Table of Contents
SecurityHub.
Client
¶A low-level client representing AWS SecurityHub
Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the Security HubUser Guide.
When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.
For example, if your Region is set to us-west-2
, when you use CreateMembers
to add a member account to Security Hub, the association of the member account with the administrator account is created only in the us-west-2
Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.
The following throttling limits apply to using Security Hub API operations.
BatchEnableStandards
- RateLimit
of 1 request per second, BurstLimit
of 1 request per second.GetFindings
- RateLimit
of 3 requests per second. BurstLimit
of 6 requests per second.BatchImportFindings
- RateLimit
of 10 requests per second. BurstLimit
of 30 requests per second.BatchUpdateFindings
- RateLimit
of 10 requests per second. BurstLimit
of 30 requests per second.UpdateStandardsControl
- RateLimit
of 1 request per second, BurstLimit
of 5 requests per second.RateLimit
of 10 requests per second. BurstLimit
of 30 requests per second.import boto3
client = boto3.client('securityhub')
These are the available methods:
accept_administrator_invitation()
accept_invitation()
batch_disable_standards()
batch_enable_standards()
batch_import_findings()
batch_update_findings()
can_paginate()
close()
create_action_target()
create_finding_aggregator()
create_insight()
create_members()
decline_invitations()
delete_action_target()
delete_finding_aggregator()
delete_insight()
delete_invitations()
delete_members()
describe_action_targets()
describe_hub()
describe_organization_configuration()
describe_products()
describe_standards()
describe_standards_controls()
disable_import_findings_for_product()
disable_organization_admin_account()
disable_security_hub()
disassociate_from_administrator_account()
disassociate_from_master_account()
disassociate_members()
enable_import_findings_for_product()
enable_organization_admin_account()
enable_security_hub()
get_administrator_account()
get_enabled_standards()
get_finding_aggregator()
get_findings()
get_insight_results()
get_insights()
get_invitations_count()
get_master_account()
get_members()
get_paginator()
get_waiter()
invite_members()
list_enabled_products_for_import()
list_finding_aggregators()
list_invitations()
list_members()
list_organization_admin_accounts()
list_tags_for_resource()
tag_resource()
untag_resource()
update_action_target()
update_finding_aggregator()
update_findings()
update_insight()
update_organization_configuration()
update_security_hub_configuration()
update_standards_control()
accept_administrator_invitation
(**kwargs)¶Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
See also: AWS API Documentation
Request Syntax
response = client.accept_administrator_invitation(
AdministratorId='string',
InvitationId='string'
)
[REQUIRED]
The account ID of the Security Hub administrator account that sent the invitation.
[REQUIRED]
The identifier of the invitation sent from the Security Hub administrator account.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.InvalidAccessException
accept_invitation
(**kwargs)¶This method is deprecated. Instead, use AcceptAdministratorInvitation
.
The Security Hub console continues to use AcceptInvitation
. It will eventually change to use AcceptAdministratorInvitation
. Any IAM policies that specifically control access to this function must continue to use AcceptInvitation
. You should also add AcceptAdministratorInvitation
to your policies to ensure that the correct permissions are in place after the console begins to use AcceptAdministratorInvitation
.
Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.accept_invitation(
MasterId='string',
InvitationId='string'
)
[REQUIRED]
The account ID of the Security Hub administrator account that sent the invitation.
[REQUIRED]
The identifier of the invitation sent from the Security Hub administrator account.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.InvalidAccessException
batch_disable_standards
(**kwargs)¶Disables the standards specified by the provided StandardsSubscriptionArns
.
For more information, see Security Standards section of the Security Hub User Guide .
See also: AWS API Documentation
Request Syntax
response = client.batch_disable_standards(
StandardsSubscriptionArns=[
'string',
]
)
[REQUIRED]
The ARNs of the standards subscriptions to disable.
{
'StandardsSubscriptions': [
{
'StandardsSubscriptionArn': 'string',
'StandardsArn': 'string',
'StandardsInput': {
'string': 'string'
},
'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
'StandardsStatusReason': {
'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
}
},
]
}
Response Structure
The details of the standards subscriptions that were disabled.
A resource that represents your subscription to a supported standard.
The ARN of a resource that represents your subscription to a supported standard.
The ARN of a standard.
A key-value pair of input for the standard.
The status of the standard subscription.
The status values are as follows:
PENDING
- Standard is in the process of being enabled.READY
- Standard is enabled.INCOMPLETE
- Standard could not be enabled completely. Some controls may not be available.DELETING
- Standard is in the process of being disabled.FAILED
- Standard could not be disabled.The reason for the current status.
The reason code that represents the reason for the current status of a standard subscription.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
batch_enable_standards
(**kwargs)¶Enables the standards specified by the provided StandardsArn
. To obtain the ARN for a standard, use the DescribeStandards
operation.
For more information, see the Security Standards section of the Security Hub User Guide .
See also: AWS API Documentation
Request Syntax
response = client.batch_enable_standards(
StandardsSubscriptionRequests=[
{
'StandardsArn': 'string',
'StandardsInput': {
'string': 'string'
}
},
]
)
[REQUIRED]
The list of standards checks to enable.
The standard that you want to enable.
The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards
operation.
A key-value pair of input for the standard.
{
'StandardsSubscriptions': [
{
'StandardsSubscriptionArn': 'string',
'StandardsArn': 'string',
'StandardsInput': {
'string': 'string'
},
'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
'StandardsStatusReason': {
'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
}
},
]
}
Response Structure
The details of the standards subscriptions that were enabled.
A resource that represents your subscription to a supported standard.
The ARN of a resource that represents your subscription to a supported standard.
The ARN of a standard.
A key-value pair of input for the standard.
The status of the standard subscription.
The status values are as follows:
PENDING
- Standard is in the process of being enabled.READY
- Standard is enabled.INCOMPLETE
- Standard could not be enabled completely. Some controls may not be available.DELETING
- Standard is in the process of being disabled.FAILED
- Standard could not be disabled.The reason for the current status.
The reason code that represents the reason for the current status of a standard subscription.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
batch_import_findings
(**kwargs)¶Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.
BatchImportFindings
must be called by one of the following:
BatchImportFindings
from needs to be the same as the AwsAccountId
attribute for the finding.BatchImportFindings
from the allow-listed account and send findings from different customer accounts in the same batch.The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings
cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
Finding providers also should not use BatchImportFindings
to update the following attributes.
Confidence
Criticality
RelatedFindings
Severity
Types
Instead, finding providers use FindingProviderFields
to provide values for these attributes.
See also: AWS API Documentation
Request Syntax
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Parameters
# This section is too large to render.
# Please see the AWS API Documentation linked below.
{
'FailedCount': 123,
'SuccessCount': 123,
'FailedFindings': [
{
'Id': 'string',
'ErrorCode': 'string',
'ErrorMessage': 'string'
},
]
}
Response Structure
The number of findings that failed to import.
The number of findings that were successfully imported.
The list of findings that failed to import.
The list of the findings that cannot be imported. For each finding, the list provides the error.
The identifier of the finding that could not be updated.
The code of the error returned by the BatchImportFindings
operation.
The message of the error returned by the BatchImportFindings
operation.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
batch_update_findings
(**kwargs)¶Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings
do not affect the value of UpdatedAt
for a finding.
Administrator and member accounts can use BatchUpdateFindings
to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide .
See also: AWS API Documentation
Request Syntax
response = client.batch_update_findings(
FindingIdentifiers=[
{
'Id': 'string',
'ProductArn': 'string'
},
],
Note={
'Text': 'string',
'UpdatedBy': 'string'
},
Severity={
'Normalized': 123,
'Product': 123.0,
'Label': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'
},
VerificationState='UNKNOWN'|'TRUE_POSITIVE'|'FALSE_POSITIVE'|'BENIGN_POSITIVE',
Confidence=123,
Criticality=123,
Types=[
'string',
],
UserDefinedFields={
'string': 'string'
},
Workflow={
'Status': 'NEW'|'NOTIFIED'|'RESOLVED'|'SUPPRESSED'
},
RelatedFindings=[
{
'ProductArn': 'string',
'Id': 'string'
},
]
)
[REQUIRED]
The list of findings to update. BatchUpdateFindings
can be used to update up to 100 findings at a time.
For each finding, the list provides the finding identifier and the ARN of the finding provider.
Identifies a finding to update using BatchUpdateFindings
.
The identifier of the finding that was specified by the finding provider.
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
The updated note.
The updated note text.
The principal that updated the note.
Used to update the finding severity.
The normalized severity for the finding. This attribute is to be deprecated in favor of Label
.
If you provide Normalized
and do not provide Label
, Label
is set automatically as follows.
INFORMATIONAL
LOW
MEDIUM
HIGH
CRITICAL
The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.
The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.Indicates the veracity of a finding.
The available values for VerificationState
are as follows.
UNKNOWN
– The default disposition of a security findingTRUE_POSITIVE
– The security finding is confirmedFALSE_POSITIVE
– The security finding was determined to be a false alarmBENIGN_POSITIVE
– A special case of TRUE_POSITIVE
where the finding doesn't pose any threat, is expected, or bothThe updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
The updated value for the level of importance assigned to the resources associated with the findings.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are as follows.
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Used to update the workflow status of a finding.
The workflow status indicates the progress of the investigation into the finding.
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED
or RESOLVED
does not prevent a new finding for the same issue.
The allowed values are the following.
NEW
- The initial state of a finding, before it is reviewed. Security Hub also resets WorkFlowStatus
from NOTIFIED
or RESOLVED
to NEW
in the following cases:ARCHIVED
to ACTIVE
.PASSED
to either WARNING
, FAILED
, or NOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.A list of findings that are related to the updated findings.
Details about a related finding.
The ARN of the product that generated a related finding.
The product-generated identifier for a related finding.
dict
Response Syntax
{
'ProcessedFindings': [
{
'Id': 'string',
'ProductArn': 'string'
},
],
'UnprocessedFindings': [
{
'FindingIdentifier': {
'Id': 'string',
'ProductArn': 'string'
},
'ErrorCode': 'string',
'ErrorMessage': 'string'
},
]
}
Response Structure
(dict) --
ProcessedFindings (list) --
The list of findings that were updated successfully.
(dict) --
Identifies a finding to update using BatchUpdateFindings
.
Id (string) --
The identifier of the finding that was specified by the finding provider.
ProductArn (string) --
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
UnprocessedFindings (list) --
The list of findings that were not updated.
(dict) --
A finding from a BatchUpdateFindings
request that Security Hub was unable to update.
FindingIdentifier (dict) --
The identifier of the finding that was not updated.
Id (string) --
The identifier of the finding that was specified by the finding provider.
ProductArn (string) --
The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.
ErrorCode (string) --
The code associated with the error. Possible values are:
ConcurrentUpdateError
- Another request attempted to update the finding while this request was being processed. This error may also occur if you call BatchUpdateFindings and BatchImportFindings at the same time.DuplicatedFindingIdentifier
- The request included two or more findings with the same FindingIdentifier
.FindingNotFound
- The FindingIdentifier
included in the request did not match an existing finding.FindingSizeExceeded
- The finding size was greater than the permissible value of 240 KB.InternalFailure
- An internal service failure occurred when updating the finding.InvalidInput
- The finding update contained an invalid value that did not satisfy the Amazon Web Services Security Finding Format syntax.ErrorMessage (string) --
The message associated with the error. Possible values are:
Concurrent finding updates detected
Finding Identifier is duplicated
Finding Not Found
Finding size exceeded 240 KB
Internal service failure
Invalid Input
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
can_paginate
(operation_name)¶Check if an operation can be paginated.
create_foo
, and you'd normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.True
if the operation can be paginated,
False
otherwise.close
()¶Closes underlying endpoint connections.
create_action_target
(**kwargs)¶Creates a custom action target in Security Hub.
You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.
See also: AWS API Documentation
Request Syntax
response = client.create_action_target(
Name='string',
Description='string',
Id='string'
)
[REQUIRED]
The name of the custom action target. Can contain up to 20 characters.
[REQUIRED]
The description for the custom action target.
[REQUIRED]
The ID for the custom action target. Can contain up to 20 alphanumeric characters.
dict
Response Syntax
{
'ActionTargetArn': 'string'
}
Response Structure
(dict) --
ActionTargetArn (string) --
The ARN for the custom action target.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceConflictException
create_finding_aggregator
(**kwargs)¶Used to enable finding aggregation. Must be called from the aggregation Region.
For more details about cross-Region replication, see Configuring finding aggregation in the Security Hub User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_finding_aggregator(
RegionLinkingMode='string',
Regions=[
'string',
]
)
[REQUIRED]
Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
The selected option also determines how to use the Regions provided in the Regions list.
The options are as follows:
ALL_REGIONS
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.ALL_REGIONS_EXCEPT_SPECIFIED
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.SPECIFIED_REGIONS
- Indicates to aggregate findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
dict
Response Syntax
{
'FindingAggregatorArn': 'string',
'FindingAggregationRegion': 'string',
'RegionLinkingMode': 'string',
'Regions': [
'string',
]
}
Response Structure
(dict) --
FindingAggregatorArn (string) --
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.
FindingAggregationRegion (string) --
The aggregation Region.
RegionLinkingMode (string) --
Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.
Regions (list) --
The list of excluded Regions or included Regions.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.AccessDeniedException
SecurityHub.Client.exceptions.InvalidInputException
create_insight
(**kwargs)¶Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
To group the related findings in the insight, use the GroupByAttribute
.
See also: AWS API Documentation
Request Syntax
response = client.create_insight(
Name='string',
Filters={
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
GroupByAttribute='string'
)
Parameters
# This section is too large to render.
# Please see the AWS API Documentation linked below.
{
'InsightArn': 'string'
}
Response Structure
The ARN of the insight created.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceConflictException
create_members
(**kwargs)¶Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.
CreateMembers
is always used to add accounts that are not organization members.
For accounts that are managed using Organizations, CreateMembers
is only used in the following cases:
This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub
operation.
For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers
operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.
Accounts that are managed using Organizations do not receive an invitation. They automatically become a member account in Security Hub.
A permissions policy is added that permits the administrator account to view the findings generated in the member account.
To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount
or DisassociateMembers
operation.
See also: AWS API Documentation
Request Syntax
response = client.create_members(
AccountDetails=[
{
'AccountId': 'string',
'Email': 'string'
},
]
)
[REQUIRED]
The list of accounts to associate with the Security Hub administrator account. For each account, the list includes the account ID and optionally the email address.
The details of an Amazon Web Services account.
The ID of an Amazon Web Services account.
The email of an Amazon Web Services account.
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'ProcessingResult': 'string'
},
]
}
Response Structure
The list of Amazon Web Services accounts that were not processed. For each account, the list includes the account ID and the email address.
Details about the account that was not processed.
An Amazon Web Services account ID of the account that was not processed.
