AWS SecurityHub 2018-10-26
- Client: Aws\SecurityHub\SecurityHubClient
- Service ID: securityhub
- Version: 2018-10-26
This page describes the parameters and results for the operations of the AWS SecurityHub (2018-10-26), and shows how to use the Aws\SecurityHub\SecurityHubClient object to call the described operations. This documentation is specific to the 2018-10-26 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AcceptInvitation ( array $params = [] )
Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from.
- BatchDisableStandards ( array $params = [] )
Disables the standards specified by the provided StandardsSubscriptionArns.
- BatchEnableStandards ( array $params = [] )
Enables the standards specified by the provided standardsArn.
- BatchImportFindings ( array $params = [] )
Imports security findings generated from an integrated third-party product into Security Hub.
- CreateActionTarget ( array $params = [] )
Creates a custom action target in Security Hub.
- CreateInsight ( array $params = [] )
Creates a custom insight in Security Hub.
- CreateMembers ( array $params = [] )
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account.
- DeclineInvitations ( array $params = [] )
Declines invitations to become a member account.
- DeleteActionTarget ( array $params = [] )
Deletes a custom action target from Security Hub.
- DeleteInsight ( array $params = [] )
Deletes the insight specified by the InsightArn.
- DeleteInvitations ( array $params = [] )
Deletes invitations received by the AWS account to become a member account.
- DeleteMembers ( array $params = [] )
Deletes the specified member accounts from Security Hub.
- DescribeActionTargets ( array $params = [] )
Returns a list of the custom action targets in Security Hub in your account.
- DescribeHub ( array $params = [] )
Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.
- DescribeProducts ( array $params = [] )
Returns information about the products available that you can subscribe to and integrate with Security Hub to consolidate findings.
- DisableImportFindingsForProduct ( array $params = [] )
Disables the integration of the specified product with Security Hub.
- DisableSecurityHub ( array $params = [] )
Disables Security Hub in your account only in the current Region.
- DisassociateFromMasterAccount ( array $params = [] )
Disassociates the current Security Hub member account from the associated master account.
- DisassociateMembers ( array $params = [] )
Disassociates the specified member accounts from the associated master account.
- EnableImportFindingsForProduct ( array $params = [] )
Enables the integration of a partner product with Security Hub.
- EnableSecurityHub ( array $params = [] )
Enables Security Hub for your account in the current Region or the Region you specify in the request.
- GetEnabledStandards ( array $params = [] )
Returns a list of the standards that are currently enabled.
- GetFindings ( array $params = [] )
Returns a list of findings that match the specified criteria.
- GetInsightResults ( array $params = [] )
Lists the results of the Security Hub insight that the insight ARN specifies.
- GetInsights ( array $params = [] )
Lists and describes insights that insight ARNs specify.
- GetInvitationsCount ( array $params = [] )
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
- GetMasterAccount ( array $params = [] )
Provides the details for the Security Hub master account to the current member account.
- GetMembers ( array $params = [] )
Returns the details on the Security Hub member accounts that the account IDs specify.
- InviteMembers ( array $params = [] )
Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from.
- ListEnabledProductsForImport ( array $params = [] )
Lists all findings-generating solutions (products) whose findings you have subscribed to receive in Security Hub.
- ListInvitations ( array $params = [] )
Lists all Security Hub membership invitations that were sent to the current AWS account.
- ListMembers ( array $params = [] )
Lists details about all member accounts for the current Security Hub master account.
- ListTagsForResource ( array $params = [] )
Returns a list of tags associated with a resource.
- TagResource ( array $params = [] )
Adds one or more tags to a resource.
- UntagResource ( array $params = [] )
Removes one or more tags from a resource.
- UpdateActionTarget ( array $params = [] )
Updates the name and description of a custom action target in Security Hub.
- UpdateFindings ( array $params = [] )
Updates the Note and RecordState of the Security Hub-aggregated findings that the filter attributes specify.
- UpdateInsight ( array $params = [] )
Updates the Security Hub insight that the insight ARN specifies.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AcceptInvitation
$result = $client->acceptInvitation([/* ... */]); $promise = $client->acceptInvitationAsync([/* ... */]);
Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from. When the member account accepts the invitation, permission is granted to the master account to view findings generated in the member account.
Parameter Syntax
$result = $client->acceptInvitation([
'InvitationId' => '<string>', // REQUIRED
'MasterId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
-
AWS Security Hub isn't enabled for the account used to make this request.
BatchDisableStandards
$result = $client->batchDisableStandards([/* ... */]); $promise = $client->batchDisableStandardsAsync([/* ... */]);
Disables the standards specified by the provided StandardsSubscriptionArns. For more information, see Standards Supported in AWS Security Hub.
Parameter Syntax
$result = $client->batchDisableStandards([
'StandardsSubscriptionArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'StandardsSubscriptions' => [
[
'StandardsArn' => '<string>',
'StandardsInput' => ['<string>', ...],
'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
'StandardsSubscriptionArn' => '<string>',
],
// ...
],
]
Result Details
Members
- StandardsSubscriptions
-
- Type: Array of StandardsSubscription structures
The details of the standards subscriptions that were disabled.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
BatchEnableStandards
$result = $client->batchEnableStandards([/* ... */]); $promise = $client->batchEnableStandardsAsync([/* ... */]);
Enables the standards specified by the provided standardsArn. In this release, only CIS AWS Foundations standards are supported. For more information, see Standards Supported in AWS Security Hub.
Parameter Syntax
$result = $client->batchEnableStandards([
'StandardsSubscriptionRequests' => [ // REQUIRED
[
'StandardsArn' => '<string>', // REQUIRED
'StandardsInput' => ['<string>', ...],
],
// ...
],
]);
Parameter Details
Members
- StandardsSubscriptionRequests
-
- Required: Yes
- Type: Array of StandardsSubscriptionRequest structures
The list of standards compliance checks to enable.
In this release, Security Hub supports only the CIS AWS Foundations standard.
The ARN for the standard is
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
Result Syntax
[
'StandardsSubscriptions' => [
[
'StandardsArn' => '<string>',
'StandardsInput' => ['<string>', ...],
'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
'StandardsSubscriptionArn' => '<string>',
],
// ...
],
]
Result Details
Members
- StandardsSubscriptions
-
- Type: Array of StandardsSubscription structures
The details of the standards subscriptions that were enabled.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
BatchImportFindings
$result = $client->batchImportFindings([/* ... */]); $promise = $client->batchImportFindingsAsync([/* ... */]);
Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub. The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
Parameter Syntax
$result = $client->batchImportFindings([
'Findings' => [ // REQUIRED
[
'AwsAccountId' => '<string>', // REQUIRED
'Compliance' => [
'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
],
'Confidence' => <integer>,
'CreatedAt' => '<string>', // REQUIRED
'Criticality' => <integer>,
'Description' => '<string>', // REQUIRED
'FirstObservedAt' => '<string>',
'GeneratorId' => '<string>', // REQUIRED
'Id' => '<string>', // REQUIRED
'LastObservedAt' => '<string>',
'Malware' => [
[
'Name' => '<string>', // REQUIRED
'Path' => '<string>',
'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
],
// ...
],
'Network' => [
'DestinationDomain' => '<string>',
'DestinationIpV4' => '<string>',
'DestinationIpV6' => '<string>',
'DestinationPort' => <integer>,
'Direction' => 'IN|OUT',
'Protocol' => '<string>',
'SourceDomain' => '<string>',
'SourceIpV4' => '<string>',
'SourceIpV6' => '<string>',
'SourceMac' => '<string>',
'SourcePort' => <integer>,
],
'Note' => [
'Text' => '<string>', // REQUIRED
'UpdatedAt' => '<string>', // REQUIRED
'UpdatedBy' => '<string>', // REQUIRED
],
'Process' => [
'LaunchedAt' => '<string>',
'Name' => '<string>',
'ParentPid' => <integer>,
'Path' => '<string>',
'Pid' => <integer>,
'TerminatedAt' => '<string>',
],
'ProductArn' => '<string>', // REQUIRED
'ProductFields' => ['<string>', ...],
'RecordState' => 'ACTIVE|ARCHIVED',
'RelatedFindings' => [
[
'Id' => '<string>', // REQUIRED
'ProductArn' => '<string>', // REQUIRED
],
// ...
],
'Remediation' => [
'Recommendation' => [
'Text' => '<string>',
'Url' => '<string>',
],
],
'Resources' => [ // REQUIRED
[
'Details' => [
'AwsEc2Instance' => [
'IamInstanceProfileArn' => '<string>',
'ImageId' => '<string>',
'IpV4Addresses' => ['<string>', ...],
'IpV6Addresses' => ['<string>', ...],
'KeyName' => '<string>',
'LaunchedAt' => '<string>',
'SubnetId' => '<string>',
'Type' => '<string>',
'VpcId' => '<string>',
],
'AwsIamAccessKey' => [
'CreatedAt' => '<string>',
'Status' => 'Active|Inactive',
'UserName' => '<string>',
],
'AwsS3Bucket' => [
'OwnerId' => '<string>',
'OwnerName' => '<string>',
],
'Container' => [
'ImageId' => '<string>',
'ImageName' => '<string>',
'LaunchedAt' => '<string>',
'Name' => '<string>',
],
'Other' => ['<string>', ...],
],
'Id' => '<string>', // REQUIRED
'Partition' => 'aws|aws-cn|aws-us-gov',
'Region' => '<string>',
'Tags' => ['<string>', ...],
'Type' => '<string>', // REQUIRED
],
// ...
],
'SchemaVersion' => '<string>', // REQUIRED
'Severity' => [ // REQUIRED
'Normalized' => <integer>, // REQUIRED
'Product' => <float>,
],
'SourceUrl' => '<string>',
'ThreatIntelIndicators' => [
[
'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
'LastObservedAt' => '<string>',
'Source' => '<string>',
'SourceUrl' => '<string>',
'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
'Value' => '<string>',
],
// ...
],
'Title' => '<string>', // REQUIRED
'Types' => ['<string>', ...], // REQUIRED
'UpdatedAt' => '<string>', // REQUIRED
'UserDefinedFields' => ['<string>', ...],
'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
],
// ...
],
]);
Parameter Details
Members
- Findings
-
- Required: Yes
- Type: Array of AwsSecurityFinding structures
A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format.
Result Syntax
[
'FailedCount' => <integer>,
'FailedFindings' => [
[
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
'Id' => '<string>',
],
// ...
],
'SuccessCount' => <integer>,
]
Result Details
Members
- FailedCount
-
- Required: Yes
- Type: int
The number of findings that failed to import.
- FailedFindings
-
- Type: Array of ImportFindingsError structures
The list of the findings that failed to import.
- SuccessCount
-
- Required: Yes
- Type: int
The number of findings that were successfully imported.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
CreateActionTarget
$result = $client->createActionTarget([/* ... */]); $promise = $client->createActionTargetAsync([/* ... */]);
Creates a custom action target in Security Hub. You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.
Parameter Syntax
$result = $client->createActionTarget([
'Description' => '<string>', // REQUIRED
'Id' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'ActionTargetArn' => '<string>',
]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The resource specified in the request conflicts with an existing resource.
CreateInsight
$result = $client->createInsight([/* ... */]); $promise = $client->createInsightAsync([/* ... */]);
Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation. Use the GroupByAttribute to group the related findings in the insight.
Parameter Syntax
$result = $client->createInsight([
'Filters' => [ // REQUIRED
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'GroupByAttribute' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- Filters
-
- Required: Yes
- Type: AwsSecurityFindingFilters structure
One or more attributes used to filter the findings included in the insight. Only findings that match the criteria defined in the filters are included in the insight.
- GroupByAttribute
-
- Required: Yes
- Type: string
The attribute used as the aggregator to group related findings for the insight.
- Name
-
- Required: Yes
- Type: string
The name of the custom insight to create.
Result Syntax
[
'InsightArn' => '<string>',
]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The resource specified in the request conflicts with an existing resource.
CreateMembers
$result = $client->createMembers([/* ... */]); $promise = $client->createMembersAsync([/* ... */]);
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. To successfully create a member, you must use this action from an account that already has Security Hub enabled. You can use the EnableSecurityHub to enable Security Hub.
After you use CreateMembers to create member account associations in Security Hub, you need to use the InviteMembers action, which invites the accounts to enable Security Hub and become member accounts in Security Hub. If the invitation is accepted by the account owner, the account becomes a member account in Security Hub, and a permission policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in the invited account, findings start being sent to both the member and master accounts.
You can remove the association between the master and member accounts by using the DisassociateFromMasterAccount or DisassociateMembers operation.
Parameter Syntax
$result = $client->createMembers([
'AccountDetails' => [
[
'AccountId' => '<string>',
'Email' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- AccountDetails
-
- Type: Array of AccountDetails structures
A list of account ID and email address pairs of the accounts to associate with the Security Hub master account.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that weren't processed.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The resource specified in the request conflicts with an existing resource.
DeclineInvitations
$result = $client->declineInvitations([/* ... */]); $promise = $client->declineInvitationsAsync([/* ... */]);
Declines invitations to become a member account.
Parameter Syntax
$result = $client->declineInvitations([
'AccountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that weren't processed.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because we can't find the specified resource.
DeleteActionTarget
$result = $client->deleteActionTarget([/* ... */]); $promise = $client->deleteActionTargetAsync([/* ... */]);
Deletes a custom action target from Security Hub. Deleting a custom action target doesn't affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.
Parameter Syntax
$result = $client->deleteActionTarget([
'ActionTargetArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'ActionTargetArn' => '<string>',
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because we can't find the specified resource.
DeleteInsight
$result = $client->deleteInsight([/* ... */]); $promise = $client->deleteInsightAsync([/* ... */]);
Deletes the insight specified by the InsightArn.
Parameter Syntax
$result = $client->deleteInsight([
'InsightArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'InsightArn' => '<string>',
]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
DeleteInvitations
$result = $client->deleteInvitations([/* ... */]); $promise = $client->deleteInvitationsAsync([/* ... */]);
Deletes invitations received by the AWS account to become a member account.
Parameter Syntax
$result = $client->deleteInvitations([
'AccountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that invitations weren't deleted for.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
-
AWS Security Hub isn't enabled for the account used to make this request.
DeleteMembers
$result = $client->deleteMembers([/* ... */]); $promise = $client->deleteMembersAsync([/* ... */]);
Deletes the specified member accounts from Security Hub.
Parameter Syntax
$result = $client->deleteMembers([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that weren't deleted.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
DescribeActionTargets
$result = $client->describeActionTargets([/* ... */]); $promise = $client->describeActionTargetsAsync([/* ... */]);
Returns a list of the custom action targets in Security Hub in your account.
Parameter Syntax
$result = $client->describeActionTargets([
'ActionTargetArns' => ['<string>', ...],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'ActionTargets' => [
[
'ActionTargetArn' => '<string>',
'Description' => '<string>',
'Name' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- ActionTargets
-
- Required: Yes
- Type: Array of ActionTarget structures
A list of
ActionTargetobjects. Each object includes theActionTargetArn,Description, andNameof a custom action target available in Security Hub. - NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because we can't find the specified resource.
DescribeHub
$result = $client->describeHub([/* ... */]); $promise = $client->describeHubAsync([/* ... */]);
Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.
Parameter Syntax
$result = $client->describeHub([
'HubArn' => '<string>',
]);
Parameter Details
Result Syntax
[
'HubArn' => '<string>',
'SubscribedAt' => '<string>',
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because we can't find the specified resource.
DescribeProducts
$result = $client->describeProducts([/* ... */]); $promise = $client->describeProductsAsync([/* ... */]);
Returns information about the products available that you can subscribe to and integrate with Security Hub to consolidate findings.
Parameter Syntax
$result = $client->describeProducts([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'NextToken' => '<string>',
'Products' => [
[
'ActivationUrl' => '<string>',
'Categories' => ['<string>', ...],
'CompanyName' => '<string>',
'Description' => '<string>',
'MarketplaceUrl' => '<string>',
'ProductArn' => '<string>',
'ProductName' => '<string>',
'ProductSubscriptionResourcePolicy' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
The token that is required for pagination.
- Products
-
- Required: Yes
- Type: Array of Product structures
A list of products, including details for each product.
Errors
-
Internal server error.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
DisableImportFindingsForProduct
$result = $client->disableImportFindingsForProduct([/* ... */]); $promise = $client->disableImportFindingsForProductAsync([/* ... */]);
Disables the integration of the specified product with Security Hub. Findings from that product are no longer sent to Security Hub after the integration is disabled.
Parameter Syntax
$result = $client->disableImportFindingsForProduct([
'ProductSubscriptionArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because we can't find the specified resource.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
DisableSecurityHub
$result = $client->disableSecurityHub([/* ... */]); $promise = $client->disableSecurityHubAsync([/* ... */]);
Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub. When you disable Security Hub for a master account, it doesn't disable Security Hub for any associated member accounts.
When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and can't be recovered. Any standards that were enabled are disabled, and your master and member account associations are removed. If you want to save your existing findings, you must export them before you disable Security Hub.
Parameter Syntax
$result = $client->disableSecurityHub([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because we can't find the specified resource.
DisassociateFromMasterAccount
$result = $client->disassociateFromMasterAccount([/* ... */]); $promise = $client->disassociateFromMasterAccountAsync([/* ... */]);
Disassociates the current Security Hub member account from the associated master account.
Parameter Syntax
$result = $client->disassociateFromMasterAccount([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
DisassociateMembers
$result = $client->disassociateMembers([/* ... */]); $promise = $client->disassociateMembersAsync([/* ... */]);
Disassociates the specified member accounts from the associated master account.
Parameter Syntax
$result = $client->disassociateMembers([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
EnableImportFindingsForProduct
$result = $client->enableImportFindingsForProduct([/* ... */]); $promise = $client->enableImportFindingsForProductAsync([/* ... */]);
Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub. When you enable a product integration, a permission policy that grants permission for the product to send findings to Security Hub is applied.
Parameter Syntax
$result = $client->enableImportFindingsForProduct([
'ProductArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'ProductSubscriptionArn' => '<string>',
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The resource specified in the request conflicts with an existing resource.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
EnableSecurityHub
$result = $client->enableSecurityHub([/* ... */]); $promise = $client->enableSecurityHubAsync([/* ... */]);
Enables Security Hub for your account in the current Region or the Region you specify in the request. When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie. To learn more, see Setting Up AWS Security Hub.
Parameter Syntax
$result = $client->enableSecurityHub([
'Tags' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The resource specified in the request conflicts with an existing resource.
-
You don't have permission to perform the action specified in the request.
GetEnabledStandards
$result = $client->getEnabledStandards([/* ... */]); $promise = $client->getEnabledStandardsAsync([/* ... */]);
Returns a list of the standards that are currently enabled.
Parameter Syntax
$result = $client->getEnabledStandards([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'StandardsSubscriptionArns' => ['<string>', ...],
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of results to return in the response.
- NextToken
-
- Type: string
Paginates results. On your first call to the
GetEnabledStandardsoperation, set the value of this parameter toNULL. For subsequent calls to the operation, fillnextTokenin the request with the value ofnextTokenfrom the previous response to continue listing data. - StandardsSubscriptionArns
-
- Type: Array of strings
A list of the standards subscription ARNs for the standards to retrieve.
Result Syntax
[
'NextToken' => '<string>',
'StandardsSubscriptions' => [
[
'StandardsArn' => '<string>',
'StandardsInput' => ['<string>', ...],
'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
'StandardsSubscriptionArn' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
The token that is required for pagination.
- StandardsSubscriptions
-
- Type: Array of StandardsSubscription structures
A list of
StandardsSubscriptionsobjects that include information about the enabled standards.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetFindings
$result = $client->getFindings([/* ... */]); $promise = $client->getFindingsAsync([/* ... */]);
Returns a list of findings that match the specified criteria.
Parameter Syntax
$result = $client->getFindings([
'Filters' => [
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
'SortCriteria' => [
[
'Field' => '<string>',
'SortOrder' => 'asc|desc',
],
// ...
],
]);
Parameter Details
Members
- Filters
-
- Type: AwsSecurityFindingFilters structure
The findings attributes used to define a condition to filter the findings returned.
- MaxResults
-
- Type: int
The maximum number of findings to return.
- NextToken
-
- Type: string
Paginates results. On your first call to the
GetFindingsoperation, set the value of this parameter toNULL. For subsequent calls to the operation, fillnextTokenin the request with the value ofnextTokenfrom the previous response to continue listing data. - SortCriteria
-
- Type: Array of SortCriterion structures
Findings attributes used to sort the list of findings returned.
Result Syntax
[
'Findings' => [
[
'AwsAccountId' => '<string>',
'Compliance' => [
'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
],
'Confidence' => <integer>,
'CreatedAt' => '<string>',
'Criticality' => <integer>,
'Description' => '<string>',
'FirstObservedAt' => '<string>',
'GeneratorId' => '<string>',
'Id' => '<string>',
'LastObservedAt' => '<string>',
'Malware' => [
[
'Name' => '<string>',
'Path' => '<string>',
'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
],
// ...
],
'Network' => [
'DestinationDomain' => '<string>',
'DestinationIpV4' => '<string>',
'DestinationIpV6' => '<string>',
'DestinationPort' => <integer>,
'Direction' => 'IN|OUT',
'Protocol' => '<string>',
'SourceDomain' => '<string>',
'SourceIpV4' => '<string>',
'SourceIpV6' => '<string>',
'SourceMac' => '<string>',
'SourcePort' => <integer>,
],
'Note' => [
'Text' => '<string>',
'UpdatedAt' => '<string>',
'UpdatedBy' => '<string>',
],
'Process' => [
'LaunchedAt' => '<string>',
'Name' => '<string>',
'ParentPid' => <integer>,
'Path' => '<string>',
'Pid' => <integer>,
'TerminatedAt' => '<string>',
],
'ProductArn' => '<string>',
'ProductFields' => ['<string>', ...],
'RecordState' => 'ACTIVE|ARCHIVED',
'RelatedFindings' => [
[
'Id' => '<string>',
'ProductArn' => '<string>',
],
// ...
],
'Remediation' => [
'Recommendation' => [
'Text' => '<string>',
'Url' => '<string>',
],
],
'Resources' => [
[
'Details' => [
'AwsEc2Instance' => [
'IamInstanceProfileArn' => '<string>',
'ImageId' => '<string>',
'IpV4Addresses' => ['<string>', ...],
'IpV6Addresses' => ['<string>', ...],
'KeyName' => '<string>',
'LaunchedAt' => '<string>',
'SubnetId' => '<string>',
'Type' => '<string>',
'VpcId' => '<string>',
],
'AwsIamAccessKey' => [
'CreatedAt' => '<string>',
'Status' => 'Active|Inactive',
'UserName' => '<string>',
],
'AwsS3Bucket' => [
'OwnerId' => '<string>',
'OwnerName' => '<string>',
],
'Container' => [
'ImageId' => '<string>',
'ImageName' => '<string>',
'LaunchedAt' => '<string>',
'Name' => '<string>',
],
'Other' => ['<string>', ...],
],
'Id' => '<string>',
'Partition' => 'aws|aws-cn|aws-us-gov',
'Region' => '<string>',
'Tags' => ['<string>', ...],
'Type' => '<string>',
],
// ...
],
'SchemaVersion' => '<string>',
'Severity' => [
'Normalized' => <integer>,
'Product' => <float>,
],
'SourceUrl' => '<string>',
'ThreatIntelIndicators' => [
[
'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
'LastObservedAt' => '<string>',
'Source' => '<string>',
'SourceUrl' => '<string>',
'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
'Value' => '<string>',
],
// ...
],
'Title' => '<string>',
'Types' => ['<string>', ...],
'UpdatedAt' => '<string>',
'UserDefinedFields' => ['<string>', ...],
'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Findings
-
- Required: Yes
- Type: Array of AwsSecurityFinding structures
The findings that matched the filters specified in the request.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetInsightResults
$result = $client->getInsightResults([/* ... */]); $promise = $client->getInsightResultsAsync([/* ... */]);
Lists the results of the Security Hub insight that the insight ARN specifies.
Parameter Syntax
$result = $client->getInsightResults([
'InsightArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'InsightResults' => [
'GroupByAttribute' => '<string>',
'InsightArn' => '<string>',
'ResultValues' => [
[
'Count' => <integer>,
'GroupByAttributeValue' => '<string>',
],
// ...
],
],
]
Result Details
Members
- InsightResults
-
- Required: Yes
- Type: InsightResults structure
The insight results returned by the operation.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
GetInsights
$result = $client->getInsights([/* ... */]); $promise = $client->getInsightsAsync([/* ... */]);
Lists and describes insights that insight ARNs specify.
Parameter Syntax
$result = $client->getInsights([
'InsightArns' => ['<string>', ...],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- InsightArns
-
- Type: Array of strings
The ARNs of the insights that you want to describe.
- MaxResults
-
- Type: int
The maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. On your first call to the
GetInsightsoperation, set the value of this parameter toNULL. For subsequent calls to the operation, fillnextTokenin the request with the value ofnextTokenfrom the previous response to continue listing data.
Result Syntax
[
'Insights' => [
[
'Filters' => [
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'GroupByAttribute' => '<string>',
'InsightArn' => '<string>',
'Name' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Insights
-
- Required: Yes
- Type: Array of Insight structures
The insights returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
GetInvitationsCount
$result = $client->getInvitationsCount([/* ... */]); $promise = $client->getInvitationsCountAsync([/* ... */]);
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
Parameter Syntax
$result = $client->getInvitationsCount([ ]);
Parameter Details
Members
Result Syntax
[
'InvitationsCount' => <integer>,
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
GetMasterAccount
$result = $client->getMasterAccount([/* ... */]); $promise = $client->getMasterAccountAsync([/* ... */]);
Provides the details for the Security Hub master account to the current member account.
Parameter Syntax
$result = $client->getMasterAccount([ ]);
Parameter Details
Members
Result Syntax
[
'Master' => [
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => <DateTime>,
'MemberStatus' => '<string>',
],
]
Result Details
Members
- Master
-
- Type: Invitation structure
A list of details about the Security Hub master account for the current member account.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
GetMembers
$result = $client->getMembers([/* ... */]); $promise = $client->getMembersAsync([/* ... */]);
Returns the details on the Security Hub member accounts that the account IDs specify.
Parameter Syntax
$result = $client->getMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'Email' => '<string>',
'InvitedAt' => <DateTime>,
'MasterId' => '<string>',
'MemberStatus' => '<string>',
'UpdatedAt' => <DateTime>,
],
// ...
],
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
InviteMembers
$result = $client->inviteMembers([/* ... */]); $promise = $client->inviteMembersAsync([/* ... */]);
Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from. Before you can use this action to invite a member, you must first create the member account in Security Hub by using the CreateMembers action. When the account owner accepts the invitation to become a member account and enables Security Hub, the master account can view the findings generated from member account.
Parameter Syntax
$result = $client->inviteMembers([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'ProcessingResult' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of Result structures
A list of account ID and email address pairs of the AWS accounts that couldn't be processed.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
ListEnabledProductsForImport
$result = $client->listEnabledProductsForImport([/* ... */]); $promise = $client->listEnabledProductsForImportAsync([/* ... */]);
Lists all findings-generating solutions (products) whose findings you have subscribed to receive in Security Hub.
Parameter Syntax
$result = $client->listEnabledProductsForImport([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. On your first call to the
ListEnabledProductsForImportoperation, set the value of this parameter toNULL. For subsequent calls to the operation, fillnextTokenin the request with the value ofNextTokenfrom the previous response to continue listing data.
