource Name (ARN) of the Amazon EFS access point.

- */ - Arn?: string; - - /** - *

The opaque string specified in the request to ensure idempotent creation. - *

- */ - ClientToken?: string; - - /** - *

The ID of the Amazon EFS file system that the access point applies to. - *

- */ - FileSystemId?: string; - - /** - *

The full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point, - * that is used for all file operations by NFS clients using the access point. - *

- */ - PosixUser?: AwsEfsAccessPointPosixUserDetails; - - /** - *

The directory on the Amazon EFS file system that the access point exposes as the root - * directory to NFS clients using the access point. - *

- */ - RootDirectory?: AwsEfsAccessPointRootDirectoryDetails; -} - -/** - * @public - *

Details for a cluster logging configuration.

- */ -export interface AwsEksClusterLoggingClusterLoggingDetails { - /** - *

Whether the logging types that are listed in Types are enabled.

- */ - Enabled?: boolean; - - /** - *

A list of logging types. Valid values are as follows:

- *
    - *
  • - *

    - * api - *

    - *
    • - *
  • - *

    - * audit - *

    - *
    • - *
  • - *

    - * authenticator - *

    - *
    • - *
  • - *

    - * controllerManager - *

    - *
    • - *
  • - *

    - * scheduler - *

    - *
    • - *
- */ - Types?: string[]; -} - -/** - * @public - *

The logging configuration for an Amazon EKS cluster.

- */ -export interface AwsEksClusterLoggingDetails { - /** - *

Cluster logging configurations.

- */ - ClusterLogging?: AwsEksClusterLoggingClusterLoggingDetails[]; -} diff --git a/clients/client-securityhub/src/models/models_1.ts b/clients/client-securityhub/src/models/models_1.ts index 2c73ccaf3a42..cf376132722f 100644 --- a/clients/client-securityhub/src/models/models_1.ts +++ b/clients/client-securityhub/src/models/models_1.ts @@ -1,6 +1,5 @@ // smithy-typescript generated code import { - Action, Adjustment, AssociatedStandard, AvailabilityZone, @@ -10,6 +9,7 @@ import { AwsApiGatewayV2ApiDetails, AwsApiGatewayV2StageDetails, AwsAppSyncGraphQlApiDetails, + AwsAthenaWorkGroupDetails, AwsAutoScalingAutoScalingGroupDetails, AwsAutoScalingLaunchConfigurationDetails, AwsBackupBackupPlanDetails, @@ -43,18 +43,133 @@ import { AwsEcsServiceDetails, AwsEcsTaskDefinitionDetails, AwsEcsTaskDetails, - AwsEfsAccessPointDetails, - AwsEksClusterLoggingDetails, - DateFilter, - MapFilter, - NumberFilter, + AwsEfsAccessPointPosixUserDetails, + AwsEfsAccessPointRootDirectoryCreationInfoDetails, RelatedFinding, SeverityLabel, - StringFilter, - VerificationState, WorkflowStatus, } from "./models_0"; +/** + * @public + *

Provides information about the directory on the Amazon EFS file system that the access point exposes + * as the root directory to NFS clients using the access point. + *

+ */ +export interface AwsEfsAccessPointRootDirectoryDetails { + /** + *

Specifies the POSIX IDs and permissions to apply to the access point's root directory. + *

+ */ + CreationInfo?: AwsEfsAccessPointRootDirectoryCreationInfoDetails; + + /** + *

Specifies the path on the Amazon EFS file system to expose as the root directory to NFS clients + * using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified + * path does not exist, you are required to provide CreationInfo. + *

+ */ + Path?: string; +} + +/** + * @public + *

Provides information about an Amazon EFS access point. + *

+ */ +export interface AwsEfsAccessPointDetails { + /** + *

The ID of the Amazon EFS access point. + *

+ */ + AccessPointId?: string; + + /** + *

The Amazon Resource Name (ARN) of the Amazon EFS access point.

+ */ + Arn?: string; + + /** + *

The opaque string specified in the request to ensure idempotent creation. + *

+ */ + ClientToken?: string; + + /** + *

The ID of the Amazon EFS file system that the access point applies to. + *

+ */ + FileSystemId?: string; + + /** + *

The full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point, + * that is used for all file operations by NFS clients using the access point. + *

+ */ + PosixUser?: AwsEfsAccessPointPosixUserDetails; + + /** + *

The directory on the Amazon EFS file system that the access point exposes as the root + * directory to NFS clients using the access point. + *

+ */ + RootDirectory?: AwsEfsAccessPointRootDirectoryDetails; +} + +/** + * @public + *

Details for a cluster logging configuration.

+ */ +export interface AwsEksClusterLoggingClusterLoggingDetails { + /** + *

Whether the logging types that are listed in Types are enabled.

+ */ + Enabled?: boolean; + + /** + *

A list of logging types. Valid values are as follows:

+ *
    + *
  • + *

    + * api + *

    + *
    • + *
  • + *

    + * audit + *

    + *
    • + *
  • + *

    + * authenticator + *

    + *
    • + *
  • + *

    + * controllerManager + *

    + *
    • + *
  • + *

    + * scheduler + *

    + *
    • + *
+ */ + Types?: string[]; +} + +/** + * @public + *

The logging configuration for an Amazon EKS cluster.

+ */ +export interface AwsEksClusterLoggingDetails { + /** + *

Cluster logging configurations.

+ */ + ClusterLogging?: AwsEksClusterLoggingClusterLoggingDetails[]; +} + /** * @public *

Information about the VPC configuration used by the cluster control plane.

@@ -3810,6 +3925,32 @@ export interface AwsRdsDbClusterDetails { IamDatabaseAuthenticationEnabled?: boolean; } +/** + * @public + *

+ * Contains the name and values of a manual Amazon Relational Database Service (RDS) DB cluster snapshot attribute. + *

+ */ +export interface AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute { + /** + *

+ * The name of the manual DB cluster snapshot attribute. The attribute named restore refers to the list of + * Amazon Web Services accounts that have permission to copy or restore the manual DB cluster snapshot. + *

+ */ + AttributeName?: string; + + /** + *

+ * The value(s) for the manual DB cluster snapshot attribute. If the AttributeName field is set to + * restore, then this element returns a list of IDs of the Amazon Web Services accounts that are authorized + * to copy or restore the manual DB cluster snapshot. If a value of all is in the list, then the manual + * DB cluster snapshot is public and available for any Amazon Web Services account to copy or restore. + *

+ */ + AttributeValues?: string[]; +} + /** * @public *

Information about an Amazon RDS DB cluster snapshot.

@@ -3911,6 +4052,13 @@ export interface AwsRdsDbClusterSnapshotDetails { *

Whether mapping of IAM accounts to database accounts is enabled.

*/ IamDatabaseAuthenticationEnabled?: boolean; + + /** + *

+ * Contains the name and values of a manual DB cluster snapshot attribute. + *

+ */ + DbClusterSnapshotAttributes?: AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute[]; } /** @@ -9662,6 +9810,14 @@ export interface ResourceDetails { *

*/ AwsStepFunctionStateMachine?: AwsStepFunctionStateMachineDetails; + + /** + *

+ * Provides information about an Amazon Athena workgroup. A workgroup helps you separate users, teams, + * applications, or workloads. It also helps you set limits on data processing and track costs. + *

+ */ + AwsAthenaWorkGroup?: AwsAthenaWorkGroupDetails; } /** @@ -10255,922 +10411,3 @@ export const WorkflowState = { * @public */ export type WorkflowState = (typeof WorkflowState)[keyof typeof WorkflowState]; - -/** - * @public - *

Provides a consistent format for Security Hub findings. - * AwsSecurityFinding format allows you to share findings between Amazon Web Services - * security services and third-party solutions.

- * - *

A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party - * solutions and standards checks.

- * - */ -export interface AwsSecurityFinding { - /** - *

The schema version that a finding is formatted for.

- */ - SchemaVersion: string | undefined; - - /** - *

The security findings provider-specific identifier for a finding.

- */ - Id: string | undefined; - - /** - *

The ARN generated by Security Hub that uniquely identifies a product that generates findings. - * This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for - * a custom integration.

- */ - ProductArn: string | undefined; - - /** - *

The name of the product that generated the finding.

- *

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

- *

When you use the Security Hub console or API to filter findings by product name, you use this attribute.

- */ - ProductName?: string; - - /** - *

The name of the company for the product that generated the finding.

- *

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

- *

When you use the Security Hub console or API to filter findings by company name, you use this attribute.

- */ - CompanyName?: string; - - /** - *

The Region from which the finding was generated.

- *

Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

- */ - Region?: string; - - /** - *

The identifier for the solution-specific component (a discrete unit of logic) that - * generated a finding. In various security findings providers' solutions, this generator can - * be called a rule, a check, a detector, a plugin, etc.

- */ - GeneratorId: string | undefined; - - /** - *

The Amazon Web Services account ID that a finding is generated in.

- */ - AwsAccountId: string | undefined; - - /** - *

One or more finding types in the format of namespace/category/classifier - * that classify a finding.

- *

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual - * Behaviors | Sensitive Data Identifications

- */ - Types?: string[]; - - /** - *

Indicates when the security findings provider first observed the potential security - * issue that a finding captured.

- *

Uses the date-time format specified in RFC 3339 section 5.6, Internet - * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, - * 2020-03-22T13:22:13.933Z.

- */ - FirstObservedAt?: string; - - /** - *

Indicates when the security findings provider most recently observed the potential - * security issue that a finding captured.

- *

Uses the date-time format specified in RFC 3339 section 5.6, Internet - * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, - * 2020-03-22T13:22:13.933Z.

- */ - LastObservedAt?: string; - - /** - *

Indicates when the security findings provider created the potential security issue that - * a finding captured.