The reason that the account was not processed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceConflictException
decline_invitations
(**kwargs)¶Declines invitations to become a member account.
This operation is only used by accounts that are not part of an organization. Organization accounts do not receive invitations.
See also: AWS API Documentation
Request Syntax
response = client.decline_invitations(
AccountIds=[
'string',
]
)
[REQUIRED]
The list of account IDs for the accounts from which to decline the invitations to Security Hub.
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'ProcessingResult': 'string'
},
]
}
Response Structure
The list of Amazon Web Services accounts that were not processed. For each account, the list includes the account ID and the email address.
Details about the account that was not processed.
An Amazon Web Services account ID of the account that was not processed.
The reason that the account was not processed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
delete_action_target
(**kwargs)¶Deletes a custom action target from Security Hub.
Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.
See also: AWS API Documentation
Request Syntax
response = client.delete_action_target(
ActionTargetArn='string'
)
[REQUIRED]
The ARN of the custom action target to delete.
{
'ActionTargetArn': 'string'
}
Response Structure
The ARN of the custom action target that was deleted.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
delete_finding_aggregator
(**kwargs)¶Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation.
When you stop finding aggregation, findings that were already aggregated to the aggregation Region are still visible from the aggregation Region. New findings and finding updates are not aggregated.
See also: AWS API Documentation
Request Syntax
response = client.delete_finding_aggregator(
FindingAggregatorArn='string'
)
[REQUIRED]
The ARN of the finding aggregator to delete. To obtain the ARN, use ListFindingAggregators
.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.AccessDeniedException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
delete_insight
(**kwargs)¶Deletes the insight specified by the InsightArn
.
See also: AWS API Documentation
Request Syntax
response = client.delete_insight(
InsightArn='string'
)
[REQUIRED]
The ARN of the insight to delete.
{
'InsightArn': 'string'
}
Response Structure
The ARN of the insight that was deleted.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
delete_invitations
(**kwargs)¶Deletes invitations received by the Amazon Web Services account to become a member account.
This operation is only used by accounts that are not part of an organization. Organization accounts do not receive invitations.
See also: AWS API Documentation
Request Syntax
response = client.delete_invitations(
AccountIds=[
'string',
]
)
[REQUIRED]
The list of the account IDs that sent the invitations to delete.
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'ProcessingResult': 'string'
},
]
}
Response Structure
The list of Amazon Web Services accounts for which the invitations were not deleted. For each account, the list includes the account ID and the email address.
Details about the account that was not processed.
An Amazon Web Services account ID of the account that was not processed.
The reason that the account was not processed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.InvalidAccessException
delete_members
(**kwargs)¶Deletes the specified member accounts from Security Hub.
Can be used to delete member accounts that belong to an organization as well as member accounts that were invited manually.
See also: AWS API Documentation
Request Syntax
response = client.delete_members(
AccountIds=[
'string',
]
)
[REQUIRED]
The list of account IDs for the member accounts to delete.
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'ProcessingResult': 'string'
},
]
}
Response Structure
The list of Amazon Web Services accounts that were not deleted. For each account, the list includes the account ID and the email address.
Details about the account that was not processed.
An Amazon Web Services account ID of the account that was not processed.
The reason that the account was not processed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
describe_action_targets
(**kwargs)¶Returns a list of the custom action targets in Security Hub in your account.
See also: AWS API Documentation
Request Syntax
response = client.describe_action_targets(
ActionTargetArns=[
'string',
],
NextToken='string',
MaxResults=123
)
A list of custom action target ARNs for the custom action targets to retrieve.
The token that is required for pagination. On your first call to the DescribeActionTargets
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'ActionTargets': [
{
'ActionTargetArn': 'string',
'Name': 'string',
'Description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ActionTargets (list) --
A list of ActionTarget
objects. Each object includes the ActionTargetArn
, Description
, and Name
of a custom action target available in Security Hub.
(dict) --
An ActionTarget
object.
ActionTargetArn (string) --
The ARN for the target action.
Name (string) --
The name of the action target.
Description (string) --
The description of the target action.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
describe_hub
(**kwargs)¶Returns details about the Hub resource in your account, including the HubArn
and the time when you enabled Security Hub.
See also: AWS API Documentation
Request Syntax
response = client.describe_hub(
HubArn='string'
)
{
'HubArn': 'string',
'SubscribedAt': 'string',
'AutoEnableControls': True|False
}
Response Structure
The ARN of the Hub resource that was retrieved.
The date and time when Security Hub was enabled in the account.
Whether to automatically enable new controls when they are added to standards that are enabled.
If set to true
, then new controls for enabled standards are enabled automatically. If set to false
, then new controls are not enabled.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
describe_organization_configuration
()¶Returns information about the Organizations configuration for Security Hub. Can only be called from a Security Hub administrator account.
See also: AWS API Documentation
Request Syntax
response = client.describe_organization_configuration()
{
'AutoEnable': True|False,
'MemberAccountLimitReached': True|False,
'AutoEnableStandards': 'NONE'|'DEFAULT'
}
Response Structure
Whether to automatically enable Security Hub for new accounts in the organization.
If set to true
, then Security Hub is enabled for new accounts. If set to false, then new accounts are not added automatically.
Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.
Whether to automatically enable Security Hub default standards for new member accounts in the organization.
The default value of this parameter is equal to DEFAULT
.
If equal to DEFAULT
, then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE
, then default standards are not automatically enabled for new member accounts.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
describe_products
(**kwargs)¶Returns information about product integrations in Security Hub.
You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.
If you do not provide an integration ARN, then the results include all of the available product integrations.
See also: AWS API Documentation
Request Syntax
response = client.describe_products(
NextToken='string',
MaxResults=123,
ProductArn='string'
)
The token that is required for pagination. On your first call to the DescribeProducts
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'Products': [
{
'ProductArn': 'string',
'ProductName': 'string',
'CompanyName': 'string',
'Description': 'string',
'Categories': [
'string',
],
'IntegrationTypes': [
'SEND_FINDINGS_TO_SECURITY_HUB'|'RECEIVE_FINDINGS_FROM_SECURITY_HUB'|'UPDATE_FINDINGS_IN_SECURITY_HUB',
],
'MarketplaceUrl': 'string',
'ActivationUrl': 'string',
'ProductSubscriptionResourcePolicy': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Products (list) --
A list of products, including details for each product.
(dict) --
Contains details about a product.
ProductArn (string) --
The ARN assigned to the product.
ProductName (string) --
The name of the product.
CompanyName (string) --
The name of the company that provides the product.
Description (string) --
A description of the product.
Categories (list) --
The categories assigned to the product.
IntegrationTypes (list) --
The types of integration that the product supports. Available values are the following.
SEND_FINDINGS_TO_SECURITY_HUB
- The integration sends findings to Security Hub.RECEIVE_FINDINGS_FROM_SECURITY_HUB
- The integration receives findings from Security Hub.UPDATE_FINDINGS_IN_SECURITY_HUB
- The integration does not send new findings to Security Hub, but does make updates to the findings that it receives from Security Hub.MarketplaceUrl (string) --
For integrations with Amazon Web Services services, the Amazon Web Services Console URL from which to activate the service.
For integrations with third-party products, the Amazon Web Services Marketplace URL from which to subscribe to or purchase the product.
ActivationUrl (string) --
The URL to the service or product documentation about the integration with Security Hub, including how to activate the integration.
ProductSubscriptionResourcePolicy (string) --
The resource policy associated with the product.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.InvalidInputException
describe_standards
(**kwargs)¶Returns a list of the available standards in Security Hub.