Result Syntax
[
'NextToken' => '<string>',
'ProductSubscriptions' => ['<string>', ...],
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
ListInvitations
$result = $client->listInvitations([/* ... */]); $promise = $client->listInvitationsAsync([/* ... */]);
Lists all Security Hub membership invitations that were sent to the current AWS account.
Parameter Syntax
$result = $client->listInvitations([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. On your first call to the
ListInvitationsoperation, set the value of this parameter toNULL. For subsequent calls to the operation, fillnextTokenin the request with the value ofNextTokenfrom the previous response to continue listing data.
Result Syntax
[
'Invitations' => [
[
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => <DateTime>,
'MemberStatus' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Invitations
-
- Type: Array of Invitation structures
The details of the invitations returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
Lists details about all member accounts for the current Security Hub master account.
Parameter Syntax
$result = $client->listMembers([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'OnlyAssociated' => true || false,
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items that you want in the response.
- NextToken
-
- Type: string
Paginates results. Set the value of this parameter to
NULLon your first call to theListMembersoperation. For subsequent calls to the operation, fillnextTokenin the request with the value ofnextTokenfrom the previous response to continue listing data. - OnlyAssociated
-
- Type: boolean
Specifies which member accounts the response includes based on their relationship status with the master account. The default value is
TRUE. IfonlyAssociatedis set toTRUE, the response includes member accounts whose relationship status with the master is set toENABLEDorDISABLED. IfonlyAssociatedis set toFALSE, the response includes all existing member accounts.
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'Email' => '<string>',
'InvitedAt' => <DateTime>,
'MasterId' => '<string>',
'MemberStatus' => '<string>',
'UpdatedAt' => <DateTime>,
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Members
-
- Type: Array of Member structures
Member details returned by the operation.
- NextToken
-
- Type: string
The token that is required for pagination.
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Returns a list of tags associated with a resource.
Parameter Syntax
$result = $client->listTagsForResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'Tags' => ['<string>', ...],
]
Result Details
Members
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because we can't find the specified resource.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds one or more tags to a resource.
Parameter Syntax
$result = $client->tagResource([
'ResourceArn' => '<string>', // REQUIRED
'Tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because we can't find the specified resource.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes one or more tags from a resource.
Parameter Syntax
$result = $client->untagResource([
'ResourceArn' => '<string>', // REQUIRED
'TagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because we can't find the specified resource.
UpdateActionTarget
$result = $client->updateActionTarget([/* ... */]); $promise = $client->updateActionTargetAsync([/* ... */]);
Updates the name and description of a custom action target in Security Hub.
Parameter Syntax
$result = $client->updateActionTarget([
'ActionTargetArn' => '<string>', // REQUIRED
'Description' => '<string>',
'Name' => '<string>',
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because we can't find the specified resource.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because we can't find the specified resource.
UpdateFindings
$result = $client->updateFindings([/* ... */]); $promise = $client->updateFindingsAsync([/* ... */]);
Updates the Note and RecordState of the Security Hub-aggregated findings that the filter attributes specify. Any member account that can view the finding also sees the update to the finding.
Parameter Syntax
$result = $client->updateFindings([
'Filters' => [ // REQUIRED
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'Note' => [
'Text' => '<string>', // REQUIRED
'UpdatedBy' => '<string>', // REQUIRED
],
'RecordState' => 'ACTIVE|ARCHIVED',
]);
Parameter Details
Members
- Filters
-
- Required: Yes
- Type: AwsSecurityFindingFilters structure
A collection of attributes that specify which findings you want to update.
- Note
-
- Type: NoteUpdate structure
The updated note for the finding.
- RecordState
-
- Type: string
The updated record state for the finding.
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because we can't find the specified resource.
UpdateInsight
$result = $client->updateInsight([/* ... */]); $promise = $client->updateInsightAsync([/* ... */]);
Updates the Security Hub insight that the insight ARN specifies.
Parameter Syntax
$result = $client->updateInsight([
'Filters' => [
'AwsAccountId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'CompanyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ComplianceStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Confidence' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'CreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'Criticality' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'Description' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'FirstObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'GeneratorId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Id' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Keyword' => [
[
'Value' => '<string>',
],
// ...
],
'LastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'MalwareName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwarePath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'MalwareType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkDestinationIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkDestinationPort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NetworkDirection' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkProtocol' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceDomain' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourceIpV4' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceIpV6' => [
[
'Cidr' => '<string>',
],
// ...
],
'NetworkSourceMac' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NetworkSourcePort' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'NoteText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'NoteUpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'NoteUpdatedBy' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProcessName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessParentPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessPath' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProcessPid' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'ProcessTerminatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ProductFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ProductName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecommendationText' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RecordState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'RelatedFindingsProductArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV4Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceIpV6Addresses' => [
[
'Cidr' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceKeyName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceSubnetId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsEc2InstanceVpcId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyCreatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyStatus' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsIamAccessKeyUserName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceAwsS3BucketOwnerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerImageName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceContainerLaunchedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ResourceContainerName' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceDetailsOther' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceId' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourcePartition' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceRegion' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ResourceTags' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'ResourceType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityLabel' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'SeverityNormalized' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SeverityProduct' => [
[
'Eq' => <float>,
'Gte' => <float>,
'Lte' => <float>,
],
// ...
],
'SourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorCategory' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorLastObservedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSource' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorSourceUrl' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorType' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'ThreatIntelIndicatorValue' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Title' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'Type' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'UpdatedAt' => [
[
'DateRange' => [
'Unit' => 'DAYS',
'Value' => <integer>,
],
'End' => '<string>',
'Start' => '<string>',
],
// ...
],
'UserDefinedFields' => [
[
'Comparison' => 'EQUALS',
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
'VerificationState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
'WorkflowState' => [
[
'Comparison' => 'EQUALS|PREFIX',
'Value' => '<string>',
],
// ...
],
],
'GroupByAttribute' => '<string>',
'InsightArn' => '<string>', // REQUIRED
'Name' => '<string>',
]);
Parameter Details
Members
- Filters
-
- Type: AwsSecurityFindingFilters structure
The updated filters that define this insight.
- GroupByAttribute
-
- Type: string
The updated
GroupByattribute that defines this insight. - InsightArn
-
- Required: Yes
- Type: string
The ARN of the insight that you want to update.
- Name
-
- Type: string
The updated name for the insight.
Result Syntax
[]
Result Details
Errors
-
Internal server error.
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
-
AWS Security Hub isn't enabled for the account used to make this request.
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
-
The request was rejected because we can't find the specified resource.
Shapes
AccessDeniedException
Description
You don't have permission to perform the action specified in the request.
Members
AccountDetails
Description
The details of an AWS account.
Members
ActionTarget
Description
An ActionTarget object.
Members
AwsEc2InstanceDetails
Description
The details of an Amazon EC2 instance.
Members
- IamInstanceProfileArn
-
- Type: string
The IAM profile ARN of the instance.
- ImageId
-
- Type: string
The Amazon Machine Image (AMI) ID of the instance.
- IpV4Addresses
-
- Type: Array of strings
The IPv4 addresses associated with the instance.
- IpV6Addresses
-
- Type: Array of strings
The IPv6 addresses associated with the instance.
- KeyName
-
- Type: string
The key name associated with the instance.
- LaunchedAt
-
- Type: string
The date/time the instance was launched.
- SubnetId
-
- Type: string
The identifier of the subnet that the instance was launched in.
- Type
-
- Type: string
The instance type of the instance.
- VpcId
-
- Type: string
The identifier of the VPC that the instance was launched in.
AwsIamAccessKeyDetails
Description
IAM access key details related to a finding.
Members
AwsS3BucketDetails
Description
The details of an Amazon S3 bucket.
Members
AwsSecurityFinding
Description
Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and compliance checks.
A finding is a potential security issue generated either by AWS services (Amazon GuardDuty, Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and compliance checks.
Members
- AwsAccountId
-
- Required: Yes
- Type: string
The AWS account ID that a finding is generated in.
- Compliance
-
- Type: Compliance structure
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
- Confidence
-
- Type: int
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
- CreatedAt
-
- Required: Yes
- Type: string
An ISO8601-formatted timestamp that indicates when the security-findings provider created the potential security issue that a finding captured.
- Criticality
-
- Type: int
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
- Description
-
- Required: Yes
- Type: string
A finding's description.
In this release,
Descriptionis a required property. - FirstObservedAt
-
- Type: string
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
- GeneratorId
-
- Required: Yes
- Type: string
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
- Id
-
- Required: Yes
- Type: string
The security findings provider-specific identifier for a finding.
- LastObservedAt
-
- Type: string
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
- Malware
-
- Type: Array of Malware structures
A list of malware related to a finding.
- Network
-
- Type: Network structure
The details of network-related information about a finding.
- Note
-
- Type: Note structure
A user-defined note added to a finding.
- Process
-
- Type: ProcessDetails structure
The details of process-related information about a finding.
- ProductArn
-
- Required: Yes
- Type: string
The ARN generated by Security Hub that uniquely identifies a third-party company (security-findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- ProductFields
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A data type where security-findings providers can include additional solution-specific details that aren't part of the defined
AwsSecurityFindingformat. - RecordState
-
- Type: string
The record state of a finding.
- RelatedFindings
-
- Type: Array of RelatedFinding structures
A list of related findings.
- Remediation
-
- Type: Remediation structure
A data type that describes the remediation options for a finding.
- Resources
-
- Required: Yes
- Type: Array of Resource structures
A set of resource data types that describe the resources that the finding refers to.
- SchemaVersion
-
- Required: Yes
- Type: string
The schema version that a finding is formatted for.
- Severity
-
- Required: Yes
- Type: Severity structure
A finding's severity.
- SourceUrl
-
- Type: string
A URL that links to a page about the current finding in the security-findings provider's solution.
- ThreatIntelIndicators
-
- Type: Array of ThreatIntelIndicator structures
Threat intel details related to a finding.
- Title
-
- Required: Yes
- Type: string
A finding's title.
In this release,
Titleis a required property. - Types
-
- Required: Yes
- Type: Array of strings
One or more finding types in the format of
namespace/category/classifierthat classify a finding.Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
- UpdatedAt
-
- Required: Yes
- Type: string
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
- UserDefinedFields
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
- VerificationState
-
- Type: string
Indicates the veracity of a finding.
- WorkflowState
-
- Type: string
The workflow state of a finding.
AwsSecurityFindingFilters
Description
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
Members
- AwsAccountId
-
- Type: Array of StringFilter structures
The AWS account ID that a finding is generated in.
- CompanyName
-
- Type: Array of StringFilter structures
The name of the findings provider (company) that owns the solution (product) that generates findings.
- ComplianceStatus
-
- Type: Array of StringFilter structures
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
- Confidence
-
- Type: Array of NumberFilter structures
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
- CreatedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
- Criticality
-
- Type: Array of NumberFilter structures
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
- Description
-
- Type: Array of StringFilter structures
A finding's description.
- FirstObservedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
- GeneratorId
-
- Type: Array of StringFilter structures
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
- Id
-
- Type: Array of StringFilter structures
The security findings provider-specific identifier for a finding.
- Keyword
-
- Type: Array of KeywordFilter structures
A keyword for a finding.
- LastObservedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
- MalwareName
-
- Type: Array of StringFilter structures
The name of the malware that was observed.
- MalwarePath
-
- Type: Array of StringFilter structures
The filesystem path of the malware that was observed.
- MalwareState
-
- Type: Array of StringFilter structures
The state of the malware that was observed.
- MalwareType
-
- Type: Array of StringFilter structures
The type of the malware that was observed.
- NetworkDestinationDomain
-
- Type: Array of StringFilter structures
The destination domain of network-related information about a finding.
- NetworkDestinationIpV4
-
- Type: Array of IpFilter structures
The destination IPv4 address of network-related information about a finding.
- NetworkDestinationIpV6
-
- Type: Array of IpFilter structures
The destination IPv6 address of network-related information about a finding.
- NetworkDestinationPort
-
- Type: Array of NumberFilter structures
The destination port of network-related information about a finding.
- NetworkDirection
-
- Type: Array of StringFilter structures
Indicates the direction of network traffic associated with a finding.
- NetworkProtocol
-
- Type: Array of StringFilter structures
The protocol of network-related information about a finding.
- NetworkSourceDomain
-
- Type: Array of StringFilter structures
The source domain of network-related information about a finding.
- NetworkSourceIpV4
-
- Type: Array of IpFilter structures
The source IPv4 address of network-related information about a finding.
- NetworkSourceIpV6
-
- Type: Array of IpFilter structures
The source IPv6 address of network-related information about a finding.
- NetworkSourceMac
-
- Type: Array of StringFilter structures
The source media access control (MAC) address of network-related information about a finding.
- NetworkSourcePort
-
- Type: Array of NumberFilter structures
The source port of network-related information about a finding.
- NoteText
-
- Type: Array of StringFilter structures
The text of a note.
- NoteUpdatedAt
-
- Type: Array of DateFilter structures
The timestamp of when the note was updated.
- NoteUpdatedBy
-
- Type: Array of StringFilter structures
The principal that created a note.
- ProcessLaunchedAt
-
- Type: Array of DateFilter structures
The date/time that the process was launched.
- ProcessName
-
- Type: Array of StringFilter structures
The name of the process.
- ProcessParentPid
-
- Type: Array of NumberFilter structures
The parent process ID.
- ProcessPath
-
- Type: Array of StringFilter structures
The path to the process executable.
- ProcessPid
-
- Type: Array of NumberFilter structures
The process ID.
- ProcessTerminatedAt
-
- Type: Array of DateFilter structures
The date/time that the process was terminated.
- ProductArn
-
- Type: Array of StringFilter structures
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- ProductFields
-
- Type: Array of MapFilter structures
A data type where security-findings providers can include additional solution-specific details that aren't part of the defined
AwsSecurityFindingformat. - ProductName
-
- Type: Array of StringFilter structures
The name of the solution (product) that generates findings.
- RecommendationText
-
- Type: Array of StringFilter structures
The recommendation of what to do about the issue described in a finding.
- RecordState
-
- Type: Array of StringFilter structures
The updated record state for the finding.
- RelatedFindingsId
-
- Type: Array of StringFilter structures
The solution-generated identifier for a related finding.
- RelatedFindingsProductArn
-
- Type: Array of StringFilter structures
The ARN of the solution that generated a related finding.
- ResourceAwsEc2InstanceIamInstanceProfileArn
-
- Type: Array of StringFilter structures
The IAM profile ARN of the instance.
- ResourceAwsEc2InstanceImageId
-
- Type: Array of StringFilter structures
The Amazon Machine Image (AMI) ID of the instance.
- ResourceAwsEc2InstanceIpV4Addresses
-
- Type: Array of IpFilter structures
The IPv4 addresses associated with the instance.
- ResourceAwsEc2InstanceIpV6Addresses
-
- Type: Array of IpFilter structures
The IPv6 addresses associated with the instance.
- ResourceAwsEc2InstanceKeyName
-
- Type: Array of StringFilter structures
The key name associated with the instance.
- ResourceAwsEc2InstanceLaunchedAt
-
- Type: Array of DateFilter structures
The date/time the instance was launched.
- ResourceAwsEc2InstanceSubnetId
-
- Type: Array of StringFilter structures
The identifier of the subnet that the instance was launched in.
- ResourceAwsEc2InstanceType
-
- Type: Array of StringFilter structures
The instance type of the instance.
- ResourceAwsEc2InstanceVpcId
-
- Type: Array of StringFilter structures
The identifier of the VPC that the instance was launched in.
- ResourceAwsIamAccessKeyCreatedAt
-
- Type: Array of DateFilter structures
The creation date/time of the IAM access key related to a finding.
- ResourceAwsIamAccessKeyStatus
-
- Type: Array of StringFilter structures
The status of the IAM access key related to a finding.
- ResourceAwsIamAccessKeyUserName
-
- Type: Array of StringFilter structures
The user associated with the IAM access key related to a finding.
- ResourceAwsS3BucketOwnerId
-
- Type: Array of StringFilter structures
The canonical user ID of the owner of the S3 bucket.
- ResourceAwsS3BucketOwnerName
-
- Type: Array of StringFilter structures
The display name of the owner of the S3 bucket.
- ResourceContainerImageId
-
- Type: Array of StringFilter structures
The identifier of the image related to a finding.
- ResourceContainerImageName
-
- Type: Array of StringFilter structures
The name of the image related to a finding.
- ResourceContainerLaunchedAt
-
- Type: Array of DateFilter structures
The date/time that the container was started.
- ResourceContainerName
-
- Type: Array of StringFilter structures
The name of the container related to a finding.
- ResourceDetailsOther
-
- Type: Array of MapFilter structures
The details of a resource that doesn't have a specific subfield for the resource type defined.
- ResourceId
-
- Type: Array of StringFilter structures
The canonical identifier for the given resource type.
- ResourcePartition
-
- Type: Array of StringFilter structures
The canonical AWS partition name that the Region is assigned to.
- ResourceRegion
-
- Type: Array of StringFilter structures
The canonical AWS external Region name where this resource is located.
- ResourceTags
-
- Type: Array of MapFilter structures
A list of AWS tags associated with a resource at the time the finding was processed.
- ResourceType
-
- Type: Array of StringFilter structures
Specifies the type of the resource that details are provided for.
- SeverityLabel
-
- Type: Array of StringFilter structures
The label of a finding's severity.
- SeverityNormalized
-
- Type: Array of NumberFilter structures
The normalized severity of a finding.
- SeverityProduct
-
- Type: Array of NumberFilter structures
The native severity as defined by the security-findings provider's solution that generated the finding.
- SourceUrl
-
- Type: Array of StringFilter structures
A URL that links to a page about the current finding in the security-findings provider's solution.
- ThreatIntelIndicatorCategory
-
- Type: Array of StringFilter structures
The category of a threat intel indicator.
- ThreatIntelIndicatorLastObservedAt
-
- Type: Array of DateFilter structures
The date/time of the last observation of a threat intel indicator.
- ThreatIntelIndicatorSource
-
- Type: Array of StringFilter structures
The source of the threat intel.
- ThreatIntelIndicatorSourceUrl
-
- Type: Array of StringFilter structures
The URL for more details from the source of the threat intel.
- ThreatIntelIndicatorType
-
- Type: Array of StringFilter structures
The type of a threat intel indicator.
- ThreatIntelIndicatorValue
-
- Type: Array of StringFilter structures
The value of a threat intel indicator.
- Title
-
- Type: Array of StringFilter structures
A finding's title.
- Type
-
- Type: Array of StringFilter structures
A finding type in the format of
namespace/category/classifierthat classifies a finding. - UpdatedAt
-
- Type: Array of DateFilter structures
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
- UserDefinedFields
-
- Type: Array of MapFilter structures
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
- VerificationState
-
- Type: Array of StringFilter structures
The veracity of a finding.
- WorkflowState
-
- Type: Array of StringFilter structures
The workflow state of a finding.
Compliance
Description
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
Members
ContainerDetails
Description
Container details related to a finding.
Members
DateFilter
Description
A date filter for querying findings.
Members
- DateRange
-
- Type: DateRange structure
A date range for the date filter.
- End
-
- Type: string
An end date for the date filter.
- Start
-
- Type: string
A start date for the date filter.
DateRange
Description
A date range for the date filter.
Members
ImportFindingsError
Description
Includes details of the list of the findings that can't be imported.
Members
- ErrorCode
-
- Required: Yes
- Type: string
The code of the error made during the
BatchImportFindingsoperation. - ErrorMessage
-
- Required: Yes
- Type: string
The message of the error made during the
BatchImportFindingsoperation. - Id
-
- Required: Yes
- Type: string
The ID of the error made during the
BatchImportFindingsoperation.
Insight
Description
Contains information about a Security Hub insight.
Members
- Filters
-
- Required: Yes
- Type: AwsSecurityFindingFilters structure
One or more attributes used to filter the findings included in the insight. Only findings that match the criteria defined in the filters are included in the insight.
- GroupByAttribute
-
- Required: Yes
- Type: string
The attribute that the insight's findings are grouped by. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
- InsightArn
-
- Required: Yes
- Type: string
The ARN of a Security Hub insight.
- Name
-
- Required: Yes
- Type: string
The name of a Security Hub insight.
InsightResultValue
Description
The insight result values returned by the GetInsightResults operation.
Members
InsightResults
Description
The insight results returned by the GetInsightResults operation.
Members
- GroupByAttribute
-
- Required: Yes
- Type: string
The attribute that the findings are grouped by for the insight whose results are returned by the
GetInsightResultsoperation. - InsightArn
-
- Required: Yes
- Type: string
The ARN of the insight whose results are returned by the
GetInsightResultsoperation. - ResultValues
-
- Required: Yes
- Type: Array of InsightResultValue structures
The list of insight result values returned by the
GetInsightResultsoperation.
InternalException
InvalidAccessException
Description
AWS Security Hub isn't enabled for the account used to make this request.
Members
InvalidInputException
Description
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
Members
Invitation
Description
Details about an invitation.
Members
- AccountId
-
- Type: string
The account ID of the Security Hub master account that the invitation was sent from.
- InvitationId
-
- Type: string
The ID of the invitation sent to the member account.
- InvitedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp of when the invitation was sent.
- MemberStatus
-
- Type: string
The current status of the association between member and master accounts.
IpFilter
KeywordFilter
Description
A keyword filter for querying findings.
Members
LimitExceededException
Description
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
Members
Malware
Description
A list of malware related to a finding.
Members
MapFilter
Description
The map filter for querying findings.
Members
Member
Description
The details about a member account.
Members
- AccountId
-
- Type: string
The AWS account ID of the member account.
-
- Type: string
The email address of the member account.
- InvitedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp for the date and time when the invitation was sent to the member account.
- MasterId
-
- Type: string
The AWS account ID of the Security Hub master account associated with this member account.
- MemberStatus
-
- Type: string
The status of the relationship between the member account and its master account.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp for the date and time when the member account was updated.
Network
Description
The details of network-related information about a finding.
Members
- DestinationDomain
-
- Type: string
The destination domain of network-related information about a finding.
- DestinationIpV4
-
- Type: string
The destination IPv4 address of network-related information about a finding.
- DestinationIpV6
-
- Type: string
The destination IPv6 address of network-related information about a finding.
- DestinationPort
-
- Type: int
The destination port of network-related information about a finding.
- Direction
-
- Type: string
The direction of network traffic associated with a finding.
- Protocol
-
- Type: string
The protocol of network-related information about a finding.
- SourceDomain
-
- Type: string
The source domain of network-related information about a finding.
- SourceIpV4
-
- Type: string
The source IPv4 address of network-related information about a finding.
- SourceIpV6
-
- Type: string
The source IPv6 address of network-related information about a finding.
- SourceMac
-
- Type: string
The source media access control (MAC) address of network-related information about a finding.
- SourcePort
-
- Type: int
The source port of network-related information about a finding.
Note
Description
A user-defined note added to a finding.
Members
NoteUpdate
Description
The updated note.
Members
NumberFilter
Description
A number filter for querying findings.
Members
- Eq
-
- Type: double
The equal-to condition to be applied to a single field when querying for findings.
- Gte
-
- Type: double
The greater-than-equal condition to be applied to a single field when querying for findings.
- Lte
-
- Type: double
The less-than-equal condition to be applied to a single field when querying for findings.
ProcessDetails
Description
The details of process-related information about a finding.
Members
- LaunchedAt
-
- Type: string
The date/time that the process was launched.
- Name
-
- Type: string
The name of the process.
- ParentPid
-
- Type: int
The parent process ID.
- Path
-
- Type: string
The path to the process executable.
- Pid
-
- Type: int
The process ID.
- TerminatedAt
-
- Type: string
The date and time when the process was terminated.
Product
Description
Contains details about a product.
Members
- ActivationUrl
-
- Type: string
The URL used to activate the product.
- Categories
-
- Type: Array of strings
The categories assigned to the product.
- CompanyName
-
- Type: string
The name of the company that provides the product.
- Description
-
- Type: string
A description of the product.
- MarketplaceUrl
-
- Type: string
The URL for the page that contains more information about the product.
- ProductArn
-
- Required: Yes
- Type: string
The ARN assigned to the product.
- ProductName
-
- Type: string
The name of the product.
- ProductSubscriptionResourcePolicy
-
- Type: string
The resource policy associated with the product.
Recommendation
Description
A recommendation on how to remediate the issue identified in a finding.
Members
RelatedFinding
Description
Details about a related finding.
Members
Remediation
Description
Details about the remediation steps for a finding.
Members
- Recommendation
-
- Type: Recommendation structure
A recommendation on the steps to take to remediate the issue identified by a finding.
Resource
Description
A resource related to a finding.
Members
- Details
-
- Type: ResourceDetails structure
Additional details about the resource related to a finding.
- Id
-
- Required: Yes
- Type: string
The canonical identifier for the given resource type.
- Partition
-
- Type: string
The canonical AWS partition name that the Region is assigned to.
- Region
-
- Type: string
The canonical AWS external Region name where this resource is located.
- Tags
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A list of AWS tags associated with a resource at the time the finding was processed.
- Type
-
- Required: Yes
- Type: string
The type of the resource that details are provided for.
ResourceConflictException
Description
The resource specified in the request conflicts with an existing resource.
Members
ResourceDetails
Description
Additional details about a resource related to a finding.
Members
- AwsEc2Instance
-
- Type: AwsEc2InstanceDetails structure
Details about an Amazon EC2 instance related to a finding.
- AwsIamAccessKey
-
- Type: AwsIamAccessKeyDetails structure
Details about an IAM access key related to a finding.
- AwsS3Bucket
-
- Type: AwsS3BucketDetails structure
Details about an Amazon S3 Bucket related to a finding.
- Container
-
- Type: ContainerDetails structure
Details about a container resource related to a finding.
- Other
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
Details about a resource that doesn't have a specific type defined.
ResourceNotFoundException
Description
The request was rejected because we can't find the specified resource.
Members
Result
Description
Details about the account that wasn't processed.
Members
Severity
Description
The severity of the finding.
Members
SortCriterion
Description
A collection of finding attributes used to sort findings.
Members
StandardsSubscription
Description
A resource that represents your subscription to a supported standard.
Members
- StandardsArn
-
- Required: Yes
- Type: string
The ARN of a standard.
In this release, Security Hub supports only the CIS AWS Foundations standard, which uses the following ARN:
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0. - StandardsInput
-
- Required: Yes
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A key-value pair of input for the standard.
- StandardsStatus
-
- Required: Yes
- Type: string
The status of the standards subscription.
- StandardsSubscriptionArn
-
- Required: Yes
- Type: string
The ARN of a resource that represents your subscription to a supported standard.
StandardsSubscriptionRequest
Description
The standard that you want to enable.
Members
- StandardsArn
-
- Required: Yes
- Type: string
The ARN of the standard that you want to enable.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0. - StandardsInput
-
- Type: Associative array of custom strings keys (NonEmptyString) to strings
A key-value pair of input for the standard.
StringFilter
Description
A string filter for querying findings.
Members
ThreatIntelIndicator
Description
Details about the threat intel related to a finding.
Members
- Category
-
- Type: string
The category of a threat intel indicator.
- LastObservedAt
-
- Type: string
The date and time when the most recent instance of a threat intel indicator was observed.
- Source
-
- Type: string
The source of the threat intel indicator.
- SourceUrl
-
- Type: string
The URL to the page or site where you can get more information about the threat intel indicator.
- Type
-
- Type: string
The type of a threat intel indicator.
- Value
-
- Type: string
The value of a threat intel indicator.
