UNPKG

openapi-directory

Version:

Building & bundling https://github.com/APIs-guru/openapi-directory for easy use from JS

github.com/httptoolkit/openapi-directory-js

httptoolkit/openapi-directory-js

1 lines 1.09 MB
1
{"openapi":"3.0.0","info":{"version":"2018-10-26","x-release":"v4","title":"AWS SecurityHub","description":"<p>Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html\">Security HubUser Guide</a>.</p> <p>When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, run the same command for each Region in which you want to apply the change.</p> <p>For example, if your Region is set to <code>us-west-2</code>, when you use <code>CreateMembers</code> to add a member account to Security Hub, the association of the member account with the administrator account is created only in the <code>us-west-2</code> Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.</p> <p>The following throttling limits apply to using Security Hub API operations.</p> <ul> <li> <p> <code>BatchEnableStandards</code> - <code>RateLimit</code> of 1 request per second. <code>BurstLimit</code> of 1 request per second.</p> </li> <li> <p> <code>GetFindings</code> - <code>RateLimit</code> of 3 requests per second. <code>BurstLimit</code> of 6 requests per second.</p> </li> <li> <p> <code>BatchImportFindings</code> - <code>RateLimit</code> of 10 requests per second. <code>BurstLimit</code> of 30 requests per second.</p> </li> <li> <p> <code>BatchUpdateFindings</code> - <code>RateLimit</code> of 10 requests per second. <code>BurstLimit</code> of 30 requests per second.</p> </li> <li> <p> <code>UpdateStandardsControl</code> - <code>RateLimit</code> of 1 request per second. <code>BurstLimit</code> of 5 requests per second.</p> </li> <li> <p>All other operations - <code>RateLimit</code> of 10 requests per second. <code>BurstLimit</code> of 30 requests per second.</p> </li> </ul>","x-logo":{"url":"https://twitter.com/awscloud/profile_image?size=original","backgroundColor":"#FFFFFF"},"termsOfService":"https://aws.amazon.com/service-terms/","contact":{"name":"Mike Ralphson","email":"mike.ralphson@gmail.com","url":"https://github.com/mermade/aws2openapi","x-twitter":"PermittedSoc"},"license":{"name":"Apache 2.0 License","url":"http://www.apache.org/licenses/"},"x-providerName":"amazonaws.com","x-serviceName":"securityhub","x-aws-signingName":"securityhub","x-origin":[{"contentType":"application/json","url":"https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/securityhub-2018-10-26.normal.json","converter":{"url":"https://github.com/mermade/aws2openapi","version":"1.0.0"},"x-apisguru-driver":"external"}],"x-apiClientRegistration":{"url":"https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct"},"x-apisguru-categories":["cloud"],"x-preferred":true},"externalDocs":{"description":"Amazon Web Services documentation","url":"https://docs.aws.amazon.com/securityhub/"},"servers":[{"url":"http://securityhub.{region}.amazonaws.com","variables":{"region":{"description":"The AWS region","enum":["us-east-1","us-east-2","us-west-1","us-west-2","us-gov-west-1","us-gov-east-1","ca-central-1","eu-north-1","eu-west-1","eu-west-2","eu-west-3","eu-central-1","eu-south-1","af-south-1","ap-northeast-1","ap-northeast-2","ap-northeast-3","ap-southeast-1","ap-southeast-2","ap-east-1","ap-south-1","sa-east-1","me-south-1"],"default":"us-east-1"}},"description":"The AWS SecurityHub multi-region endpoint"},{"url":"https://securityhub.{region}.amazonaws.com","variables":{"region":{"description":"The AWS region","enum":["us-east-1","us-east-2","us-west-1","us-west-2","us-gov-west-1","us-gov-east-1","ca-central-1","eu-north-1","eu-west-1","eu-west-2","eu-west-3","eu-central-1","eu-south-1","af-south-1","ap-northeast-1","ap-northeast-2","ap-northeast-3","ap-southeast-1","ap-southeast-2","ap-east-1","ap-south-1","sa-east-1","me-south-1"],"default":"us-east-1"}},"description":"The AWS SecurityHub multi-region endpoint"},{"url":"http://securityhub.{region}.amazonaws.com.cn","variables":{"region":{"description":"The AWS region","enum":["cn-north-1","cn-northwest-1"],"default":"cn-north-1"}},"description":"The AWS SecurityHub endpoint for China (Beijing) and China (Ningxia)"},{"url":"https://securityhub.{region}.amazonaws.com.cn","variables":{"region":{"description":"The AWS region","enum":["cn-north-1","cn-northwest-1"],"default":"cn-north-1"}},"description":"The AWS SecurityHub endpoint for China (Beijing) and China (Ningxia)"}],"x-hasEquivalentPaths":true,"paths":{"/administrator":{"post":{"operationId":"AcceptAdministratorInvitation","description":"<p>Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.</p> <p>This operation is only used by member accounts that are not added through Organizations.