- *

Uses the date-time format specified in RFC 3339 section 5.6, Internet - * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, - * 2020-03-22T13:22:13.933Z.

- */ - CreatedAt: string | undefined; - - /** - *

Indicates when the security findings provider last updated the finding record.

- *

Uses the date-time format specified in RFC 3339 section 5.6, Internet - * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, - * 2020-03-22T13:22:13.933Z.

- */ - UpdatedAt: string | undefined; - - /** - *

A finding's severity.

- */ - Severity?: Severity; - - /** - *

A finding's confidence. Confidence is defined as the likelihood that a finding - * accurately identifies the behavior or issue that it was intended to identify.

- *

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent - * confidence and 100 means 100 percent confidence.

- */ - Confidence?: number; - - /** - *

The level of importance assigned to the resources associated with the finding.

- *

A score of 0 means that the underlying resources have no criticality, and a score of 100 - * is reserved for the most critical resources.

- */ - Criticality?: number; - - /** - *

A finding's title.

- * - *

In this release, Title is a required property.

- * - */ - Title: string | undefined; - - /** - *

A finding's description.

- * - *

In this release, Description is a required property.

- * - */ - Description: string | undefined; - - /** - *

A data type that describes the remediation options for a finding.

- */ - Remediation?: Remediation; - - /** - *

A URL that links to a page about the current finding in the security findings provider's - * solution.

- */ - SourceUrl?: string; - - /** - *

A data type where security findings providers can include additional solution-specific - * details that aren't part of the defined AwsSecurityFinding format.

- *

Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

- */ - ProductFields?: Record; - - /** - *

A list of name/value string pairs associated with the finding. These are custom, - * user-defined fields added to a finding.

- */ - UserDefinedFields?: Record; - - /** - *

A list of malware related to a finding.

- */ - Malware?: Malware[]; - - /** - *

The details of network-related information about a finding.

- */ - Network?: Network; - - /** - *

Provides information about a network path that is relevant to a finding. Each entry - * under NetworkPath represents a component of that path.

- */ - NetworkPath?: NetworkPathComponent[]; - - /** - *

The details of process-related information about a finding.

- */ - Process?: ProcessDetails; - - /** - *

Details about the threat detected in a security finding and the file paths that were affected by the threat. - *

- */ - Threats?: Threat[]; - - /** - *

Threat intelligence details related to a finding.

- */ - ThreatIntelIndicators?: ThreatIntelIndicator[]; - - /** - *

A set of resource data types that describe the resources that the finding refers - * to.

- */ - Resources: Resource[] | undefined; - - /** - *

This data type is exclusive to findings that are generated as the result of a check run - * against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. - * Contains security standard-related finding details.

- */ - Compliance?: Compliance; - - /** - *

Indicates the veracity of a finding.

- */ - VerificationState?: VerificationState | string; - - /** - * @deprecated - * - *

The workflow state of a finding.

- */ - WorkflowState?: WorkflowState | string; - - /** - *

Provides information about the status of the investigation into a finding.

- */ - Workflow?: Workflow; - - /** - *

The record state of a finding.

- */ - RecordState?: RecordState | string; - - /** - *

A list of related findings.

- */ - RelatedFindings?: RelatedFinding[]; - - /** - *

A user-defined note added to a finding.

- */ - Note?: Note; - - /** - *

Provides a list of vulnerabilities associated with the findings.

- */ - Vulnerabilities?: Vulnerability[]; - - /** - *

Provides an overview of the patch compliance status for an instance against a selected - * compliance standard.

- */ - PatchSummary?: PatchSummary; - - /** - *

Provides details about an action that affects or that was taken on a resource.

- */ - Action?: Action; - - /** - *

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

- */ - FindingProviderFields?: FindingProviderFields; - - /** - *

Indicates whether the finding is a sample finding.

- */ - Sample?: boolean; -} - -/** - * @public - *

A keyword filter for querying findings.

- */ -export interface KeywordFilter { - /** - *

A value for the keyword.

- */ - Value?: string; -} - -/** - * @public - *

The IP filter for querying findings.

- */ -export interface IpFilter { - /** - *

A finding's CIDR value.

- */ - Cidr?: string; -} - -/** - * @public - *

Boolean filter for querying findings.

- */ -export interface BooleanFilter { - /** - *

The value of the boolean.

- */ - Value?: boolean; -} - -/** - * @public - *

A collection of attributes that are applied to all active Security Hub-aggregated findings and - * that result in a subset of findings that are included in this insight.

- *

You can filter by up to 10 finding attributes. For each attribute, you can provide up to - * 20 filter values.

- */ -export interface AwsSecurityFindingFilters { - /** - *

The ARN generated by Security Hub that uniquely identifies a third-party company - * (security findings provider) after this provider's product (solution that generates - * findings) is registered with Security Hub.

- */ - ProductArn?: StringFilter[]; - - /** - *

The Amazon Web Services account ID that a finding is generated in.

- */ - AwsAccountId?: StringFilter[]; - - /** - *

The security findings provider-specific identifier for a finding.

- */ - Id?: StringFilter[]; - - /** - *

The identifier for the solution-specific component (a discrete unit of logic) that - * generated a finding. In various security findings providers' solutions, this generator can - * be called a rule, a check, a detector, a plugin, etc.

- */ - GeneratorId?: StringFilter[]; - - /** - *

The Region from which the finding was generated.

- */ - Region?: StringFilter[]; - - /** - *

A finding type in the format of namespace/category/classifier that - * classifies a finding.

- */ - Type?: StringFilter[]; - - /** - *

An ISO8601-formatted timestamp that indicates when the security findings provider first - * observed the potential security issue that a finding captured.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - FirstObservedAt?: DateFilter[]; - - /** - *

An ISO8601-formatted timestamp that indicates when the security findings provider most - * recently observed the potential security issue that a finding captured.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - LastObservedAt?: DateFilter[]; - - /** - *

An ISO8601-formatted timestamp that indicates when the security findings provider - * captured the potential security issue that a finding captured.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - CreatedAt?: DateFilter[]; - - /** - *

An ISO8601-formatted timestamp that indicates when the security findings provider last - * updated the finding record.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - UpdatedAt?: DateFilter[]; - - /** - * @deprecated - * - *

The native severity as defined by the security findings provider's solution that - * generated the finding.

- */ - SeverityProduct?: NumberFilter[]; - - /** - * @deprecated - * - *

The normalized severity of a finding.

- */ - SeverityNormalized?: NumberFilter[]; - - /** - *

The label of a finding's severity.

- */ - SeverityLabel?: StringFilter[]; - - /** - *

A finding's confidence. Confidence is defined as the likelihood that a finding - * accurately identifies the behavior or issue that it was intended to identify.

- *

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent - * confidence and 100 means 100 percent confidence.

- */ - Confidence?: NumberFilter[]; - - /** - *

The level of importance assigned to the resources associated with the finding.

- *

A score of 0 means that the underlying resources have no criticality, and a score of 100 - * is reserved for the most critical resources.

- */ - Criticality?: NumberFilter[]; - - /** - *

A finding's title.

- */ - Title?: StringFilter[]; - - /** - *

A finding's description.

- */ - Description?: StringFilter[]; - - /** - *

The recommendation of what to do about the issue described in a finding.

- */ - RecommendationText?: StringFilter[]; - - /** - *

A URL that links to a page about the current finding in the security findings provider's - * solution.

- */ - SourceUrl?: StringFilter[]; - - /** - *

A data type where security findings providers can include additional solution-specific - * details that aren't part of the defined AwsSecurityFinding format.

- */ - ProductFields?: MapFilter[]; - - /** - *

The name of the solution (product) that generates findings.

- */ - ProductName?: StringFilter[]; - - /** - *

The name of the findings provider (company) that owns the solution (product) that - * generates findings.

- */ - CompanyName?: StringFilter[]; - - /** - *

A list of name/value string pairs associated with the finding. These are custom, - * user-defined fields added to a finding.

- */ - UserDefinedFields?: MapFilter[]; - - /** - *

The name of the malware that was observed.

- */ - MalwareName?: StringFilter[]; - - /** - *

The type of the malware that was observed.

- */ - MalwareType?: StringFilter[]; - - /** - *

The filesystem path of the malware that was observed.

- */ - MalwarePath?: StringFilter[]; - - /** - *

The state of the malware that was observed.

- */ - MalwareState?: StringFilter[]; - - /** - *

Indicates the direction of network traffic associated with a finding.

- */ - NetworkDirection?: StringFilter[]; - - /** - *

The protocol of network-related information about a finding.

- */ - NetworkProtocol?: StringFilter[]; - - /** - *

The source IPv4 address of network-related information about a finding.

- */ - NetworkSourceIpV4?: IpFilter[]; - - /** - *

The source IPv6 address of network-related information about a finding.

- */ - NetworkSourceIpV6?: IpFilter[]; - - /** - *

The source port of network-related information about a finding.

- */ - NetworkSourcePort?: NumberFilter[]; - - /** - *

The source domain of network-related information about a finding.

- */ - NetworkSourceDomain?: StringFilter[]; - - /** - *

The source media access control (MAC) address of network-related information about a - * finding.

- */ - NetworkSourceMac?: StringFilter[]; - - /** - *

The destination IPv4 address of network-related information about a finding.

- */ - NetworkDestinationIpV4?: IpFilter[]; - - /** - *

The destination IPv6 address of network-related information about a finding.

- */ - NetworkDestinationIpV6?: IpFilter[]; - - /** - *

The destination port of network-related information about a finding.

- */ - NetworkDestinationPort?: NumberFilter[]; - - /** - *

The destination domain of network-related information about a finding.

- */ - NetworkDestinationDomain?: StringFilter[]; - - /** - *

The name of the process.

