aws-sdk

{ "version": "1.0", "examples": { "AcceptAdministratorInvitation": [ { "input": { "AdministratorId": "123456789012", "InvitationId": "7ab938c5d52d7904ad09f9e7c20cc4eb" }, "comments": { "input": { }, "output": { } }, "description": "The following example demonstrates how an account can accept an invitation from the Security Hub administrator account to be a member account. This operation is applicable only to member accounts that are not added through AWS Organizations.", "id": "to-accept-an-invitation-be-a-member-account-1674849870467", "title": "To accept an invitation be a member account" } ], "BatchDeleteAutomationRules": [ { "input": { "AutomationRulesArns": [ "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" ] }, "output": { "ProcessedAutomationRules": [ "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" ], "UnprocessedAutomationRules": [ { "ErrorCode": 500, "ErrorMessage": "InternalException", "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example deletes the specified automation rules.", "id": "to-delete-one-or-more-automation-rules-1684769550318", "title": "To delete one or more automation rules" } ], "BatchDisableStandards": [ { "input": { "StandardsSubscriptionArns": [ "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1" ] }, "output": { "StandardsSubscriptions": [ { "StandardsArn": "arn:aws:securityhub:eu-central-1::standards/pci-dss/v/3.2.1", "StandardsInput": { }, "StandardsStatus": "DELETING", "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example disables a security standard in Security Hub.", "id": "to-disable-one-or-more-security-standards-1674851507200", "title": "To disable one or more security standards" } ], "BatchEnableStandards": [ { "input": { "StandardsSubscriptionRequests": [ { "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1" } ] }, "output": { "StandardsSubscriptions": [ { "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1", "StandardsInput": { }, "StandardsStatus": "PENDING", "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example enables the security standard specified by the StandardArn. You can use this operation to enable one or more Security Hub standards.", "id": "to-enable-security-standards-1683233792239", "title": "To enable security standards" } ], "BatchGetAutomationRules": [ { "input": { "AutomationRulesArns": [ "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" ] }, "output": { "Rules": [ { "Actions": [ { "FindingFieldsUpdate": { "Workflow": { "Status": "RESOLVED" } }, "Type": "FINDING_FIELDS_UPDATE" } ], "CreatedAt": "2022-08-31T01:52:33.250Z", "CreatedBy": "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", "Criteria": { "AwsAccountId": [ { "Comparison": "EQUALS", "Value": "111122223333" } ], "FirstObservedAt": [ { "DateRange": { "Unit": "DAYS", "Value": 5 } } ], "Type": [ { "Comparison": "EQUALS", "Value": "Software and Configuration Checks/Industry and Regulatory Standards" } ] }, "Description": "sample rule description 1", "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "RuleName": "sample-rule-name-1", "RuleOrder": 1, "RuleStatus": "ENABLED", "UpdatedAt": "2022-08-31T01:52:33.250Z" }, { "Actions": [ { "FindingFieldsUpdate": { "Workflow": { "Status": "RESOLVED" } }, "Type": "FINDING_FIELDS_UPDATE" } ], "CreatedAt": "2022-08-31T01:52:33.250Z", "CreatedBy": "AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14", "Criteria": { "ResourceType": [ { "Comparison": "EQUALS", "Value": "Ec2Instance" } ], "SeverityLabel": [ { "Comparison": "EQUALS", "Value": "INFORMATIONAL" } ] }, "Description": "Sample rule description 2", "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "RuleName": "sample-rule-name-2", "RuleOrder": 2, "RuleStatus": "ENABLED", "UpdatedAt": "2022-08-31T01:52:33.250Z" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example updates the specified automation rules.", "id": "to-update-one-ore-more-automation-rules-1684771025347", "title": "To update one ore more automation rules" } ], "BatchGetConfigurationPolicyAssociations": [ { "input": { "ConfigurationPolicyAssociationIdentifiers": [ { "Target": { "AccountId": "111122223333" } }, { "Target": { "RootId": "r-f6g7h8i9j0example" } } ] }, "output": { "ConfigurationPolicyAssociations": [ { "AssociationStatus": "SUCCESS", "AssociationStatusMessage": "This field is only populated for a failed