For each standard, the results include the standard ARN, the name, and a description.
See also: AWS API Documentation
Request Syntax
response = client.describe_standards(
NextToken='string',
MaxResults=123
)
The token that is required for pagination. On your first call to the DescribeStandards
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'Standards': [
{
'StandardsArn': 'string',
'Name': 'string',
'Description': 'string',
'EnabledByDefault': True|False,
'StandardsManagedBy': {
'Company': 'string',
'Product': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Standards (list) --
A list of available standards.
(dict) --
Provides information about a specific security standard.
StandardsArn (string) --
The ARN of a standard.
Name (string) --
The name of the standard.
Description (string) --
A description of the standard.
EnabledByDefault (boolean) --
Whether the standard is enabled by default. When Security Hub is enabled from the console, if a standard is enabled by default, the check box for that standard is selected by default.
When Security Hub is enabled using the EnableSecurityHub
API operation, the standard is enabled by default unless EnableDefaultStandards
is set to false
.
StandardsManagedBy (dict) --
Provides details about the management of a standard.
Company (string) --
An identifier for the company that manages a specific security standard. For existing standards, the value is equal to Amazon Web Services
.
Product (string) --
An identifier for the product that manages a specific security standard. For existing standards, the value is equal to the Amazon Web Services service that manages the standard.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
describe_standards_controls
(**kwargs)¶Returns a list of security standards controls.
For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.
See also: AWS API Documentation
Request Syntax
response = client.describe_standards_controls(
StandardsSubscriptionArn='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The ARN of a resource that represents your subscription to a supported standard. To get the subscription ARNs of the standards you have enabled, use the GetEnabledStandards
operation.
The token that is required for pagination. On your first call to the DescribeStandardsControls
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'Controls': [
{
'StandardsControlArn': 'string',
'ControlStatus': 'ENABLED'|'DISABLED',
'DisabledReason': 'string',
'ControlStatusUpdatedAt': datetime(2015, 1, 1),
'ControlId': 'string',
'Title': 'string',
'Description': 'string',
'RemediationUrl': 'string',
'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'RelatedRequirements': [
'string',
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Controls (list) --
A list of security standards controls.
(dict) --
Details for an individual security standard control.
StandardsControlArn (string) --
The ARN of the security standard control.
ControlStatus (string) --
The current status of the security standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
DisabledReason (string) --
The reason provided for the most recent change in status for the control.
ControlStatusUpdatedAt (datetime) --
The date and time that the status of the security standard control was most recently updated.
ControlId (string) --
The identifier of the security standard control.
Title (string) --
The title of the security standard control.
Description (string) --
The longer description of the security standard control. Provides information about what the control is checking for.
RemediationUrl (string) --
A link to remediation information for the control in the Security Hub user documentation.
SeverityRating (string) --
The severity of findings generated from this security standard control.
The finding severity is based on an assessment of how easy it would be to compromise Amazon Web Services resources if the issue is detected.
RelatedRequirements (list) --
The list of requirements that are related to this control.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
disable_import_findings_for_product
(**kwargs)¶Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.
See also: AWS API Documentation
Request Syntax
response = client.disable_import_findings_for_product(
ProductSubscriptionArn='string'
)
[REQUIRED]
The ARN of the integrated product to disable the integration for.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
disable_organization_admin_account
(**kwargs)¶Disables a Security Hub administrator account. Can only be called by the organization management account.
See also: AWS API Documentation
Request Syntax
response = client.disable_organization_admin_account(
AdminAccountId='string'
)
[REQUIRED]
The Amazon Web Services account identifier of the Security Hub administrator account.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
disable_security_hub
()¶Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.
When you disable Security Hub for an administrator account, it doesn't disable Security Hub for any associated member accounts.
When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your administrator and member account associations are removed.
If you want to save your existing findings, you must export them before you disable Security Hub.
See also: AWS API Documentation
Request Syntax
response = client.disable_security_hub()
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
disassociate_from_administrator_account
()¶Disassociates the current Security Hub member account from the associated administrator account.
This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_from_administrator_account()
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
disassociate_from_master_account
()¶This method is deprecated. Instead, use DisassociateFromAdministratorAccount
.
The Security Hub console continues to use DisassociateFromMasterAccount
. It will eventually change to use DisassociateFromAdministratorAccount
. Any IAM policies that specifically control access to this function must continue to use DisassociateFromMasterAccount
. You should also add DisassociateFromAdministratorAccount
to your policies to ensure that the correct permissions are in place after the console begins to use DisassociateFromAdministratorAccount
.
Disassociates the current Security Hub member account from the associated administrator account.
This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_from_master_account()
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
disassociate_members
(**kwargs)¶Disassociates the specified member accounts from the associated administrator account.
Can be used to disassociate both accounts that are managed using Organizations and accounts that were invited manually.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_members(
AccountIds=[
'string',
]
)
[REQUIRED]
The account IDs of the member accounts to disassociate from the administrator account.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
enable_import_findings_for_product
(**kwargs)¶Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.
When you enable a product integration, a permissions policy that grants permission for the product to send findings to Security Hub is applied.
See also: AWS API Documentation
Request Syntax
response = client.enable_import_findings_for_product(
ProductArn='string'
)
[REQUIRED]
The ARN of the product to enable the integration for.
{
'ProductSubscriptionArn': 'string'
}
Response Structure
The ARN of your subscription to the product to enable integrations for.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceConflictException
SecurityHub.Client.exceptions.LimitExceededException
enable_organization_admin_account
(**kwargs)¶Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.
See also: AWS API Documentation
Request Syntax
response = client.enable_organization_admin_account(
AdminAccountId='string'
)
[REQUIRED]
The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
enable_security_hub
(**kwargs)¶Enables Security Hub for your account in the current Region or the Region you specify in the request.
When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from other services that are integrated with Security Hub.
When you use the EnableSecurityHub
operation to enable Security Hub, you also automatically enable the following standards:
Other standards are not automatically enabled.
To opt out of automatically enabled standards, set EnableDefaultStandards
to false
.
After you enable Security Hub, to enable a standard, use the BatchEnableStandards
operation. To disable a standard, use the BatchDisableStandards
operation.
To learn more, see the setup information in the Security Hub User Guide .
See also: AWS API Documentation
Request Syntax
response = client.enable_security_hub(
Tags={
'string': 'string'
},
EnableDefaultStandards=True|False
)
The tags to add to the hub resource when you enable Security Hub.
EnableDefaultStandards
, it is set to true
. To not enable the automatically enabled standards, set EnableDefaultStandards
to false
.dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceConflictException
SecurityHub.Client.exceptions.AccessDeniedException
get_administrator_account
()¶Provides the details for the Security Hub administrator account for the current member account.
Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.
See also: AWS API Documentation
Request Syntax
response = client.get_administrator_account()
{
'Administrator': {
'AccountId': 'string',
'InvitationId': 'string',
'InvitedAt': datetime(2015, 1, 1),
'MemberStatus': 'string'
}
}
Response Structure
Details about an invitation.
The account ID of the Security Hub administrator account that the invitation was sent from.
The ID of the invitation sent to the member account.
The timestamp of when the invitation was sent.
The current status of the association between the member and administrator accounts.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
get_enabled_standards
(**kwargs)¶Returns a list of the standards that are currently enabled.
See also: AWS API Documentation
Request Syntax
response = client.get_enabled_standards(
StandardsSubscriptionArns=[
'string',
],
NextToken='string',
MaxResults=123
)
The list of the standards subscription ARNs for the standards to retrieve.
