AWS SecurityHub 2018-10-26
- Client: Aws\SecurityHub\SecurityHubClient
- Service ID: securityhub
- Version: 2018-10-26
This page describes the parameters and results for the operations of the AWS SecurityHub (2018-10-26), and shows how to use the Aws\SecurityHub\SecurityHubClient object to call the described operations. This documentation is specific to the 2018-10-26 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AcceptInvitation ( array $params = [] )
Accepts the invitation to be monitored by a master SecurityHub account.
- BatchDisableStandards ( array $params = [] )
Disables the standards specified by the standards subscription ARNs.
- BatchEnableStandards ( array $params = [] )
Enables the standards specified by the standards ARNs.
- BatchImportFindings ( array $params = [] )
Imports security findings that are generated by the integrated third-party products into Security Hub.
- CreateInsight ( array $params = [] )
Creates an insight, which is a consolidation of findings that identifies a security area that requires attention or intervention.
- CreateMembers ( array $params = [] )
Creates member Security Hub accounts in the current AWS account (which becomes the master Security Hub account) that has Security Hub enabled.
- DeclineInvitations ( array $params = [] )
Declines invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by the account IDs.
- DeleteInsight ( array $params = [] )
Deletes an insight that is specified by the insight ARN.
- DeleteInvitations ( array $params = [] )
Deletes invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by their account IDs.
- DeleteMembers ( array $params = [] )
Deletes the Security Hub member accounts that are specified by the account IDs.
- DisableImportFindingsForProduct ( array $params = [] )
Stops you from being able to import findings generated by integrated third-party providers into Security Hub.
- DisableSecurityHub ( array $params = [] )
Disables the AWS Security Hub Service.
- DisassociateFromMasterAccount ( array $params = [] )
Disassociates the current Security Hub member account from its master account.
- DisassociateMembers ( array $params = [] )
Disassociates the Security Hub member accounts that are specified by the account IDs from their master account.
- EnableImportFindingsForProduct ( array $params = [] )
Enables you to import findings generated by integrated third-party providers into Security Hub.
- EnableSecurityHub ( array $params = [] )
Enables the AWS Security Hub service.
- GetEnabledStandards ( array $params = [] )
Lists and describes enabled standards.
- GetFindings ( array $params = [] )
Lists and describes Security Hub-aggregated findings that are specified by filter attributes.
- GetInsightResults ( array $params = [] )
Lists the results of the Security Hub insight specified by the insight ARN.
- GetInsights ( array $params = [] )
Lists and describes insights that are specified by insight ARNs.
- GetInvitationsCount ( array $params = [] )
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
- GetMasterAccount ( array $params = [] )
Provides the details for the Security Hub master account to the current member account.
- GetMembers ( array $params = [] )
Returns the details on the Security Hub member accounts that are specified by the account IDs.
- InviteMembers ( array $params = [] )
Invites other AWS accounts to enable Security Hub and become Security Hub member accounts.
- ListEnabledProductsForImport ( array $params = [] )
Lists all Security Hub-integrated third-party findings providers.
- ListInvitations ( array $params = [] )
Lists all Security Hub membership invitations that were sent to the current AWS account.
- ListMembers ( array $params = [] )
Lists details about all member accounts for the current Security Hub master account.
- UpdateFindings ( array $params = [] )
Updates the AWS Security Hub-aggregated findings specified by the filter attributes.
- UpdateInsight ( array $params = [] )
Updates the AWS Security Hub insight specified by the insight ARN.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AcceptInvitation
$result = $client->acceptInvitation([/* ... */]); $promise = $client->acceptInvitationAsync([/* ... */]);
Accepts the invitation to be monitored by a master SecurityHub account.
Parameter Syntax
$result = $client->acceptInvitation([
'InvitationId' => '<string>',
'MasterId' => '<string>',
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
BatchDisableStandards
$result = $client->batchDisableStandards([/* ... */]); $promise = $client->batchDisableStandardsAsync([/* ... */]);
Disables the standards specified by the standards subscription ARNs. In the context of Security Hub, supported standards (for example, CIS AWS Foundations) are automated and continuous checks that help determine your compliance status against security industry (including AWS) best practices.
Parameter Syntax
$result = $client->batchDisableStandards([
'StandardsSubscriptionArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'StandardsSubscriptions' => [
[
'StandardsArn' => '<string>',
'StandardsInput' => ['<string>', ...],
'StandardsStatus' => 'PENDING|READY|FAILED|DELETING',
'StandardsSubscriptionArn' => '<string>',
],
// ...
],
]
Result Details
Members
- StandardsSubscriptions
-
- Type: Array of StandardsSubscription structures
The details of the standards subscriptions that were disabled.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
BatchEnableStandards
$result = $client->batchEnableStandards([/* ... */]); $promise = $client->batchEnableStandardsAsync([/* ... */]);
Enables the standards specified by the standards ARNs. In the context of Security Hub, supported standards (for example, CIS AWS Foundations) are automated and continuous checks that help determine your compliance status against security industry (including AWS) best practices.
Parameter Syntax
$result = $client->batchEnableStandards([
'StandardsSubscriptionRequests' => [ // REQUIRED
[
'StandardsArn' => '<string>', // REQUIRED
'StandardsInput' => ['<string>', ...],
],
// ...
],
]);
Parameter Details
Members
- StandardsSubscriptionRequests
-
- Required: Yes
- Type: Array of StandardsSubscriptionRequest structures
The list of standards that you want to enable.
Result Syntax
[
'StandardsSubscriptions' => [
[
'StandardsArn' => '<string>',
'StandardsInput' => ['<string>', ...],
'StandardsStatus' => 'PENDING|READY|FAILED|DELETING',
'StandardsSubscriptionArn' => '<string>',
],
// ...
],
]
Result Details
Members
- StandardsSubscriptions
-
- Type: Array of StandardsSubscription structures
The details of the standards subscriptions that were enabled.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
BatchImportFindings
$result = $client->batchImportFindings([/* ... */]); $promise = $client->batchImportFindingsAsync([/* ... */]);
Imports security findings that are generated by the integrated third-party products into Security Hub.
Parameter Syntax
$result = $client->batchImportFindings([
'Findings' => [ // REQUIRED
[
'AwsAccountId' => '<string>', // REQUIRED
'Compliance' => [
'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
],
'Confidence' => <integer>,
'CreatedAt' => '<string>', // REQUIRED
'Criticality' => <integer>,
'Description' => '<string>',
'FirstObservedAt' => '<string>',
'GeneratorId' => '<string>', // REQUIRED
'Id' => '<string>', // REQUIRED
'LastObservedAt' => '<string>',
'Malware' => [
[
'Name' => '<string>', // REQUIRED
'Path' => '<string>',
'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
],
// ...
],
'Network' => [
'DestinationDomain' => '<string>',
'DestinationIpV4' => '<string>',
'DestinationIpV6' => '<string>',
'DestinationPort' => <integer>,
'Direction' => 'IN|OUT',
'Protocol' => '<string>',
'SourceDomain' => '<string>',
'SourceIpV4' => '<string>',
'SourceIpV6' => '<string>',
'SourceMac' => '<string>',
'SourcePort' => <integer>,
],
'Note' => [
'Text' => '<string>', // REQUIRED
'UpdatedAt' => '<string>', // REQUIRED
'UpdatedBy' => '<string>', // REQUIRED
],
'Process' => [
'LaunchedAt' => '<string>',
'Name' => '<string>',
'ParentPid' => <integer>,
'Path' => '<string>',
'Pid' => <integer>,
'TerminatedAt' => '<string>',
],
'ProductArn' => '<string>', // REQUIRED
'ProductFields' => ['<string>', ...],
'RecordState' => 'ACTIVE|ARCHIVED',
'RelatedFindings' => [
[
'Id' => '<string>', // REQUIRED
'ProductArn' => '<string>', // REQUIRED
],
// ...
],
'Remediation' => [
'Recommendation' => [
'Text' => '<string>',
'Url' => '<string>',
],
],
'Resources' => [ // REQUIRED
[
'Details' => [
'AwsEc2Instance' => [
'IamInstanceProfileArn' => '<string>',
'ImageId' => '<string>',
'IpV4Addresses' => ['<string>', ...],
'IpV6Addresses' => ['<string>', ...],
'KeyName' => '<string>',
'LaunchedAt' => '<string>',
'SubnetId' => '<string>',
'Type' => '<string>',
'VpcId' => '<string>',
],
'AwsIamAccessKey' => [
'CreatedAt' => '<string>',
'Status' => 'Active|Inactive',
'UserName' => '<string>',
],
'AwsS3Bucket' => [
'OwnerId' => '<string>',
'OwnerName' => '<string>',
],
'Container' => [
'ImageId' => '<string>',
'ImageName' => '<string>',
'LaunchedAt' => '<string>',
'Name' => '<string>',
],
'Other' => ['<string>', ...],
],
'Id' => '<string>', // REQUIRED
'Partition' => 'aws|aws-cn|aws-us-gov',
'Region' => '<string>',
'Tags' => ['<string>', ...],
'Type' => '<string>', // REQUIRED
],
// ...
],
'SchemaVersion' => '<string>', // REQUIRED
'Severity' => [ // REQUIRED
'Normalized' => <integer>, // REQUIRED
'Product' => <float>,
],
'SourceUrl' => '<string>',
'ThreatIntelIndicators' => [
[
'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
'LastObservedAt' => '<string>',
'Source' => '<string>',
'SourceUrl' => '<string>',
'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
'Value' => '<string>',
],
// ...
],
'Title' => '<string>',
'Types' => ['<string>', ...], // REQUIRED
'UpdatedAt' => '<string>', // REQUIRED
'UserDefinedFields' => ['<string>', ...],
'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
],
// ...
],
]);
Parameter Details
Members
- Findings
-
- Required: Yes
- Type: Array of AwsSecurityFinding structures
A list of findings that you want to import. Must be submitted in the AWSSecurityFinding format.
Result Syntax
[
'FailedCount' => <integer>,
'FailedFindings' => [
[
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
'Id' => '<string>',
],
// ...
],
'SuccessCount' => <integer>,
]
Result Details
Members
- FailedCount
-
- Required: Yes
- Type: int
The number of findings that cannot be imported.
- FailedFindings
-
- Type: Array of ImportFindingsError structures
The list of the findings that cannot be imported.
- SuccessCount
-
- Required: Yes
- Type: int
The number of findings that were successfully imported
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
CreateInsight
$result = $client->createInsight([/* ... */]); $promise = $client->createInsightAsync([/* ... */]);
Creates an insight, which is a consolidation of findings that identifies a security area that requires attention or intervention.
Parameter Syntax
$result = $client->createInsight([
'Filters' => [ // REQUIRED
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'GroupByAttribute' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- Filters
-
- Required: Yes
- Type: AwsSecurityFindingFilters structure
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
- GroupByAttribute
-
- Required: Yes
- Type: string
The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
- Name
-
- Required: Yes
- Type: string
The user-defined name that identifies the insight that you want to create.
Result Syntax
[
'InsightArn' => '<string>',
]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
CreateMembers
$result = $client->createMembers([/* ... */]); $promise = $client->createMembersAsync([/* ... */]);
Creates member Security Hub accounts in the current AWS account (which becomes the master Security Hub account) that has Security Hub enabled.
Parameter Syntax
$result = $client->createMembers([
'AccountDetails' => [
[
'AccountId' => '<string>',
'Email' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- AccountDetails
-
- Type: Array of AccountDetails structures
A list of account ID and email address pairs of the accounts that you want to associate with the master Security Hub account.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that could not be processed.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
DeclineInvitations
$result = $client->declineInvitations([/* ... */]); $promise = $client->declineInvitationsAsync([/* ... */]);
Declines invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by the account IDs.
Parameter Syntax
$result = $client->declineInvitations([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that could not be processed.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
DeleteInsight
$result = $client->deleteInsight([/* ... */]); $promise = $client->deleteInsightAsync([/* ... */]);
Deletes an insight that is specified by the insight ARN.
Parameter Syntax
$result = $client->deleteInsight([
'InsightArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'InsightArn' => '<string>',
]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
DeleteInvitations
$result = $client->deleteInvitations([/* ... */]); $promise = $client->deleteInvitationsAsync([/* ... */]);
Deletes invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by their account IDs.
Parameter Syntax
$result = $client->deleteInvitations([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that could not be processed.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
DeleteMembers
$result = $client->deleteMembers([/* ... */]); $promise = $client->deleteMembersAsync([/* ... */]);
Deletes the Security Hub member accounts that are specified by the account IDs.
Parameter Syntax
$result = $client->deleteMembers([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that could not be processed.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
DisableImportFindingsForProduct
$result = $client->disableImportFindingsForProduct([/* ... */]); $promise = $client->disableImportFindingsForProductAsync([/* ... */]);
Stops you from being able to import findings generated by integrated third-party providers into Security Hub.
Parameter Syntax
$result = $client->disableImportFindingsForProduct([
'ProductSubscriptionArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
DisableSecurityHub
$result = $client->disableSecurityHub([/* ... */]); $promise = $client->disableSecurityHubAsync([/* ... */]);
Disables the AWS Security Hub Service.
Parameter Syntax
$result = $client->disableSecurityHub([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
DisassociateFromMasterAccount
$result = $client->disassociateFromMasterAccount([/* ... */]); $promise = $client->disassociateFromMasterAccountAsync([/* ... */]);
Disassociates the current Security Hub member account from its master account.
Parameter Syntax
$result = $client->disassociateFromMasterAccount([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
DisassociateMembers
$result = $client->disassociateMembers([/* ... */]); $promise = $client->disassociateMembersAsync([/* ... */]);
Disassociates the Security Hub member accounts that are specified by the account IDs from their master account.
Parameter Syntax
$result = $client->disassociateMembers([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
EnableImportFindingsForProduct
$result = $client->enableImportFindingsForProduct([/* ... */]); $promise = $client->enableImportFindingsForProductAsync([/* ... */]);
Enables you to import findings generated by integrated third-party providers into Security Hub.
Parameter Syntax
$result = $client->enableImportFindingsForProduct([
'ProductArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'ProductSubscriptionArn' => '<string>',
]
Result Details
Members
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
EnableSecurityHub
$result = $client->enableSecurityHub([/* ... */]); $promise = $client->enableSecurityHubAsync([/* ... */]);
Enables the AWS Security Hub service.
Parameter Syntax
$result = $client->enableSecurityHub([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetEnabledStandards
$result = $client->getEnabledStandards([/* ... */]); $promise = $client->getEnabledStandardsAsync([/* ... */]);
Lists and describes enabled standards.
Parameter Syntax
$result = $client->getEnabledStandards([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'StandardsSubscriptionArns' => ['<string>', ...],
]);
Parameter Details
Members
- MaxResults
-
- Type: int
Indicates the maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to NULL on your first call to the GetEnabledStandards operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
- StandardsSubscriptionArns
-
- Type: Array of strings
The list of standards subscription ARNS that you want to list and describe.
Result Syntax
[
'NextToken' => '<string>',
'StandardsSubscriptions' => [
[
'StandardsArn' => '<string>',
'StandardsInput' => ['<string>', ...],
'StandardsStatus' => 'PENDING|READY|FAILED|DELETING',
'StandardsSubscriptionArn' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
The token that is required for pagination.
- StandardsSubscriptions
-
- Type: Array of StandardsSubscription structures
The standards subscription details returned by the operation.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetFindings
$result = $client->getFindings([/* ... */]); $promise = $client->getFindingsAsync([/* ... */]);
Lists and describes Security Hub-aggregated findings that are specified by filter attributes.
Parameter Syntax
$result = $client->getFindings([
'Filters' => [
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
'SortCriteria' => [
[
'Field' => '<string>',
'SortOrder' => 'asc|desc',
],
// ...
],
]);
Parameter Details
Members
- Filters
-
- Type: AwsSecurityFindingFilters structure
A collection of attributes that is use for querying findings.
- MaxResults
-
- Type: int
Indicates the maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to NULL on your first call to the GetFindings operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
- SortCriteria
-
- Type: Array of SortCriterion structures
A collection of attributes used for sorting findings.
Result Syntax
[
'Findings' => [
[
'AwsAccountId' => '<string>',
'Compliance' => [
'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
],
'Confidence' => <integer>,
'CreatedAt' => '<string>',
'Criticality' => <integer>,
'Description' => '<string>',
'FirstObservedAt' => '<string>',
'GeneratorId' => '<string>',
'Id' => '<string>',
'LastObservedAt' => '<string>',
'Malware' => [
[
'Name' => '<string>',
'Path' => '<string>',
'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
],
// ...
],
'Network' => [
'DestinationDomain' => '<string>',
'DestinationIpV4' => '<string>',
'DestinationIpV6' => '<string>',
'DestinationPort' => <integer>,
'Direction' => 'IN|OUT',
'Protocol' => '<string>',
'SourceDomain' => '<string>',
'SourceIpV4' => '<string>',
'SourceIpV6' => '<string>',
'SourceMac' => '<string>',
'SourcePort' => <integer>,
],
'Note' => [
'Text' => '<string>',
'UpdatedAt' => '<string>',
'UpdatedBy' => '<string>',
],
'Process' => [
'LaunchedAt' => '<string>',
'Name' => '<string>',
'ParentPid' => <integer>,
'Path' => '<string>',
'Pid' => <integer>,
'TerminatedAt' => '<string>',
],
'ProductArn' => '<string>',
'ProductFields' => ['<string>', ...],
'RecordState' => 'ACTIVE|ARCHIVED',
'RelatedFindings' => [
[
'Id' => '<string>',
'ProductArn' => '<string>',
],
// ...
],
'Remediation' => [
'Recommendation' => [
'Text' => '<string>',
'Url' => '<string>',
],
],
'Resources' => [
[
'Details' => [
'AwsEc2Instance' => [
'IamInstanceProfileArn' => '<string>',
'ImageId' => '<string>',
'IpV4Addresses' => ['<string>', ...],
'IpV6Addresses' => ['<string>', ...],
'KeyName' => '<string>',
'LaunchedAt' => '<string>',
'SubnetId' => '<string>',
'Type' => '<string>',
'VpcId' => '<string>',
],
'AwsIamAccessKey' => [
'CreatedAt' => '<string>',
'Status' => 'Active|Inactive',
'UserName' => '<string>',
],
'AwsS3Bucket' => [
'OwnerId' => '<string>',
'OwnerName' => '<string>',
],
'Container' => [
'ImageId' => '<string>',
'ImageName' => '<string>',
'LaunchedAt' => '<string>',
'Name' => '<string>',
],
'Other' => ['<string>', ...],
],
'Id' => '<string>',
'Partition' => 'aws|aws-cn|aws-us-gov',
'Region' => '<string>',
'Tags' => ['<string>', ...],
'Type' => '<string>',
],
// ...
],
'SchemaVersion' => '<string>',
'Severity' => [
'Normalized' => <integer>,
'Product' => <float>,
],
'SourceUrl' => '<string>',
'ThreatIntelIndicators' => [
[
'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
'LastObservedAt' => '<string>',
'Source' => '<string>',
'SourceUrl' => '<string>',
'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
'Value' => '<string>',
],
// ...
],
'Title' => '<string>',
'Types' => ['<string>', ...],
'UpdatedAt' => '<string>',
'UserDefinedFields' => ['<string>', ...],
'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Findings
-
- Required: Yes
- Type: Array of AwsSecurityFinding structures
Findings details returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
GetInsightResults
$result = $client->getInsightResults([/* ... */]); $promise = $client->getInsightResultsAsync([/* ... */]);
Lists the results of the Security Hub insight specified by the insight ARN.
Parameter Syntax
$result = $client->getInsightResults([
'InsightArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'InsightResults' => [
'GroupByAttribute' => '<string>',
'InsightArn' => '<string>',
'ResultValues' => [
[
'Count' => <integer>,
'GroupByAttributeValue' => '<string>',
],
// ...
],
],
]
Result Details
Members
- InsightResults
-
- Required: Yes
- Type: InsightResults structure
The insight results returned by the operation.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetInsights
$result = $client->getInsights([/* ... */]); $promise = $client->getInsightsAsync([/* ... */]);
Lists and describes insights that are specified by insight ARNs.
Parameter Syntax
$result = $client->getInsights([
'InsightArns' => ['<string>', ...],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- InsightArns
-
- Type: Array of strings
The ARNS of the insights that you want to describe.
- MaxResults
-
- Type: int
Indicates the maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to NULL on your first call to the GetInsights operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Result Syntax
[
'Insights' => [
[
'Filters' => [
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'GroupByAttribute' => '<string>',
'InsightArn' => '<string>',
'Name' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Insights
-
- Required: Yes
- Type: Array of Insight structures
The insights returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetInvitationsCount
$result = $client->getInvitationsCount([/* ... */]); $promise = $client->getInvitationsCountAsync([/* ... */]);
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
Parameter Syntax
$result = $client->getInvitationsCount([ ]);
Parameter Details
Members
Result Syntax
[
'InvitationsCount' => <integer>,
]
Result Details
Members
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
GetMasterAccount
$result = $client->getMasterAccount([/* ... */]); $promise = $client->getMasterAccountAsync([/* ... */]);
Provides the details for the Security Hub master account to the current member account.
Parameter Syntax
$result = $client->getMasterAccount([ ]);
Parameter Details
Members
Result Syntax
[
'Master' => [
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => <DateTime>,
'MemberStatus' => '<string>',
],
]
Result Details
Members
- Master
-
- Type: Invitation structure
A list of details about the Security Hub master account for the current member account.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
GetMembers
$result = $client->getMembers([/* ... */]); $promise = $client->getMembersAsync([/* ... */]);
Returns the details on the Security Hub member accounts that are specified by the account IDs.
Parameter Syntax
$result = $client->getMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'Email' => '<string>',
'InvitedAt' => <DateTime>,
'MasterId' => '<string>',
'MemberStatus' => '<string>',
'UpdatedAt' => <DateTime>,
],
// ...
],
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
InviteMembers
$result = $client->inviteMembers([/* ... */]); $promise = $client->inviteMembersAsync([/* ... */]);
Invites other AWS accounts to enable Security Hub and become Security Hub member accounts. When an account accepts the invitation and becomes a member account, the master account can view Security Hub findings of the member account.
Parameter Syntax
$result = $client->inviteMembers([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that could not be processed.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
ListEnabledProductsForImport
$result = $client->listEnabledProductsForImport([/* ... */]); $promise = $client->listEnabledProductsForImportAsync([/* ... */]);
Lists all Security Hub-integrated third-party findings providers.
Parameter Syntax
$result = $client->listEnabledProductsForImport([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- MaxResults
-
- Type: int
Indicates the maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to NULL on your first call to the ListEnabledProductsForImport operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'NextToken' => '<string>',
'ProductSubscriptions' => ['<string>', ...],
]
Result Details
Members
Errors
-
InternalException:
Internal server error.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ListInvitations
$result = $client->listInvitations([/* ... */]); $promise = $client->listInvitationsAsync([/* ... */]);
Lists all Security Hub membership invitations that were sent to the current AWS account.
Parameter Syntax
$result = $client->listInvitations([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- MaxResults
-
- Type: int
Indicates the maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to NULL on your first call to the ListInvitations operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'Invitations' => [
[
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => <DateTime>,
'MemberStatus' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Invitations
-
- Type: Array of Invitation structures
The details of the invitations returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
Lists details about all member accounts for the current Security Hub master account.
Parameter Syntax
$result = $client->listMembers([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'OnlyAssociated' => true || false,
]);
Parameter Details
Members
- MaxResults
-
- Type: int
Indicates the maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to NULL on your first call to the ListMembers operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
- OnlyAssociated
-
- Type: boolean
Specifies what member accounts the response includes based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED. If onlyAssociated is set to FALSE, the response includes all existing member accounts.
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'Email' => '<string>',
'InvitedAt' => <DateTime>,
'MasterId' => '<string>',
'MemberStatus' => '<string>',
'UpdatedAt' => <DateTime>,
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Members
-
- Type: Array of Member structures
Member details returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
UpdateFindings
$result = $client->updateFindings([/* ... */]); $promise = $client->updateFindingsAsync([/* ... */]);
Updates the AWS Security Hub-aggregated findings specified by the filter attributes.
Parameter Syntax
$result = $client->updateFindings([
'Filters' => [ // REQUIRED
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'Note' => [
'Text' => '<string>', // REQUIRED
'UpdatedBy' => '<string>', // REQUIRED
],
'RecordState' => 'ACTIVE|ARCHIVED',
]);
Parameter Details
Members
- Filters
-
- Required: Yes
- Type: AwsSecurityFindingFilters structure
A collection of attributes that specify what findings you want to update.
- Note
-
- Type: NoteUpdate structure
The updated note for the finding.
- RecordState
-
- Type: string
The updated record state for the finding.
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
UpdateInsight
$result = $client->updateInsight([/* ... */]); $promise = $client->updateInsightAsync([/* ... */]);
Updates the AWS Security Hub insight specified by the insight ARN.
Parameter Syntax
$result = $client->updateInsight([
'Filters' => [
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'CONTAINS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|CONTAINS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'GroupByAttribute' => '<string>',
'InsightArn' => '<string>', // REQUIRED
'Name' => '<string>',
]);
Parameter Details
Members
- Filters
-
- Type: AwsSecurityFindingFilters structure
The updated filters that define this insight.
- GroupByAttribute
-
- Type: string
The updated GroupBy attribute that defines this insight.
- InsightArn
-
- Required: Yes
- Type: string
The ARN of the insight that you want to update.
- Name
-
- Type: string
The updated name for the insight.
Result Syntax
[]
Result Details
Errors
-
InternalException:
Internal server error.
-
InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
-
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
ResourceNotFoundException:
The request was rejected because the specified resource cannot be found.
Shapes
AccountDetails
Description
The details of an AWS account.
Members
AwsEc2InstanceDetails
Description
The details of an AWS EC2 instance.
Members
- IamInstanceProfileArn
-
- Type: string
The IAM profile ARN of the instance.
- ImageId
-
- Type: string
The Amazon Machine Image (AMI) ID of the instance.
- IpV4Addresses
-
- Type: Array of strings
The IPv4 addresses associated with the instance.
- IpV6Addresses
-
- Type: Array of strings
The IPv6 addresses associated with the instance.
- KeyName
-
- Type: string
The key name associated with the instance.
- LaunchedAt
-
- Type: string
The date/time the instance was launched.
- SubnetId
-
- Type: string
The identifier of the subnet in which the instance was launched.
- Type
-
- Type: string
The instance type of the instance.
- VpcId
-
- Type: string
The identifier of the VPC in which the instance was launched.
AwsIamAccessKeyDetails
Description
AWS IAM access key details related to a finding.
Members
AwsS3BucketDetails
Description
The details of an AWS S3 Bucket.
Members
AwsSecurityFinding
Description
Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and compliance checks.
A finding is a potential security issue generated either by AWS services (GuardDuty, Inspector, Macie) or by the integrated third-party solutions and compliance checks.
Members
- AwsAccountId
-
- Required: Yes
- Type: string
The AWS account ID in which a finding is generated.
- Compliance
-
- Type: Compliance structure
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
- Confidence
-
- Type: int
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
- CreatedAt
-
- Required: Yes
- Type: string
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
- Criticality
-
- Type: int
The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
- Description
-
- Type: string
A finding's description.
- FirstObservedAt
-
- Type: string
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
- GeneratorId
-
- Required: Yes
- Type: string
This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
- Id
-
- Required: Yes
- Type: string
The security findings provider-specific identifier for a finding.
- LastObservedAt
-
- Type: string
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
- Malware
-
- Type: Array of Malware structures
A list of malware related to a finding.
- Network
-
- Type: Network structure
The details of network-related information about a finding.
- Note
-
- Type: Note structure
A user-defined note added to a finding.
- Process
-
- Type: ProcessDetails structure
The details of process-related information about a finding.
- ProductArn
-
- Required: Yes
- Type: string
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
- ProductFields
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
- RecordState
-
- Type: string
The record state of a finding.
- RelatedFindings
-
- Type: Array of RelatedFinding structures
A list of related findings.
- Remediation
-
- Type: Remediation structure
An data type that describes the remediation options for a finding.
- Resources
-
- Required: Yes
- Type: Array of Resource structures
A set of resource data types that describe the resources to which the finding refers.
- SchemaVersion
-
- Required: Yes
- Type: string
The schema version for which a finding is formatted.
- Severity
-
- Required: Yes
- Type: Severity structure
A finding's severity.
- SourceUrl
-
- Type: string
A URL that links to a page about the current finding in the security findings provider's solution.
- ThreatIntelIndicators
-
- Type: Array of ThreatIntelIndicator structures
Threat intel details related to a finding.
- Title
-
- Type: string
A finding's title.
- Types
-
- Required: Yes
- Type: Array of strings
One or more finding types in the format of 'namespace/category/classifier' that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
- UpdatedAt
-
- Required: Yes
- Type: string
An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
- UserDefinedFields
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
- VerificationState
-
- Type: string
Indicates the veracity of a finding.
- WorkflowState
-
- Type: string
The workflow state of a finding.
AwsSecurityFindingFilters
Description
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
Members
- AwsAccountId
-
- Type: Array of StringFilter structures
The AWS account ID in which a finding is generated.
- CompanyName
-
- Type: Array of StringFilter structures
The name of the findings provider (company) that owns the solution (product) that generates findings.
- ComplianceStatus
-
- Type: Array of StringFilter structures
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
- Confidence
-
- Type: Array of NumberFilter structures
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
- CreatedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
- Criticality
-
- Type: Array of NumberFilter structures
The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
- Description
-
- Type: Array of StringFilter structures
A finding's description.
- FirstObservedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
- GeneratorId
-
- Type: Array of StringFilter structures
This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
- Id
-
- Type: Array of StringFilter structures
The security findings provider-specific identifier for a finding.
- Keyword
-
- Type: Array of KeywordFilter structures
A keyword for a finding.
- LastObservedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
- MalwareName
-
- Type: Array of StringFilter structures
The name of the malware that was observed.
- MalwarePath
-
- Type: Array of StringFilter structures
The filesystem path of the malware that was observed.
- MalwareState
-
- Type: Array of StringFilter structures
The state of the malware that was observed.
- MalwareType
-
- Type: Array of StringFilter structures
The type of the malware that was observed.
- NetworkDestinationDomain
-
- Type: Array of StringFilter structures
The destination domain of network-related information about a finding.
- NetworkDestinationIpV4
-
- Type: Array of IpFilter structures
The destination IPv4 address of network-related information about a finding.
- NetworkDestinationIpV6
-
- Type: Array of IpFilter structures
The destination IPv6 address of network-related information about a finding.
- NetworkDestinationPort
-
- Type: Array of NumberFilter structures
The destination port of network-related information about a finding.
- NetworkDirection
-
- Type: Array of StringFilter structures
Indicates the direction of network traffic associated with a finding.
- NetworkProtocol
-
- Type: Array of StringFilter structures
The protocol of network-related information about a finding.
- NetworkSourceDomain
-
- Type: Array of StringFilter structures
The source domain of network-related information about a finding.
- NetworkSourceIpV4
-
- Type: Array of IpFilter structures
The source IPv4 address of network-related information about a finding.
- NetworkSourceIpV6
-
- Type: Array of IpFilter structures
The source IPv6 address of network-related information about a finding.
- NetworkSourceMac
-
- Type: Array of StringFilter structures
The source media access control (MAC) address of network-related information about a finding.
- NetworkSourcePort
-
- Type: Array of NumberFilter structures
The source port of network-related information about a finding.
- NoteText
-
- Type: Array of StringFilter structures
The text of a note.
- NoteUpdatedAt
-
- Type: Array of DateFilter structures
The timestamp of when the note was updated.
- NoteUpdatedBy
-
- Type: Array of StringFilter structures
The principal that created a note.
- ProcessLaunchedAt
-
- Type: Array of DateFilter structures
The date/time that the process was launched.
- ProcessName
-
- Type: Array of StringFilter structures
The name of the process.
- ProcessParentPid
-
- Type: Array of NumberFilter structures
The parent process ID.
- ProcessPath
-
- Type: Array of StringFilter structures
The path to the process executable.
- ProcessPid
-
- Type: Array of NumberFilter structures
The process ID.
- ProcessTerminatedAt
-
- Type: Array of DateFilter structures
The date/time that the process was terminated.
- ProductArn
-
- Type: Array of StringFilter structures
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
- ProductFields
-
- Type: Array of MapFilter structures
A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
- ProductName
-
- Type: Array of StringFilter structures
The name of the solution (product) that generates findings.
- RecommendationText
-
- Type: Array of StringFilter structures
The recommendation of what to do about the issue described in a finding.
- RecordState
-
- Type: Array of StringFilter structures
The updated record state for the finding.
- RelatedFindingsId
-
- Type: Array of StringFilter structures
The solution-generated identifier for a related finding.
- RelatedFindingsProductArn
-
- Type: Array of StringFilter structures
The ARN of the solution that generated a related finding.
- ResourceAwsEc2InstanceIamInstanceProfileArn
-
- Type: Array of StringFilter structures
The IAM profile ARN of the instance.
- ResourceAwsEc2InstanceImageId
-
- Type: Array of StringFilter structures
The Amazon Machine Image (AMI) ID of the instance.
- ResourceAwsEc2InstanceIpV4Addresses
-
- Type: Array of IpFilter structures
The IPv4 addresses associated with the instance.
- ResourceAwsEc2InstanceIpV6Addresses
-
- Type: Array of IpFilter structures
The IPv6 addresses associated with the instance.
- ResourceAwsEc2InstanceKeyName
-
- Type: Array of StringFilter structures
The key name associated with the instance.
- ResourceAwsEc2InstanceLaunchedAt
-
- Type: Array of DateFilter structures
The date/time the instance was launched.
- ResourceAwsEc2InstanceSubnetId
-
- Type: Array of StringFilter structures
The identifier of the subnet in which the instance was launched.
- ResourceAwsEc2InstanceType
-
- Type: Array of StringFilter structures
The instance type of the instance.
- ResourceAwsEc2InstanceVpcId
-
- Type: Array of StringFilter structures
The identifier of the VPC in which the instance was launched.
- ResourceAwsIamAccessKeyCreatedAt
-
- Type: Array of DateFilter structures
The creation date/time of the IAM access key related to a finding.
- ResourceAwsIamAccessKeyStatus
-
- Type: Array of StringFilter structures
The status of the IAM access key related to a finding.
- ResourceAwsIamAccessKeyUserName
-
- Type: Array of StringFilter structures
The user associated with the IAM access key related to a finding.
- ResourceAwsS3BucketOwnerId
-
- Type: Array of StringFilter structures
The canonical user ID of the owner of the S3 bucket.
- ResourceAwsS3BucketOwnerName
-
- Type: Array of StringFilter structures
The display name of the owner of the S3 bucket.
- ResourceContainerImageId
-
- Type: Array of StringFilter structures
The identifier of the image related to a finding.
- ResourceContainerImageName
-
- Type: Array of StringFilter structures
The name of the image related to a finding.
- ResourceContainerLaunchedAt
-
- Type: Array of DateFilter structures
The date/time that the container was started.
- ResourceContainerName
-
- Type: Array of StringFilter structures
The name of the container related to a finding.
- ResourceDetailsOther
-
- Type: Array of MapFilter structures
The details of a resource that does not have a specific sub-field for the resource type defined.
- ResourceId
-
- Type: Array of StringFilter structures
The canonical identifier for the given resource type.
- ResourcePartition
-
- Type: Array of StringFilter structures
The canonical AWS partition name to which the region is assigned.
- ResourceRegion
-
- Type: Array of StringFilter structures
The canonical AWS external region name where this resource is located.
- ResourceTags
-
- Type: Array of MapFilter structures
A list of AWS tags associated with a resource at the time the finding was processed.
- ResourceType
-
- Type: Array of StringFilter structures
Specifies the type of the resource for which details are provided.
- SeverityLabel
-
- Type: Array of StringFilter structures
The label of a finding's severity.
- SeverityNormalized
-
- Type: Array of NumberFilter structures
The normalized severity of a finding.
- SeverityProduct
-
- Type: Array of NumberFilter structures
The native severity as defined by the security findings provider's solution that generated the finding.
- SourceUrl
-
- Type: Array of StringFilter structures
A URL that links to a page about the current finding in the security findings provider's solution.
- ThreatIntelIndicatorCategory
-
- Type: Array of StringFilter structures
The category of a threat intel indicator.
- ThreatIntelIndicatorLastObservedAt
-
- Type: Array of DateFilter structures
The date/time of the last observation of a threat intel indicator.
- ThreatIntelIndicatorSource
-
- Type: Array of StringFilter structures
The source of the threat intel.
- ThreatIntelIndicatorSourceUrl
-
- Type: Array of StringFilter structures
The URL for more details from the source of the threat intel.
- ThreatIntelIndicatorType
-
- Type: Array of StringFilter structures
The type of a threat intel indicator.
- ThreatIntelIndicatorValue
-
- Type: Array of StringFilter structures
The value of a threat intel indicator.
- Title
-
- Type: Array of StringFilter structures
A finding's title.
- Type
-
- Type: Array of StringFilter structures
A finding type in the format of 'namespace/category/classifier' that classifies a finding.
- UpdatedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
- UserDefinedFields
-
- Type: Array of MapFilter structures
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
- VerificationState
-
- Type: Array of StringFilter structures
Indicates the veracity of a finding.
- WorkflowState
-
- Type: Array of StringFilter structures
The workflow state of a finding.
Compliance
Description
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Members
ContainerDetails
Description
Container details related to a finding.
Members
DateFilter
Description
A date filter for querying findings.
Members
- DateRange
-
- Type: DateRange structure
A date range for the date filter.
- End
-
- Type: string
An end date for the date filter.
- Start
-
- Type: string
A start date for the date filter.
DateRange
Description
A date range for the date filter.
Members
ImportFindingsError
Description
Includes details of the list of the findings that cannot be imported.
Members
- ErrorCode
-
- Required: Yes
- Type: string
The code of the error made during the BatchImportFindings operation.
- ErrorMessage
-
- Required: Yes
- Type: string
The message of the error made during the BatchImportFindings operation.
- Id
-
- Required: Yes
- Type: string
The id of the error made during the BatchImportFindings operation.
Insight
Description
Contains information about a Security Hub insight.
Members
- Filters
-
- Required: Yes
- Type: AwsSecurityFindingFilters structure
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
- GroupByAttribute
-
- Required: Yes
- Type: string
The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
- InsightArn
-
- Required: Yes
- Type: string
The ARN of a Security Hub insight.
- Name
-
- Required: Yes
- Type: string
The name of a Security Hub insight.
InsightResultValue
Description
The insight result values returned by the GetInsightResults operation.
Members
InsightResults
Description
The insight results returned by the GetInsightResults operation.
Members
- GroupByAttribute
-
- Required: Yes
- Type: string
The attribute by which the findings are grouped for the insight's whose results are returned by the GetInsightResults operation.
- InsightArn
-
- Required: Yes
- Type: string
The ARN of the insight whose results are returned by the GetInsightResults operation.
- ResultValues
-
- Required: Yes
- Type: Array of InsightResultValue structures
The list of insight result values returned by the GetInsightResults operation.
InternalException
InvalidInputException
Description
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Members
Invitation
Description
The details of an invitation sent to an AWS account by the Security Hub master account.
Members
- AccountId
-
- Type: string
The account ID of the master Security Hub account who sent the invitation.
- InvitationId
-
- Type: string
The ID of the invitation sent by the master Security Hub account.
- InvitedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp of when the invitation was sent.
- MemberStatus
-
- Type: string
The current relationship status between the inviter and invitee accounts.
IpFilter
KeywordFilter
Description
A keyword filter for querying findings.
Members
LimitExceededException
Description
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
Members
Malware
Description
A list of malware related to a finding.
Members
MapFilter
Description
The map filter for querying findings.
Members
Member
Description
The details for a Security Hub member account.
Members
- AccountId
-
- Type: string
The AWS account ID of a Security Hub member account.
-
- Type: string
The email of a Security Hub member account.
- InvitedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Time stamp at which the member account was invited to Security Hub.
- MasterId
-
- Type: string
The AWS account ID of the master Security Hub account to this member account.
- MemberStatus
-
- Type: string
The status of the relationship between the member account and its master account.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Time stamp at which this member account was updated.
Network
Description
The details of network-related information about a finding.
Members
- DestinationDomain
-
- Type: string
The destination domain of network-related information about a finding.
- DestinationIpV4
-
- Type: string
The destination IPv4 address of network-related information about a finding.
- DestinationIpV6
-
- Type: string
The destination IPv6 address of network-related information about a finding.
- DestinationPort
-
- Type: int
The destination port of network-related information about a finding.
- Direction
-
- Type: string
Indicates the direction of network traffic associated with a finding.
- Protocol
-
- Type: string
The protocol of network-related information about a finding.
- SourceDomain
-
- Type: string
The source domain of network-related information about a finding.
- SourceIpV4
-
- Type: string
The source IPv4 address of network-related information about a finding.
- SourceIpV6
-
- Type: string
The source IPv6 address of network-related information about a finding.
- SourceMac
-
- Type: string
The source media access control (MAC) address of network-related information about a finding.
- SourcePort
-
- Type: int
The source port of network-related information about a finding.
Note
Description
A user-defined note added to a finding.
Members
NoteUpdate
Description
The updated note.
Members
NumberFilter
Description
A number filter for querying findings.
Members
- Eq
-
- Type: double
Represents the "equal to" condition to be applied to a single field when querying for findings.
- Gte
-
- Type: double
Represents the "greater than equal" condition to be applied to a single field when querying for findings.
- Lte
-
- Type: double
Represents the "less than equal" condition to be applied to a single field when querying for findings.
ProcessDetails
Description
The details of process-related information about a finding.
Members
- LaunchedAt
-
- Type: string
The date/time that the process was launched.
- Name
-
- Type: string
The name of the process.
- ParentPid
-
- Type: int
The parent process ID.
- Path
-
- Type: string
The path to the process executable.
- Pid
-
- Type: int
The process ID.
- TerminatedAt
-
- Type: string
The date/time that the process was terminated.
Recommendation
Description
Provides a recommendation on how to remediate the issue identified within a finding.
Members
RelatedFinding
Description
Related finding's details.
Members
Remediation
Description
The remediation options for a finding.
Members
- Recommendation
-
- Type: Recommendation structure
Provides a recommendation on how to remediate the issue identified within a finding.
Resource
Description
A resource data type that describes a resource to which the finding refers.
Members
- Details
-
- Type: ResourceDetails structure
Provides additional details about the resource.
- Id
-
- Required: Yes
- Type: string
The canonical identifier for the given resource type.
- Partition
-
- Type: string
The canonical AWS partition name to which the region is assigned.
- Region
-
- Type: string
The canonical AWS external region name where this resource is located.
- Tags
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A list of AWS tags associated with a resource at the time the finding was processed.
- Type
-
- Required: Yes
- Type: string
Specifies the type of the resource for which details are provided.
ResourceDetails
Description
Provides additional details about the resource.
Members
- AwsEc2Instance
-
- Type: AwsEc2InstanceDetails structure
The details of an AWS EC2 instance.
- AwsIamAccessKey
-
- Type: AwsIamAccessKeyDetails structure
AWS IAM access key details related to a finding.
- AwsS3Bucket
-
- Type: AwsS3BucketDetails structure
The details of an AWS S3 Bucket.
- Container
-
- Type: ContainerDetails structure
Container details related to a finding.
- Other
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
The details of a resource that does not have a specific sub-field for the resource type defined.
ResourceNotFoundException
Description
The request was rejected because the specified resource cannot be found.
Members
Result
Description
The account details that could not be processed.
Members
Severity
Description
A finding's severity.
Members
SortCriterion
Description
A collection of attributes used for sorting findings.
Members
StandardsSubscription
Description
A resource that represents your subscription to a supported standard.
Members
- StandardsArn
-
- Required: Yes
- Type: string
The ARN of a standard.
- StandardsInput
-
- Required: Yes
- Type: Associative array of custom strings keys (NonEmptyString) to strings
- StandardsStatus
-
- Required: Yes
- Type: string
The standard's status.
- StandardsSubscriptionArn
-
- Required: Yes
- Type: string
The ARN of a resource that represents your subscription to a supported standard.
StandardsSubscriptionRequest
Description
The standard that you want to enable.
Members
StringFilter
Description
A string filter for querying findings.
Members
ThreatIntelIndicator
Description
Threat intel details related to a finding.
Members
- Category
-
- Type: string
The category of a threat intel indicator.
- LastObservedAt
-
- Type: string
The date/time of the last observation of a threat intel indicator.
- Source
-
- Type: string
The source of the threat intel.
- SourceUrl
-
- Type: string
The URL for more details from the source of the threat intel.
- Type
-
- Type: string
The type of a threat intel indicator.
- Value
-
- Type: string
The value of a threat intel indicator.