association", "AssociationType": "INHERITED", "ConfigurationPolicyId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "TargetId": "111122223333", "TargetType": "ACCOUNT", "UpdatedAt": "2023-01-11T06:17:17.154Z" } ], "UnprocessedConfigurationPolicyAssociations": [ { "ConfigurationPolicyAssociationIdentifiers": { "Target": { "RootId": "r-f6g7h8i9j0example" } }, "ErrorCode": "400", "ErrorReason": "You do not have sufficient access to perform this action." } ] }, "comments": { "input": { }, "output": { } }, "description": "This operation provides details about configuration associations for a batch of target accounts, organizational units, or the root.", "id": "to-get-configuration-associations-for-a-batch-of-targets-1695178953302", "title": "To get configuration associations for a batch of targets" } ], "BatchGetSecurityControls": [ { "input": { "SecurityControlIds": [ "ACM.1", "APIGateway.1" ] }, "output": { "SecurityControls": [ { "Description": "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.", "LastUpdateReason": "Stayed with default value", "Parameters": { "daysToExpiration": { "Value": { "Integer": 30 }, "ValueType": "DEFAULT" } }, "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation", "SecurityControlArn": "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1", "SecurityControlId": "ACM.1", "SecurityControlStatus": "ENABLED", "SeverityRating": "MEDIUM", "Title": "Imported and ACM-issued certificates should be renewed after a specified time period", "UpdateStatus": "UPDATING" }, { "Description": "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.", "LastUpdateReason": "Updated control parameters to comply with internal requirements", "Parameters": { "loggingLevel": { "Value": { "Enum": "ERROR" }, "ValueType": "CUSTOM" } }, "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation", "SecurityControlArn": "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1", "SecurityControlId": "APIGateway.1", "SecurityControlStatus": "ENABLED", "SeverityRating": "MEDIUM", "Title": "API Gateway REST and WebSocket API execution logging should be enabled", "UpdateStatus": "UPDATING" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example gets details for the specified controls in the current AWS account and AWS Region.", "id": "to-get-security-control-details--1683234478355", "title": "To get security control details " } ], "BatchGetStandardsControlAssociations": [ { "input": { "StandardsControlAssociationIds": [ { "SecurityControlId": "CloudTrail.1", "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0" }, { "SecurityControlId": "CloudWatch.12", "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0" } ] }, "output": { "StandardsControlAssociationDetails": [ { "AssociationStatus": "ENABLED", "RelatedRequirements": [ "CIS AWS Foundations 2.1" ], "SecurityControlArn": "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudTrail.1", "SecurityControlId": "CloudTrail.1", "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", "StandardsControlDescription": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", "StandardsControlTitle": "Ensure CloudTrail is enabled in all regions", "UpdatedAt": "2022-01-13T18:52:29.539000+00:00" }, { "AssociationStatus": "ENABLED", "RelatedRequirements": [ "CIS AWS Foundations 3.12" ], "SecurityControlArn": "arn:aws:securityhub:us-west-2:110479873537:security-control/CloudWatch.12", "SecurityControlId": "CloudWatch.12", "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", "StandardsControlDescription": "Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Network gateways are required to send/receive traffic to a destination outside of a VPC. It is recommended that a metric filter and alarm be established for changes to network gateways.", "StandardsControlTitle": "Ensure a log metric filter and alarm exist for changes to network gateways", "UpdatedAt": "2022-01-13T18:52:29.686000+00:00" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example retrieves the enablement status of the specified controls in the specified standards.", "id": "to-get-enablement-status-of-a-batch-of-controls-1683301618357", "title": "To get enablement status of a batch of controls" } ], "BatchImportFindings": [ { "input": { "Findings": [ { "AwsAccountId": "123456789012", "CreatedAt": "2020-05-27T17:05:54.832Z", "Description": "Vulnerability in a CloudTrail