SecurityHub / Client / get_security_control_definition
get_security_control_definition#
- SecurityHub.Client.get_security_control_definition(**kwargs)#
Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.
See also: AWS API Documentation
Request Syntax
response = client.get_security_control_definition( SecurityControlId='string' )
- Parameters:
SecurityControlId (string) –
[REQUIRED]
The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).
- Return type:
dict
- Returns:
Response Syntax
{ 'SecurityControlDefinition': { 'SecurityControlId': 'string', 'Title': 'string', 'Description': 'string', 'RemediationUrl': 'string', 'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL', 'CurrentRegionAvailability': 'AVAILABLE'|'UNAVAILABLE', 'CustomizableProperties': [ 'Parameters', ], 'ParameterDefinitions': { 'string': { 'Description': 'string', 'ConfigurationOptions': { 'Integer': { 'DefaultValue': 123, 'Min': 123, 'Max': 123 }, 'IntegerList': { 'DefaultValue': [ 123, ], 'Min': 123, 'Max': 123, 'MaxItems': 123 }, 'Double': { 'DefaultValue': 123.0, 'Min': 123.0, 'Max': 123.0 }, 'String': { 'DefaultValue': 'string', 'Re2Expression': 'string', 'ExpressionDescription': 'string' }, 'StringList': { 'DefaultValue': [ 'string', ], 'Re2Expression': 'string', 'MaxItems': 123, 'ExpressionDescription': 'string' }, 'Boolean': { 'DefaultValue': True|False }, 'Enum': { 'DefaultValue': 'string', 'AllowedValues': [ 'string', ] }, 'EnumList': { 'DefaultValue': [ 'string', ], 'MaxItems': 123, 'AllowedValues': [ 'string', ] } } } } } }
Response Structure
(dict) –
SecurityControlDefinition (dict) –
Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.
SecurityControlId (string) –
The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from
SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).Title (string) –
The title of a security control.
Description (string) –
The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn’t reference a specific standard.
RemediationUrl (string) –
A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
SeverityRating (string) –
The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.
CurrentRegionAvailability (string) –
Specifies whether a security control is available in the current Amazon Web Services Region.
CustomizableProperties (list) –
Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties.
(string) –
ParameterDefinitions (dict) –
An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn’t support custom parameters.
(string) –
(dict) –
An object that describes a security control parameter and the options for customizing it.
Description (string) –
Description of a control parameter.
ConfigurationOptions (dict) –
The options for customizing a control parameter. Customization options vary based on the data type of the parameter.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
Integer
,IntegerList
,Double
,String
,StringList
,Boolean
,Enum
,EnumList
. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBER
is as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
Integer (dict) –
The options for customizing a security control parameter that is an integer.
DefaultValue (integer) –
The Security Hub default value for a control parameter that is an integer.
Min (integer) –
The minimum valid value for a control parameter that is an integer.
Max (integer) –
The maximum valid value for a control parameter that is an integer.
IntegerList (dict) –
The options for customizing a security control parameter that is a list of integers.
DefaultValue (list) –
The Security Hub default value for a control parameter that is a list of integers.
(integer) –
Min (integer) –
The minimum valid value for a control parameter that is a list of integers.
Max (integer) –
The maximum valid value for a control parameter that is a list of integers.
MaxItems (integer) –
The maximum number of list items that an interger list control parameter can accept.
Double (dict) –
The options for customizing a security control parameter that is a double.
DefaultValue (float) –
The Security Hub default value for a control parameter that is a double.
Min (float) –
The minimum valid value for a control parameter that is a double.
Max (float) –
The maximum valid value for a control parameter that is a double.
String (dict) –
The options for customizing a security control parameter that is a string data type.
DefaultValue (string) –
The Security Hub default value for a control parameter that is a string.
Re2Expression (string) –
An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string.
ExpressionDescription (string) –
The description of the RE2 regular expression.
StringList (dict) –
The options for customizing a security control parameter that is a list of strings.
DefaultValue (list) –
The Security Hub default value for a control parameter that is a list of strings.
(string) –
Re2Expression (string) –
An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control parameter.
MaxItems (integer) –
The maximum number of list items that a string list control parameter can accept.
ExpressionDescription (string) –
The description of the RE2 regular expression.
Boolean (dict) –
The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are
true
andfalse
.DefaultValue (boolean) –
The Security Hub default value for a boolean parameter.
Enum (dict) –
The options for customizing a security control parameter that is an enum.
DefaultValue (string) –
The Security Hub default value for a control parameter that is an enum.
AllowedValues (list) –
The valid values for a control parameter that is an enum.
(string) –
EnumList (dict) –
The options for customizing a security control parameter that is a list of enums.
DefaultValue (list) –
The Security Hub default value for a control parameter that is a list of enums.
(string) –
MaxItems (integer) –
The maximum number of list items that an enum list control parameter can accept.
AllowedValues (list) –
The valid values for a control parameter that is a list of enums.
(string) –
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.ResourceNotFoundException