The token that is required for pagination. On your first call to the GetEnabledStandards
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'StandardsSubscriptions': [
{
'StandardsSubscriptionArn': 'string',
'StandardsArn': 'string',
'StandardsInput': {
'string': 'string'
},
'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
'StandardsStatusReason': {
'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
StandardsSubscriptions (list) --
The list of StandardsSubscriptions
objects that include information about the enabled standards.
(dict) --
A resource that represents your subscription to a supported standard.
StandardsSubscriptionArn (string) --
The ARN of a resource that represents your subscription to a supported standard.
StandardsArn (string) --
The ARN of a standard.
StandardsInput (dict) --
A key-value pair of input for the standard.
StandardsStatus (string) --
The status of the standard subscription.
The status values are as follows:
PENDING
- Standard is in the process of being enabled.READY
- Standard is enabled.INCOMPLETE
- Standard could not be enabled completely. Some controls may not be available.DELETING
- Standard is in the process of being disabled.FAILED
- Standard could not be disabled.StandardsStatusReason (dict) --
The reason for the current status.
StatusReasonCode (string) --
The reason code that represents the reason for the current status of a standard subscription.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
get_finding_aggregator
(**kwargs)¶Returns the current finding aggregation configuration.
See also: AWS API Documentation
Request Syntax
response = client.get_finding_aggregator(
FindingAggregatorArn='string'
)
[REQUIRED]
The ARN of the finding aggregator to return details for. To obtain the ARN, use ListFindingAggregators
.
{
'FindingAggregatorArn': 'string',
'FindingAggregationRegion': 'string',
'RegionLinkingMode': 'string',
'Regions': [
'string',
]
}
Response Structure
The ARN of the finding aggregator.
The aggregation Region.
Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.
The list of excluded Regions or included Regions.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.AccessDeniedException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
get_findings
(**kwargs)¶Returns a list of findings that match the specified criteria.
If finding aggregation is enabled, then when you call GetFindings
from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.
See also: AWS API Documentation
Request Syntax
response = client.get_findings(
Filters={
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
SortCriteria=[
{
'Field': 'string',
'SortOrder': 'asc'|'desc'
},
],
NextToken='string',
MaxResults=123
)
Parameters
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Response Syntax
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Response Structure
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
get_insight_results
(**kwargs)¶Lists the results of the Security Hub insight specified by the insight ARN.
See also: AWS API Documentation
Request Syntax
response = client.get_insight_results(
InsightArn='string'
)
[REQUIRED]
The ARN of the insight for which to return results.
{
'InsightResults': {
'InsightArn': 'string',
'GroupByAttribute': 'string',
'ResultValues': [
{
'GroupByAttributeValue': 'string',
'Count': 123
},
]
}
}
Response Structure
The insight results returned by the operation.
The ARN of the insight whose results are returned by the GetInsightResults
operation.
The attribute that the findings are grouped by for the insight whose results are returned by the GetInsightResults
operation.
The list of insight result values returned by the GetInsightResults
operation.
The insight result values returned by the GetInsightResults
operation.
The value of the attribute that the findings are grouped by for the insight whose results are returned by the GetInsightResults
operation.
The number of findings returned for each GroupByAttributeValue
.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
get_insights
(**kwargs)¶Lists and describes insights for the specified insight ARNs.
See also: AWS API Documentation
Request Syntax
response = client.get_insights(
InsightArns=[
'string',
],
NextToken='string',
MaxResults=123
)
The ARNs of the insights to describe. If you do not provide any insight ARNs, then GetInsights
returns all of your custom insights. It does not return any managed insights.
The token that is required for pagination. On your first call to the GetInsights
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'Insights': [
{
'InsightArn': 'string',
'Name': 'string',
'Filters': {
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
'GroupByAttribute': 'string'
},
],
'NextToken': 'string'
}
Response Structure
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
get_invitations_count
()¶Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
See also: AWS API Documentation
Request Syntax
response = client.get_invitations_count()
{
'InvitationsCount': 123
}
Response Structure
The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
get_master_account
()¶This method is deprecated. Instead, use GetAdministratorAccount
.
The Security Hub console continues to use GetMasterAccount
. It will eventually change to use GetAdministratorAccount
. Any IAM policies that specifically control access to this function must continue to use GetMasterAccount
. You should also add GetAdministratorAccount
to your policies to ensure that the correct permissions are in place after the console begins to use GetAdministratorAccount
.
Provides the details for the Security Hub administrator account for the current member account.
Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.
Danger
This operation is deprecated and may not function as expected. This operation should not be used going forward and is only kept for the purpose of backwards compatiblity.
See also: AWS API Documentation
Request Syntax
response = client.get_master_account()
{
'Master': {
'AccountId': 'string',
'InvitationId': 'string',
'InvitedAt': datetime(2015, 1, 1),
'MemberStatus': 'string'
}
}
Response Structure
A list of details about the Security Hub administrator account for the current member account.
The account ID of the Security Hub administrator account that the invitation was sent from.
The ID of the invitation sent to the member account.
The timestamp of when the invitation was sent.
The current status of the association between the member and administrator accounts.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
get_members
(**kwargs)¶Returns the details for the Security Hub member accounts for the specified account IDs.
An administrator account can be either the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually.
The results include both member accounts that are managed using Organizations and accounts that were invited manually.
See also: AWS API Documentation
Request Syntax
response = client.get_members(
AccountIds=[
'string',
]
)
[REQUIRED]
The list of account IDs for the Security Hub member accounts to return the details for.
{
'Members': [
{
'AccountId': 'string',
'Email': 'string',
'MasterId': 'string',
'AdministratorId': 'string',
'MemberStatus': 'string',
'InvitedAt': datetime(2015, 1, 1),
'UpdatedAt': datetime(2015, 1, 1)
},
],
'UnprocessedAccounts': [
{
'AccountId': 'string',
'ProcessingResult': 'string'
},
]
}
Response Structure
The list of details about the Security Hub member accounts.
The details about a member account.
The Amazon Web Services account ID of the member account.
The email address of the member account.
This is replaced by AdministratorID
.
The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.
The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.
The status of the relationship between the member account and its administrator account.
The status can have one of the following values:
Created
- Indicates that the administrator account added the member account, but has not yet invited the member account.Invited
- Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.Enabled
- Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.Removed
- Indicates that the administrator account disassociated the member account.Resigned
- Indicates that the member account disassociated themselves from the administrator account.Deleted
- Indicates that the administrator account deleted the member account.AccountSuspended
- Indicates that an organization account was suspended from Amazon Web Services at the same time that the administrator account tried to enable the organization account as a member account.A timestamp for the date and time when the invitation was sent to the member account.
The timestamp for the date and time when the member account was updated.
The list of Amazon Web Services accounts that could not be processed. For each account, the list includes the account ID and the email address.
Details about the account that was not processed.
An Amazon Web Services account ID of the account that was not processed.
The reason that the account was not processed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
get_paginator
(operation_name)¶Create a paginator for an operation.
create_foo
, and you'd normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.client.can_paginate
method to
check if an operation is pageable.get_waiter
(waiter_name)¶Returns an object that can wait for some condition.
invite_members
(**kwargs)¶Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.
This operation is only used to invite accounts that do not belong to an organization. Organization accounts do not receive invitations.
Before you can use this action to invite a member, you must first use the CreateMembers
action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated from the member account.
See also: AWS API Documentation
Request Syntax
response = client.invite_members(
AccountIds=[
'string',
]
)
[REQUIRED]
The list of account IDs of the Amazon Web Services accounts to invite to Security Hub as members.
