String code
String domainName
The domain name corresponding to the distribution.
String eTag
The entity tag is a hash of the object.
String lastModifiedTime
The date and time that the distribution was last modified.
AwsCloudFrontDistributionLogging logging
A complex type that controls whether access logs are written for the distribution.
AwsCloudFrontDistributionOrigins origins
A complex type that contains information about origins for this distribution.
String status
Indicates the current status of the distribution.
String webAclId
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.
String bucket
The Amazon S3 bucket to store the access logs in.
Boolean enabled
With this field, you can enable or disable the selected distribution.
Boolean includeCookies
Specifies whether you want CloudFront to include cookies in access logs.
String prefix
An optional string that you want CloudFront to prefix to the access log filenames for this distribution.
String domainName
Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin.
String id
A unique identifier for the origin or origin group.
String originPath
An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
String type
The instance type of the instance.
String imageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> ipV4Addresses
The IPv4 addresses associated with the instance.
List<E> ipV6Addresses
The IPv6 addresses associated with the instance.
String keyName
The key name associated with the instance.
String iamInstanceProfileArn
The IAM profile ARN of the instance.
String vpcId
The identifier of the VPC that the instance was launched in.
String subnetId
The identifier of the subnet that the instance was launched in.
String launchedAt
The date/time the instance was launched.
List<E> availabilityZones
The Availability Zones for the load balancer.
String canonicalHostedZoneId
The ID of the Amazon Route 53 hosted zone associated with the load balancer.
String createdTime
The date and time the load balancer was created.
String dNSName
The public DNS name of the load balancer.
String ipAddressType
The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
String scheme
The nodes of an Internet-facing load balancer have public IP addresses.
List<E> securityGroups
The IDs of the security groups for the load balancer.
LoadBalancerState state
The state of the load balancer.
String type
The type of load balancer.
String vpcId
The ID of the VPC for the load balancer.
String userName
The user associated with the IAM access key related to a finding.
The UserName parameter has been replaced with the PrincipalName parameter because
access keys can also be assigned to principals that are not IAM users.
String status
The status of the IAM access key related to a finding.
String createdAt
The creation date/time of the IAM access key related to a finding.
String principalId
The ID of the principal associated with an access key.
String principalType
The type of principal associated with an access key.
String principalName
The name of the principal.
String assumeRolePolicyDocument
The trust policy that grants permission to assume the role.
String createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String roleId
The stable and unique string identifying the role.
String roleName
The friendly name that identifies the role.
Integer maxSessionDuration
The maximum session duration (in seconds) that you want to set for the specified role.
String path
The path to the role.
String aWSAccountId
The twelve-digit account ID of the AWS account that owns the CMK.
Double creationDate
The date and time when the CMK was created.
String keyId
The globally unique identifier for the CMK.
String keyManager
The manager of the CMK. CMKs in your AWS account are either customer managed or AWS managed.
String keyState
The state of the CMK.
String origin
The source of the CMK's key material. When this value is AWS_KMS, AWS KMS created the key material. When this value is EXTERNAL, the key material was imported from your existing key management infrastructure or the CMK lacks key material. When this value is AWS_CLOUDHSM, the key material was created in the AWS CloudHSM cluster associated with a custom key store.
String s3Bucket
An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account.
String s3Key
The Amazon S3 key of the deployment package.
String s3ObjectVersion
For versioned objects, the version of the deployment package object to use.
String zipFile
The base64-encoded contents of the deployment package. AWS SDK and AWS CLI clients handle the encoding for you.
String targetArn
The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.
AwsLambdaFunctionCode code
An AwsLambdaFunctionCode object.
String codeSha256
The SHA256 hash of the function's deployment package.
AwsLambdaFunctionDeadLetterConfig deadLetterConfig
The function's dead letter queue.
AwsLambdaFunctionEnvironment environment
The function's environment variables.
String functionName
The name of the function.
String handler
The function that Lambda calls to begin executing your function.
String kmsKeyArn
The KMS key that's used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed CMK.
String lastModified
The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).
List<E> layers
The function's layers.
String masterArn
For Lambda@Edge functions, the ARN of the master function.
Integer memorySize
The memory that's allocated to the function.
String revisionId
The latest updated revision of the function or alias.
String role
The function's execution role.
String runtime
The runtime environment for the Lambda function.
Integer timeout
The amount of time that Lambda allows a function to run before stopping it.
