AWS SDK for PHP 3.x

Client: Aws\SecurityHub\SecurityHubClient

Service ID: securityhub

Version: 2018-10-26

This page describes the parameters and results for the operations of the AWS SecurityHub (2018-10-26), and shows how to use the Aws\SecurityHub\SecurityHubClient object to call the described operations. This documentation is specific to the 2018-10-26 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AcceptInvitation ( array $params = [] )
Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from.
BatchDisableStandards ( array $params = [] )
Disables the standards specified by the provided StandardsSubscriptionArns.
BatchEnableStandards ( array $params = [] )
Enables the standards specified by the provided StandardsArn.
BatchImportFindings ( array $params = [] )
Imports security findings generated from an integrated third-party product into Security Hub.
CreateActionTarget ( array $params = [] )
Creates a custom action target in Security Hub.
CreateInsight ( array $params = [] )
Creates a custom insight in Security Hub.
CreateMembers ( array $params = [] )
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account.
DeclineInvitations ( array $params = [] )
Declines invitations to become a member account.
DeleteActionTarget ( array $params = [] )
Deletes a custom action target from Security Hub.
DeleteInsight ( array $params = [] )
Deletes the insight specified by the InsightArn.
DeleteInvitations ( array $params = [] )
Deletes invitations received by the AWS account to become a member account.
DeleteMembers ( array $params = [] )
Deletes the specified member accounts from Security Hub.
DescribeActionTargets ( array $params = [] )
Returns a list of the custom action targets in Security Hub in your account.
DescribeHub ( array $params = [] )
Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.
DescribeProducts ( array $params = [] )
Returns information about the available products that you can subscribe to and integrate with Security Hub in order to consolidate findings.
DescribeStandards ( array $params = [] )
Returns a list of the available standards in Security Hub.
DescribeStandardsControls ( array $params = [] )
Returns a list of compliance standards controls.
DisableImportFindingsForProduct ( array $params = [] )
Disables the integration of the specified product with Security Hub.
DisableSecurityHub ( array $params = [] )
Disables Security Hub in your account only in the current Region.
DisassociateFromMasterAccount ( array $params = [] )
Disassociates the current Security Hub member account from the associated master account.
DisassociateMembers ( array $params = [] )
Disassociates the specified member accounts from the associated master account.
EnableImportFindingsForProduct ( array $params = [] )
Enables the integration of a partner product with Security Hub.
EnableSecurityHub ( array $params = [] )
Enables Security Hub for your account in the current Region or the Region you specify in the request.
GetEnabledStandards ( array $params = [] )
Returns a list of the standards that are currently enabled.
GetFindings ( array $params = [] )
Returns a list of findings that match the specified criteria.
GetInsightResults ( array $params = [] )
Lists the results of the Security Hub insight specified by the insight ARN.
GetInsights ( array $params = [] )
Lists and describes insights for the specified insight ARNs.
GetInvitationsCount ( array $params = [] )
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
GetMasterAccount ( array $params = [] )
Provides the details for the Security Hub master account for the current member account.
GetMembers ( array $params = [] )
Returns the details for the Security Hub member accounts for the specified account IDs.
InviteMembers ( array $params = [] )
Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from.
ListEnabledProductsForImport ( array $params = [] )
Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.
ListInvitations ( array $params = [] )
Lists all Security Hub membership invitations that were sent to the current AWS account.
ListMembers ( array $params = [] )
Lists details about all member accounts for the current Security Hub master account.
ListTagsForResource ( array $params = [] )
Returns a list of tags associated with a resource.
TagResource ( array $params = [] )
Adds one or more tags to a resource.
UntagResource ( array $params = [] )
Removes one or more tags from a resource.
UpdateActionTarget ( array $params = [] )
Updates the name and description of a custom action target in Security Hub.
UpdateFindings ( array $params = [] )
Updates the Note and RecordState of the Security Hub-aggregated findings that the filter attributes specify.
UpdateInsight ( array $params = [] )
Updates the Security Hub insight identified by the specified insight ARN.
UpdateStandardsControl ( array $params = [] )
Used to control whether an individual compliance standard control is enabled or disabled.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

DescribeActionTargets
DescribeProducts
DescribeStandards
DescribeStandardsControls
GetEnabledStandards
GetFindings
GetInsights
ListEnabledProductsForImport
ListInvitations
ListMembers

Operations

AcceptInvitation

$result = $client->acceptInvitation([/* ... */]);
$promise = $client->acceptInvitationAsync([/* ... */]);

Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from.

When the member account accepts the invitation, permission is granted to the master account to view findings generated in the member account.

Parameter Syntax

$result = $client->acceptInvitation([
    'InvitationId' => '<string>', // REQUIRED
    'MasterId' => '<string>', // REQUIRED
]);

Parameter Details

Members

InvitationId

Required: Yes
Type: string

The ID of the invitation sent from the Security Hub master account.

MasterId

Required: Yes
Type: string

The account ID of the Security Hub master account that sent the invitation.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.

BatchDisableStandards

$result = $client->batchDisableStandards([/* ... */]);
$promise = $client->batchDisableStandardsAsync([/* ... */]);

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Compliance Standards section of the AWS Security Hub User Guide.

Parameter Syntax

$result = $client->batchDisableStandards([
    'StandardsSubscriptionArns' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

StandardsSubscriptionArns

Required: Yes
Type: Array of strings

The ARNs of the standards subscriptions to disable.

Result Syntax

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => '<string>',
            'StandardsInput' => ['<string>', ...],
            'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
            'StandardsSubscriptionArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

StandardsSubscriptions

Type: Array of StandardsSubscription structures

The details of the standards subscriptions that were disabled.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

BatchEnableStandards

$result = $client->batchEnableStandards([/* ... */]);
$promise = $client->batchEnableStandardsAsync([/* ... */]);

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Compliance Standards section of the AWS Security Hub User Guide.

Parameter Syntax

$result = $client->batchEnableStandards([
    'StandardsSubscriptionRequests' => [ // REQUIRED
        [
            'StandardsArn' => '<string>', // REQUIRED
            'StandardsInput' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members

StandardsSubscriptionRequests

Required: Yes
Type: Array of StandardsSubscriptionRequest structures

The list of standards compliance checks to enable.

Result Syntax

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => '<string>',
            'StandardsInput' => ['<string>', ...],
            'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
            'StandardsSubscriptionArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

StandardsSubscriptions

Type: Array of StandardsSubscription structures

The details of the standards subscriptions that were enabled.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

BatchImportFindings

$result = $client->batchImportFindings([/* ... */]);
$promise = $client->batchImportFindingsAsync([/* ... */]);

Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

Parameter Syntax

$result = $client->batchImportFindings([
    'Findings' => [ // REQUIRED
        [
            'AwsAccountId' => '<string>', // REQUIRED
            'Compliance' => [
                'RelatedRequirements' => ['<string>', ...],
                'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
            ],
            'Confidence' => <integer>,
            'CreatedAt' => '<string>', // REQUIRED
            'Criticality' => <integer>,
            'Description' => '<string>', // REQUIRED
            'FirstObservedAt' => '<string>',
            'GeneratorId' => '<string>', // REQUIRED
            'Id' => '<string>', // REQUIRED
            'LastObservedAt' => '<string>',
            'Malware' => [
                [
                    'Name' => '<string>', // REQUIRED
                    'Path' => '<string>',
                    'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
                    'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
                ],
                // ...
            ],
            'Network' => [
                'DestinationDomain' => '<string>',
                'DestinationIpV4' => '<string>',
                'DestinationIpV6' => '<string>',
                'DestinationPort' => <integer>,
                'Direction' => 'IN|OUT',
                'Protocol' => '<string>',
                'SourceDomain' => '<string>',
                'SourceIpV4' => '<string>',
                'SourceIpV6' => '<string>',
                'SourceMac' => '<string>',
                'SourcePort' => <integer>,
            ],
            'Note' => [
                'Text' => '<string>', // REQUIRED
                'UpdatedAt' => '<string>', // REQUIRED
                'UpdatedBy' => '<string>', // REQUIRED
            ],
            'Process' => [
                'LaunchedAt' => '<string>',
                'Name' => '<string>',
                'ParentPid' => <integer>,
                'Path' => '<string>',
                'Pid' => <integer>,
                'TerminatedAt' => '<string>',
            ],
            'ProductArn' => '<string>', // REQUIRED
            'ProductFields' => ['<string>', ...],
            'RecordState' => 'ACTIVE|ARCHIVED',
            'RelatedFindings' => [
                [
                    'Id' => '<string>', // REQUIRED
                    'ProductArn' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'Remediation' => [
                'Recommendation' => [
                    'Text' => '<string>',
                    'Url' => '<string>',
                ],
            ],
            'Resources' => [ // REQUIRED
                [
                    'Details' => [
                        'AwsCloudFrontDistribution' => [
                            'DomainName' => '<string>',
                            'ETag' => '<string>',
                            'LastModifiedTime' => '<string>',
                            'Logging' => [
                                'Bucket' => '<string>',
                                'Enabled' => true || false,
                                'IncludeCookies' => true || false,
                                'Prefix' => '<string>',
                            ],
                            'Origins' => [
                                'Items' => [
                                    [
                                        'DomainName' => '<string>',
                                        'Id' => '<string>',
                                        'OriginPath' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'Status' => '<string>',
                            'WebAclId' => '<string>',
                        ],
                        'AwsCodeBuildProject' => [
                            'EncryptionKey' => '<string>',
                            'Environment' => [
                                'Certificate' => '<string>',
                                'ImagePullCredentialsType' => '<string>',
                                'RegistryCredential' => [
                                    'Credential' => '<string>',
                                    'CredentialProvider' => '<string>',
                                ],
                                'Type' => '<string>',
                            ],
                            'Name' => '<string>',
                            'ServiceRole' => '<string>',
                            'Source' => [
                                'GitCloneDepth' => <integer>,
                                'InsecureSsl' => true || false,
                                'Location' => '<string>',
                                'Type' => '<string>',
                            ],
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'Subnets' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsEc2Instance' => [
                            'IamInstanceProfileArn' => '<string>',
                            'ImageId' => '<string>',
                            'IpV4Addresses' => ['<string>', ...],
                            'IpV6Addresses' => ['<string>', ...],
                            'KeyName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'SubnetId' => '<string>',
                            'Type' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2NetworkInterface' => [
                            'Attachment' => [
                                'AttachTime' => '<string>',
                                'AttachmentId' => '<string>',
                                'DeleteOnTermination' => true || false,
                                'DeviceIndex' => <integer>,
                                'InstanceId' => '<string>',
                                'InstanceOwnerId' => '<string>',
                                'Status' => '<string>',
                            ],
                            'NetworkInterfaceId' => '<string>',
                            'SecurityGroups' => [
                                [
                                    'GroupId' => '<string>',
                                    'GroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'SourceDestCheck' => true || false,
                        ],
                        'AwsEc2SecurityGroup' => [
                            'GroupId' => '<string>',
                            'GroupName' => '<string>',
                            'IpPermissions' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'IpPermissionsEgress' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsElasticsearchDomain' => [
                            'AccessPolicies' => '<string>',
                            'DomainEndpointOptions' => [
                                'EnforceHTTPS' => true || false,
                                'TLSSecurityPolicy' => '<string>',
                            ],
                            'DomainId' => '<string>',
                            'DomainName' => '<string>',
                            'ElasticsearchVersion' => '<string>',
                            'EncryptionAtRestOptions' => [
                                'Enabled' => true || false,
                                'KmsKeyId' => '<string>',
                            ],
                            'Endpoint' => '<string>',
                            'Endpoints' => ['<string>', ...],
                            'NodeToNodeEncryptionOptions' => [
                                'Enabled' => true || false,
                            ],
                            'VPCOptions' => [
                                'AvailabilityZones' => ['<string>', ...],
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VPCId' => '<string>',
                            ],
                        ],
                        'AwsElbv2LoadBalancer' => [
                            'AvailabilityZones' => [
                                [
                                    'SubnetId' => '<string>',
                                    'ZoneName' => '<string>',
                                ],
                                // ...
                            ],
                            'CanonicalHostedZoneId' => '<string>',
                            'CreatedTime' => '<string>',
                            'DNSName' => '<string>',
                            'IpAddressType' => '<string>',
                            'Scheme' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'State' => [
                                'Code' => '<string>',
                                'Reason' => '<string>',
                            ],
                            'Type' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsIamAccessKey' => [
                            'CreatedAt' => '<string>',
                            'PrincipalId' => '<string>',
                            'PrincipalName' => '<string>',
                            'PrincipalType' => '<string>',
                            'Status' => 'Active|Inactive',
                            'UserName' => '<string>',
                        ],
                        'AwsIamRole' => [
                            'AssumeRolePolicyDocument' => '<string>',
                            'CreateDate' => '<string>',
                            'MaxSessionDuration' => <integer>,
                            'Path' => '<string>',
                            'RoleId' => '<string>',
                            'RoleName' => '<string>',
                        ],
                        'AwsKmsKey' => [
                            'AWSAccountId' => '<string>',
                            'CreationDate' => <float>,
                            'KeyId' => '<string>',
                            'KeyManager' => '<string>',
                            'KeyState' => '<string>',
                            'Origin' => '<string>',
                        ],
                        'AwsLambdaFunction' => [
                            'Code' => [
                                'S3Bucket' => '<string>',
                                'S3Key' => '<string>',
                                'S3ObjectVersion' => '<string>',
                                'ZipFile' => '<string>',
                            ],
                            'CodeSha256' => '<string>',
                            'DeadLetterConfig' => [
                                'TargetArn' => '<string>',
                            ],
                            'Environment' => [
                                'Error' => [
                                    'ErrorCode' => '<string>',
                                    'Message' => '<string>',
                                ],
                                'Variables' => ['<string>', ...],
                            ],
                            'FunctionName' => '<string>',
                            'Handler' => '<string>',
                            'KmsKeyArn' => '<string>',
                            'LastModified' => '<string>',
                            'Layers' => [
                                [
                                    'Arn' => '<string>',
                                    'CodeSize' => <integer>,
                                ],
                                // ...
                            ],
                            'MasterArn' => '<string>',
                            'MemorySize' => <integer>,
                            'RevisionId' => '<string>',
                            'Role' => '<string>',
                            'Runtime' => '<string>',
                            'Timeout' => <integer>,
                            'TracingConfig' => [
                                'Mode' => '<string>',
                            ],
                            'Version' => '<string>',
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsLambdaLayerVersion' => [
                            'CompatibleRuntimes' => ['<string>', ...],
                            'CreatedDate' => '<string>',
                            'Version' => <integer>,
                        ],
                        'AwsRdsDbInstance' => [
                            'AssociatedRoles' => [
                                [
                                    'FeatureName' => '<string>',
                                    'RoleArn' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'CACertificateIdentifier' => '<string>',
                            'DBClusterIdentifier' => '<string>',
                            'DBInstanceClass' => '<string>',
                            'DBInstanceIdentifier' => '<string>',
                            'DBName' => '<string>',
                            'DbInstancePort' => <integer>,
                            'DbiResourceId' => '<string>',
                            'DeletionProtection' => true || false,
                            'Endpoint' => [
                                'Address' => '<string>',
                                'HostedZoneId' => '<string>',
                                'Port' => <integer>,
                            ],
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'IAMDatabaseAuthenticationEnabled' => true || false,
                            'InstanceCreateTime' => '<string>',
                            'KmsKeyId' => '<string>',
                            'PubliclyAccessible' => true || false,
                            'StorageEncrypted' => true || false,
                            'TdeCredentialArn' => '<string>',
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsS3Bucket' => [
                            'OwnerId' => '<string>',
                            'OwnerName' => '<string>',
                        ],
                        'AwsSnsTopic' => [
                            'KmsMasterKeyId' => '<string>',
                            'Owner' => '<string>',
                            'Subscription' => [
                                [
                                    'Endpoint' => '<string>',
                                    'Protocol' => '<string>',
                                ],
                                // ...
                            ],
                            'TopicName' => '<string>',
                        ],
                        'AwsSqsQueue' => [
                            'DeadLetterTargetArn' => '<string>',
                            'KmsDataKeyReusePeriodSeconds' => <integer>,
                            'KmsMasterKeyId' => '<string>',
                            'QueueName' => '<string>',
                        ],
                        'AwsWafWebAcl' => [
                            'DefaultAction' => '<string>',
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'ExcludedRules' => [
                                        [
                                            'RuleId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'OverrideAction' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'Container' => [
                            'ImageId' => '<string>',
                            'ImageName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'Name' => '<string>',
                        ],
                        'Other' => ['<string>', ...],
                    ],
                    'Id' => '<string>', // REQUIRED
                    'Partition' => 'aws|aws-cn|aws-us-gov',
                    'Region' => '<string>',
                    'Tags' => ['<string>', ...],
                    'Type' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'SchemaVersion' => '<string>', // REQUIRED
            'Severity' => [ // REQUIRED
                'Normalized' => <integer>, // REQUIRED
                'Product' => <float>,
            ],
            'SourceUrl' => '<string>',
            'ThreatIntelIndicators' => [
                [
                    'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
                    'LastObservedAt' => '<string>',
                    'Source' => '<string>',
                    'SourceUrl' => '<string>',
                    'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'Title' => '<string>', // REQUIRED
            'Types' => ['<string>', ...], // REQUIRED
            'UpdatedAt' => '<string>', // REQUIRED
            'UserDefinedFields' => ['<string>', ...],
            'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
            'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
        ],
        // ...
    ],
]);

