interface CfnHubProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.SecurityHub.CfnHubProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awssecurityhub#CfnHubProps |
 Java | software.amazon.awscdk.services.securityhub.CfnHubProps |
 Python | aws_cdk.aws_securityhub.CfnHubProps |
 TypeScript | aws-cdk-lib » aws_securityhub » CfnHubProps |
Properties for defining a CfnHub.
See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hub.html
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_securityhub as securityhub } from 'aws-cdk-lib';
declare const tags: any;
const cfnHubProps: securityhub.CfnHubProps = {
autoEnableControls: false,
controlFindingGenerator: 'controlFindingGenerator',
enableDefaultStandards: false,
tags: tags,
};
Properties
| Name | Type | Description |
|---|---|---|
| auto | boolean | IResolvable | Whether to automatically enable new controls when they are added to standards that are enabled. |
| control | string | Specifies whether an account has consolidated control findings turned on or off. |
| enable | boolean | IResolvable | Whether to enable the security standards that Security Hub has designated as automatically enabled. |
| tags? | any | An array of key-value pairs to apply to this resource. |
autoEnableControls?
Type:
boolean | IResolvable
(optional)
Whether to automatically enable new controls when they are added to standards that are enabled.
By default, this is set to true , and new controls are enabled automatically. To not automatically enable new controls, set this to false .
controlFindingGenerator?
Type:
string
(optional)
Specifies whether an account has consolidated control findings turned on or off.
If the value for this field is set to SECURITY_CONTROL , Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.
If the value for this field is set to STANDARD_CONTROL , Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.
enableDefaultStandards?
Type:
boolean | IResolvable
(optional)
Whether to enable the security standards that Security Hub has designated as automatically enabled.
If you don't provide a value for EnableDefaultStandards , it is set to true , and the designated standards are automatically enabled in each AWS Region where you enable Security Hub . If you don't want to enable the designated standards, set EnableDefaultStandards to false .
Currently, the automatically enabled standards are the Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 and AWS Foundational Security Best Practices (FSBP).
tags?
Type:
any
(optional)
An array of key-value pairs to apply to this resource.
For more information, see Tag .