AwsLambdaFunctionTracingConfig tracingConfig
The function's AWS X-Ray tracing configuration.
AwsLambdaFunctionVpcConfig vpcConfig
The function's networking configuration.
String version
The version of the Lambda function.
Map<K,V> variables
Environment variable key-value pairs.
AwsLambdaFunctionEnvironmentError error
An AwsLambdaFunctionEnvironmentError object.
String mode
The tracing mode.
String schemaVersion
The schema version that a finding is formatted for.
String id
The security findings provider-specific identifier for a finding.
String productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security-findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
String generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
String awsAccountId
The AWS account ID that a finding is generated in.
List<E> types
One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
String firstObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
String lastObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
String createdAt
An ISO8601-formatted timestamp that indicates when the security-findings provider created the potential security issue that a finding captured.
String updatedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
Severity severity
A finding's severity.
Integer confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
Integer criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
String title
A finding's title.
In this release, Title is a required property.
String description
A finding's description.
In this release, Description is a required property.
Remediation remediation
A data type that describes the remediation options for a finding.
String sourceUrl
A URL that links to a page about the current finding in the security-findings provider's solution.
Map<K,V> productFields
A data type where security-findings providers can include additional solution-specific details that aren't part
of the defined AwsSecurityFinding format.
Map<K,V> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malware
A list of malware related to a finding.
Network network
The details of network-related information about a finding.
ProcessDetails process
The details of process-related information about a finding.
List<E> threatIntelIndicators
Threat intel details related to a finding.
List<E> resources
A set of resource data types that describe the resources that the finding refers to.
Compliance compliance
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
String verificationState
Indicates the veracity of a finding.
String workflowState
The workflow state of a finding.
String recordState
The record state of a finding.
List<E> relatedFindings
A list of related findings.
Note note
A user-defined note added to a finding.
List<E> productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
List<E> awsAccountId
The AWS account ID that a finding is generated in.
List<E> id
The security findings provider-specific identifier for a finding.
List<E> generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
List<E> type
A finding type in the format of namespace/category/classifier that classifies a finding.
List<E> firstObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
List<E> lastObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
List<E> createdAt
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
List<E> updatedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
List<E> severityProduct
The native severity as defined by the security-findings provider's solution that generated the finding.
List<E> severityNormalized
The normalized severity of a finding.
List<E> severityLabel
The label of a finding's severity.
List<E> confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
List<E> criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
List<E> title
A finding's title.
List<E> description
A finding's description.
List<E> recommendationText
The recommendation of what to do about the issue described in a finding.
List<E> sourceUrl
A URL that links to a page about the current finding in the security-findings provider's solution.
List<E> productFields
A data type where security-findings providers can include additional solution-specific details that aren't part
of the defined AwsSecurityFinding format.
List<E> productName
The name of the solution (product) that generates findings.
List<E> companyName
The name of the findings provider (company) that owns the solution (product) that generates findings.
List<E> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malwareName
The name of the malware that was observed.
List<E> malwareType
The type of the malware that was observed.
List<E> malwarePath
The filesystem path of the malware that was observed.
List<E> malwareState
The state of the malware that was observed.
List<E> networkDirection
Indicates the direction of network traffic associated with a finding.
List<E> networkProtocol
The protocol of network-related information about a finding.
List<E> networkSourceIpV4
The source IPv4 address of network-related information about a finding.
List<E> networkSourceIpV6
The source IPv6 address of network-related information about a finding.
List<E> networkSourcePort
The source port of network-related information about a finding.
List<E> networkSourceDomain
The source domain of network-related information about a finding.
List<E> networkSourceMac
The source media access control (MAC) address of network-related information about a finding.
List<E> networkDestinationIpV4
The destination IPv4 address of network-related information about a finding.
List<E> networkDestinationIpV6
The destination IPv6 address of network-related information about a finding.
List<E> networkDestinationPort
The destination port of network-related information about a finding.
List<E> networkDestinationDomain
The destination domain of network-related information about a finding.
List<E> processName
The name of the process.
List<E> processPath
The path to the process executable.
List<E> processPid
The process ID.
List<E> processParentPid
The parent process ID.
List<E> processLaunchedAt
The date/time that the process was launched.
List<E> processTerminatedAt
The date/time that the process was terminated.
List<E> threatIntelIndicatorType
The type of a threat intel indicator.