Parameter Details

Members

Findings

Required: Yes
Type: Array of AwsSecurityFinding structures

A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.

Result Syntax

[
    'FailedCount' => <integer>,
    'FailedFindings' => [
        [
            'ErrorCode' => '<string>',
            'ErrorMessage' => '<string>',
            'Id' => '<string>',
        ],
        // ...
    ],
    'SuccessCount' => <integer>,
]

Result Details

Members

FailedCount

Required: Yes
Type: int

The number of findings that failed to import.

FailedFindings

Type: Array of ImportFindingsError structures

The list of findings that failed to import.

SuccessCount

Required: Yes
Type: int

The number of findings that were successfully imported.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.

CreateActionTarget

$result = $client->createActionTarget([/* ... */]);
$promise = $client->createActionTargetAsync([/* ... */]);

Creates a custom action target in Security Hub.

You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.

Parameter Syntax

$result = $client->createActionTarget([
    'Description' => '<string>', // REQUIRED
    'Id' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

Description

Required: Yes
Type: string

The description for the custom action target.

Id

Required: Yes
Type: string

The ID for the custom action target.

Name

Required: Yes
Type: string

The name of the custom action target.

Result Syntax

[
    'ActionTargetArn' => '<string>',
]

Result Details

Members

ActionTargetArn

Required: Yes
Type: string

The ARN for the custom action target.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceConflictException:
The resource specified in the request conflicts with an existing resource.

CreateInsight

$result = $client->createInsight([/* ... */]);
$promise = $client->createInsightAsync([/* ... */]);

Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

To group the related findings in the insight, use the GroupByAttribute.

Parameter Syntax

$result = $client->createInsight([
    'Filters' => [ // REQUIRED
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'GroupByAttribute' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

Filters

Required: Yes
Type: AwsSecurityFindingFilters structure

One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.

GroupByAttribute

Required: Yes
Type: string

The attribute used as the aggregator to group related findings for the insight.

Name

Required: Yes
Type: string

The name of the custom insight to create.

Result Syntax

[
    'InsightArn' => '<string>',
]

Result Details

Members

InsightArn

Required: Yes
Type: string

The ARN of the insight created.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceConflictException:
The resource specified in the request conflicts with an existing resource.

CreateMembers

$result = $client->createMembers([/* ... */]);
$promise = $client->createMembersAsync([/* ... */]);

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. To successfully create a member, you must use this action from an account that already has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

After you use CreateMembers to create member account associations in Security Hub, you must use the InviteMembers operation to invite the accounts to enable Security Hub and become member accounts in Security Hub.

If the account owner accepts the invitation, the account becomes a member account in Security Hub, and a permission policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in the invited account, findings start to be sent to both the member and master accounts.

To remove the association between the master and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

Parameter Syntax

$result = $client->createMembers([
    'AccountDetails' => [
        [
            'AccountId' => '<string>',
            'Email' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountDetails

Type: Array of AccountDetails structures

The list of accounts to associate with the Security Hub master account. For each account, the list includes the account ID and the email address.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

UnprocessedAccounts

Type: Array of Result structures

The list of AWS accounts that were not processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceConflictException:
The resource specified in the request conflicts with an existing resource.

DeclineInvitations

$result = $client->declineInvitations([/* ... */]);
$promise = $client->declineInvitationsAsync([/* ... */]);

Declines invitations to become a member account.

Parameter Syntax

$result = $client->declineInvitations([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

AccountIds

Required: Yes
Type: Array of strings

The list of account IDs for the accounts from which to decline the invitations to Security Hub.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

UnprocessedAccounts

Type: Array of Result structures

The list of AWS accounts that were not processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DeleteActionTarget

$result = $client->deleteActionTarget([/* ... */]);
$promise = $client->deleteActionTargetAsync([/* ... */]);

Deletes a custom action target from Security Hub.

Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.

Parameter Syntax

$result = $client->deleteActionTarget([
    'ActionTargetArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ActionTargetArn

Required: Yes
Type: string

The ARN of the custom action target to delete.

Result Syntax

[
    'ActionTargetArn' => '<string>',
]

Result Details

Members

ActionTargetArn

Required: Yes
Type: string

The ARN of the custom action target that was deleted.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DeleteInsight

$result = $client->deleteInsight([/* ... */]);
$promise = $client->deleteInsightAsync([/* ... */]);

Deletes the insight specified by the InsightArn.

Parameter Syntax

$result = $client->deleteInsight([
    'InsightArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

InsightArn

Required: Yes
Type: string

The ARN of the insight to delete.

Result Syntax

[
    'InsightArn' => '<string>',
]

Result Details

Members

InsightArn

Required: Yes
Type: string

The ARN of the insight that was deleted.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DeleteInvitations

$result = $client->deleteInvitations([/* ... */]);
$promise = $client->deleteInvitationsAsync([/* ... */]);

Deletes invitations received by the AWS account to become a member account.

Parameter Syntax

$result = $client->deleteInvitations([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

AccountIds

Required: Yes
Type: Array of strings

The list of the account IDs that sent the invitations to delete.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

UnprocessedAccounts

Type: Array of Result structures

The list of AWS accounts for which the invitations were not deleted. For each account, the list includes the account ID and the email address.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.

DeleteMembers

$result = $client->deleteMembers([/* ... */]);
$promise = $client->deleteMembersAsync([/* ... */]);

Deletes the specified member accounts from Security Hub.

Parameter Syntax

$result = $client->deleteMembers([
    'AccountIds' => ['<string>', ...],
]);

Parameter Details

Members

AccountIds

Type: Array of strings

The list of account IDs for the member accounts to delete.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

UnprocessedAccounts

Type: Array of Result structures

The list of AWS accounts that were not deleted. For each account, the list includes the account ID and the email address.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DescribeActionTargets

$result = $client->describeActionTargets([/* ... */]);
$promise = $client->describeActionTargetsAsync([/* ... */]);

Returns a list of the custom action targets in Security Hub in your account.

Parameter Syntax

$result = $client->describeActionTargets([
    'ActionTargetArns' => ['<string>', ...],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

ActionTargetArns

Type: Array of strings

A list of custom action target ARNs for the custom action targets to retrieve.

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

The token that is required for pagination. On your first call to the DescribeActionTargets operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'ActionTargets' => [
        [
            'ActionTargetArn' => '<string>',
            'Description' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

ActionTargets

Required: Yes
Type: Array of ActionTarget structures

A list of ActionTarget objects. Each object includes the ActionTargetArn, Description, and Name of a custom action target available in Security Hub.

NextToken

Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DescribeHub

$result = $client->describeHub([/* ... */]);
$promise = $client->describeHubAsync([/* ... */]);

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.

Parameter Syntax

$result = $client->describeHub([
    'HubArn' => '<string>',
]);

Parameter Details

Members

HubArn

Type: string

The ARN of the Hub resource to retrieve.

Result Syntax

[
    'HubArn' => '<string>',
    'SubscribedAt' => '<string>',
]

Result Details

Members

HubArn

Type: string

The ARN of the Hub resource that was retrieved.

SubscribedAt

Type: string

The date and time when Security Hub was enabled in the account.

Errors

InternalException:
Internal server error.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DescribeProducts

$result = $client->describeProducts([/* ... */]);
$promise = $client->describeProductsAsync([/* ... */]);

Returns information about the available products that you can subscribe to and integrate with Security Hub in order to consolidate findings.

Parameter Syntax

$result = $client->describeProducts([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

The token that is required for pagination. On your first call to the DescribeProducts operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'NextToken' => '<string>',
    'Products' => [
        [
            'ActivationUrl' => '<string>',
            'Categories' => ['<string>', ...],
            'CompanyName' => '<string>',
            'Description' => '<string>',
            'MarketplaceUrl' => '<string>',
            'ProductArn' => '<string>',
            'ProductName' => '<string>',
            'ProductSubscriptionResourcePolicy' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

The pagination token to use to request the next page of results.

Products

Required: Yes
Type: Array of Product structures

A list of products, including details for each product.

Errors

InternalException:
Internal server error.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

DescribeStandards

$result = $client->describeStandards([/* ... */]);
$promise = $client->describeStandardsAsync([/* ... */]);

Returns a list of the available standards in Security Hub.

For each standard, the results include the standard ARN, the name, and a description.

Parameter Syntax

$result = $client->describeStandards([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of standards to return.

NextToken

Type: string

The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'NextToken' => '<string>',
    'Standards' => [
        [
            'Description' => '<string>',
            'Name' => '<string>',
            'StandardsArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

The pagination token to use to request the next page of results.

Standards

Type: Array of Standard structures

A list of available standards.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.

DescribeStandardsControls

$result = $client->describeStandardsControls([/* ... */]);
$promise = $client->describeStandardsControlsAsync([/* ... */]);

Returns a list of compliance standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

Parameter Syntax

$result = $client->describeStandardsControls([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StandardsSubscriptionArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of compliance standard controls to return.