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'ProcessingResult': 'string'
},
]
}
Response Structure
The list of Amazon Web Services accounts that could not be processed. For each account, the list includes the account ID and the email address.
Details about the account that was not processed.
An Amazon Web Services account ID of the account that was not processed.
The reason that the account was not processed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
list_enabled_products_for_import
(**kwargs)¶Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.
See also: AWS API Documentation
Request Syntax
response = client.list_enabled_products_for_import(
NextToken='string',
MaxResults=123
)
The token that is required for pagination. On your first call to the ListEnabledProductsForImport
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'ProductSubscriptions': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
ProductSubscriptions (list) --
The list of ARNs for the resources that represent your subscriptions to products.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
list_finding_aggregators
(**kwargs)¶If finding aggregation is enabled, then ListFindingAggregators
returns the ARN of the finding aggregator. You can run this operation from any Region.
See also: AWS API Documentation
Request Syntax
response = client.list_finding_aggregators(
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'FindingAggregators': [
{
'FindingAggregatorArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
FindingAggregators (list) --
The list of finding aggregators. This operation currently only returns a single result.
(dict) --
A finding aggregator. A finding aggregator contains the configuration for finding aggregation.
FindingAggregatorArn (string) --
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.
NextToken (string) --
If there are more results, this is the token to provide in the next call to ListFindingAggregators
.
This operation currently only returns a single result.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.AccessDeniedException
SecurityHub.Client.exceptions.InvalidInputException
list_invitations
(**kwargs)¶Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account.
This operation is only used by accounts that are managed by invitation. Accounts that are managed using the integration with Organizations do not receive invitations.
See also: AWS API Documentation
Request Syntax
response = client.list_invitations(
MaxResults=123,
NextToken='string'
)
The token that is required for pagination. On your first call to the ListInvitations
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'Invitations': [
{
'AccountId': 'string',
'InvitationId': 'string',
'InvitedAt': datetime(2015, 1, 1),
'MemberStatus': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Invitations (list) --
The details of the invitations returned by the operation.
(dict) --
Details about an invitation.
AccountId (string) --
The account ID of the Security Hub administrator account that the invitation was sent from.
InvitationId (string) --
The ID of the invitation sent to the member account.
InvitedAt (datetime) --
The timestamp of when the invitation was sent.
MemberStatus (string) --
The current status of the association between the member and administrator accounts.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
list_members
(**kwargs)¶Lists details about all member accounts for the current Security Hub administrator account.
The results include both member accounts that belong to an organization and member accounts that were invited manually.
See also: AWS API Documentation
Request Syntax
response = client.list_members(
OnlyAssociated=True|False,
MaxResults=123,
NextToken='string'
)
Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE
.
If OnlyAssociated
is set to TRUE
, the response includes member accounts whose relationship status with the administrator account is set to ENABLED
.
If OnlyAssociated
is set to FALSE
, the response includes all existing member accounts.
The token that is required for pagination. On your first call to the ListMembers
operation, set the value of this parameter to NULL
.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
dict
Response Syntax
{
'Members': [
{
'AccountId': 'string',
'Email': 'string',
'MasterId': 'string',
'AdministratorId': 'string',
'MemberStatus': 'string',
'InvitedAt': datetime(2015, 1, 1),
'UpdatedAt': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Members (list) --
Member details returned by the operation.
(dict) --
The details about a member account.
AccountId (string) --
The Amazon Web Services account ID of the member account.
Email (string) --
The email address of the member account.
MasterId (string) --
This is replaced by AdministratorID
.
The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.
AdministratorId (string) --
The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.
MemberStatus (string) --
The status of the relationship between the member account and its administrator account.
The status can have one of the following values:
Created
- Indicates that the administrator account added the member account, but has not yet invited the member account.Invited
- Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.Enabled
- Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.Removed
- Indicates that the administrator account disassociated the member account.Resigned
- Indicates that the member account disassociated themselves from the administrator account.Deleted
- Indicates that the administrator account deleted the member account.AccountSuspended
- Indicates that an organization account was suspended from Amazon Web Services at the same time that the administrator account tried to enable the organization account as a member account.InvitedAt (datetime) --
A timestamp for the date and time when the invitation was sent to the member account.
UpdatedAt (datetime) --
The timestamp for the date and time when the member account was updated.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
list_organization_admin_accounts
(**kwargs)¶Lists the Security Hub administrator accounts. Can only be called by the organization management account.
See also: AWS API Documentation
Request Syntax
response = client.list_organization_admin_accounts(
MaxResults=123,
NextToken='string'
)
ListOrganizationAdminAccounts
operation, set the value of this parameter to NULL
. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.dict
Response Syntax
{
'AdminAccounts': [
{
'AccountId': 'string',
'Status': 'ENABLED'|'DISABLE_IN_PROGRESS'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AdminAccounts (list) --
The list of Security Hub administrator accounts.
(dict) --
Represents a Security Hub administrator account designated by an organization management account.
AccountId (string) --
The Amazon Web Services account identifier of the Security Hub administrator account.
Status (string) --
The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator.
NextToken (string) --
The pagination token to use to request the next page of results.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
Returns a list of tags associated with a resource.
See also: AWS API Documentation
Request Syntax
response = client.list_tags_for_resource(
ResourceArn='string'
)
[REQUIRED]
The ARN of the resource to retrieve tags for.
{
'Tags': {
'string': 'string'
}
}
Response Structure
The tags associated with a resource.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
tag_resource
(**kwargs)¶Adds one or more tags to a resource.
See also: AWS API Documentation
Request Syntax
response = client.tag_resource(
ResourceArn='string',
Tags={
'string': 'string'
}
)
[REQUIRED]
The ARN of the resource to apply the tags to.
[REQUIRED]
The tags to add to the resource. You can add up to 50 tags at a time. The tag keys can be no longer than 128 characters. The tag values can be no longer than 256 characters.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
untag_resource
(**kwargs)¶Removes one or more tags from a resource.
See also: AWS API Documentation
Request Syntax
response = client.untag_resource(
ResourceArn='string',
TagKeys=[
'string',
]
)
[REQUIRED]
The ARN of the resource to remove the tags from.
[REQUIRED]
The tag keys associated with the tags to remove from the resource. You can remove up to 50 tags at a time.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
update_action_target
(**kwargs)¶Updates the name and description of a custom action target in Security Hub.
See also: AWS API Documentation
Request Syntax
response = client.update_action_target(
ActionTargetArn='string',
Name='string',
Description='string'
)
[REQUIRED]
The ARN of the custom action target to update.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
update_finding_aggregator
(**kwargs)¶Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or excluded Regions. You cannot use UpdateFindingAggregator
to change the aggregation Region.
You must run UpdateFindingAggregator
from the current aggregation Region.
See also: AWS API Documentation
Request Syntax
response = client.update_finding_aggregator(
FindingAggregatorArn='string',
RegionLinkingMode='string',
Regions=[
'string',
]
)
[REQUIRED]
The ARN of the finding aggregator. To obtain the ARN, use ListFindingAggregators
.
[REQUIRED]
Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
The selected option also determines how to use the Regions provided in the Regions list.
The options are as follows:
ALL_REGIONS
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.ALL_REGIONS_EXCEPT_SPECIFIED
- Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions
parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.SPECIFIED_REGIONS
- Indicates to aggregate findings only from the Regions listed in the Regions
parameter. Security Hub does not automatically aggregate findings from new Regions.If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
dict
Response Syntax
{
'FindingAggregatorArn': 'string',
'FindingAggregationRegion': 'string',
'RegionLinkingMode': 'string',
'Regions': [
'string',
]
}
Response Structure
(dict) --
FindingAggregatorArn (string) --
The ARN of the finding aggregator.