List<E> threatIntelIndicatorValue
The value of a threat intel indicator.
List<E> threatIntelIndicatorCategory
The category of a threat intel indicator.
List<E> threatIntelIndicatorLastObservedAt
The date/time of the last observation of a threat intel indicator.
List<E> threatIntelIndicatorSource
The source of the threat intel.
List<E> threatIntelIndicatorSourceUrl
The URL for more details from the source of the threat intel.
List<E> resourceType
Specifies the type of the resource that details are provided for.
List<E> resourceId
The canonical identifier for the given resource type.
List<E> resourcePartition
The canonical AWS partition name that the Region is assigned to.
List<E> resourceRegion
The canonical AWS external Region name where this resource is located.
List<E> resourceTags
A list of AWS tags associated with a resource at the time the finding was processed.
List<E> resourceAwsEc2InstanceType
The instance type of the instance.
List<E> resourceAwsEc2InstanceImageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> resourceAwsEc2InstanceIpV4Addresses
The IPv4 addresses associated with the instance.
List<E> resourceAwsEc2InstanceIpV6Addresses
The IPv6 addresses associated with the instance.
List<E> resourceAwsEc2InstanceKeyName
The key name associated with the instance.
List<E> resourceAwsEc2InstanceIamInstanceProfileArn
The IAM profile ARN of the instance.
List<E> resourceAwsEc2InstanceVpcId
The identifier of the VPC that the instance was launched in.
List<E> resourceAwsEc2InstanceSubnetId
The identifier of the subnet that the instance was launched in.
List<E> resourceAwsEc2InstanceLaunchedAt
The date/time the instance was launched.
List<E> resourceAwsS3BucketOwnerId
The canonical user ID of the owner of the S3 bucket.
List<E> resourceAwsS3BucketOwnerName
The display name of the owner of the S3 bucket.
List<E> resourceAwsIamAccessKeyUserName
The user associated with the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyStatus
The status of the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyCreatedAt
The creation date/time of the IAM access key related to a finding.
List<E> resourceContainerName
The name of the container related to a finding.
List<E> resourceContainerImageId
The identifier of the image related to a finding.
List<E> resourceContainerImageName
The name of the image related to a finding.
List<E> resourceContainerLaunchedAt
The date/time that the container was started.
List<E> resourceDetailsOther
The details of a resource that doesn't have a specific subfield for the resource type defined.
List<E> complianceStatus
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
List<E> verificationState
The veracity of a finding.
List<E> workflowState
The workflow state of a finding.
List<E> recordState
The updated record state for the finding.
List<E> relatedFindingsProductArn
The ARN of the solution that generated a related finding.
List<E> relatedFindingsId
The solution-generated identifier for a related finding.
List<E> noteText
The text of a note.
List<E> noteUpdatedAt
The timestamp of when the note was updated.
List<E> noteUpdatedBy
The principal that created a note.
List<E> keyword
A keyword for a finding.
String kmsMasterKeyId
The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK.
List<E> subscription
Subscription is an embedded property that describes the subscription endpoints of an Amazon SNS topic.
String topicName
The name of the topic.
String owner
The subscription's owner.
Integer kmsDataKeyReusePeriodSeconds
The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again.
String kmsMasterKeyId
The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK.
String queueName
The name of the new queue.
String deadLetterTargetArn
The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.
List<E> findings
A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.
String status
The result of a compliance check.
String actionTargetArn
The ARN for the custom action target.
String name
The name of the custom insight to create.
AwsSecurityFindingFilters filters
One or more attributes used to filter the findings included in the insight. Only findings that match the criteria defined in the filters are included in the insight.
String groupByAttribute
The attribute used as the aggregator to group related findings for the insight.
String insightArn
The ARN of the insight created.
String actionTargetArn
The ARN of the custom action target to delete.
String actionTargetArn
The ARN of the custom action target that was deleted.
String insightArn
The ARN of the insight to delete.
String insightArn
The ARN of the insight that was deleted.
String hubArn
The ARN of the Hub resource to retrieve.
String standardsSubscriptionArn
The ARN of a resource that represents your subscription to a supported standard.
String nextToken
For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.
Integer maxResults
The maximum number of compliance standard controls to return.
String productSubscriptionArn
The ARN of the integrated product to disable the integration for.
String productArn
The ARN of the product to enable the integration for.