NextToken

Type: string

The token that is required for pagination. On your first call to the DescribeStandardsControls operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

StandardsSubscriptionArn

Required: Yes
Type: string

The ARN of a resource that represents your subscription to a supported standard.

Result Syntax

[
    'Controls' => [
        [
            'ControlId' => '<string>',
            'ControlStatus' => 'ENABLED|DISABLED',
            'ControlStatusUpdatedAt' => <DateTime>,
            'Description' => '<string>',
            'DisabledReason' => '<string>',
            'RelatedRequirements' => ['<string>', ...],
            'RemediationUrl' => '<string>',
            'SeverityRating' => 'LOW|MEDIUM|HIGH|CRITICAL',
            'StandardsControlArn' => '<string>',
            'Title' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

Controls

Type: Array of StandardsControl structures

A list of compliance standards controls.

NextToken

Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DisableImportFindingsForProduct

$result = $client->disableImportFindingsForProduct([/* ... */]);
$promise = $client->disableImportFindingsForProductAsync([/* ... */]);

Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.

Parameter Syntax

$result = $client->disableImportFindingsForProduct([
    'ProductSubscriptionArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ProductSubscriptionArn

Required: Yes
Type: string

The ARN of the integrated product to disable the integration for.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

DisableSecurityHub

$result = $client->disableSecurityHub([/* ... */]);
$promise = $client->disableSecurityHubAsync([/* ... */]);

Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.

When you disable Security Hub for a master account, it doesn't disable Security Hub for any associated member accounts.

When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your master and member account associations are removed.

If you want to save your existing findings, you must export them before you disable Security Hub.

Parameter Syntax

$result = $client->disableSecurityHub([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DisassociateFromMasterAccount

$result = $client->disassociateFromMasterAccount([/* ... */]);
$promise = $client->disassociateFromMasterAccountAsync([/* ... */]);

Disassociates the current Security Hub member account from the associated master account.

Parameter Syntax

$result = $client->disassociateFromMasterAccount([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

DisassociateMembers

$result = $client->disassociateMembers([/* ... */]);
$promise = $client->disassociateMembersAsync([/* ... */]);

Disassociates the specified member accounts from the associated master account.

Parameter Syntax

$result = $client->disassociateMembers([
    'AccountIds' => ['<string>', ...],
]);

Parameter Details

Members

AccountIds

Type: Array of strings

The account IDs of the member accounts to disassociate from the master account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

EnableImportFindingsForProduct

$result = $client->enableImportFindingsForProduct([/* ... */]);
$promise = $client->enableImportFindingsForProductAsync([/* ... */]);

Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.

When you enable a product integration, a permission policy that grants permission for the product to send findings to Security Hub is applied.

Parameter Syntax

$result = $client->enableImportFindingsForProduct([
    'ProductArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ProductArn

Required: Yes
Type: string

The ARN of the product to enable the integration for.

Result Syntax

[
    'ProductSubscriptionArn' => '<string>',
]

Result Details

Members

ProductSubscriptionArn

Type: string

The ARN of your subscription to the product to enable integrations for.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceConflictException:
The resource specified in the request conflicts with an existing resource.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

EnableSecurityHub

$result = $client->enableSecurityHub([/* ... */]);
$promise = $client->enableSecurityHubAsync([/* ... */]);

Enables Security Hub for your account in the current Region or the Region you specify in the request.

When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie.

When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable the CIS AWS Foundations standard. You do not enable the Payment Card Industry Data Security Standard (PCI DSS) standard. To enable a standard, use the BatchEnableStandards operation. To disable a standard, use the BatchDisableStandards operation.

To learn more, see Setting Up AWS Security Hub in the AWS Security Hub User Guide.

Parameter Syntax

$result = $client->enableSecurityHub([
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members

Tags

Type: Associative array of custom strings keys (TagKey) to strings

The tags to add to the Hub resource when you enable Security Hub.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceConflictException:
The resource specified in the request conflicts with an existing resource.
AccessDeniedException:
You don't have permission to perform the action specified in the request.

GetEnabledStandards

$result = $client->getEnabledStandards([/* ... */]);
$promise = $client->getEnabledStandardsAsync([/* ... */]);

Returns a list of the standards that are currently enabled.

Parameter Syntax

$result = $client->getEnabledStandards([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StandardsSubscriptionArns' => ['<string>', ...],
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of results to return in the response.

NextToken

Type: string

The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

StandardsSubscriptionArns

Type: Array of strings

The list of the standards subscription ARNs for the standards to retrieve.

Result Syntax

[
    'NextToken' => '<string>',
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => '<string>',
            'StandardsInput' => ['<string>', ...],
            'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
            'StandardsSubscriptionArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

The pagination token to use to request the next page of results.

StandardsSubscriptions

Type: Array of StandardsSubscription structures

The list of StandardsSubscriptions objects that include information about the enabled standards.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

GetFindings

$result = $client->getFindings([/* ... */]);
$promise = $client->getFindingsAsync([/* ... */]);

Returns a list of findings that match the specified criteria.

Parameter Syntax

$result = $client->getFindings([
    'Filters' => [
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'SortCriteria' => [
        [
            'Field' => '<string>',
            'SortOrder' => 'asc|desc',
        ],
        // ...
    ],
]);

Parameter Details

Members

Filters

Type: AwsSecurityFindingFilters structure

The finding attributes used to define a condition to filter the returned findings.

MaxResults

Type: int

The maximum number of findings to return.

NextToken

Type: string

The token that is required for pagination. On your first call to the GetFindings operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

SortCriteria

Type: Array of SortCriterion structures

The finding attributes used to sort the list of returned findings.

Result Syntax

[
    'Findings' => [
        [
            'AwsAccountId' => '<string>',
            'Compliance' => [
                'RelatedRequirements' => ['<string>', ...],
                'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
            ],
            'Confidence' => <integer>,
            'CreatedAt' => '<string>',
            'Criticality' => <integer>,
            'Description' => '<string>',
            'FirstObservedAt' => '<string>',
            'GeneratorId' => '<string>',
            'Id' => '<string>',
            'LastObservedAt' => '<string>',
            'Malware' => [
                [
                    'Name' => '<string>',
                    'Path' => '<string>',
                    'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
                    'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
                ],
                // ...
            ],
            'Network' => [
                'DestinationDomain' => '<string>',
                'DestinationIpV4' => '<string>',
                'DestinationIpV6' => '<string>',
                'DestinationPort' => <integer>,
                'Direction' => 'IN|OUT',
                'Protocol' => '<string>',
                'SourceDomain' => '<string>',
                'SourceIpV4' => '<string>',
                'SourceIpV6' => '<string>',
                'SourceMac' => '<string>',
                'SourcePort' => <integer>,
            ],
            'Note' => [
                'Text' => '<string>',
                'UpdatedAt' => '<string>',
                'UpdatedBy' => '<string>',
            ],
            'Process' => [
                'LaunchedAt' => '<string>',
                'Name' => '<string>',
                'ParentPid' => <integer>,
                'Path' => '<string>',
                'Pid' => <integer>,
                'TerminatedAt' => '<string>',
            ],
            'ProductArn' => '<string>',
            'ProductFields' => ['<string>', ...],
            'RecordState' => 'ACTIVE|ARCHIVED',
            'RelatedFindings' => [
                [
                    'Id' => '<string>',
                    'ProductArn' => '<string>',
                ],
                // ...
            ],
            'Remediation' => [
                'Recommendation' => [
                    'Text' => '<string>',
                    'Url' => '<string>',
                ],
            ],
            'Resources' => [
                [
                    'Details' => [
                        'AwsCloudFrontDistribution' => [
                            'DomainName' => '<string>',
                            'ETag' => '<string>',
                            'LastModifiedTime' => '<string>',
                            'Logging' => [
                                'Bucket' => '<string>',
                                'Enabled' => true || false,
                                'IncludeCookies' => true || false,
                                'Prefix' => '<string>',
                            ],
                            'Origins' => [
                                'Items' => [
                                    [
                                        'DomainName' => '<string>',
                                        'Id' => '<string>',
                                        'OriginPath' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'Status' => '<string>',
                            'WebAclId' => '<string>',
                        ],
                        'AwsCodeBuildProject' => [
                            'EncryptionKey' => '<string>',
                            'Environment' => [
                                'Certificate' => '<string>',
                                'ImagePullCredentialsType' => '<string>',
                                'RegistryCredential' => [
                                    'Credential' => '<string>',
                                    'CredentialProvider' => '<string>',
                                ],
                                'Type' => '<string>',
                            ],
                            'Name' => '<string>',
                            'ServiceRole' => '<string>',
                            'Source' => [
                                'GitCloneDepth' => <integer>,
                                'InsecureSsl' => true || false,
                                'Location' => '<string>',
                                'Type' => '<string>',
                            ],
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'Subnets' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsEc2Instance' => [
                            'IamInstanceProfileArn' => '<string>',
                            'ImageId' => '<string>',
                            'IpV4Addresses' => ['<string>', ...],
                            'IpV6Addresses' => ['<string>', ...],
                            'KeyName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'SubnetId' => '<string>',
                            'Type' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2NetworkInterface' => [
                            'Attachment' => [
                                'AttachTime' => '<string>',
                                'AttachmentId' => '<string>',
                                'DeleteOnTermination' => true || false,
                                'DeviceIndex' => <integer>,
                                'InstanceId' => '<string>',
                                'InstanceOwnerId' => '<string>',
                                'Status' => '<string>',
                            ],
                            'NetworkInterfaceId' => '<string>',
                            'SecurityGroups' => [
                                [
                                    'GroupId' => '<string>',
                                    'GroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'SourceDestCheck' => true || false,
                        ],
                        'AwsEc2SecurityGroup' => [
                            'GroupId' => '<string>',
                            'GroupName' => '<string>',
                            'IpPermissions' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'IpPermissionsEgress' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsElasticsearchDomain' => [
                            'AccessPolicies' => '<string>',
                            'DomainEndpointOptions' => [
                                'EnforceHTTPS' => true || false,
                                'TLSSecurityPolicy' => '<string>',
                            ],
                            'DomainId' => '<string>',
                            'DomainName' => '<string>',
                            'ElasticsearchVersion' => '<string>',
                            'EncryptionAtRestOptions' => [
                                'Enabled' => true || false,
                                'KmsKeyId' => '<string>',
                            ],
                            'Endpoint' => '<string>',
                            'Endpoints' => ['<string>', ...],
                            'NodeToNodeEncryptionOptions' => [
                                'Enabled' => true || false,
                            ],
                            'VPCOptions' => [
                                'AvailabilityZones' => ['<string>', ...],
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VPCId' => '<string>',
                            ],
                        ],
                        'AwsElbv2LoadBalancer' => [
                            'AvailabilityZones' => [
                                [
                                    'SubnetId' => '<string>',
                                    'ZoneName' => '<string>',
                                ],
                                // ...
                            ],
                            'CanonicalHostedZoneId' => '<string>',
                            'CreatedTime' => '<string>',
                            'DNSName' => '<string>',
                            'IpAddressType' => '<string>',
                            'Scheme' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'State' => [
                                'Code' => '<string>',
                                'Reason' => '<string>',
                            ],
                            'Type' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsIamAccessKey' => [
                            'CreatedAt' => '<string>',
                            'PrincipalId' => '<string>',
                            'PrincipalName' => '<string>',
                            'PrincipalType' => '<string>',
                            'Status' => 'Active|Inactive',
                            'UserName' => '<string>',
                        ],
                        'AwsIamRole' => [
                            'AssumeRolePolicyDocument' => '<string>',
                            'CreateDate' => '<string>',
                            'MaxSessionDuration' => <integer>,
                            'Path' => '<string>',
                            'RoleId' => '<string>',
                            'RoleName' => '<string>',
                        ],
                        'AwsKmsKey' => [
                            'AWSAccountId' => '<string>',
                            'CreationDate' => <float>,
                            'KeyId' => '<string>',
                            'KeyManager' => '<string>',
                            'KeyState' => '<string>',
                            'Origin' => '<string>',
                        ],
                        'AwsLambdaFunction' => [
                            'Code' => [
                                'S3Bucket' => '<string>',
                                'S3Key' => '<string>',
                                'S3ObjectVersion' => '<string>',
                                'ZipFile' => '<string>',
                            ],
                            'CodeSha256' => '<string>',
                            'DeadLetterConfig' => [
                                'TargetArn' => '<string>',
                            ],
                            'Environment' => [
                                'Error' => [
                                    'ErrorCode' => '<string>',
                                    'Message' => '<string>',
                                ],
                                'Variables' => ['<string>', ...],
                            ],
                            'FunctionName' => '<string>',
                            'Handler' => '<string>',
                            'KmsKeyArn' => '<string>',
                            'LastModified' => '<string>',
                            'Layers' => [
                                [
                                    'Arn' => '<string>',
                                    'CodeSize' => <integer>,
                                ],
                                // ...
                            ],
                            'MasterArn' => '<string>',
                            'MemorySize' => <integer>,
                            'RevisionId' => '<string>',
                            'Role' => '<string>',
                            'Runtime' => '<string>',
                            'Timeout' => <integer>,
                            'TracingConfig' => [
                                'Mode' => '<string>',
                            ],
                            'Version' => '<string>',
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsLambdaLayerVersion' => [
                            'CompatibleRuntimes' => ['<string>', ...],
                            'CreatedDate' => '<string>',
                            'Version' => <integer>,
                        ],
                        'AwsRdsDbInstance' => [
                            'AssociatedRoles' => [
                                [
                                    'FeatureName' => '<string>',
                                    'RoleArn' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'CACertificateIdentifier' => '<string>',
                            'DBClusterIdentifier' => '<string>',
                            'DBInstanceClass' => '<string>',
                            'DBInstanceIdentifier' => '<string>',
                            'DBName' => '<string>',
                            'DbInstancePort' => <integer>,
                            'DbiResourceId' => '<string>',
                            'DeletionProtection' => true || false,
                            'Endpoint' => [
                                'Address' => '<string>',
                                'HostedZoneId' => '<string>',
                                'Port' => <integer>,
                            ],
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'IAMDatabaseAuthenticationEnabled' => true || false,
                            'InstanceCreateTime' => '<string>',
                            'KmsKeyId' => '<string>',
                            'PubliclyAccessible' => true || false,
                            'StorageEncrypted' => true || false,
                            'TdeCredentialArn' => '<string>',
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsS3Bucket' => [
                            'OwnerId' => '<string>',
                            'OwnerName' => '<string>',
                        ],
                        'AwsSnsTopic' => [
                            'KmsMasterKeyId' => '<string>',
                            'Owner' => '<string>',
                            'Subscription' => [
                                [
                                    'Endpoint' => '<string>',
                                    'Protocol' => '<string>',
                                ],
                                // ...
                            ],
                            'TopicName' => '<string>',
                        ],
                        'AwsSqsQueue' => [
                            'DeadLetterTargetArn' => '<string>',
                            'KmsDataKeyReusePeriodSeconds' => <integer>,
                            'KmsMasterKeyId' => '<string>',
                            'QueueName' => '<string>',
                        ],
                        'AwsWafWebAcl' => [
                            'DefaultAction' => '<string>',
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'ExcludedRules' => [
                                        [
                                            'RuleId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'OverrideAction' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'Container' => [
                            'ImageId' => '<string>',
                            'ImageName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'Name' => '<string>',
                        ],
                        'Other' => ['<string>', ...],
                    ],
                    'Id' => '<string>',
                    'Partition' => 'aws|aws-cn|aws-us-gov',
                    'Region' => '<string>',
                    'Tags' => ['<string>', ...],
                    'Type' => '<string>',
                ],
                // ...
            ],
            'SchemaVersion' => '<string>',
            'Severity' => [
                'Normalized' => <integer>,
                'Product' => <float>,
            ],
            'SourceUrl' => '<string>',
            'ThreatIntelIndicators' => [
                [
                    'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
                    'LastObservedAt' => '<string>',
                    'Source' => '<string>',
                    'SourceUrl' => '<string>',
                    'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'Title' => '<string>',
            'Types' => ['<string>', ...],
            'UpdatedAt' => '<string>',
            'UserDefinedFields' => ['<string>', ...],
            'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
            'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