trail", "FindingProviderFields": { "Severity": { "Label": "LOW", "Original": "10" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }, "GeneratorId": "TestGeneratorId", "Id": "Id1", "ProductArn": "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default", "Resources": [ { "Id": "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName", "Partition": "aws", "Region": "us-west-1", "Type": "AwsCloudTrailTrail" } ], "SchemaVersion": "2018-10-08", "Title": "CloudTrail trail vulnerability", "UpdatedAt": "2020-06-02T16:05:54.832Z" } ] }, "output": { "FailedCount": 123, "FailedFindings": [ ], "SuccessCount": 123 }, "comments": { "input": { }, "output": { } }, "description": "The following example imports findings from a third party provider to Security Hub.", "id": "to-import-security-findings-from-a-third-party-provider-to-security-hub-1675090935260", "title": "To import security findings from a third party provider to Security Hub" } ], "BatchUpdateAutomationRules": [ { "input": { "UpdateAutomationRulesRequestItems": [ { "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "RuleOrder": 15, "RuleStatus": "ENABLED" }, { "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "RuleStatus": "DISABLED" } ] }, "output": { "ProcessedAutomationRules": [ "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" ] }, "comments": { "input": { }, "output": { } }, "description": "The following example updates the specified automation rules.", "id": "to-update-one-ore-more-automation-rules-1684771025347", "title": "To update one ore more automation rules" } ], "BatchUpdateFindings": [ { "input": { "Confidence": 80, "Criticality": 80, "FindingIdentifiers": [ { "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub" }, { "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub" } ], "Note": { "Text": "Known issue that is not a risk.", "UpdatedBy": "user1" }, "RelatedFindings": [ { "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333", "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub" } ], "Severity": { "Label": "LOW" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], "UserDefinedFields": { "reviewedByCio": "true" }, "VerificationState": "TRUE_POSITIVE", "Workflow": { "Status": "RESOLVED" } }, "output": { "ProcessedFindings": [ { "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub" }, { "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub" } ], "UnprocessedFindings": [ ] }, "comments": { "input": { }, "output": { } }, "description": "The following example updates Security Hub findings. The finding identifier parameter specifies which findings to update. Only specific finding fields can be updated with this operation.", "id": "to-update-security-hub-findings-1675183938248", "title": "To update Security Hub findings" } ], "BatchUpdateStandardsControlAssociations": [ { "input": { "StandardsControlAssociationUpdates": [ { "AssociationStatus": "DISABLED", "SecurityControlId": "CloudTrail.1", "StandardsArn": "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0", "UpdatedReason": "Not relevant to environment" }, { "AssociationStatus": "DISABLED", "SecurityControlId": "CloudWatch.12", "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", "UpdatedReason": "Not relevant to environment" } ] }, "output": { "UnprocessedAssociationUpdates": [ { "ErrorCode": "INVALID_INPUT", "ErrorReason": "Invalid Standards Arn: 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0'", "StandardsControlAssociationUpdate": { "AssociationStatus": "DISABLED", "SecurityControlId": "CloudTrail.1", "StandardsArn": "arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0", "UpdatedReason": "Test Reason" } } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example disables CloudWatch.12 in CIS AWS Foundations Benchmark v1.2.0. The example returns an error for CloudTrail.1 because an invalid standard ARN is provided.", "id": "to-update-enablement-status-of-a-batch-of-controls-1683300378416", "title": "To update enablement status of a batch of controls" } ], "CreateActionTarget": [ { "input": { "Description": "Action to send the finding for remediation tracking", "Id": "Remediation", "Name": "Send to remediation" }, "output": { "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation" }, "comments": { "input": { }, "output": { } }, "description": "The following example creates a custom action target in Security Hub. Custom actions on findings and insights automatically trigger actions in Amazon CloudWatch Events.", "id": "to-create-a-custom-action-target-1675184966299", "title": "To create a custom action target" } ], "CreateAutomationRule": [ { "input": { "Actions": [ { "FindingFieldsUpdate": { "Note": { "Text": "This is a critical S3 bucket, please look into this ASAP", "UpdatedBy": "test-user" }, "Severity": { "Label": "CRITICAL" } }, "Type": "FINDING_FIELDS_UPDATE" } ], "Criteria": { "ComplianceStatus": [ { "Comparison": "EQUALS", "Value": "FAILED" } ], "ProductName": [ { "Comparison": "EQUALS", "Value": "Security Hub" } ], "RecordState": [ { "Comparison": "EQUALS", "Value": "ACTIVE" } ], "ResourceId": [ { "Comparison": "EQUALS", "Value": "arn:aws:s3:::examplebucket/developers/design_info.doc" } ], "WorkflowStatus": [ { "Comparison": "EQUALS", "Value": "NEW" } ] }, "Description": "Elevate finding severity to Critical for important resources", "IsTerminal": false, "RuleName": "Elevate severity for important resources", "RuleOrder": 1, "RuleStatus": "ENABLED", "Tags": { "important-resources-rule": "s3-bucket" } }, "output": { "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "comments": { "input": { }, "output": { } }, "description": "The following example creates an automation rule.", "id": "to-create-an-automation-rule-1684768393507", "title": "To create an automation rule" } ], "CreateConfigurationPolicy": [ { "input": { "ConfigurationPolicy": { "SecurityHub": { "EnabledStandardIdentifiers": [ "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0" ], "SecurityControlsConfiguration": { "DisabledSecurityControlIdentifiers": [ "CloudWatch.1" ], "SecurityControlCustomParameters": [ { "Parameters": { "daysToExpiration": { "Value": { "Integer": 14 }, "ValueType": "CUSTOM" } }, "SecurityControlId": "ACM.1" } ] }, "ServiceEnabled": true } }, "Description": "Configuration policy for testing FSBP and CIS", "Name": "TestConfigurationPolicy" }, "output": { "Arn": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ConfigurationPolicy": { "SecurityHub": { "EnabledStandardIdentifiers": [ "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0" ], "SecurityControlsConfiguration": { "DisabledSecurityControlIdentifiers": [ "CloudWatch.1" ], "SecurityControlCustomParameters": [ { "Parameters": { "daysToExpiration": { "Value": { "Integer": 14 }, "ValueType": "CUSTOM" } }, "SecurityControlId": "ACM.1" } ] }, "ServiceEnabled": true } }, "CreatedAt": "2023-01-11T06:17:17.154Z", "Description": "Configuration policy for testing FSBP and CIS", "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Name": "TestConfigurationPolicy", "UpdatedAt": "2023-01-11T06:17:17.154Z" }, "comments": { "input": { }, "output": { } }, "description": "This operation creates a configuration policy in Security Hub.", "id": "to-create-a-configuration-policy-1695172470099", "title": "To create a configuration policy" } ], "CreateFindingAggregator": [ { "input": { "RegionLinkingMode": "SPECIFIED_REGIONS", "Regions": [ "us-west-1", "us-west-2" ] }, "output": { "FindingAggregationRegion": "us-east-1", "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "RegionLinkingMode": "SPECIFIED_REGIONS", "Regions": [ "us-west-1", "us-west-2" ] }, "comments": { "input": { }, "output": { } }, "description": "The following example creates a finding aggregator. This is required to enable cross-Region aggregation.", "id": "to-enable-cross-region-aggregation-1674766716226", "title": "To enable cross-Region aggregation" } ], "CreateInsight": [ { "input": { "Filters": { "ResourceType": [ { "Comparison": "EQUALS", "Value": "AwsIamRole" } ], "SeverityLabel": [ { "Comparison": "EQUALS", "Value": "CRITICAL" } ] }, "GroupByAttribute": "ResourceId", "Name": "Critical role findings" }, "output": { "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "comments": { "input": { }, "output": { } }, "description": "The following example creates a custom insight in Security Hub. An insight is a collection of findings that relate to a security issue.", "id": "to-create-a-custom-insight-1675354046628", "title": "To create a custom insight" } ], "CreateMembers": [ { "input": { "AccountDetails": [ { "AccountId": "123456789012" }, { "AccountId": "111122223333" } ] }, "output": { "UnprocessedAccounts": [ ] }, "comments": { "input": { }, "output": { } }, "description": "The following example creates a member association between the specified accounts and the administrator account (the account that makes the request). This operation is used to add accounts that aren't part of an organization.", "id": "to-add-a-member-account-1675354709996", "title": "To add a member account" } ], "DeclineInvitations": [ { "input": { "AccountIds": [ "123456789012", "111122223333" ] }, "output": { "UnprocessedAccounts": [ ] }, "comments": { "input": { }, "output": { } }, "description": "The following example declines an invitation from the Security Hub administrator account to become a member account. The invited account makes the request.", "id": "to-decline-invitation-to-become-a-member-account-1675448487605", "title": "To decline invitation to become a member account" } ], "DeleteActionTarget": [ { "input": { "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation" }, "output": { "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation" }, "comments": { "input": { }, "output": { } }, "description": "The following example deletes a custom action target that triggers target actions in Amazon CloudWatch Events. Deleting a custom action target doesn't affect findings or insights that were already sent to CloudWatch Events based on the custom action.", "id": "to-delete-a-custom-action-target-1675449272793", "title": "To delete a custom action target" } ], "DeleteConfigurationPolicy": [ { "input": { "Identifier": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "comments": { "input": { }, "output": { } }, "description": "This operation deletes the specified configuration policy.", "id": "to-delete-a-configuration-policy-1695174614062", "title": "To delete a configuration policy" } ], "DeleteFindingAggregator": [ { "input": { "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "comments": { "input": { }, "output": { } }, "description": "The following example deletes a finding aggregator in Security Hub. Deleting the finding aggregator stops cross-Region aggregation. This operation produces no output.", "id": "to-delete-a-finding-aggregator-1675701750629", "title": "To delete a finding aggregator" } ], "DeleteInsight": [ { "input": { "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "output": { "InsightArn": "arn:aws:securityhub:eu-central-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "comments": { "input": { }, "output": { } }, "description": "The following example deletes a custom insight in Security Hub.", "id": "to-delete-a-custom-insight-1675702697204", "title": "To delete a custom insight" } ], "DeleteInvitations": [ { "input": { "AccountIds": [ "123456789012" ] }, "output": { "UnprocessedAccounts": [ ] }, "comments": { "input": { }, "output": { } }, "description": "The following example deletes an invitation sent by the Security Hub administrator account to a prospective member account. This operation is used only for invitations sent to accounts that aren't part of an organization. Organization accounts don't receive invitations.", "id": "to-delete-a-custom-insight-1675702697204", "title": "To delete a custom insight" } ], "DeleteMembers": [ { "input": { "AccountIds": [ "123456789111", "123456789222" ] }, "output": { "UnprocessedAccounts": [ ] }, "comments": { "input": { }, "output": { } }, "description": "The following example deletes the specified member account from Security Hub. This operation can be used to delete member accounts that are part of an organization or that were invited manually.", "id": "to-delete-a-member-account-1675883040513", "title": "To delete a member account" } ], "DescribeActionTargets": [ { "input": { "ActionTargetArns": [ "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation" ] }, "output": { "ActionTargets": [ { "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation", "Description": "Action to send the finding for remediation tracking", "Name": "Send to remediation" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example returns a list of custom action targets. You use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.", "id": "to-return-custom-action-targets-1675883682038", "title": "To return custom action targets" } ], "DescribeHub": [ { "input": { "HubArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default" }, "output": { "AutoEnableControls": true, "ControlFindingGenerator": "SECURITY_CONTROL", "HubArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default", "SubscribedAt": "2019-11-19T23:15:10.046Z" }, "comments": { "input": { }, "output": { } }, "description": "The following example returns details about the Hub resource in the calling account. The Hub resource represents the implementation of the AWS Security Hub service in the calling account.", "id": "to-return-details-about-hub-resource-1675884542597", "title": "To return details about Hub resource" } ], "DescribeOrganizationConfiguration": [ { "input": { }, "output": { "AutoEnable": false, "AutoEnableStandards": "NONE", "MemberAccountLimitReached": false, "OrganizationConfiguration": { "ConfigurationType": "CENTRAL", "Status": "ENABLED" } }, "comments": { "input": { }, "output": { } }, "description": "This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub administrator account can invoke this operation.", "id": "to-get-information-about-organization-configuration-1676059786304", "title": "To get information about organization configuration" } ], "DescribeProducts": [ { "input": { "MaxResults": 1, "NextToken": "NULL", "ProductArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon" }, "output": { "NextToken": "U2FsdGVkX18vvPlOqb7RDrWRWVFBJI46MOIAb+nZmRJmR15NoRi2gm13sdQEn3O/pq/78dGs+bKpgA+7HMPHO0qX33/zoRI+uIG/F9yLNhcOrOWzFUdy36JcXLQji3Rpnn/cD1SVkGA98qI3zPOSDg==", "Products": [ { "ActivationUrl": "https://falcon.crowdstrike.com/support/documentation", "Categories": [ "Endpoint Detection and Response (EDR)", "AV Scanning and Sandboxing", "Threat Intelligence Feeds and Reports", "Endpoint Forensics", "Network Forensics" ], "CompanyName": "CrowdStrike", "Description": "CrowdStrike Falcon's single lightweight sensor unifies next-gen antivirus, endpoint detection and response, and 24/7 managed hunting, via the cloud.", "IntegrationTypes": [ "SEND_FINDINGS_TO_SECURITY_HUB" ], "MarketplaceUrl": "https://aws.amazon.com/marketplace/seller-profile?id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon", "ProductName": "CrowdStrike Falcon", "ProductSubscriptionResourcePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789333\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789012\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789333:product/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}}]}" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example returns details about AWS services and third-party products that Security Hub integrates with.", "id": "to-get-information-about-security-hub-integrations-1676061228533", "title": "To get information about Security Hub integrations" } ], "DescribeStandards": [ { "input": { }, "output": { "Standards": [ { "Description": "The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS's most popular and foundational services.", "EnabledByDefault": true, "Name": "AWS Foundational Security Best Practices v1.0.0", "StandardsArn": "arn:aws:securityhub:us-west-1::standards/aws-foundational-security-best-practices/v/1.0.0" }, { "Description": "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.", "EnabledByDefault": true, "Name": "CIS AWS Foundations Benchmark v1.2.0", "StandardsArn": "arn:aws:securityhub:us-west-1::ruleset/cis-aws-foundations-benchmark/v/1.2.0" }, { "Description": "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.", "EnabledByDefault": false, "Name": "CIS AWS Foundations Benchmark v1.4.0", "StandardsArn": "arn:aws::securityhub:us-west-1::standards/cis-aws-foundations-benchmark/v/1.4.0" }, { "Description": "The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data. This Security Hub standard automatically checks for your compliance readiness against a subset of PCI DSS requirements.", "EnabledByDefault": false, "Name": "PCI DSS v3.2.1", "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1" } ] }, "comments": { "input": { }, "output": { } }, "description": "The following example returns a list of available security standards in Security Hub.", "id": "to-get-available-security-hub-standards-1676307464661", "title": "To get available Security Hub standards" } ], "DescribeStandardsControls": [ { "input": { "MaxResults": 2, "NextToken": "NULL", "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1" }, "output": { "Controls": [ { "ControlId": "PCI.AutoScaling.1", "ControlStatus": "ENABLED", "ControlStatusUpdatedAt": "2020-05-15T18:49:04.473000+00:00", "Description": "This AWS control checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.", "RelatedRequirements": [ "PCI DSS 2.2" ], "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/PCI.AutoScaling.1/remediation", "SeverityRating": "LOW", "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1", "Title": "Auto scaling groups associated with a load balancer should use health checks" }, { "ControlId": "PCI.CW.1", "ControlStatus": "ENABLED", "ControlStatusUpdatedAt": "2020-05-15T18:49:04.498000+00:00", "Description": "This control checks for the CloudWatch metric filters using the following pattern { $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" } It checks that the log group name is configured for use with active multi-region CloudTrail, that there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All, and that there is at least one active subscriber to an SNS topic associated with the alarm.", "RelatedRequirements": [ "PCI DSS 7.2.1" ], "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/PCI.CW.1/remediation", "SeverityRating": "MEDIUM", "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.CW.1", "Title": "A log metric filter and alarm should exist for usage of the \"root\" user" } ], "NextToken": "U2FsdGVkX1+eNkPoZHVl11ip5HUYQPWSWZGmftcmJiHL8JoKEsCDuaKayiPDyLK+LiTkShveoOdvfxXCkOBaGhohIXhsIedN+LSjQV/l7kfCfJcq4PziNC1N9xe9aq2pjlLVZnznTfSImrodT5bRNHe4fELCQq/z+5ka+5Lzmc11axcwTd5lKgQyQqmUVoeriHZhyIiBgWKf7oNYdBVG8OEortVWvSkoUTt+B2ThcnC7l43kI0UNxlkZ6sc64AsW" }, "comments": { "input": { }, "output": { } }, "description": "The following example returns a list of security controls and control details that apply to a specified security standard. The list includes controls that are enabled and disabled in the standard.", "id": "to-get-a-list-of-controls-for-a-security-standard-1676308027759", "title": "To get a list of controls for a security standard" } ], "DisableImportFindingsForProduct": [ { "input": { "ProductSubscriptionArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon" }, "comments": { "input": { }, "output": { } }, "description": "The following example ends an integration between Security Hub and the specified product that sends findings to Security Hub. After the integration ends, the product no longer sends findings to Security Hub.", "id": "to-end-a-security-hub-integration-1676480035650", "title": "To end a Security Hub integration" } ], "DisableOrganizationAdminAccount": [ { "input": { "AdminAccountId": "123456789012" }, "comments": { "input": { }, "output": { } }, "description": "The following example removes the Security Hub administrator account in the Region from which the operation was executed. This operation doesn't remove the delegated administrator account in AWS Organizations.", "id": "to-remove-a-security-hub-administrator-account-1676480521876", "title": "To remove a Security Hub administrator account" } ], "DisableSecurityHub": [ { "comments": { "input": { }, "output": { } }, "description": "The following example deactivates Security Hub for the current account and Region.", "id": "to-deactivate-security-hub-1676583894245", "title": "To deactivate Security Hub" } ], "DisassociateFromAdministratorAccount": [ { "comments": { "input": { }, "output": { } }, "description": "The following example dissociates the requesting account from its associated administrator account.", "id": "to-disassociate-requesting-account-from-administrator-account-1676584168509", "title": "To disassociate requesting account from administrator account" } ], "DisassociateMembers": [ { "input": { "AccountIds": [ "123456789012", "111122223333" ] }, "comments": { "input": { }, "output": { } }, "description": "The following example dissociates the specified member accounts from the associated administrator account.", "id": "to-disassociate-member-accounts-from-administrator-account-1676918349164", "title": "To disassociate member accounts from administrator account" } ], "EnableImportFindingsForProduct": [ { "input": { "ProductArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon" }, "output": { "ProductSubscriptionArn": "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon" }, "comments": { "input": { }, "output": { } }, "description": "The following example activates an integration between Security Hub and a third party partner product that sends findings to Security Hub.", "id": "to-activate-an-integration-1676918918114", "title": "To activate an integration" } ], "EnableOrganizationAdminAccount": [ { "input": {