</p> <p>When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AcceptAdministratorInvitationResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"483":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"484":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["AdministratorId","InvitationId"],"properties":{"AdministratorId":{"description":"The account ID of the Security Hub administrator account that sent the invitation.","type":"string","pattern":".*\\S.*"},"InvitationId":{"description":"The identifier of the invitation sent from the Security Hub administrator account.","type":"string","pattern":".*\\S.*"}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}],"get":{"operationId":"GetAdministratorAccount","description":"<p>Provides the details for the Security Hub administrator account for the current member account.</p> <p>Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetAdministratorAccountResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"484":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}}},"parameters":[]}},"/master":{"post":{"deprecated":true,"operationId":"AcceptInvitation","description":"<p>This method is deprecated. Instead, use <code>AcceptAdministratorInvitation</code>.</p> <p>The Security Hub console continues to use <code>AcceptInvitation</code>. It will eventually change to use <code>AcceptAdministratorInvitation</code>. Any IAM policies that specifically control access to this function must continue to use <code>AcceptInvitation</code>. You should also add <code>AcceptAdministratorInvitation</code> to your policies to ensure that the correct permissions are in place after the console begins to use <code>AcceptAdministratorInvitation</code>.</p> <p>Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.</p> <p>This operation is only used by member accounts that are not added through Organizations.</p> <p>When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AcceptInvitationResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"483":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"484":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["MasterId","InvitationId"],"properties":{"MasterId":{"description":"The account ID of the Security Hub administrator account that sent the invitation.","type":"string","pattern":".*\\S.*"},"InvitationId":{"description":"The identifier of the invitation sent from the Security Hub administrator account.","type":"string","pattern":".*\\S.*"}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}],"get":{"deprecated":true,"operationId":"GetMasterAccount","description":"<p>This method is deprecated. Instead, use <code>GetAdministratorAccount</code>.</p> <p>The Security Hub console continues to use <code>GetMasterAccount</code>. It will eventually change to use <code>GetAdministratorAccount</code>. Any IAM policies that specifically control access to this function must continue to use <code>GetMasterAccount</code>. You should also add <code>GetAdministratorAccount</code> to your policies to ensure that the correct permissions are in place after the console begins to use <code>GetAdministratorAccount</code>.</p> <p>Provides the details for the Security Hub administrator account for the current member account.</p> <p>Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetMasterAccountResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"484":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}}},"parameters":[]}},"/automationrules/delete":{"post":{"operationId":"BatchDeleteAutomationRules","description":" Deletes one or more automation rules. ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchDeleteAutomationRulesResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"482":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"484":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["AutomationRulesArns"],"properties":{"AutomationRulesArns":{"description":" A list of Amazon Resource Names (ARNs) for the rules that are to be deleted. ","type":"array","items":{"$ref":"#/components/schemas/NonEmptyString"},"minItems":1,"maxItems":100}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/standards/deregister":{"post":{"operationId":"BatchDisableStandards","description":"<p>Disables the standards specified by the provided <code>StandardsSubscriptionArns</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html\">Security Standards</a> section of the <i>Security Hub User Guide</i>.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchDisableStandardsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["StandardsSubscriptionArns"],"properties":{"StandardsSubscriptionArns":{"description":"The ARNs of the standards subscriptions to disable.","type":"array","items":{"$ref":"#/components/schemas/NonEmptyString"},"minItems":1,"maxItems":25}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/standards/register":{"post":{"operationId":"BatchEnableStandards","description":"<p>Enables the standards specified by the provided <code>StandardsArn</code>. To obtain the ARN for a standard, use the <code>DescribeStandards</code> operation.</p> <p>For more information, see the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html\">Security Standards</a> section of the <i>Security Hub User Guide</i>.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchEnableStandardsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["StandardsSubscriptionRequests"],"properties":{"StandardsSubscriptionRequests":{"description":"The list of standards checks to enable.","type":"array","items":{"$ref":"#/components/schemas/StandardsSubscriptionRequest"},"minItems":1,"maxItems":25}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/automationrules/get":{"post":{"operationId":"BatchGetAutomationRules","description":" Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs). ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchGetAutomationRulesResponse"}}}},"480":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"481":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"484":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"485":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["AutomationRulesArns"],"properties":{"AutomationRulesArns":{"description":" A list of rule ARNs to get details for. ","type":"array","items":{"$ref":"#/components/schemas/NonEmptyString"},"minItems":1,"maxItems":100}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/securityControls/batchGet":{"post":{"operationId":"BatchGetSecurityControls","description":" Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region. ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchGetSecurityControlsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["SecurityControlIds"],"properties":{"SecurityControlIds":{"description":" A list of security controls (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards. ","type":"array","items":{"$ref":"#/components/schemas/NonEmptyString"}}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/associations/batchGet":{"post":{"operationId":"BatchGetStandardsControlAssociations","description":" For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard. ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchGetStandardsControlAssociationsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["StandardsControlAssociationIds"],"properties":{"StandardsControlAssociationIds":{"description":" An array with one or more objects that includes a security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards. ","type":"array","items":{"$ref":"#/components/schemas/StandardsControlAssociationId"}}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/findings/import":{"post":{"operationId":"BatchImportFindings","description":"<p>Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.</p> <p> <code>BatchImportFindings</code> must be called by one of the following:</p> <ul> <li> <p>The Amazon Web Services account that is associated with a finding if you are using the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html#securityhub-custom-providers-bfi-reqs\">default product ARN</a> or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling <code>BatchImportFindings</code> from needs to be the same as the <code>AwsAccountId</code> attribute for the finding.</p> </li> <li> <p>An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call <code>BatchImportFindings</code> from the allow-listed account and send findings from different customer accounts in the same batch.</p> </li> </ul> <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.</p> <p>After a finding is created, <code>BatchImportFindings</code> cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.</p> <ul> <li> <p> <code>Note</code> </p> </li> <li> <p> <code>UserDefinedFields</code> </p> </li> <li> <p> <code>VerificationState</code> </p> </li> <li> <p> <code>Workflow</code> </p> </li> </ul> <p>Finding providers also should not use <code>BatchImportFindings</code> to update the following attributes.</p> <ul> <li> <p> <code>Confidence</code> </p> </li> <li> <p> <code>Criticality</code> </p> </li> <li> <p> <code>RelatedFindings</code> </p> </li> <li> <p> <code>Severity</code> </p> </li> <li> <p> <code>Types</code> </p> </li> </ul> <p>Instead, finding providers use <code>FindingProviderFields</code> to provide values for these attributes.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchImportFindingsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"483":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["Findings"],"properties":{"Findings":{"description":"A list of findings to import. To successfully import a finding, it must follow the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html\">Amazon Web Services Security Finding Format</a>. Maximum of 100 findings per request.","type":"array","items":{"$ref":"#/components/schemas/AwsSecurityFinding"},"minItems":1,"maxItems":100}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/automationrules/update":{"patch":{"operationId":"BatchUpdateAutomationRules","description":" Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters. ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchUpdateAutomationRulesResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"482":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"484":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["UpdateAutomationRulesRequestItems"],"properties":{"UpdateAutomationRulesRequestItems":{"description":" An array of ARNs for the rules that are to be updated. Optionally, you can also include <code>RuleStatus</code> and <code>RuleOrder</code>. ","type":"array","items":{"$ref":"#/components/schemas/UpdateAutomationRulesRequestItem"},"minItems":1,"maxItems":100}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/findings/batchupdate":{"patch":{"operationId":"BatchUpdateFindings","description":"<p>Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.</p> <p>Updates from <code>BatchUpdateFindings</code> do not affect the value of <code>UpdatedAt</code> for a finding.</p> <p>Administrator and member accounts can use <code>BatchUpdateFindings</code> to update the following finding fields and objects.</p> <ul> <li> <p> <code>Confidence</code> </p> </li> <li> <p> <code>Criticality</code> </p> </li> <li> <p> <code>Note</code> </p> </li> <li> <p> <code>RelatedFindings</code> </p> </li> <li> <p> <code>Severity</code> </p> </li> <li> <p> <code>Types</code> </p> </li> <li> <p> <code>UserDefinedFields</code> </p> </li> <li> <p> <code>VerificationState</code> </p> </li> <li> <p> <code>Workflow</code> </p> </li> </ul> <p>You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access\">Configuring access to BatchUpdateFindings</a> in the <i>Security Hub User Guide</i>.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchUpdateFindingsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"483":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["FindingIdentifiers"],"properties":{"FindingIdentifiers":{"description":"<p>The list of findings to update. <code>BatchUpdateFindings</code> can be used to update up to 100 findings at a time.</p> <p>For each finding, the list provides the finding identifier and the ARN of the finding provider.</p>","type":"array","items":{"$ref":"#/components/schemas/AwsSecurityFindingIdentifier"}},"Note":{"description":"The updated note.","type":"object","properties":{"Text":{"allOf":[{"$ref":"#/components/schemas/NonEmptyString"},{"description":"The updated note text."}]},"UpdatedBy":{"allOf":[{"$ref":"#/components/schemas/NonEmptyString"},{"description":"The principal that updated the note."}]}}},"Severity":{"description":"Updates to the severity information for a finding.","type":"object","properties":{"Normalized":{"allOf":[{"$ref":"#/components/schemas/RatioScale"},{"description":"<p>The normalized severity for the finding. This attribute is to be deprecated in favor of <code>Label</code>.</p> <p>If you provide <code>Normalized</code> and do not provide <code>Label</code>, <code>Label</code> is set automatically as follows.</p> <ul> <li> <p>0 - <code>INFORMATIONAL</code> </p> </li> <li> <p>1–39 - <code>LOW</code> </p> </li> <li> <p>40–69 - <code>MEDIUM</code> </p> </li> <li> <p>70–89 - <code>HIGH</code> </p> </li> <li> <p>90–100 - <code>CRITICAL</code> </p> </li> </ul>"}]},"Product":{"allOf":[{"$ref":"#/components/schemas/Double"},{"description":"The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding."}]},"Label":{"allOf":[{"$ref":"#/components/schemas/SeverityLabel"},{"description":"<p>The severity value of the finding. The allowed values are the following.</p> <ul> <li> <p> <code>INFORMATIONAL</code> - No issue was found.</p> </li> <li> <p> <code>LOW</code> - The issue does not require action on its own.</p> </li> <li> <p> <code>MEDIUM</code> - The issue must be addressed but not urgently.</p> </li> <li> <p> <code>HIGH</code> - The issue must be addressed as a priority.</p> </li> <li> <p> <code>CRITICAL</code> - The issue must be remediated immediately to avoid it escalating.</p> </li> </ul>"}]}}},"VerificationState":{"description":"<p>Indicates the veracity of a finding.</p> <p>The available values for <code>VerificationState</code> are as follows.</p> <ul> <li> <p> <code>UNKNOWN</code> – The default disposition of a security finding</p> </li> <li> <p> <code>TRUE_POSITIVE</code> – The security finding is confirmed</p> </li> <li> <p> <code>FALSE_POSITIVE</code> – The security finding was determined to be a false alarm</p> </li> <li> <p> <code>BENIGN_POSITIVE</code> – A special case of <code>TRUE_POSITIVE</code> where the finding doesn't pose any threat, is expected, or both</p> </li> </ul>","type":"string","enum":["UNKNOWN","TRUE_POSITIVE","FALSE_POSITIVE","BENIGN_POSITIVE"]},"Confidence":{"description":"<p>The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.