SecurityHub / Client / get_security_control_definition

get_security_control_definition#

SecurityHub.Client.get_security_control_definition(**kwargs)#

Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

See also: AWS API Documentation

Request Syntax

response = client.get_security_control_definition(
    SecurityControlId='string'
)
Parameters:

SecurityControlId (string) –

[REQUIRED]

The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).

Return type:

dict

Returns:

Response Syntax

{
    'SecurityControlDefinition': {
        'SecurityControlId': 'string',
        'Title': 'string',
        'Description': 'string',
        'RemediationUrl': 'string',
        'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
        'CurrentRegionAvailability': 'AVAILABLE'|'UNAVAILABLE',
        'CustomizableProperties': [
            'Parameters',
        ],
        'ParameterDefinitions': {
            'string': {
                'Description': 'string',
                'ConfigurationOptions': {
                    'Integer': {
                        'DefaultValue': 123,
                        'Min': 123,
                        'Max': 123
                    },
                    'IntegerList': {
                        'DefaultValue': [
                            123,
                        ],
                        'Min': 123,
                        'Max': 123,
                        'MaxItems': 123
                    },
                    'Double': {
                        'DefaultValue': 123.0,
                        'Min': 123.0,
                        'Max': 123.0
                    },
                    'String': {
                        'DefaultValue': 'string',
                        'Re2Expression': 'string',
                        'ExpressionDescription': 'string'
                    },
                    'StringList': {
                        'DefaultValue': [
                            'string',
                        ],
                        'Re2Expression': 'string',
                        'MaxItems': 123,
                        'ExpressionDescription': 'string'
                    },
                    'Boolean': {
                        'DefaultValue': True|False
                    },
                    'Enum': {
                        'DefaultValue': 'string',
                        'AllowedValues': [
                            'string',
                        ]
                    },
                    'EnumList': {
                        'DefaultValue': [
                            'string',
                        ],
                        'MaxItems': 123,
                        'AllowedValues': [
                            'string',
                        ]
                    }
                }
            }
        }
    }
}

Response Structure

  • (dict) –

    • SecurityControlDefinition (dict) –

      Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.

      • SecurityControlId (string) –

        The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

      • Title (string) –

        The title of a security control.

      • Description (string) –

        The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn’t reference a specific standard.

      • RemediationUrl (string) –

        A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

      • SeverityRating (string) –

        The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.

      • CurrentRegionAvailability (string) –

        Specifies whether a security control is available in the current Amazon Web Services Region.

      • CustomizableProperties (list) –

        Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties.

        • (string) –

      • ParameterDefinitions (dict) –

        An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn’t support custom parameters.

        • (string) –

          • (dict) –

            An object that describes a security control parameter and the options for customizing it.

            • Description (string) –

              Description of a control parameter.

            • ConfigurationOptions (dict) –

              The options for customizing a control parameter. Customization options vary based on the data type of the parameter.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: Integer, IntegerList, Double, String, StringList, Boolean, Enum, EnumList. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              
              • Integer (dict) –

                The options for customizing a security control parameter that is an integer.

                • DefaultValue (integer) –

                  The Security Hub default value for a control parameter that is an integer.

                • Min (integer) –

                  The minimum valid value for a control parameter that is an integer.

                • Max (integer) –

                  The maximum valid value for a control parameter that is an integer.

              • IntegerList (dict) –

                The options for customizing a security control parameter that is a list of integers.

                • DefaultValue (list) –

                  The Security Hub default value for a control parameter that is a list of integers.

                  • (integer) –

                • Min (integer) –

                  The minimum valid value for a control parameter that is a list of integers.

                • Max (integer) –

                  The maximum valid value for a control parameter that is a list of integers.

                • MaxItems (integer) –

                  The maximum number of list items that an interger list control parameter can accept.

              • Double (dict) –

                The options for customizing a security control parameter that is a double.

                • DefaultValue (float) –

                  The Security Hub default value for a control parameter that is a double.

                • Min (float) –

                  The minimum valid value for a control parameter that is a double.

                • Max (float) –

                  The maximum valid value for a control parameter that is a double.

              • String (dict) –

                The options for customizing a security control parameter that is a string data type.

                • DefaultValue (string) –

                  The Security Hub default value for a control parameter that is a string.

                • Re2Expression (string) –

                  An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string.

                • ExpressionDescription (string) –

                  The description of the RE2 regular expression.

              • StringList (dict) –

                The options for customizing a security control parameter that is a list of strings.

                • DefaultValue (list) –

                  The Security Hub default value for a control parameter that is a list of strings.

                  • (string) –

                • Re2Expression (string) –

                  An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control parameter.

                • MaxItems (integer) –

                  The maximum number of list items that a string list control parameter can accept.

                • ExpressionDescription (string) –

                  The description of the RE2 regular expression.

              • Boolean (dict) –

                The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are true and false.

                • DefaultValue (boolean) –

                  The Security Hub default value for a boolean parameter.

              • Enum (dict) –

                The options for customizing a security control parameter that is an enum.

                • DefaultValue (string) –

                  The Security Hub default value for a control parameter that is an enum.

                • AllowedValues (list) –

                  The valid values for a control parameter that is an enum.

                  • (string) –

              • EnumList (dict) –

                The options for customizing a security control parameter that is a list of enums.

                • DefaultValue (list) –

                  The Security Hub default value for a control parameter that is a list of enums.

                  • (string) –

                • MaxItems (integer) –

                  The maximum number of list items that an enum list control parameter can accept.

                • AllowedValues (list) –

                  The valid values for a control parameter that is a list of enums.

                  • (string) –

Exceptions

  • SecurityHub.Client.exceptions.InternalException

  • SecurityHub.Client.exceptions.InvalidInputException

  • SecurityHub.Client.exceptions.InvalidAccessException

  • SecurityHub.Client.exceptions.LimitExceededException

  • SecurityHub.Client.exceptions.ResourceNotFoundException