- */ - ProcessName?: StringFilter[]; - - /** - *

The path to the process executable.

- */ - ProcessPath?: StringFilter[]; - - /** - *

The process ID.

- */ - ProcessPid?: NumberFilter[]; - - /** - *

The parent process ID. This field accepts positive integers between O and 2147483647.

- */ - ProcessParentPid?: NumberFilter[]; - - /** - *

A timestamp that identifies when the process was launched.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - ProcessLaunchedAt?: DateFilter[]; - - /** - *

A timestamp that identifies when the process was terminated.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - ProcessTerminatedAt?: DateFilter[]; - - /** - *

The type of a threat intelligence indicator.

- */ - ThreatIntelIndicatorType?: StringFilter[]; - - /** - *

The value of a threat intelligence indicator.

- */ - ThreatIntelIndicatorValue?: StringFilter[]; - - /** - *

The category of a threat intelligence indicator.

- */ - ThreatIntelIndicatorCategory?: StringFilter[]; - - /** - *

A timestamp that identifies the last observation of a threat intelligence indicator.

- */ - ThreatIntelIndicatorLastObservedAt?: DateFilter[]; - - /** - *

The source of the threat intelligence.

- */ - ThreatIntelIndicatorSource?: StringFilter[]; - - /** - *

The URL for more details from the source of the threat intelligence.

- */ - ThreatIntelIndicatorSourceUrl?: StringFilter[]; - - /** - *

Specifies the type of the resource that details are provided for.

- */ - ResourceType?: StringFilter[]; - - /** - *

The canonical identifier for the given resource type.

- */ - ResourceId?: StringFilter[]; - - /** - *

The canonical Amazon Web Services partition name that the Region is assigned to.

- */ - ResourcePartition?: StringFilter[]; - - /** - *

The canonical Amazon Web Services external Region name where this resource is located.

- */ - ResourceRegion?: StringFilter[]; - - /** - *

A list of Amazon Web Services tags associated with a resource at the time the finding was - * processed.

- */ - ResourceTags?: MapFilter[]; - - /** - *

The instance type of the instance.

- */ - ResourceAwsEc2InstanceType?: StringFilter[]; - - /** - *

The Amazon Machine Image (AMI) ID of the instance.

- */ - ResourceAwsEc2InstanceImageId?: StringFilter[]; - - /** - *

The IPv4 addresses associated with the instance.

- */ - ResourceAwsEc2InstanceIpV4Addresses?: IpFilter[]; - - /** - *

The IPv6 addresses associated with the instance.

- */ - ResourceAwsEc2InstanceIpV6Addresses?: IpFilter[]; - - /** - *

The key name associated with the instance.

- */ - ResourceAwsEc2InstanceKeyName?: StringFilter[]; - - /** - *

The IAM profile ARN of the instance.

- */ - ResourceAwsEc2InstanceIamInstanceProfileArn?: StringFilter[]; - - /** - *

The identifier of the VPC that the instance was launched in.

- */ - ResourceAwsEc2InstanceVpcId?: StringFilter[]; - - /** - *

The identifier of the subnet that the instance was launched in.

- */ - ResourceAwsEc2InstanceSubnetId?: StringFilter[]; - - /** - *

The date and time the instance was launched.

- */ - ResourceAwsEc2InstanceLaunchedAt?: DateFilter[]; - - /** - *

The canonical user ID of the owner of the S3 bucket.

- */ - ResourceAwsS3BucketOwnerId?: StringFilter[]; - - /** - *

The display name of the owner of the S3 bucket.

- */ - ResourceAwsS3BucketOwnerName?: StringFilter[]; - - /** - * @deprecated - * - *

The user associated with the IAM access key related to a finding.

- */ - ResourceAwsIamAccessKeyUserName?: StringFilter[]; - - /** - *

The name of the principal that is associated with an IAM access key.

- */ - ResourceAwsIamAccessKeyPrincipalName?: StringFilter[]; - - /** - *

The status of the IAM access key related to a finding.

- */ - ResourceAwsIamAccessKeyStatus?: StringFilter[]; - - /** - *

The creation date/time of the IAM access key related to a finding.

- */ - ResourceAwsIamAccessKeyCreatedAt?: DateFilter[]; - - /** - *

The name of an IAM user.

- */ - ResourceAwsIamUserUserName?: StringFilter[]; - - /** - *

The name of the container related to a finding.

- */ - ResourceContainerName?: StringFilter[]; - - /** - *

The identifier of the image related to a finding.

- */ - ResourceContainerImageId?: StringFilter[]; - - /** - *

The name of the image related to a finding.

- */ - ResourceContainerImageName?: StringFilter[]; - - /** - *

A timestamp that identifies when the container was started.

- *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

- */ - ResourceContainerLaunchedAt?: DateFilter[]; - - /** - *

The details of a resource that doesn't have a specific subfield for the resource type - * defined.

- */ - ResourceDetailsOther?: MapFilter[]; - - /** - *

Exclusive to findings that are generated as the result of a check run against a specific - * rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security - * standard-related finding details.

- */ - ComplianceStatus?: StringFilter[]; - - /** - *

The veracity of a finding.

- */ - VerificationState?: StringFilter[]; - - /** - *

The workflow state of a finding.

- *

Note that this field is deprecated. To search for a finding based on its workflow - * status, use WorkflowStatus.

- */ - WorkflowState?: StringFilter[]; - - /** - *

The status of the investigation into a finding. Allowed values are the following.

- *
    - *
  • - *

    - * NEW - The initial state of a finding, before it is reviewed.

    - *

    Security Hub also resets the workflow status from NOTIFIED or - * RESOLVED to NEW in the following cases:

    - *
      - *
    • - *

      - * RecordState changes from ARCHIVED to ACTIVE.

      - *
      • - *
    • - *

      - * Compliance.Status changes from PASSED to either WARNING, - * FAILED, or NOT_AVAILABLE.

      - *
      • - *
    - *
    • - *
  • - *

    - * NOTIFIED - Indicates that the resource owner has been notified about - * the security issue. Used when the initial reviewer is not the resource owner, and - * needs intervention from the resource owner.

    - *

    If one of the following occurs, the workflow status is changed automatically from - * NOTIFIED to NEW:

    - *
      - *
    • - *

      - * RecordState changes from ARCHIVED to - * ACTIVE.

      - *
      • - *
    • - *

      - * Compliance.Status changes from PASSED to FAILED, - * WARNING, or NOT_AVAILABLE.

      - *
      • - *
    - *
    • - *
  • - *

    - * SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is - * needed.

    - *

    The workflow status of a SUPPRESSED finding does not change if - * RecordState changes from ARCHIVED to - * ACTIVE.

    - *
    • - *
  • - *

    - * RESOLVED - The finding was reviewed and remediated and is now - * considered resolved.

    - *

    The finding remains RESOLVED unless one of the following occurs:

    - *
      - *
    • - *

      - * RecordState changes from ARCHIVED to - * ACTIVE.

      - *
      • - *
    • - *

      - * Compliance.Status changes from PASSED to FAILED, - * WARNING, or NOT_AVAILABLE.

      - *
      • - *
    - *

    In those cases, the workflow status is automatically reset to NEW.

    - *

    For findings from controls, if Compliance.Status is PASSED, - * then Security Hub automatically sets the workflow status to RESOLVED.

    - *
    • - *
- */ - WorkflowStatus?: StringFilter[]; - - /** - *

The updated record state for the finding.

- */ - RecordState?: StringFilter[]; - - /** - *

The ARN of the solution that generated a related finding.

- */ - RelatedFindingsProductArn?: StringFilter[]; - - /** - *

The solution-generated identifier for a related finding.

- */ - RelatedFindingsId?: StringFilter[]; - - /** - *

The text of a note.

- */ - NoteText?: StringFilter[]; - - /** - *

The timestamp of when the note was updated.

- */ - NoteUpdatedAt?: DateFilter[]; - - /** - *

The principal that created a note.

- */ - NoteUpdatedBy?: StringFilter[]; - - /** - * @deprecated - * - *

A keyword for a finding.

- */ - Keyword?: KeywordFilter[]; - - /** - *

The finding provider value for the finding confidence. Confidence is defined as the likelihood - * that a finding accurately identifies the behavior or issue that it was intended to - * identify.

- *

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent - * confidence and 100 means 100 percent confidence.

- */ - FindingProviderFieldsConfidence?: NumberFilter[]; - - /** - *

The finding provider value for the level of importance assigned to the resources associated with - * the findings.

- *

A score of 0 means that the underlying resources have no criticality, and a score of 100 - * is reserved for the most critical resources.

- */ - FindingProviderFieldsCriticality?: NumberFilter[]; - - /** - *

The finding identifier of a related finding that is identified by the finding provider.

- */ - FindingProviderFieldsRelatedFindingsId?: StringFilter[]; - - /** - *

The ARN of the solution that generated a related finding that is identified by the finding provider.

- */ - FindingProviderFieldsRelatedFindingsProductArn?: StringFilter[]; - - /** - *

The finding provider value for the severity label.

- */ - FindingProviderFieldsSeverityLabel?: StringFilter[]; - - /** - *

The finding provider's original value for the severity.

- */ - FindingProviderFieldsSeverityOriginal?: StringFilter[]; - - /** - *

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier - * that classify a finding.

- *

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual - * Behaviors | Sensitive Data Identifications

- */ - FindingProviderFieldsTypes?: StringFilter[]; - - /** - *

Indicates whether or not sample findings are included in the filter results.