FindingAggregationRegion (string) --
The aggregation Region.
RegionLinkingMode (string) --
Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.
Regions (list) --
The list of excluded Regions or included Regions.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.AccessDeniedException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.ResourceNotFoundException
update_findings
(**kwargs)¶UpdateFindings
is deprecated. Instead ofUpdateFindings
, useBatchUpdateFindings
.
Updates the Note
and RecordState
of the Security Hub-aggregated findings that the filter attributes specify. Any member account that can view the finding also sees the update to the finding.
See also: AWS API Documentation
Request Syntax
response = client.update_findings(
Filters={
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
Note={
'Text': 'string',
'UpdatedBy': 'string'
},
RecordState='ACTIVE'|'ARCHIVED'
)
Parameters
# This section is too large to render.
# Please see the AWS API Documentation linked below.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
update_insight
(**kwargs)¶Updates the Security Hub insight identified by the specified insight ARN.
See also: AWS API Documentation
Request Syntax
response = client.update_insight(
InsightArn='string',
Name='string',
Filters={
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
GroupByAttribute='string'
)
Parameters
# This section is too large to render.
# Please see the AWS API Documentation linked below.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
update_organization_configuration
(**kwargs)¶Used to update the configuration related to Organizations. Can only be called from a Security Hub administrator account.
See also: AWS API Documentation
Request Syntax
response = client.update_organization_configuration(
AutoEnable=True|False,
AutoEnableStandards='NONE'|'DEFAULT'
)
[REQUIRED]
Whether to automatically enable Security Hub for new accounts in the organization.
By default, this is false
, and new accounts are not added automatically.
To automatically enable Security Hub for new accounts, set this to true
.
Whether to automatically enable Security Hub default standards for new member accounts in the organization.
By default, this parameter is equal to DEFAULT
, and new member accounts are automatically enabled with default Security Hub standards.
To opt out of enabling default standards for new member accounts, set this parameter equal to NONE
.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
update_security_hub_configuration
(**kwargs)¶Updates configuration options for Security Hub.
See also: AWS API Documentation
Request Syntax
response = client.update_security_hub_configuration(
AutoEnableControls=True|False
)
Whether to automatically enable new controls when they are added to standards that are enabled.
By default, this is set to true
, and new controls are enabled automatically. To not automatically enable new controls, set this to false
.
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException
update_standards_control
(**kwargs)¶Used to control whether an individual security standard control is enabled or disabled.
See also: AWS API Documentation
Request Syntax
response = client.update_standards_control(
StandardsControlArn='string',
ControlStatus='ENABLED'|'DISABLED',
DisabledReason='string'
)
[REQUIRED]
The ARN of the security standard control to enable or disable.
dict
Response Syntax
{}
Response Structure
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.ResourceNotFoundException
The available paginators are:
SecurityHub.Paginator.DescribeActionTargets
SecurityHub.Paginator.DescribeProducts
SecurityHub.Paginator.DescribeStandards
SecurityHub.Paginator.DescribeStandardsControls
SecurityHub.Paginator.GetEnabledStandards
SecurityHub.Paginator.GetFindings
SecurityHub.Paginator.GetInsights
SecurityHub.Paginator.ListEnabledProductsForImport
SecurityHub.Paginator.ListFindingAggregators
SecurityHub.Paginator.ListInvitations
SecurityHub.Paginator.ListMembers
SecurityHub.Paginator.ListOrganizationAdminAccounts
SecurityHub.Paginator.
DescribeActionTargets
¶paginator = client.get_paginator('describe_action_targets')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.describe_action_targets()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ActionTargetArns=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A list of custom action target ARNs for the custom action targets to retrieve.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'ActionTargets': [
{
'ActionTargetArn': 'string',
'Name': 'string',
'Description': 'string'
},
],
}
Response Structure
(dict) --
ActionTargets (list) --
A list of ActionTarget
objects. Each object includes the ActionTargetArn
, Description
, and Name
of a custom action target available in Security Hub.
(dict) --
An ActionTarget
object.
ActionTargetArn (string) --
The ARN for the target action.
Name (string) --
The name of the action target.
Description (string) --
The description of the target action.
SecurityHub.Paginator.
DescribeProducts
¶paginator = client.get_paginator('describe_products')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.describe_products()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
ProductArn='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'Products': [
{
'ProductArn': 'string',
'ProductName': 'string',
'CompanyName': 'string',
'Description': 'string',
'Categories': [
'string',
],
'IntegrationTypes': [
'SEND_FINDINGS_TO_SECURITY_HUB'|'RECEIVE_FINDINGS_FROM_SECURITY_HUB'|'UPDATE_FINDINGS_IN_SECURITY_HUB',
],
'MarketplaceUrl': 'string',
'ActivationUrl': 'string',
'ProductSubscriptionResourcePolicy': 'string'
},
],
}
Response Structure
(dict) --
Products (list) --
A list of products, including details for each product.
(dict) --
Contains details about a product.
ProductArn (string) --
The ARN assigned to the product.
ProductName (string) --
The name of the product.
CompanyName (string) --
The name of the company that provides the product.
Description (string) --
A description of the product.
Categories (list) --
The categories assigned to the product.
IntegrationTypes (list) --
The types of integration that the product supports. Available values are the following.
SEND_FINDINGS_TO_SECURITY_HUB
- The integration sends findings to Security Hub.RECEIVE_FINDINGS_FROM_SECURITY_HUB
- The integration receives findings from Security Hub.UPDATE_FINDINGS_IN_SECURITY_HUB
- The integration does not send new findings to Security Hub, but does make updates to the findings that it receives from Security Hub.MarketplaceUrl (string) --
For integrations with Amazon Web Services services, the Amazon Web Services Console URL from which to activate the service.
For integrations with third-party products, the Amazon Web Services Marketplace URL from which to subscribe to or purchase the product.
ActivationUrl (string) --
The URL to the service or product documentation about the integration with Security Hub, including how to activate the integration.
ProductSubscriptionResourcePolicy (string) --
The resource policy associated with the product.
SecurityHub.Paginator.
DescribeStandards
¶paginator = client.get_paginator('describe_standards')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.describe_standards()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
{
'Standards': [
{
'StandardsArn': 'string',
'Name': 'string',
'Description': 'string',
'EnabledByDefault': True|False,
'StandardsManagedBy': {
'Company': 'string',
'Product': 'string'
}
},
],
}
Response Structure
A list of available standards.
Provides information about a specific security standard.
The ARN of a standard.
The name of the standard.
A description of the standard.
Whether the standard is enabled by default. When Security Hub is enabled from the console, if a standard is enabled by default, the check box for that standard is selected by default.
When Security Hub is enabled using the EnableSecurityHub
API operation, the standard is enabled by default unless EnableDefaultStandards
is set to false
.
Provides details about the management of a standard.
An identifier for the company that manages a specific security standard. For existing standards, the value is equal to Amazon Web Services
.
An identifier for the product that manages a specific security standard. For existing standards, the value is equal to the Amazon Web Services service that manages the standard.
SecurityHub.Paginator.