Findings

Required: Yes
Type: Array of AwsSecurityFinding structures

The findings that matched the filters specified in the request.

NextToken

Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

GetInsightResults

$result = $client->getInsightResults([/* ... */]);
$promise = $client->getInsightResultsAsync([/* ... */]);

Lists the results of the Security Hub insight specified by the insight ARN.

Parameter Syntax

$result = $client->getInsightResults([
    'InsightArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

InsightArn

Required: Yes
Type: string

The ARN of the insight for which to return results.

Result Syntax

[
    'InsightResults' => [
        'GroupByAttribute' => '<string>',
        'InsightArn' => '<string>',
        'ResultValues' => [
            [
                'Count' => <integer>,
                'GroupByAttributeValue' => '<string>',
            ],
            // ...
        ],
    ],
]

Result Details

Members

InsightResults

Required: Yes
Type: InsightResults structure

The insight results returned by the operation.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

GetInsights

$result = $client->getInsights([/* ... */]);
$promise = $client->getInsightsAsync([/* ... */]);

Lists and describes insights for the specified insight ARNs.

Parameter Syntax

$result = $client->getInsights([
    'InsightArns' => ['<string>', ...],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

InsightArns

Type: Array of strings

The ARNs of the insights to describe.

MaxResults

Type: int

The maximum number of items to return in the response.

NextToken

Type: string

The token that is required for pagination. On your first call to the GetInsights operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'Insights' => [
        [
            'Filters' => [
                'AwsAccountId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'CompanyName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Confidence' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'CreatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'Criticality' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'Description' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FirstObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'GeneratorId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Id' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Keyword' => [
                    [
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'LastObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'MalwareName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MalwarePath' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MalwareState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MalwareType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationDomain' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationIpV4' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationIpV6' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationPort' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'NetworkDirection' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkProtocol' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceDomain' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceIpV4' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceIpV6' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceMac' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourcePort' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'NoteText' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedBy' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProcessLaunchedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ProcessName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProcessParentPid' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'ProcessPath' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProcessPid' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'ProcessTerminatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductFields' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RecommendationText' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RecordState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceImageId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceIpV4Addresses' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceIpV6Addresses' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceKeyName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceLaunchedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceSubnetId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceVpcId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyCreatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyUserName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsS3BucketOwnerId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsS3BucketOwnerName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerImageId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerImageName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerLaunchedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceDetailsOther' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourcePartition' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceRegion' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceTags' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SeverityNormalized' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'SeverityProduct' => [
                    [
                        'Eq' => <float>,
                        'Gte' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'SourceUrl' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorCategory' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorLastObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorSource' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorSourceUrl' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorValue' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Title' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Type' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'UpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'UserDefinedFields' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'VerificationState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'WorkflowState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
            ],
            'GroupByAttribute' => '<string>',
            'InsightArn' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

Insights

Required: Yes
Type: Array of Insight structures

The insights returned by the operation.

NextToken

Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

GetInvitationsCount

$result = $client->getInvitationsCount([/* ... */]);
$promise = $client->getInvitationsCountAsync([/* ... */]);

Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.

Parameter Syntax

$result = $client->getInvitationsCount([
]);

Parameter Details

Members

Result Syntax

[
    'InvitationsCount' => <integer>,
]

Result Details

Members

InvitationsCount

Type: int

The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

GetMasterAccount

$result = $client->getMasterAccount([/* ... */]);
$promise = $client->getMasterAccountAsync([/* ... */]);

Provides the details for the Security Hub master account for the current member account.

Parameter Syntax

$result = $client->getMasterAccount([
]);

Parameter Details

Members

Result Syntax

[
    'Master' => [
        'AccountId' => '<string>',
        'InvitationId' => '<string>',
        'InvitedAt' => <DateTime>,
        'MemberStatus' => '<string>',
    ],
]

Result Details

Members

Master

Type: Invitation structure

A list of details about the Security Hub master account for the current member account.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

GetMembers

$result = $client->getMembers([/* ... */]);
$promise = $client->getMembersAsync([/* ... */]);

Returns the details for the Security Hub member accounts for the specified account IDs.

Parameter Syntax

$result = $client->getMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

AccountIds

Required: Yes
Type: Array of strings

The list of account IDs for the Security Hub member accounts to return the details for.

Result Syntax

[
    'Members' => [
        [
            'AccountId' => '<string>',
            'Email' => '<string>',
            'InvitedAt' => <DateTime>,
            'MasterId' => '<string>',
            'MemberStatus' => '<string>',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

Members

Type: Array of Member structures

The list of details about the Security Hub member accounts.

UnprocessedAccounts

Type: Array of Result structures

The list of AWS accounts that could not be processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

InviteMembers

$result = $client->inviteMembers([/* ... */]);
$promise = $client->inviteMembersAsync([/* ... */]);

Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

When the account owner accepts the invitation to become a member account and enables Security Hub, the master account can view the findings generated from the member account.

Parameter Syntax

$result = $client->inviteMembers([
    'AccountIds' => ['<string>', ...],
]);

Parameter Details

Members

AccountIds

Type: Array of strings

The list of account IDs of the AWS accounts to invite to Security Hub as members.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

UnprocessedAccounts

Type: Array of Result structures

The list of AWS accounts that could not be processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

ListEnabledProductsForImport

$result = $client->listEnabledProductsForImport([/* ... */]);
$promise = $client->listEnabledProductsForImportAsync([/* ... */]);

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.

Parameter Syntax

$result = $client->listEnabledProductsForImport([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of items to return in the response.

NextToken

Type: string

The token that is required for pagination. On your first call to the ListEnabledProductsForImport operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'NextToken' => '<string>',
    'ProductSubscriptions' => ['<string>', ...],
]

Result Details

Members

NextToken

Type: string

The pagination token to use to request the next page of results.

ProductSubscriptions

Type: Array of strings

The list of ARNs for the resources that represent your subscriptions to products.

Errors

InternalException:
Internal server error.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.

ListInvitations

$result = $client->listInvitations([/* ... */]);
$promise = $client->listInvitationsAsync([/* ... */]);

Lists all Security Hub membership invitations that were sent to the current AWS account.

Parameter Syntax

$result = $client->listInvitations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of items to return in the response.

NextToken

Type: string

The token that is required for pagination. On your first call to the ListInvitations operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'Invitations' => [
        [
            'AccountId' => '<string>',
            'InvitationId' => '<string>',
            'InvitedAt' => <DateTime>,
            'MemberStatus' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

Invitations

Type: Array of Invitation structures

The details of the invitations returned by the operation.

NextToken

Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

ListMembers

$result = $client->listMembers([/* ... */]);
$promise = $client->listMembersAsync([/* ... */]);

Lists details about all member accounts for the current Security Hub master account.

Parameter Syntax

$result = $client->listMembers([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OnlyAssociated' => true || false,
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of items to return in the response.

NextToken

Type: string

The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

OnlyAssociated

Type: boolean

Specifies which member accounts to include in the response based on their relationship status with the master account. The default value is TRUE.

If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED.

If OnlyAssociated is set to FALSE, the response includes all existing member accounts.

Result Syntax

[
    'Members' => [
        [
            'AccountId' => '<string>',
            'Email' => '<string>',
            'InvitedAt' => <DateTime>,
            'MasterId' => '<string>',
            'MemberStatus' => '<string>',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

Members

Type: Array of Member structures

Member details returned by the operation.

NextToken

Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Returns a list of tags associated with a resource.

Parameter Syntax

$result = $client->listTagsForResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ResourceArn

Required: Yes
Type: string

The ARN of the resource to retrieve tags for.

Result Syntax

[
    'Tags' => ['<string>', ...],
]

Result Details

Members

Tags

Type: Associative array of custom strings keys (TagKey) to strings

The tags associated with a resource.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Adds one or more tags to a resource.

Parameter Syntax

$result = $client->tagResource([
    'ResourceArn' => '<string>', // REQUIRED
    'Tags' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

ResourceArn

Required: Yes
Type: string

The ARN of the resource to apply the tags to.

Tags

Required: Yes
Type: Associative array of custom strings keys (TagKey) to strings

The tags to add to the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Removes one or more tags from a resource.

Parameter Syntax

$result = $client->untagResource([
    'ResourceArn' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

ResourceArn

Required: Yes
Type: string

The ARN of the resource to remove the tags from.

TagKeys

Required: Yes
Type: Array of strings

The tag keys associated with the tags to remove from the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

UpdateActionTarget

$result = $client->updateActionTarget([/* ... */]);
$promise = $client->updateActionTargetAsync([/* ... */]);

Updates the name and description of a custom action target in Security Hub.

Parameter Syntax

$result = $client->updateActionTarget([
    'ActionTargetArn' => '<string>', // REQUIRED
    'Description' => '<string>',
    'Name' => '<string>',
]);

Parameter Details

Members

ActionTargetArn

Required: Yes
Type: string

The ARN of the custom action target to update.

Description

Type: string

The updated description for the custom action target.

Name

Type: string

The updated name of the custom action target.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

UpdateFindings

$result = $client->updateFindings([/* ... */]);
$promise = $client->updateFindingsAsync([/* ... */]);

Updates the Note and RecordState of the Security Hub-aggregated findings that the filter attributes specify. Any member account that can view the finding also sees the update to the finding.

Parameter Syntax

$result = $client->updateFindings([
    'Filters' => [ // REQUIRED
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'Note' => [
        'Text' => '<string>', // REQUIRED
        'UpdatedBy' => '<string>', // REQUIRED
    ],
    'RecordState' => 'ACTIVE|ARCHIVED',
]);

Parameter Details

Members

Filters

Required: Yes
Type: AwsSecurityFindingFilters structure

A collection of attributes that specify which findings you want to update.

Note

Type: NoteUpdate structure

The updated note for the finding.

RecordState

Type: string

The updated record state for the finding.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

UpdateInsight

$result = $client->updateInsight([/* ... */]);
$promise = $client->updateInsightAsync([/* ... */]);

Updates the Security Hub insight identified by the specified insight ARN.