</p> <p>Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.</p>","type":"integer","minimum":0,"maximum":100},"Criticality":{"description":"<p>The updated value for the level of importance assigned to the resources associated with the findings.</p> <p>A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. </p>","type":"integer","minimum":0,"maximum":100},"Types":{"description":"<p>One or more finding types in the format of namespace/category/classifier that classify a finding.</p> <p>Valid namespace values are as follows.</p> <ul> <li> <p>Software and Configuration Checks</p> </li> <li> <p>TTPs</p> </li> <li> <p>Effects</p> </li> <li> <p>Unusual Behaviors</p> </li> <li> <p>Sensitive Data Identifications </p> </li> </ul>","type":"array","items":{"$ref":"#/components/schemas/NonEmptyString"}},"UserDefinedFields":{"description":"A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.","type":"object","additionalProperties":{"$ref":"#/components/schemas/NonEmptyString"}},"Workflow":{"description":"Used to update information about the investigation into the finding.","type":"object","properties":{"Status":{"allOf":[{"$ref":"#/components/schemas/WorkflowStatus"},{"description":"<p>The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to <code>SUPPRESSED</code> or <code>RESOLVED</code> does not prevent a new finding for the same issue.</p> <p>The allowed values are the following.</p> <ul> <li> <p> <code>NEW</code> - The initial state of a finding, before it is reviewed.</p> <p>Security Hub also resets <code>WorkFlowStatus</code> from <code>NOTIFIED</code> or <code>RESOLVED</code> to <code>NEW</code> in the following cases:</p> <ul> <li> <p>The record state changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p> </li> <li> <p>The compliance status changes from <code>PASSED</code> to either <code>WARNING</code>, <code>FAILED</code>, or <code>NOT_AVAILABLE</code>.</p> </li> </ul> </li> <li> <p> <code>NOTIFIED</code> - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.</p> </li> <li> <p> <code>RESOLVED</code> - The finding was reviewed and remediated and is now considered resolved.</p> </li> <li> <p> <code>SUPPRESSED</code> - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.</p> </li> </ul>"}]}}},"RelatedFindings":{"description":"A list of findings that are related to the updated findings.","type":"array","items":{"$ref":"#/components/schemas/RelatedFinding"}}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/associations":{"patch":{"operationId":"BatchUpdateStandardsControlAssociations","description":" For a batch of security controls and standards, this operation updates the enablement status of a control in a standard. ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BatchUpdateStandardsControlAssociationsResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["StandardsControlAssociationUpdates"],"properties":{"StandardsControlAssociationUpdates":{"description":" Updates the enablement status of a security control in a specified standard. ","type":"array","items":{"$ref":"#/components/schemas/StandardsControlAssociationUpdate"}}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/actionTargets":{"post":{"operationId":"CreateActionTarget","description":"<p>Creates a custom action target in Security Hub.</p> <p>You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.</p>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreateActionTargetResponse"}}}},"480":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"481":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}},"484":{"description":"ResourceConflictException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceConflictException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["Name","Description","Id"],"properties":{"Name":{"description":"The name of the custom action target. Can contain up to 20 characters.","type":"string","pattern":".*\\S.*"},"Description":{"description":"The description for the custom action target.","type":"string","pattern":".*\\S.*"},"Id":{"description":"The ID for the custom action target. Can contain up to 20 alphanumeric characters.","type":"string","pattern":".*\\S.*"}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/automationrules/create":{"post":{"operationId":"CreateAutomationRule","description":" Creates an automation rule based on input parameters. ","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreateAutomationRuleResponse"}}}},"480":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"481":{"description":"InternalException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalException"}}}},"482":{"description":"InvalidAccessException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidAccessException"}}}},"483":{"description":"InvalidInputException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidInputException"}}}},"484":{"description":"LimitExceededException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LimitExceededException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["RuleOrder","RuleName","Description","Criteria","Actions"],"properties":{"Tags":{"description":" User-defined tags that help you label the purpose of a rule. ","type":"object","minProperties":1,"maxProperties":50,"additionalProperties":{"$ref":"#/components/schemas/TagValue"}},"RuleStatus":{"description":" Whether the rule is active after it is created. If this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use <a href=\"https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html\"> <code>BatchUpdateAutomationRules</code> </a>. ","type":"string","enum":["ENABLED","DISABLED"]},"RuleOrder":{"description":"An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first. ","type":"integer","minimum":1,"maximum":1000},"RuleName":{"description":" The name of the rule. ","type":"string","pattern":".*\\S.*"},"Description":{"description":" A description of the rule. ","type":"string","pattern":".*\\S.*"},"IsTerminal":{"description":"Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. ","type":"boolean"},"Criteria":{"description":" The criteria that determine which findings a rule applies to. ","type":"object","properties":{"ProductArn":{"allOf":[{"$ref":"#/components/schemas/StringFilterList"},{"description":" The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. "}]},"AwsAccountId":{"allOf":[{"$ref":"#/components/schemas/StringFilterList"},{"description":" The Amazon Web Services account ID in which a finding was generated. "}]},"Id":{"allOf":[{"$ref":"#/components/schemas/StringFilterList"},{"description":" The product-specific identifier for a finding. "}]},"GeneratorId":{"allOf":[{"$ref":"#/components/schemas/StringFilterList"},{"description":" The identifier for the solution-specific component that generated a finding. "}]},"Type":{"allOf":[{"$ref":"#/components/schemas/StringFilterList"},{"description":" One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html\">Types taxonomy for ASFF</a> in the <i>Security Hub User Guide</i>. "}]},"FirstObservedAt":{"allOf":[{"$ref":"#/components/schemas/DateFilterList"},{"description":"<p> A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. </p> <p>Uses the <code>date-time</code> format specified in <a href=\"https://tools.ietf.org/html/rfc3339#section-5.6\">RFC 3339 section 5.6, Internet Date/Time Format</a>. The value cannot contain spaces. For example, <code>2020-03-22T13:22:13.933Z</code>.</p>"}]},"LastObservedAt":{"allOf":[{"$ref":"#/components/schemas/DateFilterList"},{"description":"<p> A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. </p> <p>Uses the <code>date-time</code> format specified in <a href=\"https://tools.ietf.org/html/rfc3339#section-5.6\">RFC 3339 section 5.6, Internet Date/Time Format</a>. The value cannot contain spaces. For example, <code>2020-03-22T13:22:13.933Z</code>.</p>"}]},"CreatedAt":{"allOf":[{"$ref":"#/components/schemas/DateFilterList"},{"description":"<p> A timestamp that indicates when this finding record was created. </p> <p>Uses the <code>date-time</code> format specified in <a href=\"https://tools.ietf.org/html/rfc3339#section-5.6\">RFC 3339 section 5.6, Internet Date/Time Format</a>. The value cannot contain spaces. For example, <code>2020-03-22T13:22:13.933Z</code>.</p>"}]},"UpdatedAt":{"allOf":[{"$ref":"#/components/schemas/DateFilterList"},{"description":"<p> A timestamp that indicates when the finding record was most recently updated. </p> <p>Uses the <code>date-time</code> format specified in <a href=\"https://tools.ietf.org/html/rfc3339#section-5.6\">RFC 3339 section 5.6, Internet Date/Time Format</a>. The value cannot contain spaces. For example, <code>2020-03-22T13:22:13.933Z</code>.</p>"}]},"Confidence":{"allOf":[{"$ref":"#/components/schemas/NumberFilterList"},{"description":"The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. <code>Confidence</code> is scored on a 0–100 basis using a ratio scale. A value of <code>0</code> means 0 percent confidence, and a value of <code>100</code> means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence\">Confidence</a> in the <i>Security Hub User Guide</i>. "}]},"Criticality":{"allOf":[{"$ref":"#/components/schemas/NumberFilterList"},{"description":" The level of importance that is assigned to the resources that are associated with a finding. <code>Criticality</code> is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of <code>0</code> means that the underlying resources have no criticality, and a score of <code>100</code> is reserved for the most critical resources. For more information, see <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality\">Criticality</a> in the <i>Security Hub User Guide</i>."}]},"Title":{"allOf":[{"$ref":"#/components/schemas/StringFilterList"},{"description":" A findin