String productSubscriptionArn
The ARN of your subscription to the product to enable integrations for.
List<E> standardsSubscriptionArns
A list of the standards subscription ARNs for the standards to retrieve.
String nextToken
Paginates results. On your first call to the GetEnabledStandards operation, set the value of this
parameter to NULL. For subsequent calls to the operation, fill nextToken in the request
with the value of nextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of results to return in the response.
AwsSecurityFindingFilters filters
The findings attributes used to define a condition to filter the findings returned.
List<E> sortCriteria
Findings attributes used to sort the list of findings returned.
String nextToken
Paginates results. On your first call to the GetFindings operation, set the value of this parameter
to NULL. For subsequent calls to the operation, fill nextToken in the request with the
value of nextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of findings to return.
String insightArn
The ARN of the insight whose results you want to see.
InsightResults insightResults
The insight results returned by the operation.
List<E> insightArns
The ARNs of the insights that you want to describe.
String nextToken
Paginates results. On your first call to the GetInsights operation, set the value of this parameter
to NULL. For subsequent calls to the operation, fill nextToken in the request with the
value of nextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of items that you want in the response.
Integer invitationsCount
The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.
Invitation master
A list of details about the Security Hub master account for the current member account.
String insightArn
The ARN of a Security Hub insight.
String name
The name of a Security Hub insight.
AwsSecurityFindingFilters filters
One or more attributes used to filter the findings included in the insight. Only findings that match the criteria defined in the filters are included in the insight.
String groupByAttribute
The attribute that the insight's findings are grouped by. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
String insightArn
The ARN of the insight whose results are returned by the GetInsightResults operation.
String groupByAttribute
The attribute that the findings are grouped by for the insight whose results are returned by the
GetInsightResults operation.
List<E> resultValues
The list of insight result values returned by the GetInsightResults operation.
String code
String code
String code
String accountId
The account ID of the Security Hub master account that the invitation was sent from.
String invitationId
The ID of the invitation sent to the member account.
Date invitedAt
The timestamp of when the invitation was sent.
String memberStatus
The current status of the association between member and master accounts.
String cidr
A finding's CIDR value.
String value
A value for the keyword.
String code
String nextToken
Paginates results. On your first call to the ListEnabledProductsForImport operation, set the value
of this parameter to NULL. For subsequent calls to the operation, fill nextToken in the
request with the value of NextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of items that you want in the response.
Integer maxResults
The maximum number of items that you want in the response.
String nextToken
Paginates results. On your first call to the ListInvitations operation, set the value of this
parameter to NULL. For subsequent calls to the operation, fill nextToken in the request
with the value of NextToken from the previous response to continue listing data.
Boolean onlyAssociated
Specifies which member accounts the response includes based on their relationship status with the master account.
The default value is TRUE. If onlyAssociated is set to TRUE, the response
includes member accounts whose relationship status with the master is set to ENABLED or
DISABLED. If onlyAssociated is set to FALSE, the response includes all
existing member accounts.
Integer maxResults
The maximum number of items that you want in the response.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the
ListMembers operation. For subsequent calls to the operation, fill nextToken in the
request with the value of nextToken from the previous response to continue listing data.
String resourceArn
The ARN of the resource to retrieve tags for.
String accountId
The AWS account ID of the member account.
String email
The email address of the member account.
String masterId
The AWS account ID of the Security Hub master account associated with this member account.
String memberStatus
The status of the relationship between the member account and its master account.
Date invitedAt
A timestamp for the date and time when the invitation was sent to the member account.
Date updatedAt
The timestamp for the date and time when the member account was updated.
String direction
The direction of network traffic associated with a finding.
String protocol
The protocol of network-related information about a finding.
String sourceIpV4
The source IPv4 address of network-related information about a finding.
String sourceIpV6
The source IPv6 address of network-related information about a finding.
Integer sourcePort
The source port of network-related information about a finding.
String sourceDomain
The source domain of network-related information about a finding.
String sourceMac
The source media access control (MAC) address of network-related information about a finding.
String destinationIpV4
The destination IPv4 address of network-related information about a finding.
String destinationIpV6
The destination IPv6 address of network-related information about a finding.
Integer destinationPort
The destination port of network-related information about a finding.
String destinationDomain
The destination domain of network-related information about a finding.
Double gte
The greater-than-equal condition to be applied to a single field when querying for findings.