Parameter Syntax

$result = $client->updateInsight([
    'Filters' => [
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gte' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'GroupByAttribute' => '<string>',
    'InsightArn' => '<string>', // REQUIRED
    'Name' => '<string>',
]);

Parameter Details

Members

Filters

Type: AwsSecurityFindingFilters structure

The updated filters that define this insight.

GroupByAttribute

Type: string

The updated GroupBy attribute that defines this insight.

InsightArn

Required: Yes
Type: string

The ARN of the insight that you want to update.

Name

Type: string

The updated name for the insight.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

UpdateStandardsControl

$result = $client->updateStandardsControl([/* ... */]);
$promise = $client->updateStandardsControlAsync([/* ... */]);

Used to control whether an individual compliance standard control is enabled or disabled.

Parameter Syntax

$result = $client->updateStandardsControl([
    'ControlStatus' => 'ENABLED|DISABLED',
    'DisabledReason' => '<string>',
    'StandardsControlArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ControlStatus

Type: string

The updated status of the compliance standard control.

DisabledReason

Type: string

A description of the reason why you are disabling a compliance standard control.

StandardsControlArn

Required: Yes
Type: string

The ARN of the compliance standard control to enable or disable.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:
Internal server error.
InvalidInputException:
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
InvalidAccessException:
AWS Security Hub isn't enabled for the account used to make this request.
ResourceNotFoundException:
The request was rejected because we can't find the specified resource.

Shapes

AccessDeniedException

Description

You don't have permission to perform the action specified in the request.

Members

Code

Type: string

Message

Type: string

AccountDetails

Description

The details of an AWS account.

Members

AccountId

Type: string

The ID of an AWS account.

Email

Type: string

The email of an AWS account.

ActionTarget

Description

An ActionTarget object.

Members

ActionTargetArn

Required: Yes
Type: string

The ARN for the target action.

Description

Required: Yes
Type: string

The description of the target action.

Name

Required: Yes
Type: string

The name of the action target.

AvailabilityZone

Description

Information about an Availability Zone.

Members

SubnetId

Type: string

The ID of the subnet. You can specify one subnet per Availability Zone.

ZoneName

Type: string

The name of the Availability Zone.

AwsCloudFrontDistributionDetails

Description

A distribution configuration.

Members

DomainName

Type: string

The domain name corresponding to the distribution.

ETag

Type: string

The entity tag is a hash of the object.

LastModifiedTime

Type: string

The date and time that the distribution was last modified.

Logging

Type: AwsCloudFrontDistributionLogging structure

A complex type that controls whether access logs are written for the distribution.

Origins

Type: AwsCloudFrontDistributionOrigins structure

A complex type that contains information about origins for this distribution.

Status

Type: string

Indicates the current status of the distribution.

WebAclId

Type: string

A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.

AwsCloudFrontDistributionLogging

Description

A complex type that controls whether access logs are written for the distribution.

Members

Bucket

Type: string

The Amazon S3 bucket to store the access logs in.

Enabled

Type: boolean

With this field, you can enable or disable the selected distribution.

IncludeCookies

Type: boolean

Specifies whether you want CloudFront to include cookies in access logs.

Prefix

Type: string

An optional string that you want CloudFront to use as a prefix to the access log filenames for this distribution.

AwsCloudFrontDistributionOriginItem

Description

A complex type that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon MediaStore, or other server from which CloudFront gets your files.

Members

DomainName

Type: string

Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin.

Id

Type: string

A unique identifier for the origin or origin group.

OriginPath

Type: string

An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

AwsCloudFrontDistributionOrigins

Description

A complex type that contains information about origins and origin groups for this distribution.

Members

Items

Type: Array of AwsCloudFrontDistributionOriginItem structures

A complex type that contains origins or origin groups for this distribution.

AwsCodeBuildProjectDetails

Description

Information about an AWS CodeBuild project.

Members

EncryptionKey

Type: string

The AWS Key Management Service (AWS KMS) customer master key (CMK) used to encrypt the build output artifacts.

You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK alias (using the format alias/alias-name).

Environment

Type: AwsCodeBuildProjectEnvironment structure

Information about the build environment for this build project.

Name

Type: string

The name of the build project.

ServiceRole

Type: string

The ARN of the IAM role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

Source

Type: AwsCodeBuildProjectSource structure

Information about the build input source code for this build project.

VpcConfig

Type: AwsCodeBuildProjectVpcConfig structure

Information about the VPC configuration that AWS CodeBuild accesses.

AwsCodeBuildProjectEnvironment

Description

Information about the build environment for this build project.

Members

Certificate

Type: string

The certificate to use with this build project.

ImagePullCredentialsType

Type: string

The type of credentials AWS CodeBuild uses to pull images in your build.

Valid values:

CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust the AWS CodeBuild service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.

When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.

RegistryCredential

Type: AwsCodeBuildProjectEnvironmentRegistryCredential structure

The credentials for access to a private registry.

Type

Type: string

The type of build environment to use for related builds.

The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Europe (Frankfurt).

The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).

The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).

Valid values: WINDOWS_CONTAINER | LINUX_CONTAINER | LINUX_GPU_CONTAINER | ARM_CONTAINER

AwsCodeBuildProjectEnvironmentRegistryCredential

Description

The credentials for access to a private registry.

Members

Credential

Type: string

The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.

The credential can use the name of the credentials only if they exist in your current AWS Region.

CredentialProvider

Type: string

The service that created the credentials to access a private Docker registry.

The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.

AwsCodeBuildProjectSource

Description

Information about the build input source code for this build project.

Members

GitCloneDepth

Type: int

Information about the Git clone depth for the build project.

InsecureSsl

Type: boolean

Whether to ignore SSL warnings while connecting to the project source code.

Location

Type: string

Information about the location of the source code to be built.

Valid values include:

For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ).
For source code in an S3 input bucket, one of the following.
- The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
- The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file.

Type

Type: string

The type of repository that contains the source code to be built. Valid values are:

BITBUCKET - The source code is in a Bitbucket repository.
CODECOMMIT - The source code is in an AWS CodeCommit repository.
CODEPIPELINE - The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB - The source code is in a GitHub repository.
GITHUB_ENTERPRISE - The source code is in a GitHub Enterprise repository.
NO_SOURCE - The project does not have input source code.
S3 - The source code is in an S3 input bucket.

AwsCodeBuildProjectVpcConfig

Description

Information about the VPC configuration that AWS CodeBuild accesses.

Members

SecurityGroupIds

Type: Array of strings

A list of one or more security group IDs in your Amazon VPC.

Subnets

Type: Array of strings

A list of one or more subnet IDs in your Amazon VPC.

VpcId

Type: string

The ID of the VPC.

AwsEc2InstanceDetails

Description

The details of an Amazon EC2 instance.

Members

IamInstanceProfileArn

Type: string

The IAM profile ARN of the instance.

ImageId

Type: string

The Amazon Machine Image (AMI) ID of the instance.

IpV4Addresses

Type: Array of strings

The IPv4 addresses associated with the instance.

IpV6Addresses

Type: Array of strings

The IPv6 addresses associated with the instance.

KeyName

Type: string

The key name associated with the instance.

LaunchedAt

Type: string

The date/time the instance was launched.

SubnetId

Type: string

The identifier of the subnet that the instance was launched in.

Type

Type: string

The instance type of the instance.

VpcId

Type: string

The identifier of the VPC that the instance was launched in.

AwsEc2NetworkInterfaceAttachment

Description

Information about the network interface attachment.

Members

AttachTime

Type: string

The timestamp indicating when the attachment initiated.

AttachmentId

Type: string

The identifier of the network interface attachment

DeleteOnTermination

Type: boolean

Indicates whether the network interface is deleted when the instance is terminated.

DeviceIndex

Type: int

The device index of the network interface attachment on the instance.

InstanceId

Type: string

The ID of the instance.

InstanceOwnerId

Type: string

The AWS account ID of the owner of the instance.

Status

Type: string

The attachment state.

Valid values: attaching | attached | detaching | detached

AwsEc2NetworkInterfaceDetails

Description

Details about the network interface

Members

Attachment

Type: AwsEc2NetworkInterfaceAttachment structure

The network interface attachment.

NetworkInterfaceId

Type: string

The ID of the network interface.

SecurityGroups

Type: Array of AwsEc2NetworkInterfaceSecurityGroup structures

Security groups for the network interface.

SourceDestCheck

Type: boolean

Indicates whether traffic to or from the instance is validated.

AwsEc2NetworkInterfaceSecurityGroup

Description

A security group associated with the network interface.

Members

GroupId

Type: string

The ID of the security group.

GroupName

Type: string

The name of the security group.

AwsEc2SecurityGroupDetails

Description

Details about an EC2 security group.

Members

GroupId

Type: string

The ID of the security group.

GroupName

Type: string

The name of the security group.

IpPermissions

Type: Array of AwsEc2SecurityGroupIpPermission structures

The inbound rules associated with the security group.

IpPermissionsEgress

Type: Array of AwsEc2SecurityGroupIpPermission structures

[VPC only] The outbound rules associated with the security group.

OwnerId

Type: string

The AWS account ID of the owner of the security group.

VpcId

Type: string

[VPC only] The ID of the VPC for the security group.

AwsEc2SecurityGroupIpPermission

Description

An IP permission for an EC2 security group.

Members

FromPort

Type: int

The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

IpProtocol

Type: string

The IP protocol name (tcp, udp, icmp, icmpv6) or number.

[VPC only] Use -1 to specify all protocols.

When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify.

For tcp, udp, and icmp, you must specify a port range.

For icmpv6, the port range is optional. If you omit the port range, traffic for all types and codes is allowed.

IpRanges

Type: Array of AwsEc2SecurityGroupIpRange structures

The IPv4 ranges.

Ipv6Ranges

Type: Array of AwsEc2SecurityGroupIpv6Range structures

The IPv6 ranges.

PrefixListIds

Type: Array of AwsEc2SecurityGroupPrefixListId structures

[VPC only] The prefix list IDs for an AWS service. With outbound rules, this is the AWS service to access through a VPC endpoint from instances associated with the security group.

ToPort

Type: int

The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

UserIdGroupPairs

Type: Array of AwsEc2SecurityGroupUserIdGroupPair structures

The security group and AWS account ID pairs.

AwsEc2SecurityGroupIpRange

Description

A range of IPv4 addresses.

Members

CidrIp

Type: string

The IPv4 CIDR range. You can either specify either a CIDR range or a source security group, but not both. To specify a single IPv4 address, use the /32 prefix length.

AwsEc2SecurityGroupIpv6Range

Description

A range of IPv6 addresses.

Members

CidrIpv6

Type: string

The IPv6 CIDR range. You can either specify either a CIDR range or a source security group, but not both. To specify a single IPv6 address, use the /128 prefix length.

AwsEc2SecurityGroupPrefixListId

Description

A prefix list ID.

Members

PrefixListId

Type: string

The ID of the prefix.

AwsEc2SecurityGroupUserIdGroupPair

Description

A relationship between a security group and a user.

Members

GroupId

Type: string

The ID of the security group.

GroupName

Type: string

The name of the security group.

PeeringStatus

Type: string

The status of a VPC peering connection, if applicable.

UserId

Type: string

The ID of an AWS account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in another AWS.

VpcId

Type: string

The ID of the VPC for the referenced security group, if applicable.

VpcPeeringConnectionId

Type: string

The ID of the VPC peering connection, if applicable.

AwsElasticsearchDomainDetails

Description

Information about an Elasticsearch domain.

Members

AccessPolicies

Type: string

IAM policy document specifying the access policies for the new Amazon ES domain.

DomainEndpointOptions

Type: AwsElasticsearchDomainDomainEndpointOptions structure

Additional options for the domain endpoint.

DomainId

Type: string

Unique identifier for an Amazon ES domain.

DomainName

Type: string

Name of an Amazon ES domain.

Domain names are unique across all domains owned by the same account within an AWS Region.

Domain names must start with a lowercase letter and must be between 3 and 28 characters.

Valid characters are a-z (lowercase only), 0-9, and – (hyphen).

ElasticsearchVersion

Type: string

Elasticsearch version.

EncryptionAtRestOptions

Type: AwsElasticsearchDomainEncryptionAtRestOptions structure

Details about the configuration for encryption at rest.

Endpoint

Type: string

Domain-specific endpoint used to submit index, search, and data upload requests to an Amazon ES domain.

The endpoint is a service URL.

Endpoints

Type: Associative array of custom strings keys (NonEmptyString) to strings

The key-value pair that exists if the Amazon ES domain uses VPC endpoints.

NodeToNodeEncryptionOptions

Type: AwsElasticsearchDomainNodeToNodeEncryptionOptions structure

Details about the configuration for node-to-node encryption.

VPCOptions

Type: AwsElasticsearchDomainVPCOptions structure

Information that Amazon ES derives based on VPCOptions for the domain.

AwsElasticsearchDomainDomainEndpointOptions

Description

Additional options for the domain endpoint, such as whether to require HTTPS for all traffic.

Members

EnforceHTTPS

Type: boolean

Whether to require that all traffic to the domain arrive over HTTPS.

TLSSecurityPolicy

Type: string

The TLS security policy to apply to the HTTPS endpoint of the Elasticsearch domain.

Valid values:

Policy-Min-TLS-1-0-2019-07, which supports TLSv1.0 and higher
Policy-Min-TLS-1-2-2019-07, which only supports TLSv1.2

AwsElasticsearchDomainEncryptionAtRestOptions

Description

Details about the configuration for encryption at rest.

Members

Enabled

Type: boolean

Whether encryption at rest is enabled.

KmsKeyId

Type: string

The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.

AwsElasticsearchDomainNodeToNodeEncryptionOptions

Description

Details about the configuration for node-to-node encryption.

Members

Enabled

Type: boolean

Whether node-to-node encryption is enabled.

AwsElasticsearchDomainVPCOptions

Description

Information that Amazon ES derives based on VPCOptions for the domain.

Members

AvailabilityZones

Type: Array of strings

The list of Availability Zones associated with the VPC subnets.

SecurityGroupIds

Type: Array of strings

The list of security group IDs associated with the VPC endpoints for the domain.

SubnetIds

Type: Array of strings

A list of subnet IDs associated with the VPC endpoints for the domain.

VPCId

Type: string

ID for the VPC.

AwsElbv2LoadBalancerDetails

Description

Information about a load balancer.

Members

AvailabilityZones

Type: Array of AvailabilityZone structures

The Availability Zones for the load balancer.

CanonicalHostedZoneId

Type: string

The ID of the Amazon Route 53 hosted zone associated with the load balancer.

CreatedTime

Type: string

The date and time the load balancer was created.

DNSName

Type: string

The public DNS name of the load balancer.

IpAddressType

Type: string

The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).

Scheme

Type: string

The nodes of an Internet-facing load balancer have public IP addresses.

SecurityGroups

Type: Array of strings

The IDs of the security groups for the load balancer.

State

Type: LoadBalancerState structure

The state of the load balancer.

Type

Type: string

The type of load balancer.

VpcId

Type: string

The ID of the VPC for the load balancer.

AwsIamAccessKeyDetails

Description

IAM access key details related to a finding.

Members

CreatedAt

Type: string

The creation date/time of the IAM access key related to a finding.

PrincipalId

Type: string

The ID of the principal associated with an access key.

PrincipalName

Type: string

The name of the principal.

PrincipalType

Type: string

The type of principal associated with an access key.

Status

Type: string

The status of the IAM access key related to a finding.

UserName

Type: string

The user associated with the IAM access key related to a finding.

The UserName parameter has been replaced with the PrincipalName parameter because access keys can also be assigned to principals that are not IAM users.

AwsIamRoleDetails

Description

Contains information about an IAM role, including all of the role's policies.

Members

AssumeRolePolicyDocument

Type: string

The trust policy that grants permission to assume the role.

CreateDate

Type: string

The date and time, in ISO 8601 date-time format, when the role was created.

MaxSessionDuration

Type: int

The maximum session duration (in seconds) that you want to set for the specified role.

Path

Type: string

The path to the role.

RoleId

Type: string

The stable and unique string identifying the role.

RoleName

Type: string

The friendly name that identifies the role.

AwsKmsKeyDetails

Description

Contains metadata about a customer master key (CMK).

Members

AWSAccountId

Type: string

The twelve-digit account ID of the AWS account that owns the CMK.

CreationDate

Type: double

The date and time when the CMK was created.

KeyId

Type: string

The globally unique identifier for the CMK.

KeyManager

Type: string

The manager of the CMK. CMKs in your AWS account are either customer managed or AWS managed.

KeyState

Type: string

The state of the CMK.

Origin

Type: string

The source of the CMK's key material.

When this value is AWS_KMS, AWS KMS created the key material.

When this value is EXTERNAL, the key material was imported from your existing key management infrastructure or the CMK lacks key material.

When this value is AWS_CLOUDHSM, the key material was created in the AWS CloudHSM cluster associated with a custom key store.

AwsLambdaFunctionCode

Description

The code for the Lambda function. You can specify either an object in Amazon S3, or upload a deployment package directly.

Members

S3Bucket

Type: string

An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account.

S3Key

Type: string

The Amazon S3 key of the deployment package.

S3ObjectVersion

Type: string

For versioned objects, the version of the deployment package object to use.

ZipFile

Type: string

The base64-encoded contents of the deployment package. AWS SDK and AWS CLI clients handle the encoding for you.

AwsLambdaFunctionDeadLetterConfig

Description

The dead-letter queue for failed asynchronous invocations.

Members

TargetArn

Type: string

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

AwsLambdaFunctionDetails

Description

Details about a function's configuration.

Members

Code

Type: AwsLambdaFunctionCode structure

An AwsLambdaFunctionCode object.

CodeSha256

Type: string

The SHA256 hash of the function's deployment package.

DeadLetterConfig

Type: AwsLambdaFunctionDeadLetterConfig structure

The function's dead letter queue.

Environment

Type: AwsLambdaFunctionEnvironment structure

The function's environment variables.

FunctionName

Type: string

The name of the function.

Handler

Type: string

The function that Lambda calls to begin executing your function.

KmsKeyArn

Type: string

The KMS key that's used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed CMK.

LastModified

Type: string

The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

Layers

Type: Array of AwsLambdaFunctionLayer structures

The function's layers.

MasterArn

Type: string

For Lambda@Edge functions, the ARN of the master function.

MemorySize

Type: int

The memory that's allocated to the function.

RevisionId

Type: string

The latest updated revision of the function or alias.

Role

Type: string

The function's execution role.

Runtime

Type: string

The runtime environment for the Lambda function.

Timeout

Type: int

The amount of time that Lambda allows a function to run before stopping it.

TracingConfig

Type: AwsLambdaFunctionTracingConfig structure

The function's AWS X-Ray tracing configuration.

Version

Type: string

The version of the Lambda function.

VpcConfig

Type: AwsLambdaFunctionVpcConfig structure

The function's networking configuration.

AwsLambdaFunctionEnvironment

Description

A function's environment variable settings.

Members

Error

Type: AwsLambdaFunctionEnvironmentError structure

An AwsLambdaFunctionEnvironmentError object.

Variables

Type: Associative array of custom strings keys (NonEmptyString) to strings

Environment variable key-value pairs.

AwsLambdaFunctionEnvironmentError

Description

Error messages for environment variables that couldn't be applied.

Members

ErrorCode

Type: string

The error code.

Message

Type: string

The error message.

AwsLambdaFunctionLayer

Description

An AWS Lambda layer.

Members

Arn

Type: string

The Amazon Resource Name (ARN) of the function layer.

CodeSize

Type: int

The size of the layer archive in bytes.

AwsLambdaFunctionTracingConfig

Description

The function's AWS X-Ray tracing configuration.

Members

Mode

Type: string

The tracing mode.

AwsLambdaFunctionVpcConfig

Description

The VPC security groups and subnets that are attached to a Lambda function. For more information, see VPC Settings.

Members

SecurityGroupIds

Type: Array of strings

A list of VPC security groups IDs.

SubnetIds

Type: Array of strings

A list of VPC subnet IDs.

VpcId

Type: string

The ID of the VPC.

AwsLambdaLayerVersionDetails

Description

Details about a Lambda layer version.

Members

CompatibleRuntimes

Type: Array of strings

The layer's compatible runtimes. Maximum number of 5 items.

CreatedDate

Type: string

The date that the version was created, in ISO 8601 format. For example, 2018-11-27T15:10:45.123+0000.

Version

Type: long (int|float)

The version number.

AwsRdsDbInstanceAssociatedRole

Description

An AWS Identity and Access Management (IAM) role associated with the DB instance.

Members

FeatureName

Type: string

The name of the feature associated with the IAM)role.

RoleArn

Type: string

The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance.

Status

Type: string

Describes the state of the association between the IAM role and the DB instance. The Status property returns one of the following values:

ACTIVE - the IAM role ARN is associated with the DB instance and can be used to access other AWS services on your behalf.
PENDING - the IAM role ARN is being associated with the DB instance.
INVALID - the IAM role ARN is associated with the DB instance, but the DB instance is unable to assume the IAM role in order to access other AWS services on your behalf.

AwsRdsDbInstanceDetails

Description

Contains the details of an Amazon RDS DB instance.

Members

AssociatedRoles

Type: Array of AwsRdsDbInstanceAssociatedRole structures

The AWS Identity and Access Management (IAM) roles associated with the DB instance.

CACertificateIdentifier

Type: string

The identifier of the CA certificate for this DB instance.

DBClusterIdentifier

Type: string

If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of.

DBInstanceClass

Type: string

Contains the name of the compute and memory capacity class of the DB instance.

DBInstanceIdentifier

Type: string

Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.

DBName

Type: string

The meaning of this parameter differs according to the database engine you use.

MySQL, MariaDB, SQL Server, PostgreSQL

Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.

Oracle

Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters do not apply to an Oracle DB instance.

DbInstancePort

Type: int

Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this can be a different port than the DB cluster port.

DbiResourceId

Type: string

The AWS Region-unique, immutable identifier for the DB instance. This identifier is found in AWS CloudTrail log entries whenever the AWS KMS key for the DB instance is accessed.

DeletionProtection

Type: boolean

Indicates whether the DB instance has deletion protection enabled.

When deletion protection is enabled, the database cannot be deleted.

Endpoint

Type: AwsRdsDbInstanceEndpoint structure

Specifies the connection endpoint.

Engine

Type: string

Provides the name of the database engine to use for this DB instance.

EngineVersion

Type: string

Indicates the database engine version.

IAMDatabaseAuthenticationEnabled

Type: boolean

True if mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.

IAM database authentication can be enabled for the following database engines.

For MySQL 5.6, minor version 5.6.34 or higher
For MySQL 5.7, minor version 5.7.16 or higher
Aurora 5.6 or higher

InstanceCreateTime

Type: string

Provides the date and time the DB instance was created.

KmsKeyId

Type: string

If StorageEncrypted is true, the AWS KMS key identifier for the encrypted DB instance.

PubliclyAccessible

Type: boolean

Specifies the accessibility options for the DB instance.

A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address.

A value of false specifies an internal instance with a DNS name that resolves to a private IP address.

StorageEncrypted

Type: boolean

Specifies whether the DB instance is encrypted.

TdeCredentialArn

Type: string

The ARN from the key store with which the instance is associated for TDE encryption.

VpcSecurityGroups

Type: Array of AwsRdsDbInstanceVpcSecurityGroup structures

A list of VPC security groups that the DB instance belongs to.

AwsRdsDbInstanceEndpoint

Description

Specifies the connection endpoint.

Members

Address

Type: string

Specifies the DNS address of the DB instance.

HostedZoneId

Type: string

Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.

Port

Type: int

Specifies the port that the database engine is listening on.

AwsRdsDbInstanceVpcSecurityGroup

Description

A VPC security groups that the DB instance belongs to.

Members

Status

Type: string

The status of the VPC security group.

VpcSecurityGroupId

Type: string

The name of the VPC security group.

AwsS3BucketDetails

Description

The details of an Amazon S3 bucket.

Members

OwnerId

Type: string

The canonical user ID of the owner of the S3 bucket.

OwnerName

Type: string

The display name of the owner of the S3 bucket.

AwsSecurityFinding

Description

Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and compliance checks.

A finding is a potential security issue generated either by AWS services (Amazon GuardDuty, Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and compliance checks.

Members

AwsAccountId

Required: Yes
Type: string

The AWS account ID that a finding is generated in.

Compliance

Type: Compliance structure

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains compliance-related finding details.

Confidence

Type: int

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

CreatedAt

Required: Yes
Type: string

An ISO8601-formatted timestamp that indicates when the security-findings provider created the potential security issue that a finding captured.

Criticality

Type: int

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Description

Required: Yes
Type: string

A finding's description.

In this release, Description is a required property.

FirstObservedAt

Type: string

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

GeneratorId

Required: Yes
Type: string

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.

Id

Required: Yes
Type: string

The security findings provider-specific identifier for a finding.

LastObservedAt

Type: string

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

Malware

Type: Array of Malware structures

A list of malware related to a finding.

Network

Type: Network structure

The details of network-related information about a finding.

Note

Type: Note structure

A user-defined note added to a finding.

Process

Type: ProcessDetails structure

The details of process-related information about a finding.

ProductArn

Required: Yes
Type: string

The ARN generated by Security Hub that uniquely identifies a third-party company (security-findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.

ProductFields

Type: Associative array of custom strings keys (NonEmptyString) to strings

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

RecordState

Type: string

The record state of a finding.

RelatedFindings

Type: Array of RelatedFinding structures

A list of related findings.

Remediation

Type: Remediation structure

A data type that describes the remediation options for a finding.

Resources

Required: Yes
Type: Array of Resource structures

A set of resource data types that describe the resources that the finding refers to.

SchemaVersion

Required: Yes
Type: string

The schema version that a finding is formatted for.

Severity

Required: Yes
Type: Severity structure

A finding's severity.

SourceUrl

Type: string

A URL that links to a page about the current finding in the security-findings provider's solution.

ThreatIntelIndicators

Type: Array of ThreatIntelIndicator structures

Threat intelligence details related to a finding.

Title

Required: Yes
Type: string

A finding's title.

In this release, Title is a required property.

Types

Required: Yes
Type: Array of strings

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

UpdatedAt

Required: Yes
Type: string

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

UserDefinedFields

Type: Associative array of custom strings keys (NonEmptyString) to strings

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

VerificationState

Type: string

Indicates the veracity of a finding.

WorkflowState

Type: string

The workflow state of a finding.

AwsSecurityFindingFilters

Description

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

Members

AwsAccountId

Type: Array of StringFilter structures

The AWS account ID that a finding is generated in.

CompanyName

Type: Array of StringFilter structures

The name of the findings provider (company) that owns the solution (product) that generates findings.

ComplianceStatus

Type: Array of StringFilter structures

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains compliance-related finding details.

Confidence

Type: Array of NumberFilter structures

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

CreatedAt

Type: Array of DateFilter structures

An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.

Criticality

Type: Array of NumberFilter structures

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Description

Type: Array of StringFilter structures

A finding's description.

FirstObservedAt

Type: Array of DateFilter structures

An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.

GeneratorId

Type: Array of StringFilter structures

Id

Type: Array of StringFilter structures

The security findings provider-specific identifier for a finding.

Keyword

Type: Array of KeywordFilter structures

A keyword for a finding.

LastObservedAt

Type: Array of DateFilter structures

An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.

MalwareName

Type: Array of StringFilter structures

The name of the malware that was observed.

MalwarePath

Type: Array of StringFilter structures

The filesystem path of the malware that was observed.

MalwareState

Type: Array of StringFilter structures

The state of the malware that was observed.

MalwareType

Type: Array of StringFilter structures

The type of the malware that was observed.

NetworkDestinationDomain

Type: Array of StringFilter structures

The destination domain of network-related information about a finding.

NetworkDestinationIpV4

Type: Array of IpFilter structures

The destination IPv4 address of network-related information about a finding.

NetworkDestinationIpV6

Type: Array of IpFilter structures

The destination IPv6 address of network-related information about a finding.

NetworkDestinationPort

Type: Array of NumberFilter structures

The destination port of network-related information about a finding.

NetworkDirection

Type: Array of StringFilter structures

Indicates the direction of network traffic associated with a finding.

NetworkProtocol

Type: Array of StringFilter structures

The protocol of network-related information about a finding.

NetworkSourceDomain

Type: Array of StringFilter structures

The source domain of network-related information about a finding.

NetworkSourceIpV4

Type: Array of IpFilter structures

The source IPv4 address of network-related information about a finding.

NetworkSourceIpV6

Type: Array of IpFilter structures

The source IPv6 address of network-related information about a finding.

NetworkSourceMac

Type: Array of StringFilter structures

The source media access control (MAC) address of network-related information about a finding.

NetworkSourcePort

Type: Array of NumberFilter structures

The source port of network-related information about a finding.

NoteText

Type: Array of StringFilter structures

The text of a note.

NoteUpdatedAt

Type: Array of DateFilter structures

The timestamp of when the note was updated.

NoteUpdatedBy

Type: Array of StringFilter structures

The principal that created a note.

ProcessLaunchedAt

Type: Array of DateFilter structures

The date/time that the process was launched.

ProcessName

Type: Array of StringFilter structures

The name of the process.

ProcessParentPid

Type: Array of NumberFilter structures

The parent process ID.

ProcessPath

Type: Array of StringFilter structures

The path to the process executable.

ProcessPid

Type: Array of NumberFilter structures

The process ID.

ProcessTerminatedAt

Type: Array of DateFilter structures

The date/time that the process was terminated.

ProductArn

Type: Array of StringFilter structures

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.

ProductFields

Type: Array of MapFilter structures

A data type where security-findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

ProductName

Type: Array of StringFilter structures

The name of the solution (product) that generates findings.

RecommendationText

Type: Array of StringFilter structures

The recommendation of what to do about the issue described in a finding.

RecordState

Type: Array of StringFilter structures

The updated record state for the finding.

RelatedFindingsId

Type: Array of StringFilter structures

The solution-generated identifier for a related finding.

RelatedFindingsProductArn

Type: Array of StringFilter structures

The ARN of the solution that generated a related finding.

ResourceAwsEc2InstanceIamInstanceProfileArn

Type: Array of StringFilter structures

The IAM profile ARN of the instance.

ResourceAwsEc2InstanceImageId

Type: Array of StringFilter structures

The Amazon Machine Image (AMI) ID of the instance.

ResourceAwsEc2InstanceIpV4Addresses

Type: Array of IpFilter structures

The IPv4 addresses associated with the instance.

ResourceAwsEc2InstanceIpV6Addresses

Type: Array of IpFilter structures

The IPv6 addresses associated with the instance.

ResourceAwsEc2InstanceKeyName

Type: Array of StringFilter structures

The key name associated with the instance.

ResourceAwsEc2InstanceLaunchedAt

Type: Array of DateFilter structures

The date and time the instance was launched.

ResourceAwsEc2InstanceSubnetId

Type: Array of StringFilter structures

The identifier of the subnet that the instance was launched in.

ResourceAwsEc2InstanceType

Type: Array of StringFilter structures

The instance type of the instance.

ResourceAwsEc2InstanceVpcId

Type: Array of StringFilter structures

The identifier of the VPC that the instance was launched in.

ResourceAwsIamAccessKeyCreatedAt

Type: Array of DateFilter structures

The creation date/time of the IAM access key related to a finding.

ResourceAwsIamAccessKeyStatus

Type: Array of StringFilter structures

The status of the IAM access key related to a finding.

ResourceAwsIamAccessKeyUserName

Type: Array of StringFilter structures

The user associated with the IAM access key related to a finding.

ResourceAwsS3BucketOwnerId

Type: Array of StringFilter structures

The canonical user ID of the owner of the S3 bucket.

ResourceAwsS3BucketOwnerName

Type: Array of StringFilter structures

The display name of the owner of the S3 bucket.

ResourceContainerImageId

Type: Array of StringFilter structures

The identifier of the image related to a finding.

ResourceContainerImageName

Type: Array of StringFilter structures

The name of the image related to a finding.

ResourceContainerLaunchedAt

Type: Array of DateFilter structures

The date/time that the container was started.

ResourceContainerName

Type: Array of StringFilter structures

The name of the container related to a finding.

ResourceDetailsOther

Type: Array of MapFilter structures

The details of a resource that doesn't have a specific subfield for the resource type defined.

ResourceId

Type: Array of StringFilter structures

The canonical identifier for the given resource type.

ResourcePartition

Type: Array of StringFilter structures

The canonical AWS partition name that the Region is assigned to.

ResourceRegion

Type: Array of StringFilter structures

The canonical AWS external Region name where this resource is located.

ResourceTags

Type: Array of MapFilter structures

A list of AWS tags associated with a resource at the time the finding was processed.

ResourceType

Type: Array of StringFilter structures

Specifies the type of the resource that details are provided for.

SeverityLabel

Type: Array of StringFilter structures

The label of a finding's severity.

SeverityNormalized

Type: Array of NumberFilter structures

The normalized severity of a finding.

SeverityProduct

Type: Array of NumberFilter structures

The native severity as defined by the security-findings provider's solution that generated the finding.

SourceUrl

Type: Array of StringFilter structures

A URL that links to a page about the current finding in the security-findings provider's solution.

ThreatIntelIndicatorCategory

Type: Array of StringFilter structures

The category of a threat intelligence indicator.

ThreatIntelIndicatorLastObservedAt

Type: Array of DateFilter structures

The date/time of the last observation of a threat intelligence indicator.

ThreatIntelIndicatorSource

Type: Array of StringFilter structures

The source of the threat intelligence.

ThreatIntelIndicatorSourceUrl

Type: Array of StringFilter structures

The URL for more details from the source of the threat intelligence.

ThreatIntelIndicatorType

Type: Array of StringFilter structures

The type of a threat intelligence indicator.

ThreatIntelIndicatorValue

Type: Array of StringFilter structures

The value of a threat intelligence indicator.

Title

Type: Array of StringFilter structures

A finding's title.

Type

Type: Array of StringFilter structures

A finding type in the format of namespace/category/classifier that classifies a finding.

UpdatedAt

Type: Array of DateFilter structures

An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.

UserDefinedFields

Type: Array of MapFilter structures

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

VerificationState

Type: Array of StringFilter structures

The veracity of a finding.

WorkflowState

Type: Array of StringFilter structures

The workflow state of a finding.

AwsSnsTopicDetails

Description

A wrapper type for the topic's Amazon Resource Name (ARN).

Members

KmsMasterKeyId

Type: string

The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK.

Owner

Type: string

The subscription's owner.

Subscription

Type: Array of AwsSnsTopicSubscription structures

Subscription is an embedded property that describes the subscription endpoints of an Amazon SNS topic.

TopicName

Type: string

The name of the topic.

AwsSnsTopicSubscription

Description

A wrapper type for the attributes of an Amazon SNS subscription.

Members

Endpoint

Type: string

The subscription's endpoint (format depends on the protocol).

Protocol

Type: string

The subscription's protocol.

AwsSqsQueueDetails

Description

Data about a queue.

Members

DeadLetterTargetArn

Type: string

The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.

KmsDataKeyReusePeriodSeconds

Type: int

The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again.

KmsMasterKeyId

Type: string

The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK.

QueueName

Type: string

The name of the new queue.

AwsWafWebAclDetails

Description

Details about a WAF WebACL.

Members

DefaultAction

Type: string

The action to perform if none of the Rules contained in the WebACL match.

Name

Type: string

A friendly name or description of the WebACL. You can't change the name of a WebACL after you create it.

Rules

Type: Array of AwsWafWebAclRule structures

An array that contains the action for each rule in a WebACL, the priority of the rule, and the ID of the rule.

WebAclId

Type: string

A unique identifier for a WebACL.

AwsWafWebAclRule

Description

Details for a rule in a WAF WebACL.

Members

Action

Type: WafAction structure

Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule.

ExcludedRules

Type: Array of WafExcludedRule structures

Rules to exclude from a rule group.

OverrideAction

Type: WafOverrideAction structure

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.

However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

Priority

Type: int

Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value for Priority are evaluated before Rules with a higher value. The value must be a unique integer. If you add multiple Rules to a WebACL, the values do not need to be consecutive.

RuleId

Type: string

The identifier for a Rule.

Type

Type: string

The rule type.

Valid values: REGULAR | RATE_BASED | GROUP

The default is REGULAR.

Compliance

Description

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains compliance-related finding details.

Values include the following:

Allowed values are the following:
- PASSED - Compliance check passed for all evaluated resources.
- WARNING - Some information is missing or this check is not supported given your configuration.
- FAILED - Compliance check failed for at least one evaluated resource.
- NOT_AVAILABLE - Check could not be performed due to a service outage, API error, or because the result of the AWS Config evaluation was NOT_APPLICABLE. If the AWS Config evaluation result was NOT_APPLICABLE, then after 3 days, Security Hub automatically archives the finding.

Members

RelatedRequirements

Type: Array of strings

List of requirements that are related to a standards control.

Status

Type: string

The result of a compliance check.

ContainerDetails

Description

Container details related to a finding.

Members

ImageId

Type: string

The identifier of the image related to a finding.

ImageName

Type: string

The name of the image related to a finding.

LaunchedAt

Type: string

The date and time when the container started.

Name

Type: string

The name of the container related to a finding.

DateFilter

Description

A date filter for querying findings.

Members

DateRange

Type: DateRange structure

A date range for the date filter.

End

Type: string

An end date for the date filter.

Start

Type: string

A start date for the date filter.

DateRange

Description

A date range for the date filter.

Members

Unit

Type: string

A date range unit for the date filter.

Value

Type: int

A date range value for the date filter.

ImportFindingsError

Description

Includes details of the list of the findings that cannot be imported.

Members

ErrorCode

Required: Yes
Type: string

The code of the error made during the BatchImportFindings operation.

ErrorMessage

Required: Yes
Type: string

The message of the error made during the BatchImportFindings operation.

Id

Required: Yes
Type: string

The ID of the error made during the BatchImportFindings operation.

Insight

Description

Contains information about a Security Hub insight.

Members

Filters

Required: Yes
Type: AwsSecurityFindingFilters structure

One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.

GroupByAttribute

Required: Yes
Type: string

The attribute that the insight's findings are grouped by. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.

InsightArn

Required: Yes
Type: string

The ARN of a Security Hub insight.

Name

Required: Yes
Type: string

The name of a Security Hub insight.

InsightResultValue

Description

The insight result values returned by the GetInsightResults operation.

Members

Count

Required: Yes
Type: int

The number of findings returned for each GroupByAttributeValue.

GroupByAttributeValue

Required: Yes
Type: string

The value of the attribute that the findings are grouped by for the insight whose results are returned by the GetInsightResults operation.

InsightResults

Description

The insight results returned by the GetInsightResults operation.

Members

GroupByAttribute

Required: Yes
Type: string

The attribute that the findings are grouped by for the insight whose results are returned by the GetInsightResults operation.

InsightArn

Required: Yes
Type: string

The ARN of the insight whose results are returned by the GetInsightResults operation.

ResultValues

Required: Yes
Type: Array of InsightResultValue structures

The list of insight result values returned by the GetInsightResults operation.

InternalException

Description

Internal server error.

Members

Code

Type: string

Message

Type: string

InvalidAccessException

Description

AWS Security Hub isn't enabled for the account used to make this request.

Members

Code

Type: string

Message

Type: string

InvalidInputException

Description

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Members

Code

Type: string

Message

Type: string

Invitation

Description

Details about an invitation.

Members

AccountId

Type: string

The account ID of the Security Hub master account that the invitation was sent from.

InvitationId

Type: string

The ID of the invitation sent to the member account.

InvitedAt

Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp of when the invitation was sent.

MemberStatus

Type: string

The current status of the association between the member and master accounts.

IpFilter

Description

The IP filter for querying findings.

Members

Cidr

Type: string

A finding's CIDR value.

KeywordFilter

Description

A keyword filter for querying findings.

Members

Value

Type: string

A value for the keyword.

LimitExceededException

Description

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

Members

Code

Type: string

Message

Type: string

LoadBalancerState

Description

Information about the state of the load balancer.

Members

Code

Type: string

The state code. The initial state of the load balancer is provisioning.

After the load balancer is fully set up and ready to route traffic, its state is active.

If the load balancer could not be set up, its state is failed.

Reason

Type: string

A description of the state.

Malware

Description

A list of malware related to a finding.

Members

Name

Required: Yes
Type: string

The name of the malware that was observed.

Path

Type: string

The file system path of the malware that was observed.

State

Type: string

The state of the malware that was observed.

Type

Type: string

The type of the malware that was observed.

MapFilter

Description

The map filter for querying findings.

Members

Comparison

Type: string

The condition to apply to a key value when querying for findings with a map filter.

Key

Type: string

The key of the map filter.

Value

Type: string

The value for the key in the map filter.

Member

Description

The details about a member account.

Members

AccountId

Type: string

The AWS account ID of the member account.

Email

Type: string

The email address of the member account.

InvitedAt

Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp for the date and time when the invitation was sent to the member account.

MasterId

Type: string

The AWS account ID of the Security Hub master account associated with this member account.

MemberStatus

Type: string

The status of the relationship between the member account and its master account.

UpdatedAt

Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp for the date and time when the member account was updated.

Network

Description

The details of network-related information about a finding.

Members

DestinationDomain

Type: string

The destination domain of network-related information about a finding.

DestinationIpV4

Type: string

The destination IPv4 address of network-related information about a finding.

DestinationIpV6

Type: string

The destination IPv6 address of network-related information about a finding.

DestinationPort

Type: int

The destination port of network-related information about a finding.

Direction

Type: string

The direction of network traffic associated with a finding.

Protocol

Type: string

The protocol of network-related information about a finding.

SourceDomain

Type: string

The source domain of network-related information about a finding.

SourceIpV4

Type: string

The source IPv4 address of network-related information about a finding.

SourceIpV6

Type: string

The source IPv6 address of network-related information about a finding.

SourceMac

Type: string

The source media access control (MAC) address of network-related information about a finding.

SourcePort

Type: int

The source port of network-related information about a finding.

Note

Description

A user-defined note added to a finding.

Members

Text

Required: Yes
Type: string

The text of a note.

UpdatedAt

Required: Yes
Type: string

The timestamp of when the note was updated.

UpdatedBy

Required: Yes
Type: string

The principal that created a note.

NoteUpdate

Description

The updated note.

Members

Text

Required: Yes
Type: string

The updated note text.

UpdatedBy

Required: Yes
Type: string

The principal that updated the note.

NumberFilter

Description

A number filter for querying findings.

Members

Eq

Type: double

The equal-to condition to be applied to a single field when querying for findings.

Gte

Type: double

The greater-than-equal condition to be applied to a single field when querying for findings.

Lte

Type: double

The less-than-equal condition to be applied to a single field when querying for findings.

ProcessDetails

Description

The details of process-related information about a finding.

Members

LaunchedAt

Type: string

The date/time that the process was launched.

Name

Type: string

The name of the process.

ParentPid

Type: int

The parent process ID.

Path

Type: string

The path to the process executable.

Pid

Type: int

The process ID.

TerminatedAt

Type: string

The date and time when the process was terminated.

Product

Description

Contains details about a product.

Members

ActivationUrl

Type: string

The URL used to activate the product.

Categories

Type: Array of strings

The categories assigned to the product.

CompanyName

Type: string

The name of the company that provides the product.

Description

Type: string

A description of the product.

MarketplaceUrl

Type: string

The URL for the page that contains more information about the product.

ProductArn

Required: Yes
Type: string

The ARN assigned to the product.

ProductName

Type: string

The name of the product.

ProductSubscriptionResourcePolicy

Type: string

The resource policy associated with the product.

Recommendation

Description

A recommendation on how to remediate the issue identified in a finding.

Members

Text

Type: string

Describes the recommended steps to take to remediate an issue identified in a finding.

Url

Type: string

A URL to a page or site that contains information about how to remediate a finding.

RelatedFinding

Description

Details about a related finding.

Members

Id

Required: Yes
Type: string

The product-generated identifier for a related finding.

ProductArn

Required: Yes
Type: string

The ARN of the product that generated a related finding.

Remediation

Description

Details about the remediation steps for a finding.

Members

Recommendation

Type: Recommendation structure

A recommendation on the steps to take to remediate the issue identified by a finding.

Resource

Description

A resource related to a finding.

Members

Details

Type: ResourceDetails structure

Additional details about the resource related to a finding.

Id

Required: Yes
Type: string

The canonical identifier for the given resource type.

Partition

Type: string

The canonical AWS partition name that the Region is assigned to.

Region

Type: string

The canonical AWS external Region name where this resource is located.

Tags

Type: Associative array of custom strings keys (NonEmptyString) to strings

A list of AWS tags associated with a resource at the time the finding was processed.

Type

Required: Yes
Type: string

The type of the resource that details are provided for. If possible, set Type to one of the supported resource types. For example, if the resource is an EC2 instance, then set Type to AwsEc2Instance.

If the resource does not match any of the provided types, then set Type to Other.

ResourceConflictException

Description

The resource specified in the request conflicts with an existing resource.

Members

Code

Type: string

Message

Type: string

ResourceDetails

Description

Additional details about a resource related to a finding.

To provide the details, use the object that corresponds to the resource type. For example, if the resource type is AwsEc2Instance, then you use the AwsEc2Instance object to provide the details.

If the type-specific object does not contain all of the fields you want to populate, then you use the Other object to populate those additional fields.

You also use the Other object to populate the details when the selected type does not have a corresponding object.

Members

AwsCloudFrontDistribution

Type: AwsCloudFrontDistributionDetails structure

Details about a CloudFront distribution.

AwsCodeBuildProject

Type: AwsCodeBuildProjectDetails structure

Details for an AWS CodeBuild project.

AwsEc2Instance

Type: AwsEc2InstanceDetails structure

Details about an Amazon EC2 instance related to a finding.

AwsEc2NetworkInterface

Type: AwsEc2NetworkInterfaceDetails structure

Details for an AWS EC2 network interface.

AwsEc2SecurityGroup

Type: AwsEc2SecurityGroupDetails structure

Details for an EC2 security group.

AwsElasticsearchDomain

Type: AwsElasticsearchDomainDetails structure

Details for an Elasticsearch domain.

AwsElbv2LoadBalancer

Type: AwsElbv2LoadBalancerDetails structure

Details about a load balancer.

AwsIamAccessKey

Type: AwsIamAccessKeyDetails structure

Details about an IAM access key related to a finding.

AwsIamRole

Type: AwsIamRoleDetails structure

Details about an IAM role.

AwsKmsKey

Type: AwsKmsKeyDetails structure

Details about a KMS key.

AwsLambdaFunction

Type: AwsLambdaFunctionDetails structure

Details about a Lambda function.

AwsLambdaLayerVersion

Type: AwsLambdaLayerVersionDetails structure

Details for a Lambda layer version.

AwsRdsDbInstance

Type: AwsRdsDbInstanceDetails structure

Details for an RDS database instance.

AwsS3Bucket

Type: AwsS3BucketDetails structure

Details about an Amazon S3 Bucket related to a finding.

AwsSnsTopic

Type: AwsSnsTopicDetails structure

Details about an SNS topic.

AwsSqsQueue

Type: AwsSqsQueueDetails structure

Details about an SQS queue.

AwsWafWebAcl

Type: AwsWafWebAclDetails structure

Details for a WAF WebACL.

Container

Type: ContainerDetails structure

Details about a container resource related to a finding.

Other

Type: Associative array of custom strings keys (NonEmptyString) to strings

Details about a resource that are not available in a type-specific details object. Use the Other object in the following cases.

The type-specific object does not contain all of the fields that you want to populate. In this case, first use the type-specific object to populate those fields. Use the Other object to populate the fields that are missing from the type-specific object.
The resource type does not have a corresponding object. This includes resources for which the type is Other.

ResourceNotFoundException

Description

The request was rejected because we can't find the specified resource.

Members

Code

Type: string

Message

Type: string

Result

Description

Details about the account that was not processed.

Members

AccountId

Type: string

An AWS account ID of the account that was not processed.

ProcessingResult

Type: string

The reason that the account was not processed.

Severity

Description

The severity of the finding.

Members

Normalized

Required: Yes
Type: int

The normalized severity of a finding.

Product

Type: double

The native severity as defined by the AWS service or integrated partner product that generated the finding.

SortCriterion

Description

A collection of finding attributes used to sort findings.

Members

Field

Type: string

The finding attribute used to sort findings.

SortOrder

Type: string

The order used to sort findings.

Standard

Description

Provides information about a specific standard.

Members

Description

Type: string

A description of the standard.

Name

Type: string

The name of the standard.

StandardsArn

Type: string

The ARN of a standard.

StandardsControl

Description

Details for an individual compliance standard control.

Members

ControlId

Type: string

The identifier of the compliance standard control.

ControlStatus

Type: string

The current status of the compliance standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.

ControlStatusUpdatedAt

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that the status of the compliance standard control was most recently updated.

Description

Type: string

The longer description of the compliance standard control. Provides information about what the control is checking for.

DisabledReason

Type: string

The reason provided for the most recent change in status for the control.

RelatedRequirements

Type: Array of strings

The list of requirements that are related to this control.

RemediationUrl

Type: string

A link to remediation information for the control in the Security Hub user documentation.

SeverityRating

Type: string

The severity of findings generated from this compliance standard control.

The finding severity is based on an assessment of how easy it would be to compromise AWS resources if the compliance issue is detected.

StandardsControlArn

Type: string

The ARN of the compliance standard control.

Title

Type: string

The title of the compliance standard control.

StandardsSubscription

Description

A resource that represents your subscription to a supported standard.

Members

StandardsArn

Required: Yes
Type: string

The ARN of a standard.

StandardsInput

Required: Yes
Type: Associative array of custom strings keys (NonEmptyString) to strings

A key-value pair of input for the standard.

StandardsStatus

Required: Yes
Type: string

The status of the standards subscription.

StandardsSubscriptionArn

Required: Yes
Type: string

The ARN of a resource that represents your subscription to a supported standard.

StandardsSubscriptionRequest

Description

The standard that you want to enable.

Members

StandardsArn

Required: Yes
Type: string

The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards operation.

StandardsInput

Type: Associative array of custom strings keys (NonEmptyString) to strings

A key-value pair of input for the standard.

StringFilter

Description

A string filter for querying findings.

Members

Comparison

Type: string

The condition to be applied to a string value when querying for findings.

Value

Type: string

The string filter value.

ThreatIntelIndicator

Description

Details about the threat intelligence related to a finding.

Members

Category

Type: string

The category of a threat intelligence indicator.

LastObservedAt

Type: string

The date and time when the most recent instance of a threat intelligence indicator was observed.

Source

Type: string

The source of the threat intelligence indicator.

SourceUrl

Type: string

The URL to the page or site where you can get more information about the threat intelligence indicator.

Type

Type: string

The type of threat intelligence indicator.

Value

Type: string

The value of a threat intelligence indicator.

WafAction

Description

Details about the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule.

Members

Type

Type: string

Specifies how you want AWS WAF to respond to requests that match the settings in a Rule.

Valid settings include the following:

ALLOW - AWS WAF allows requests
BLOCK - AWS WAF blocks requests
COUNT - AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.

WafExcludedRule

Description

Details about a rule to exclude from a rule group.

Members

RuleId

Type: string

The unique identifier for the rule to exclude from the rule group.

WafOverrideAction

Description

Details about an override action for a rule.

Members

Type

Type: string

COUNT overrides the action specified by the individual rule within a RuleGroup .

If set to NONE, the rule's action takes place.

Namespaces

Classes

Interfaces

Traits

Exceptions

Functions

AWS SecurityHub 2018-10-26

Operation Summary

Paginators

Operations

AcceptInvitation

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

BatchDisableStandards

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

BatchEnableStandards

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

BatchImportFindings

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateActionTarget

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateInsight

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateMembers

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

DeclineInvitations

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

DeleteActionTarget

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members