- */ - Sample?: BooleanFilter[]; - - /** - *

- * The unique identifier of a control across standards. Values for this field typically consist of an - * Amazon Web Service and a number, such as APIGateway.5. - *

- */ - ComplianceSecurityControlId?: StringFilter[]; - - /** - *

- * The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the - * Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. - *

- */ - ComplianceAssociatedStandardsId?: StringFilter[]; -} diff --git a/clients/client-securityhub/src/models/models_2.ts b/clients/client-securityhub/src/models/models_2.ts index 3958ea708f3d..a081a223e123 100644 --- a/clients/client-securityhub/src/models/models_2.ts +++ b/clients/client-securityhub/src/models/models_2.ts @@ -3,6 +3,7 @@ import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-cli import { AccountDetails, + Action, ActionTarget, AdminAccount, AssociationStatus, @@ -11,16 +12,957 @@ import { AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, + DateFilter, + MapFilter, NoteUpdate, + NumberFilter, RelatedFinding, RuleStatus, SeverityUpdate, + StringFilter, VerificationState, WorkflowUpdate, } from "./models_0"; -import { AwsSecurityFinding, AwsSecurityFindingFilters, RecordState } from "./models_1"; +import { + Compliance, + FindingProviderFields, + Malware, + Network, + NetworkPathComponent, + Note, + PatchSummary, + ProcessDetails, + RecordState, + Remediation, + Resource, + Severity, + Threat, + ThreatIntelIndicator, + Vulnerability, + Workflow, + WorkflowState, +} from "./models_1"; import { SecurityHubServiceException as __BaseException } from "./SecurityHubServiceException"; +/** + * @public + *

Provides a consistent format for Security Hub findings. + * AwsSecurityFinding format allows you to share findings between Amazon Web Services + * security services and third-party solutions.

+ * + *

A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party + * solutions and standards checks.

+ * + */ +export interface AwsSecurityFinding { + /** + *

The schema version that a finding is formatted for.

+ */ + SchemaVersion: string | undefined; + + /** + *

The security findings provider-specific identifier for a finding.

+ */ + Id: string | undefined; + + /** + *

The ARN generated by Security Hub that uniquely identifies a product that generates findings. + * This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for + * a custom integration.

+ */ + ProductArn: string | undefined; + + /** + *

The name of the product that generated the finding.

+ *

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

+ *

When you use the Security Hub console or API to filter findings by product name, you use this attribute.

+ */ + ProductName?: string; + + /** + *

The name of the company for the product that generated the finding.

+ *

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

+ *

When you use the Security Hub console or API to filter findings by company name, you use this attribute.

+ */ + CompanyName?: string; + + /** + *

The Region from which the finding was generated.

+ *

Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

+ */ + Region?: string; + + /** + *

The identifier for the solution-specific component (a discrete unit of logic) that + * generated a finding. In various security findings providers' solutions, this generator can + * be called a rule, a check, a detector, a plugin, etc.

+ */ + GeneratorId: string | undefined; + + /** + *

The Amazon Web Services account ID that a finding is generated in.

+ */ + AwsAccountId: string | undefined; + + /** + *

One or more finding types in the format of namespace/category/classifier + * that classify a finding.

+ *

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual + * Behaviors | Sensitive Data Identifications

+ */ + Types?: string[]; + + /** + *

Indicates when the security findings provider first observed the potential security + * issue that a finding captured.

+ *

Uses the date-time format specified in RFC 3339 section 5.6, Internet + * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, + * 2020-03-22T13:22:13.933Z.

+ */ + FirstObservedAt?: string; + + /** + *

Indicates when the security findings provider most recently observed the potential + * security issue that a finding captured.

+ *

Uses the date-time format specified in RFC 3339 section 5.6, Internet + * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, + * 2020-03-22T13:22:13.933Z.

+ */ + LastObservedAt?: string; + + /** + *

Indicates when the security findings provider created the potential security issue that + * a finding captured.

+ *

Uses the date-time format specified in RFC 3339 section 5.6, Internet + * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, + * 2020-03-22T13:22:13.933Z.

+ */ + CreatedAt: string | undefined; + + /** + *

Indicates when the security findings provider last updated the finding record.

+ *

Uses the date-time format specified in RFC 3339 section 5.6, Internet + * Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, + * 2020-03-22T13:22:13.933Z.

+ */ + UpdatedAt: string | undefined; + + /** + *

A finding's severity.

+ */ + Severity?: Severity; + + /** + *

A finding's confidence. Confidence is defined as the likelihood that a finding + * accurately identifies the behavior or issue that it was intended to identify.

+ *

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent + * confidence and 100 means 100 percent confidence.

+ */ + Confidence?: number; + + /** + *

The level of importance assigned to the resources associated with the finding.

+ *

A score of 0 means that the underlying resources have no criticality, and a score of 100 + * is reserved for the most critical resources.

+ */ + Criticality?: number; + + /** + *

A finding's title.

+ * + *

In this release, Title is a required property.

+ * + */ + Title: string | undefined; + + /** + *

A finding's description.

+ * + *

In this release, Description is a required property.

+ * + */ + Description: string | undefined; + + /** + *

A data type that describes the remediation options for a finding.

+ */ + Remediation?: Remediation; + + /** + *

A URL that links to a page about the current finding in the security findings provider's + * solution.

+ */ + SourceUrl?: string; + + /** + *

A data type where security findings providers can include additional solution-specific + * details that aren't part of the defined AwsSecurityFinding format.

+ *

Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

+ */ + ProductFields?: Record; + + /** + *

A list of name/value string pairs associated with the finding. These are custom, + * user-defined fields added to a finding.

+ */ + UserDefinedFields?: Record; + + /** + *

A list of malware related to a finding.

+ */ + Malware?: Malware[]; + + /** + *

The details of network-related information about a finding.

+ */ + Network?: Network; + + /** + *

Provides information about a network path that is relevant to a finding. Each entry + * under NetworkPath represents a component of that path.

+ */ + NetworkPath?: NetworkPathComponent[]; + + /** + *

The details of process-related information about a finding.

+ */ + Process?: ProcessDetails; + + /** + *

Details about the threat detected in a security finding and the file paths that were affected by the threat. + *

+ */ + Threats?: Threat[]; + + /** + *

Threat intelligence details related to a finding.

+ */ + ThreatIntelIndicators?: ThreatIntelIndicator[]; + + /** + *

A set of resource data types that describe the resources that the finding refers + * to.

+ */ + Resources: Resource[] | undefined; + + /** + *

This data type is exclusive to findings that are generated as the result of a check run + * against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. + * Contains security standard-related finding details.

+ */ + Compliance?: Compliance; + + /** + *

Indicates the veracity of a finding.

+ */ + VerificationState?: VerificationState | string; + + /** + * @deprecated + * + *

The workflow state of a finding.

+ */ + WorkflowState?: WorkflowState | string; + + /** + *

Provides information about the status of the investigation into a finding.

+ */ + Workflow?: Workflow; + + /** + *

The record state of a finding.

+ */ + RecordState?: RecordState | string; + + /** + *

A list of related findings.

+ */ + RelatedFindings?: RelatedFinding[]; + + /** + *

A user-defined note added to a finding.

+ */ + Note?: Note; + + /** + *

Provides a list of vulnerabilities associated with the findings.

+ */ + Vulnerabilities?: Vulnerability[]; + + /** + *

Provides an overview of the patch compliance status for an instance against a selected + * compliance standard.

+ */ + PatchSummary?: PatchSummary; + + /** + *

Provides details about an action that affects or that was taken on a resource.

+ */ + Action?: Action; + + /** + *

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

+ */ + FindingProviderFields?: FindingProviderFields; + + /** + *

Indicates whether the finding is a sample finding.

+ */ + Sample?: boolean; +} + +/** + * @public + *

A keyword filter for querying findings.

+ */ +export interface KeywordFilter { + /** + *

A value for the keyword.

+ */ + Value?: string; +} + +/** + * @public + *

The IP filter for querying findings.

+ */ +export interface IpFilter { + /** + *

A finding's CIDR value.

+ */ + Cidr?: string; +} + +/** + * @public + *

Boolean filter for querying findings.

+ */ +export interface BooleanFilter { + /** + *

The value of the boolean.

+ */ + Value?: boolean; +} + +/** + * @public + *

A collection of attributes that are applied to all active Security Hub-aggregated findings and + * that result in a subset of findings that are included in this insight.

+ *

You can filter by up to 10 finding attributes. For each attribute, you can provide up to + * 20 filter values.

+ */ +export interface AwsSecurityFindingFilters { + /** + *

The ARN generated by Security Hub that uniquely identifies a third-party company + * (security findings provider) after this provider's product (solution that generates + * findings) is registered with Security Hub.

+ */ + ProductArn?: StringFilter[]; + + /** + *

The Amazon Web Services account ID that a finding is generated in.

+ */ + AwsAccountId?: StringFilter[]; + + /** + *

The security findings provider-specific identifier for a finding.

+ */ + Id?: StringFilter[]; + + /** + *

The identifier for the solution-specific component (a discrete unit of logic) that + * generated a finding. In various security findings providers' solutions, this generator can + * be called a rule, a check, a detector, a plugin, etc.

+ */ + GeneratorId?: StringFilter[]; + + /** + *

The Region from which the finding was generated.

+ */ + Region?: StringFilter[]; + + /** + *

A finding type in the format of namespace/category/classifier that + * classifies a finding.

+ */ + Type?: StringFilter[]; + + /** + *

An ISO8601-formatted timestamp that indicates when the security findings provider first + * observed the potential security issue that a finding captured.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + FirstObservedAt?: DateFilter[]; + + /** + *

An ISO8601-formatted timestamp that indicates when the security findings provider most + * recently observed the potential security issue that a finding captured.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + LastObservedAt?: DateFilter[]; + + /** + *

An ISO8601-formatted timestamp that indicates when the security findings provider + * captured the potential security issue that a finding captured.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + CreatedAt?: DateFilter[]; + + /** + *

An ISO8601-formatted timestamp that indicates when the security findings provider last + * updated the finding record.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + UpdatedAt?: DateFilter[]; + + /** + * @deprecated + * + *

The native severity as defined by the security findings provider's solution that + * generated the finding.

+ */ + SeverityProduct?: NumberFilter[]; + + /** + * @deprecated + * + *

The normalized severity of a finding.

+ */ + SeverityNormalized?: NumberFilter[]; + + /** + *

The label of a finding's severity.

+ */ + SeverityLabel?: StringFilter[]; + + /** + *

A finding's confidence. Confidence is defined as the likelihood that a finding + * accurately identifies the behavior or issue that it was intended to identify.

+ *

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent + * confidence and 100 means 100 percent confidence.

+ */ + Confidence?: NumberFilter[]; + + /** + *

The level of importance assigned to the resources associated with the finding.

+ *

A score of 0 means that the underlying resources have no criticality, and a score of 100 + * is reserved for the most critical resources.

+ */ + Criticality?: NumberFilter[]; + + /** + *

A finding's title.

+ */ + Title?: StringFilter[]; + + /** + *

A finding's description.

+ */ + Description?: StringFilter[]; + + /** + *

The recommendation of what to do about the issue described in a finding.

+ */ + RecommendationText?: StringFilter[]; + + /** + *

A URL that links to a page about the current finding in the security findings provider's + * solution.

+ */ + SourceUrl?: StringFilter[]; + + /** + *

A data type where security findings providers can include additional solution-specific + * details that aren't part of the defined AwsSecurityFinding format.

+ */ + ProductFields?: MapFilter[]; + + /** + *

The name of the solution (product) that generates findings.

+ */ + ProductName?: StringFilter[]; + + /** + *

The name of the findings provider (company) that owns the solution (product) that + * generates findings.

+ */ + CompanyName?: StringFilter[]; + + /** + *

A list of name/value string pairs associated with the finding. These are custom, + * user-defined fields added to a finding.

+ */ + UserDefinedFields?: MapFilter[]; + + /** + *

The name of the malware that was observed.

+ */ + MalwareName?: StringFilter[]; + + /** + *

The type of the malware that was observed.

+ */ + MalwareType?: StringFilter[]; + + /** + *

The filesystem path of the malware that was observed.

+ */ + MalwarePath?: StringFilter[]; + + /** + *

The state of the malware that was observed.

+ */ + MalwareState?: StringFilter[]; + + /** + *

Indicates the direction of network traffic associated with a finding.

+ */ + NetworkDirection?: StringFilter[]; + + /** + *

The protocol of network-related information about a finding.

+ */ + NetworkProtocol?: StringFilter[]; + + /** + *

The source IPv4 address of network-related information about a finding.

+ */ + NetworkSourceIpV4?: IpFilter[]; + + /** + *

The source IPv6 address of network-related information about a finding.

+ */ + NetworkSourceIpV6?: IpFilter[]; + + /** + *

The source port of network-related information about a finding.

+ */ + NetworkSourcePort?: NumberFilter[]; + + /** + *

The source domain of network-related information about a finding.

+ */ + NetworkSourceDomain?: StringFilter[]; + + /** + *

The source media access control (MAC) address of network-related information about a + * finding.

+ */ + NetworkSourceMac?: StringFilter[]; + + /** + *

The destination IPv4 address of network-related information about a finding.

+ */ + NetworkDestinationIpV4?: IpFilter[]; + + /** + *

The destination IPv6 address of network-related information about a finding.

+ */ + NetworkDestinationIpV6?: IpFilter[]; + + /** + *

The destination port of network-related information about a finding.

+ */ + NetworkDestinationPort?: NumberFilter[]; + + /** + *

The destination domain of network-related information about a finding.

+ */ + NetworkDestinationDomain?: StringFilter[]; + + /** + *

The name of the process.

+ */ + ProcessName?: StringFilter[]; + + /** + *

The path to the process executable.

+ */ + ProcessPath?: StringFilter[]; + + /** + *

The process ID.

+ */ + ProcessPid?: NumberFilter[]; + + /** + *

The parent process ID. This field accepts positive integers between O and 2147483647.

+ */ + ProcessParentPid?: NumberFilter[]; + + /** + *

A timestamp that identifies when the process was launched.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + ProcessLaunchedAt?: DateFilter[]; + + /** + *

A timestamp that identifies when the process was terminated.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + ProcessTerminatedAt?: DateFilter[]; + + /** + *

The type of a threat intelligence indicator.

+ */ + ThreatIntelIndicatorType?: StringFilter[]; + + /** + *

The value of a threat intelligence indicator.

+ */ + ThreatIntelIndicatorValue?: StringFilter[]; + + /** + *

The category of a threat intelligence indicator.

+ */ + ThreatIntelIndicatorCategory?: StringFilter[]; + + /** + *

A timestamp that identifies the last observation of a threat intelligence indicator.

+ */ + ThreatIntelIndicatorLastObservedAt?: DateFilter[]; + + /** + *

The source of the threat intelligence.

+ */ + ThreatIntelIndicatorSource?: StringFilter[]; + + /** + *

The URL for more details from the source of the threat intelligence.

+ */ + ThreatIntelIndicatorSourceUrl?: StringFilter[]; + + /** + *

Specifies the type of the resource that details are provided for.

+ */ + ResourceType?: StringFilter[]; + + /** + *

The canonical identifier for the given resource type.

+ */ + ResourceId?: StringFilter[]; + + /** + *

The canonical Amazon Web Services partition name that the Region is assigned to.

+ */ + ResourcePartition?: StringFilter[]; + + /** + *

The canonical Amazon Web Services external Region name where this resource is located.

+ */ + ResourceRegion?: StringFilter[]; + + /** + *

A list of Amazon Web Services tags associated with a resource at the time the finding was + * processed.

+ */ + ResourceTags?: MapFilter[]; + + /** + *

The instance type of the instance.

+ */ + ResourceAwsEc2InstanceType?: StringFilter[]; + + /** + *

The Amazon Machine Image (AMI) ID of the instance.

+ */ + ResourceAwsEc2InstanceImageId?: StringFilter[]; + + /** + *

The IPv4 addresses associated with the instance.

+ */ + ResourceAwsEc2InstanceIpV4Addresses?: IpFilter[]; + + /** + *

The IPv6 addresses associated with the instance.

+ */ + ResourceAwsEc2InstanceIpV6Addresses?: IpFilter[]; + + /** + *

The key name associated with the instance.

+ */ + ResourceAwsEc2InstanceKeyName?: StringFilter[]; + + /** + *

The IAM profile ARN of the instance.

+ */ + ResourceAwsEc2InstanceIamInstanceProfileArn?: StringFilter[]; + + /** + *

The identifier of the VPC that the instance was launched in.

+ */ + ResourceAwsEc2InstanceVpcId?: StringFilter[]; + + /** + *

The identifier of the subnet that the instance was launched in.

+ */ + ResourceAwsEc2InstanceSubnetId?: StringFilter[]; + + /** + *

The date and time the instance was launched.

+ */ + ResourceAwsEc2InstanceLaunchedAt?: DateFilter[]; + + /** + *

The canonical user ID of the owner of the S3 bucket.

+ */ + ResourceAwsS3BucketOwnerId?: StringFilter[]; + + /** + *

The display name of the owner of the S3 bucket.

+ */ + ResourceAwsS3BucketOwnerName?: StringFilter[]; + + /** + * @deprecated + * + *

The user associated with the IAM access key related to a finding.

+ */ + ResourceAwsIamAccessKeyUserName?: StringFilter[]; + + /** + *

The name of the principal that is associated with an IAM access key.

+ */ + ResourceAwsIamAccessKeyPrincipalName?: StringFilter[]; + + /** + *

The status of the IAM access key related to a finding.

+ */ + ResourceAwsIamAccessKeyStatus?: StringFilter[]; + + /** + *

The creation date/time of the IAM access key related to a finding.

+ */ + ResourceAwsIamAccessKeyCreatedAt?: DateFilter[]; + + /** + *

The name of an IAM user.

+ */ + ResourceAwsIamUserUserName?: StringFilter[]; + + /** + *

The name of the container related to a finding.

+ */ + ResourceContainerName?: StringFilter[]; + + /** + *

The identifier of the image related to a finding.

+ */ + ResourceContainerImageId?: StringFilter[]; + + /** + *

The name of the image related to a finding.

+ */ + ResourceContainerImageName?: StringFilter[]; + + /** + *

A timestamp that identifies when the container was started.

+ *

A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.

+ */ + ResourceContainerLaunchedAt?: DateFilter[]; + + /** + *

The details of a resource that doesn't have a specific subfield for the resource type + * defined.

+ */ + ResourceDetailsOther?: MapFilter[]; + + /** + *

Exclusive to findings that are generated as the result of a check run against a specific + * rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security + * standard-related finding details.

+ */ + ComplianceStatus?: StringFilter[]; + + /** + *

The veracity of a finding.

+ */ + VerificationState?: StringFilter[]; + + /** + *

The workflow state of a finding.

+ *

Note that this field is deprecated. To search for a finding based on its workflow + * status, use WorkflowStatus.

+ */ + WorkflowState?: StringFilter[]; + + /** + *

The status of the investigation into a finding. Allowed values are the following.

+ *
    + *
  • + *

    + * NEW - The initial state of a finding, before it is reviewed.

    + *

    Security Hub also resets the workflow status from NOTIFIED or + * RESOLVED to NEW in the following cases:

    + *
      + *
    • + *

      + * RecordState changes from ARCHIVED to ACTIVE.

      + *
      • + *
    • + *

      + * Compliance.Status changes from PASSED to either WARNING, + * FAILED, or NOT_AVAILABLE.

      + *
      • + *
    + *
    • + *
  • + *

    + * NOTIFIED - Indicates that the resource owner has been notified about + * the security issue. Used when the initial reviewer is not the resource owner, and + * needs intervention from the resource owner.

    + *

    If one of the following occurs, the workflow status is changed automatically from + * NOTIFIED to NEW:

    + *
      + *
    • + *

      + * RecordState changes from ARCHIVED to + * ACTIVE.

      + *
      • + *
    • + *

      + * Compliance.Status changes from PASSED to FAILED, + * WARNING, or NOT_AVAILABLE.

      + *
      • + *
    + *
    • + *
  • + *

    + * SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is + * needed.

    + *

    The workflow status of a SUPPRESSED finding does not change if + * RecordState changes from ARCHIVED to + * ACTIVE.

    + *
    • + *
  • + *

    + * RESOLVED - The finding was reviewed and remediated and is now + * considered resolved.

    + *

    The finding remains RESOLVED unless one of the following occurs:

    + *
      + *
    • + *

      + * RecordState changes from ARCHIVED to + * ACTIVE.

      + *
      • + *
    • + *

      + * Compliance.Status changes from PASSED to FAILED, + * WARNING, or NOT_AVAILABLE.

      + *
      • + *
    + *

    In those cases, the workflow status is automatically reset to NEW.

    + *

    For findings from controls, if Compliance.Status is PASSED, + * then Security Hub automatically sets the workflow status to RESOLVED.

    + *
    • + *
+ */ + WorkflowStatus?: StringFilter[]; + + /** + *

The updated record state for the finding.

+ */ + RecordState?: StringFilter[]; + + /** + *

The ARN of the solution that generated a related finding.

+ */ + RelatedFindingsProductArn?: StringFilter[]; + + /** + *

The solution-generated identifier for a related finding.

+ */ + RelatedFindingsId?: StringFilter[]; + + /** + *

The text of a note.

+ */ + NoteText?: StringFilter[]; + + /** + *

The timestamp of when the note was updated.

+ */ + NoteUpdatedAt?: DateFilter[]; + + /** + *

The principal that created a note.

+ */ + NoteUpdatedBy?: StringFilter[]; + + /** + * @deprecated + * + *

A keyword for a finding.

+ */ + Keyword?: KeywordFilter[]; + + /** + *

The finding provider value for the finding confidence. Confidence is defined as the likelihood + * that a finding accurately identifies the behavior or issue that it was intended to + * identify.

+ *

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent + * confidence and 100 means 100 percent confidence.

+ */ + FindingProviderFieldsConfidence?: NumberFilter[]; + + /** + *

The finding provider value for the level of importance assigned to the resources associated with + * the findings.

+ *

A score of 0 means that the underlying resources have no criticality, and a score of 100 + * is reserved for the most critical resources.

+ */ + FindingProviderFieldsCriticality?: NumberFilter[]; + + /** + *

The finding identifier of a related finding that is identified by the finding provider.

+ */ + FindingProviderFieldsRelatedFindingsId?: StringFilter[]; + + /** + *

The ARN of the solution that generated a related finding that is identified by the finding provider.

+ */ + FindingProviderFieldsRelatedFindingsProductArn?: StringFilter[]; + + /** + *

The finding provider value for the severity label.

+ */ + FindingProviderFieldsSeverityLabel?: StringFilter[]; + + /** + *

The finding provider's original value for the severity.

+ */ + FindingProviderFieldsSeverityOriginal?: StringFilter[]; + + /** + *

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier + * that classify a finding.

+ *

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual + * Behaviors | Sensitive Data Identifications

+ */ + FindingProviderFieldsTypes?: StringFilter[]; + + /** + *

Indicates whether or not sample findings are included in the filter results.

+ */ + Sample?: BooleanFilter[]; + + /** + *

+ * The unique identifier of a control across standards. Values for this field typically consist of an + * Amazon Web Service and a number, such as APIGateway.5. + *

+ */ + ComplianceSecurityControlId?: StringFilter[]; + + /** + *

+ * The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the + * Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. + *

+ */ + ComplianceAssociatedStandardsId?: StringFilter[]; +} + /** * @public *

Identifies which finding to get the finding history for.

@@ -715,10 +1657,9 @@ export interface UpdateAutomationRulesRequestItem { RuleName?: string; /** - *

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful - * when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this - * field is set to true for a rule, Security Hub applies the rule action to a finding that matches - * the rule criteria and doesn't evaluate other rules for the finding.
 The default value of this field is false. + *

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding + * matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches + * the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. *

*/ IsTerminal?: boolean; @@ -1175,9 +2116,8 @@ export interface CreateAutomationRuleRequest { /** *

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding - * matches the criteria for multiple rules, and each rule has different actions. If the value of this field is - * set to true for a rule, Security Hub applies the rule action to a finding that matches - * the rule criteria and doesn't evaluate other rules for the finding. The default value of this field is false. + * matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches + * the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. *

*/ IsTerminal?: boolean; diff --git a/clients/client-securityhub/src/protocols/Aws_restJson1.ts b/clients/client-securityhub/src/protocols/Aws_restJson1.ts index 89b1ebc4c32f..24dff4ba6099 100644 --- a/clients/client-securityhub/src/protocols/Aws_restJson1.ts +++ b/clients/client-securityhub/src/protocols/Aws_restJson1.ts @@ -251,6 +251,10 @@ import { AwsAppSyncGraphQlApiLogConfigDetails, AwsAppSyncGraphQlApiOpenIdConnectConfigDetails, AwsAppSyncGraphQlApiUserPoolConfigDetails, + AwsAthenaWorkGroupConfigurationDetails, + AwsAthenaWorkGroupConfigurationResultConfigurationDetails, + AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails, + AwsAthenaWorkGroupDetails, AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails, AwsAutoScalingAutoScalingGroupDetails, AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification, @@ -455,12 +459,8 @@ import { AwsEcsTaskDetails, AwsEcsTaskVolumeDetails, AwsEcsTaskVolumeHostDetails, - AwsEfsAccessPointDetails, AwsEfsAccessPointPosixUserDetails, AwsEfsAccessPointRootDirectoryCreationInfoDetails, - AwsEfsAccessPointRootDirectoryDetails, - AwsEksClusterLoggingClusterLoggingDetails, - AwsEksClusterLoggingDetails, AwsMountPoint, CidrBlockAssociation, City, @@ -496,7 +496,11 @@ import { } from "../models/models_0"; import { _Record, + AwsEfsAccessPointDetails, + AwsEfsAccessPointRootDirectoryDetails, AwsEksClusterDetails, + AwsEksClusterLoggingClusterLoggingDetails, + AwsEksClusterLoggingDetails, AwsEksClusterResourcesVpcConfigDetails, AwsElasticBeanstalkEnvironmentDetails, AwsElasticBeanstalkEnvironmentEnvironmentLink, @@ -591,6 +595,7 @@ import { AwsRdsDbClusterDetails, AwsRdsDbClusterMember, AwsRdsDbClusterOptionGroupMembership, + AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute, AwsRdsDbClusterSnapshotDetails, AwsRdsDbDomainMembership, AwsRdsDbInstanceAssociatedRole, @@ -662,8 +667,6 @@ import { AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails, AwsSecretsManagerSecretDetails, AwsSecretsManagerSecretRotationRules, - AwsSecurityFinding, - AwsSecurityFindingFilters, AwsSnsTopicDetails, AwsSnsTopicSubscription, AwsSqsQueueDetails, @@ -711,7 +714,6 @@ import { AwsWafWebAclDetails, AwsWafWebAclRule, AwsXrayEncryptionConfigDetails, - BooleanFilter, Cell, ClassificationResult, ClassificationStatus, @@ -728,8 +730,6 @@ import { FirewallPolicyStatefulRuleGroupReferencesDetails, FirewallPolicyStatelessCustomActionsDetails, FirewallPolicyStatelessRuleGroupReferencesDetails, - IpFilter, - KeywordFilter, LoadBalancerState, Malware, Network, @@ -785,10 +785,15 @@ import { Workflow, } from "../models/models_1"; import { + AwsSecurityFinding, + AwsSecurityFindingFilters, AwsSecurityFindingIdentifier, + BooleanFilter, FindingHistoryRecord, Insight, Invitation, + IpFilter, + KeywordFilter, Member, ResourceConflictException, SortCriterion, @@ -7042,6 +7047,14 @@ const se_AwsApiGatewayV2StageDetails = (input: AwsApiGatewayV2StageDetails, cont // se_AwsAppSyncGraphQlApiUserPoolConfigDetails omitted. +// se_AwsAthenaWorkGroupConfigurationDetails omitted. + +// se_AwsAthenaWorkGroupConfigurationResultConfigurationDetails omitted. + +// se_AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails omitted. + +// se_AwsAthenaWorkGroupDetails omitted. + // se_AwsAutoScalingAutoScalingGroupAvailabilityZonesList omitted. // se_AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails omitted. @@ -8011,6 +8024,10 @@ const se_AwsNetworkFirewallRuleGroupDetails = ( // se_AwsRdsDbClusterOptionGroupMemberships omitted. +// se_AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute omitted. + +// se_AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes omitted. + // se_AwsRdsDbClusterSnapshotDetails omitted. // se_AwsRdsDbDomainMembership omitted. @@ -8829,6 +8846,7 @@ const se_ResourceDetails = (input: ResourceDetails, context: __SerdeContext): an AwsApiGatewayV2Api: _json, AwsApiGatewayV2Stage: (_) => se_AwsApiGatewayV2StageDetails(_, context), AwsAppSyncGraphQlApi: _json, + AwsAthenaWorkGroup: _json, AwsAutoScalingAutoScalingGroup: _json, AwsAutoScalingLaunchConfiguration: _json, AwsBackupBackupPlan: _json, @@ -9524,6 +9542,14 @@ const de_AwsApiGatewayV2StageDetails = (output: any, context: __SerdeContext): A // de_AwsAppSyncGraphQlApiUserPoolConfigDetails omitted. +// de_AwsAthenaWorkGroupConfigurationDetails omitted. + +// de_AwsAthenaWorkGroupConfigurationResultConfigurationDetails omitted. + +// de_AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails omitted. + +// de_AwsAthenaWorkGroupDetails omitted. + // de_AwsAutoScalingAutoScalingGroupAvailabilityZonesList omitted. // de_AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails omitted. @@ -10494,6 +10520,10 @@ const de_AwsNetworkFirewallRuleGroupDetails = ( // de_AwsRdsDbClusterOptionGroupMemberships omitted. +// de_AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute omitted. + +// de_AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes omitted. + // de_AwsRdsDbClusterSnapshotDetails omitted. // de_AwsRdsDbDomainMembership omitted. @@ -11451,6 +11481,7 @@ const de_ResourceDetails = (output: any, context: __SerdeContext): ResourceDetai AwsApiGatewayV2Api: _json, AwsApiGatewayV2Stage: (_: any) => de_AwsApiGatewayV2StageDetails(_, context), AwsAppSyncGraphQlApi: _json, + AwsAthenaWorkGroup: _json, AwsAutoScalingAutoScalingGroup: _json, AwsAutoScalingLaunchConfiguration: _json, AwsBackupBackupPlan: _json, diff --git a/codegen/sdk-codegen/aws-models/securityhub.json b/codegen/sdk-codegen/aws-models/securityhub.json index d417c6617594..637ceaa87a8f 100644 --- a/codegen/sdk-codegen/aws-models/securityhub.json +++ b/codegen/sdk-codegen/aws-models/securityhub.json @@ -680,7 +680,7 @@ "target": "com.amazonaws.securityhub#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful \n when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this \n field is set to true for a rule, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding.\u2028 The default value of this field is false.\n

" + "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding \n matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.\n

" } }, "Criteria": { @@ -1035,7 +1035,7 @@ "target": "com.amazonaws.securityhub#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "

\n Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful \n when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this \n field is set to true for a rule, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding.\u2028 The default value of this field is false.\n

" + "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding \n matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.\n

" } }, "CreatedAt": { @@ -2254,6 +2254,86 @@ "smithy.api#documentation": "

\n Specifies the authorization configuration for using Amazon Cognito user pools with your AppSync GraphQL API \n endpoint.\n

" } }, + "com.amazonaws.securityhub#AwsAthenaWorkGroupConfigurationDetails": { + "type": "structure", + "members": { + "ResultConfiguration": { + "target": "com.amazonaws.securityhub#AwsAthenaWorkGroupConfigurationResultConfigurationDetails", + "traits": { + "smithy.api#documentation": "

\n The location in Amazon S3 where query and calculation results are stored and the \n encryption option, if any, used for query and calculation results. These are known as client-side settings. If \n workgroup settings override client-side settings, then the query uses the workgroup settings.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

\n The configuration of the workgroup, which includes the location in Amazon Simple Storage Service (Amazon S3) where \n query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch\n metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is \n specified.\n

" + } + }, + "com.amazonaws.securityhub#AwsAthenaWorkGroupConfigurationResultConfigurationDetails": { + "type": "structure", + "members": { + "EncryptionConfiguration": { + "target": "com.amazonaws.securityhub#AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails", + "traits": { + "smithy.api#documentation": "

\n Specifies the method used to encrypt the user’s data stores in the Athena workgroup.\n

" + } + } + }, + "traits": { + "smithy.api#documentation": "

\n The location in Amazon Simple Storage Service (Amazon S3) where query and calculation results are stored and the encryption option, if any, \n used for query and calculation results. These are known as client-side settings. If workgroup settings override \n client-side settings, then the query uses the workgroup settings.\n

" + } + }, + "com.amazonaws.securityhub#AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails": { + "type": "structure", + "members": { + "EncryptionOption": { + "target": "com.amazonaws.securityhub#NonEmptyString", + "traits": { + "smithy.api#documentation": "

\n Indicates whether Amazon Simple Storage Service (Amazon S3) server-side encryption with Amazon S3 managed \n keys (SSE_S3), server-side encryption with KMS keys (SSE_KMS), or client-side encryption with \n KMS customer managed keys (CSE_KMS) is used.\n

" + } + }, + "KmsKey": { + "target": "com.amazonaws.securityhub#NonEmptyString", + "traits": { + "smithy.api#documentation": "

\n For SSE_KMS and CSE_KMS, this is the KMS key Amazon Resource Name (ARN) or ID.\n

" + } + } + }, + "traits": { + "smithy.api#documentation": "

\n Specifies the method used to encrypt the user’s data stores in the Athena workgroup.\n

" + } + }, + "com.amazonaws.securityhub#AwsAthenaWorkGroupDetails": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.securityhub#NonEmptyString", + "traits": { + "smithy.api#documentation": "

\n The workgroup name.\n

" + } + }, + "Description": { + "target": "com.amazonaws.securityhub#NonEmptyString", + "traits": { + "smithy.api#documentation": "

\n The workgroup description.\n

" + } + }, + "State": { + "target": "com.amazonaws.securityhub#NonEmptyString", + "traits": { + "smithy.api#documentation": "

\n Whether the workgroup is enabled or disabled.\n

" + } + }, + "Configuration": { + "target": "com.amazonaws.securityhub#AwsAthenaWorkGroupConfigurationDetails", + "traits": { + "smithy.api#documentation": "

\n The configuration of the workgroup, which includes the location in Amazon Simple Storage Service (Amazon S3) \n where query results are stored, the encryption option, if any, used for query results, whether \n Amazon CloudWatch metrics are enabled for the workgroup, and the limit for the amount of bytes scanned \n (cutoff) per query, if it is specified.\n

" + } + } + }, + "traits": { + "smithy.api#documentation": "

\n Provides information about an Amazon Athena workgroup.\n

" + } + }, "com.amazonaws.securityhub#AwsAutoScalingAutoScalingGroupAvailabilityZonesList": { "type": "list", "member": { @@ -14021,6 +14101,32 @@ "target": "com.amazonaws.securityhub#AwsRdsDbClusterOptionGroupMembership" } }, + "com.amazonaws.securityhub#AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute": { + "type": "structure", + "members": { + "AttributeName": { + "target": "com.amazonaws.securityhub#NonEmptyString", + "traits": { + "smithy.api#documentation": "

\n The name of the manual DB cluster snapshot attribute. The attribute named restore refers to the list of \n Amazon Web Services accounts that have permission to copy or restore the manual DB cluster snapshot.\n

" + } + }, + "AttributeValues": { + "target": "com.amazonaws.securityhub#NonEmptyStringList", + "traits": { + "smithy.api#documentation": "

\n The value(s) for the manual DB cluster snapshot attribute. If the AttributeName field is set to \n restore, then this element returns a list of IDs of the Amazon Web Services accounts that are authorized \n to copy or restore the manual DB cluster snapshot. If a value of all is in the list, then the manual \n DB cluster snapshot is public and available for any Amazon Web Services account to copy or restore.\n

" + } + } + }, + "traits": { + "smithy.api#documentation": "

\n Contains the name and values of a manual Amazon Relational Database Service (RDS) DB cluster snapshot attribute.\n

" + } + }, + "com.amazonaws.securityhub#AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes": { + "type": "list", + "member": { + "target": "com.amazonaws.securityhub#AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute" + } + }, "com.amazonaws.securityhub#AwsRdsDbClusterSnapshotDetails": { "type": "structure", "members": { @@ -14136,6 +14242,12 @@ "smithy.api#default": false, "smithy.api#documentation": "

Whether mapping of IAM accounts to database accounts is enabled.

" } + }, + "DbClusterSnapshotAttributes": { + "target": "com.amazonaws.securityhub#AwsRdsDbClusterSnapshotDbClusterSnapshotAttributes", + "traits": { + "smithy.api#documentation": "

\n Contains the name and values of a manual DB cluster snapshot attribute.\n

" + } } }, "traits": { @@ -20873,7 +20985,7 @@ "target": "com.amazonaws.securityhub#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding \n matches the criteria for multiple rules, and each rule has different actions. If the value of this field is \n set to true for a rule, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding. The default value of this field is false.\n

" + "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding \n matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.\n

" } }, "Criteria": { @@ -25223,18 +25335,18 @@ "Value": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "

The value for the key in the map filter. Filter values are case sensitive. For example,\n one of the values for a tag called Department might be Security.\n If you provide security as the filter value, then there is no match.

" + "smithy.api#documentation": "

The value for the key in the map filter. Filter values are case sensitive. For example,\n one of the values for a tag called Department might be Security.\n If you provide security as the filter value, then there's no match.

" } }, "Comparison": { "target": "com.amazonaws.securityhub#MapFilterComparison", "traits": { - "smithy.api#documentation": "

The condition to apply to the key value when querying for findings with a map\n filter.

\n

To search for values that exactly match the filter value, use EQUALS. For\n example, for the ResourceTags field, the filter Department EQUALS\n Security matches findings that have the value Security for the tag\n Department.

\n

To search for values other than the filter value, use NOT_EQUALS. For\n example, for the ResourceTags field, the filter Department NOT_EQUALS\n Finance matches findings that do not have the value Finance for the\n tag Department.

\n

\n EQUALS filters on the same field are joined by OR. A finding\n matches if it matches any one of those filters.

\n

\n NOT_EQUALS filters on the same field are joined by AND. A\n finding matches only if it matches all of those filters.

\n

You cannot have both an EQUALS filter and a NOT_EQUALS filter\n on the same field.

" + "smithy.api#documentation": "

The condition to apply to the key value when filtering Security Hub findings with a map\n filter.

\n

To search for values that have the filter value, use one of the following comparison operators:

\n
    \n
  • \n

    To search for values that include the filter value, use CONTAINS. For example, for the \n ResourceTags field, the filter Department CONTAINS Security matches findings that \n include the value Security for the Department tag. In the same example, a finding with a value of\n Security team for the Department tag is a match.

    \n
    • \n
  • \n

    To search for values that exactly match the filter value, use EQUALS. For example, for \n the ResourceTags field, the filter Department EQUALS Security matches findings that \n have the value Security for the Department tag.

    \n
    • \n
\n

\n CONTAINS and EQUALS filters on the same field are joined by OR. A \n finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR \n Department CONTAINS Finance match a finding that includes either Security, \n Finance, or both values.

\n

To search for values that don't have the filter value, use one of the following comparison operators:

\n
    \n
  • \n

    To search for values that exclude the filter value, use NOT_CONTAINS. For example, for \n the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings \n that exclude the value Finance for the Department tag.

    \n
    • \n
  • \n

    To search for values other than the filter value, use NOT_EQUALS. For example, for the \n ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that \n don’t have the value Finance for the Department tag.

    \n
    • \n
\n

\n NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND. \n A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND \n Department NOT_CONTAINS Finance match a finding that excludes both the Security and \n Finance values.

\n

\n CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS \n filters can only be used with other NOT_CONTAINS filters.

\n

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. \n Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. \n Combining filters in this way returns an error.\n

\n

\n CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, \n see Automation rules in the Security Hub User Guide.

" } } }, "traits": { - "smithy.api#documentation": "

A map filter for querying findings. Each map filter provides the field to check, the\n value to look for, and the comparison operator.

" + "smithy.api#documentation": "

A map filter for filtering Security Hub findings. Each map filter provides the field to check for, the\n value to check for, and the comparison operator.

" } }, "com.amazonaws.securityhub#MapFilterComparison": { @@ -25251,6 +25363,18 @@ "traits": { "smithy.api#enumValue": "NOT_EQUALS" } + }, + "CONTAINS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CONTAINS" + } + }, + "NOT_CONTAINS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "NOT_CONTAINS" + } } } }, @@ -26855,6 +26979,12 @@ "traits": { "smithy.api#documentation": "

\n Provides details about an Step Functions state machine, which is a workflow consisting of a series of event-driven steps.\n

" } + }, + "AwsAthenaWorkGroup": { + "target": "com.amazonaws.securityhub#AwsAthenaWorkGroupDetails", + "traits": { + "smithy.api#documentation": "

\n Provides information about an Amazon Athena workgroup. A workgroup helps you separate users, teams, \n applications, or workloads. It also helps you set limits on data processing and track costs.\n

" + } } }, "traits": { @@ -29842,18 +29972,18 @@ "Value": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "

The string filter value. Filter values are case sensitive. For example, the product name\n for control-based findings is Security Hub. If you provide security hub\n as the filter text, then there is no match.

" + "smithy.api#documentation": "

The string filter value. Filter values are case sensitive. For example, the product name\n for control-based findings is Security Hub. If you provide security hub\n as the filter value, there's no match.

" } }, "Comparison": { "target": "com.amazonaws.securityhub#StringFilterComparison", "traits": { - "smithy.api#documentation": "

The condition to apply to a string value when querying for findings. To search for\n values that contain the filter criteria value, use one of the following comparison\n operators:

\n
    \n
  • \n

    To search for values that exactly match the filter value, use\n EQUALS.

    \n

    For example, the filter ResourceType EQUALS AwsEc2SecurityGroup only\n matches findings that have a resource type of\n AwsEc2SecurityGroup.

    \n
    • \n
  • \n

    To search for values that start with the filter value, use\n PREFIX.

    \n

    For example, the filter ResourceType PREFIX AwsIam matches findings\n that have a resource type that starts with AwsIam. Findings with a\n resource type of AwsIamPolicy, AwsIamRole, or\n AwsIamUser would all match.

    \n
    • \n
\n

\n EQUALS and PREFIX filters on the same field are joined by\n OR. A finding matches if it matches any one of those filters.

\n

To search for values that do not contain the filter criteria value, use one of the\n following comparison operators:

\n
    \n
  • \n

    To search for values that do not exactly match the filter value, use\n NOT_EQUALS.

    \n

    For example, the filter ResourceType NOT_EQUALS AwsIamPolicy matches\n findings that have a resource type other than AwsIamPolicy.

    \n
    • \n
  • \n

    To search for values that do not start with the filter value, use\n PREFIX_NOT_EQUALS.

    \n

    For example, the filter ResourceType PREFIX_NOT_EQUALS AwsIam matches\n findings that have a resource type that does not start with AwsIam.\n Findings with a resource type of AwsIamPolicy, AwsIamRole,\n or AwsIamUser would all be excluded from the results.

    \n
    • \n
\n

\n NOT_EQUALS and PREFIX_NOT_EQUALS filters on the same field are\n joined by AND. A finding matches only if it matches all of those\n filters.

\n

For filters on the same field, you cannot provide both an EQUALS filter and\n a NOT_EQUALS or PREFIX_NOT_EQUALS filter. Combining filters in\n this way always returns an error, even if the provided filter values would return valid\n results.

\n

You can combine PREFIX filters with NOT_EQUALS or\n PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the\n PREFIX filters, then the NOT_EQUALS or\n PREFIX_NOT_EQUALS filters.

\n

For example, for the following filter, Security Hub first identifies findings that have\n resource types that start with either AwsIAM or AwsEc2. It then\n excludes findings that have a resource type of AwsIamPolicy and findings that\n have a resource type of AwsEc2NetworkInterface.

\n
    \n
  • \n

    \n ResourceType PREFIX AwsIam\n

    \n
    • \n
  • \n

    \n ResourceType PREFIX AwsEc2\n

    \n
    • \n
  • \n

    \n ResourceType NOT_EQUALS AwsIamPolicy\n

    \n
    • \n
  • \n

    \n ResourceType NOT_EQUALS AwsEc2NetworkInterface\n

    \n
    • \n
" + "smithy.api#documentation": "

The condition to apply to a string value when filtering Security Hub findings.

\n

To search for values that have the filter value, use one of the following comparison operators:

\n
    \n
  • \n

    To search for values that include the filter value, use CONTAINS. For example, the \n filter Title CONTAINS CloudFront matches findings that have a Title that \n includes the string CloudFront.

    \n
    • \n
  • \n

    To search for values that exactly match the filter value, use EQUALS. For example, \n the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of \n 123456789012.

    \n
    • \n
  • \n

    To search for values that start with the filter value, use PREFIX. For example, the \n filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts \n with us. A ResourceRegion that starts with a different value, such as af, \n ap, or ca, doesn't match.

    \n
    • \n
\n

\n CONTAINS, EQUALS, and PREFIX filters on the same field are joined by \n OR. A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR \n Title CONTAINS CloudWatch match a finding that includes either CloudFront, \n CloudWatch, or both strings in the title.

\n

To search for values that don’t have the filter value, use one of the following comparison operators:

\n
    \n
  • \n

    To search for values that exclude the filter value, use NOT_CONTAINS. For example, the \n filter Title NOT_CONTAINS CloudFront matches findings that have a Title that \n excludes the string CloudFront.

    \n
    • \n
  • \n

    To search for values other than the filter value, use NOT_EQUALS. For \n example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account \n ID other than 123456789012.

    \n
    • \n
  • \n

    To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS. For \n example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a \n ResourceRegion that starts with a value other than us.

    \n
    • \n
\n

\n NOT_CONTAINS, NOT_EQUALS, and PREFIX_NOT_EQUALS filters on the same field \n are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND \n Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and \n CloudWatch in the title.

\n

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, \n you can't provide both an EQUALS filter and a NOT_EQUALS or \n PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters \n can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with \n other NOT_CONTAINS filters.

\n

You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. \n Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

\n

For example, for the following filters, Security Hub first identifies findings that have resource types \n that start with either AwsIam or AwsEc2. It then excludes findings that have a resource \n type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface.

\n
    \n
  • \n

    \n ResourceType PREFIX AwsIam\n

    \n
    • \n
  • \n

    \n ResourceType PREFIX AwsEc2\n

    \n
    • \n
  • \n

    \n ResourceType NOT_EQUALS AwsIamPolicy\n

    \n
    • \n
  • \n

    \n ResourceType NOT_EQUALS AwsEc2NetworkInterface\n

    \n
    • \n
\n

\n CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, \n see Automation rules in the Security Hub User Guide.

" } } }, "traits": { - "smithy.api#documentation": "

A string filter for querying findings.

" + "smithy.api#documentation": "

A string filter for filtering Security Hub findings.

" } }, "com.amazonaws.securityhub#StringFilterComparison": { @@ -29882,6 +30012,18 @@ "traits": { "smithy.api#enumValue": "PREFIX_NOT_EQUALS" } + }, + "CONTAINS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CONTAINS" + } + }, + "NOT_CONTAINS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "NOT_CONTAINS" + } } } }, @@ -30542,7 +30684,7 @@ "target": "com.amazonaws.securityhub#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful \n when a finding matches the criteria for multiple rules, and each rule has different actions. If the value of this \n field is set to true for a rule, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding.\u2028 The default value of this field is false.\n

" + "smithy.api#documentation": "

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding \n matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches \n the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.\n

" } }, "Criteria": {