Double lte
The less-than-equal condition to be applied to a single field when querying for findings.
Double eq
The equal-to condition to be applied to a single field when querying for findings.
String name
The name of the process.
String path
The path to the process executable.
Integer pid
The process ID.
Integer parentPid
The parent process ID.
String launchedAt
The date/time that the process was launched.
String terminatedAt
The date and time when the process was terminated.
String productArn
The ARN assigned to the product.
String productName
The name of the product.
String companyName
The name of the company that provides the product.
String description
A description of the product.
List<E> categories
The categories assigned to the product.
String marketplaceUrl
The URL for the page that contains more information about the product.
String activationUrl
The URL used to activate the product.
String productSubscriptionResourcePolicy
The resource policy associated with the product.
Recommendation recommendation
A recommendation on the steps to take to remediate the issue identified by a finding.
String type
The type of the resource that details are provided for.
String id
The canonical identifier for the given resource type.
String partition
The canonical AWS partition name that the Region is assigned to.
String region
The canonical AWS external Region name where this resource is located.
Map<K,V> tags
A list of AWS tags associated with a resource at the time the finding was processed.
ResourceDetails details
Additional details about the resource related to a finding.
String code
AwsCloudFrontDistributionDetails awsCloudFrontDistribution
Details about a CloudFront distribution.
AwsEc2InstanceDetails awsEc2Instance
Details about an Amazon EC2 instance related to a finding.
AwsElbv2LoadBalancerDetails awsElbv2LoadBalancer
Details about a load balancer.
AwsS3BucketDetails awsS3Bucket
Details about an Amazon S3 Bucket related to a finding.
AwsIamAccessKeyDetails awsIamAccessKey
Details about an IAM access key related to a finding.
AwsIamRoleDetails awsIamRole
Details about an IAM role.
AwsKmsKeyDetails awsKmsKey
Details about a KMS key.
AwsLambdaFunctionDetails awsLambdaFunction
Details about a Lambda function.
AwsSnsTopicDetails awsSnsTopic
Details about an SNS topic.
AwsSqsQueueDetails awsSqsQueue
Details about an SQS queue.
ContainerDetails container
Details about a container resource related to a finding.
Map<K,V> other
Details about a resource that doesn't have a specific type defined.
String code
String standardsControlArn
The ARN of the compliance standard control.
String controlStatus
The current status of the compliance standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
String disabledReason
The reason provided for the most recent change in status for the control.
Date controlStatusUpdatedAt
The date and time that the status of the compliance standard control was most recently updated.
String controlId
The identifier of the compliance standard control.
String title
The title of the compliance standard control.
String description
The longer description of the compliance standard control. Provides information about what the control is checking for.
String remediationUrl
A link to remediation information for the control in the Security Hub user documentation
String severityRating
The severity of findings generated from this compliance standard control.
The finding severity is based on an assessment of how easy it would be to compromise AWS resources if the compliance issue is detected.
String standardsSubscriptionArn
The ARN of a resource that represents your subscription to a supported standard.
String standardsArn
The ARN of a standard.
In this release, Security Hub supports only the CIS AWS Foundations standard, which uses the following ARN:
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
Map<K,V> standardsInput
A key-value pair of input for the standard.
String standardsStatus
The status of the standards subscription.
String standardsArn
The ARN of the standard that you want to enable.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
Map<K,V> standardsInput
A key-value pair of input for the standard.
String type
The type of a threat intel indicator.
String value
The value of a threat intel indicator.
String category
The category of a threat intel indicator.
String lastObservedAt
The date and time when the most recent instance of a threat intel indicator was observed.
String source
The source of the threat intel indicator.
String sourceUrl
The URL to the page or site where you can get more information about the threat intel indicator.
AwsSecurityFindingFilters filters
A collection of attributes that specify which findings you want to update.
NoteUpdate note
The updated note for the finding.
String recordState
The updated record state for the finding.
String insightArn
The ARN of the insight that you want to update.
String name
The updated name for the insight.
AwsSecurityFindingFilters filters
The updated filters that define this insight.
String groupByAttribute
The updated GroupBy attribute that defines this insight.
String standardsControlArn
The ARN of the compliance standard control to enable or disable.
String controlStatus
The updated status of the compliance standard control.
String disabledReason
A description of the reason why you are disabling a compliance standard control.
Copyright © 2020. All rights reserved.