DescribeStandardsControls
¶paginator = client.get_paginator('describe_standards_controls')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.describe_standards_controls()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
StandardsSubscriptionArn='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ARN of a resource that represents your subscription to a supported standard. To get the subscription ARNs of the standards you have enabled, use the GetEnabledStandards
operation.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'Controls': [
{
'StandardsControlArn': 'string',
'ControlStatus': 'ENABLED'|'DISABLED',
'DisabledReason': 'string',
'ControlStatusUpdatedAt': datetime(2015, 1, 1),
'ControlId': 'string',
'Title': 'string',
'Description': 'string',
'RemediationUrl': 'string',
'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'RelatedRequirements': [
'string',
]
},
],
}
Response Structure
(dict) --
Controls (list) --
A list of security standards controls.
(dict) --
Details for an individual security standard control.
StandardsControlArn (string) --
The ARN of the security standard control.
ControlStatus (string) --
The current status of the security standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
DisabledReason (string) --
The reason provided for the most recent change in status for the control.
ControlStatusUpdatedAt (datetime) --
The date and time that the status of the security standard control was most recently updated.
ControlId (string) --
The identifier of the security standard control.
Title (string) --
The title of the security standard control.
Description (string) --
The longer description of the security standard control. Provides information about what the control is checking for.
RemediationUrl (string) --
A link to remediation information for the control in the Security Hub user documentation.
SeverityRating (string) --
The severity of findings generated from this security standard control.
The finding severity is based on an assessment of how easy it would be to compromise Amazon Web Services resources if the issue is detected.
RelatedRequirements (list) --
The list of requirements that are related to this control.
SecurityHub.Paginator.
GetEnabledStandards
¶paginator = client.get_paginator('get_enabled_standards')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.get_enabled_standards()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
StandardsSubscriptionArns=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The list of the standards subscription ARNs for the standards to retrieve.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'StandardsSubscriptions': [
{
'StandardsSubscriptionArn': 'string',
'StandardsArn': 'string',
'StandardsInput': {
'string': 'string'
},
'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
'StandardsStatusReason': {
'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
}
},
],
}
Response Structure
(dict) --
StandardsSubscriptions (list) --
The list of StandardsSubscriptions
objects that include information about the enabled standards.
(dict) --
A resource that represents your subscription to a supported standard.
StandardsSubscriptionArn (string) --
The ARN of a resource that represents your subscription to a supported standard.
StandardsArn (string) --
The ARN of a standard.
StandardsInput (dict) --
A key-value pair of input for the standard.
StandardsStatus (string) --
The status of the standard subscription.
The status values are as follows:
PENDING
- Standard is in the process of being enabled.READY
- Standard is enabled.INCOMPLETE
- Standard could not be enabled completely. Some controls may not be available.DELETING
- Standard is in the process of being disabled.FAILED
- Standard could not be disabled.StandardsStatusReason (dict) --
The reason for the current status.
StatusReasonCode (string) --
The reason code that represents the reason for the current status of a standard subscription.
SecurityHub.Paginator.
GetFindings
¶paginator = client.get_paginator('get_findings')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.get_findings()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters={
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
SortCriteria=[
{
'Field': 'string',
'SortOrder': 'asc'|'desc'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Response Syntax
# This section is too large to render.
# Please see the AWS API Documentation linked below.
Response Structure
# This section is too large to render.
# Please see the AWS API Documentation linked below.
SecurityHub.Paginator.
GetInsights
¶paginator = client.get_paginator('get_insights')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.get_insights()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
InsightArns=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The ARNs of the insights to describe. If you do not provide any insight ARNs, then GetInsights
returns all of your custom insights. It does not return any managed insights.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'Insights': [
{
'InsightArn': 'string',
'Name': 'string',
'Filters': {
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Region': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyPrincipalName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsIamUserUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
],
'FindingProviderFieldsConfidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsCriticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'FindingProviderFieldsRelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsRelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsSeverityOriginal': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FindingProviderFieldsTypes': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Sample': [
{
'Value': True|False
},
],
'ComplianceSecurityControlId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ComplianceAssociatedStandardsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
]
},
'GroupByAttribute': 'string'
},
],
}
Response Structure
# This section is too large to render.
# Please see the AWS API Documentation linked below.
SecurityHub.Paginator.
ListEnabledProductsForImport
¶paginator = client.get_paginator('list_enabled_products_for_import')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.list_enabled_products_for_import()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
{
'ProductSubscriptions': [
'string',
],
}
Response Structure
The list of ARNs for the resources that represent your subscriptions to products.
SecurityHub.Paginator.
ListFindingAggregators
¶paginator = client.get_paginator('list_finding_aggregators')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.list_finding_aggregators()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
{
'FindingAggregators': [
{
'FindingAggregatorArn': 'string'
},
],
}
Response Structure
The list of finding aggregators. This operation currently only returns a single result.
A finding aggregator. A finding aggregator contains the configuration for finding aggregation.
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.
SecurityHub.Paginator.
ListInvitations
¶paginator = client.get_paginator('list_invitations')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.list_invitations()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
{
'Invitations': [
{
'AccountId': 'string',
'InvitationId': 'string',
'InvitedAt': datetime(2015, 1, 1),
'MemberStatus': 'string'
},
],
}
Response Structure
The details of the invitations returned by the operation.
Details about an invitation.
The account ID of the Security Hub administrator account that the invitation was sent from.
The ID of the invitation sent to the member account.
The timestamp of when the invitation was sent.
The current status of the association between the member and administrator accounts.
SecurityHub.Paginator.
ListMembers
¶paginator = client.get_paginator('list_members')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.list_members()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
OnlyAssociated=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE
.
If OnlyAssociated
is set to TRUE
, the response includes member accounts whose relationship status with the administrator account is set to ENABLED
.
If OnlyAssociated
is set to FALSE
, the response includes all existing member accounts.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'Members': [
{
'AccountId': 'string',
'Email': 'string',
'MasterId': 'string',
'AdministratorId': 'string',
'MemberStatus': 'string',
'InvitedAt': datetime(2015, 1, 1),
'UpdatedAt': datetime(2015, 1, 1)
},
],
}
Response Structure
(dict) --
Members (list) --
Member details returned by the operation.
(dict) --
The details about a member account.
AccountId (string) --
The Amazon Web Services account ID of the member account.
Email (string) --
The email address of the member account.
MasterId (string) --
This is replaced by AdministratorID
.
The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.
AdministratorId (string) --
The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.
MemberStatus (string) --
The status of the relationship between the member account and its administrator account.
The status can have one of the following values:
Created
- Indicates that the administrator account added the member account, but has not yet invited the member account.Invited
- Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.Enabled
- Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.Removed
- Indicates that the administrator account disassociated the member account.Resigned
- Indicates that the member account disassociated themselves from the administrator account.Deleted
- Indicates that the administrator account deleted the member account.AccountSuspended
- Indicates that an organization account was suspended from Amazon Web Services at the same time that the administrator account tried to enable the organization account as a member account.InvitedAt (datetime) --
A timestamp for the date and time when the invitation was sent to the member account.
UpdatedAt (datetime) --
The timestamp for the date and time when the member account was updated.
SecurityHub.Paginator.
ListOrganizationAdminAccounts
¶paginator = client.get_paginator('list_organization_admin_accounts')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from SecurityHub.Client.list_organization_admin_accounts()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
{
'AdminAccounts': [
{
'AccountId': 'string',
'Status': 'ENABLED'|'DISABLE_IN_PROGRESS'
},
],
}
Response Structure
The list of Security Hub administrator accounts.
Represents a Security Hub administrator account designated by an organization management account.
The Amazon Web Services account identifier of the Security Hub administrator account.
The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator.