String code
String type
The instance type of the instance.
String imageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> ipV4Addresses
The IPv4 addresses associated with the instance.
List<E> ipV6Addresses
The IPv6 addresses associated with the instance.
String keyName
The key name associated with the instance.
String iamInstanceProfileArn
The IAM profile ARN of the instance.
String vpcId
The identifier of the VPC that the instance was launched in.
String subnetId
The identifier of the subnet that the instance was launched in.
String launchedAt
The date/time the instance was launched.
String schemaVersion
The schema version that a finding is formatted for.
String id
The security findings provider-specific identifier for a finding.
String productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security-findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
String generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
String awsAccountId
The AWS account ID that a finding is generated in.
List<E> types
One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
String firstObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
String lastObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
String createdAt
An ISO8601-formatted timestamp that indicates when the security-findings provider created the potential security issue that a finding captured.
String updatedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
Severity severity
A finding's severity.
Integer confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
Integer criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
String title
A finding's title.
In this release, Title is a required property.
String description
A finding's description.
In this release, Description is a required property.
Remediation remediation
A data type that describes the remediation options for a finding.
String sourceUrl
A URL that links to a page about the current finding in the security-findings provider's solution.
Map<K,V> productFields
A data type where security-findings providers can include additional solution-specific details that aren't part
of the defined AwsSecurityFinding format.
Map<K,V> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malware
A list of malware related to a finding.
Network network
The details of network-related information about a finding.
ProcessDetails process
The details of process-related information about a finding.
List<E> threatIntelIndicators
Threat intel details related to a finding.
List<E> resources
A set of resource data types that describe the resources that the finding refers to.
Compliance compliance
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
String verificationState
Indicates the veracity of a finding.
String workflowState
The workflow state of a finding.
String recordState
The record state of a finding.
List<E> relatedFindings
A list of related findings.
Note note
A user-defined note added to a finding.
List<E> productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
List<E> awsAccountId
The AWS account ID that a finding is generated in.
List<E> id
The security findings provider-specific identifier for a finding.
List<E> generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
List<E> type
A finding type in the format of namespace/category/classifier that classifies a finding.
List<E> firstObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
List<E> lastObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
List<E> createdAt
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
List<E> updatedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
List<E> severityProduct
The native severity as defined by the security-findings provider's solution that generated the finding.
List<E> severityNormalized
The normalized severity of a finding.
List<E> severityLabel
The label of a finding's severity.
List<E> confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
List<E> criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
List<E> title
A finding's title.
List<E> description
A finding's description.
List<E> recommendationText
The recommendation of what to do about the issue described in a finding.
List<E> sourceUrl
A URL that links to a page about the current finding in the security-findings provider's solution.
List<E> productFields
A data type where security-findings providers can include additional solution-specific details that aren't part
of the defined AwsSecurityFinding format.
List<E> productName
The name of the solution (product) that generates findings.
List<E> companyName
The name of the findings provider (company) that owns the solution (product) that generates findings.
List<E> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malwareName
The name of the malware that was observed.
List<E> malwareType
The type of the malware that was observed.
List<E> malwarePath
The filesystem path of the malware that was observed.
List<E> malwareState
The state of the malware that was observed.
List<E> networkDirection
Indicates the direction of network traffic associated with a finding.
List<E> networkProtocol
The protocol of network-related information about a finding.
List<E> networkSourceIpV4
The source IPv4 address of network-related information about a finding.
List<E> networkSourceIpV6
The source IPv6 address of network-related information about a finding.
List<E> networkSourcePort
The source port of network-related information about a finding.
List<E> networkSourceDomain
The source domain of network-related information about a finding.
List<E> networkSourceMac
The source media access control (MAC) address of network-related information about a finding.
List<E> networkDestinationIpV4
The destination IPv4 address of network-related information about a finding.
List<E> networkDestinationIpV6
The destination IPv6 address of network-related information about a finding.
List<E> networkDestinationPort
The destination port of network-related information about a finding.
List<E> networkDestinationDomain
The destination domain of network-related information about a finding.
List<E> processName
The name of the process.
List<E> processPath
The path to the process executable.
List<E> processPid
The process ID.
List<E> processParentPid
The parent process ID.
List<E> processLaunchedAt
The date/time that the process was launched.
List<E> processTerminatedAt
The date/time that the process was terminated.
List<E> threatIntelIndicatorType
The type of a threat intel indicator.
List<E> threatIntelIndicatorValue
The value of a threat intel indicator.
List<E> threatIntelIndicatorCategory
The category of a threat intel indicator.
List<E> threatIntelIndicatorLastObservedAt
The date/time of the last observation of a threat intel indicator.
List<E> threatIntelIndicatorSource
The source of the threat intel.
List<E> threatIntelIndicatorSourceUrl
The URL for more details from the source of the threat intel.
List<E> resourceType
Specifies the type of the resource that details are provided for.
List<E> resourceId
The canonical identifier for the given resource type.
List<E> resourcePartition
The canonical AWS partition name that the Region is assigned to.
List<E> resourceRegion
The canonical AWS external Region name where this resource is located.
List<E> resourceTags
A list of AWS tags associated with a resource at the time the finding was processed.
List<E> resourceAwsEc2InstanceType
The instance type of the instance.
List<E> resourceAwsEc2InstanceImageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> resourceAwsEc2InstanceIpV4Addresses
The IPv4 addresses associated with the instance.
List<E> resourceAwsEc2InstanceIpV6Addresses
The IPv6 addresses associated with the instance.
List<E> resourceAwsEc2InstanceKeyName
The key name associated with the instance.
List<E> resourceAwsEc2InstanceIamInstanceProfileArn
The IAM profile ARN of the instance.
List<E> resourceAwsEc2InstanceVpcId
The identifier of the VPC that the instance was launched in.
List<E> resourceAwsEc2InstanceSubnetId
The identifier of the subnet that the instance was launched in.
List<E> resourceAwsEc2InstanceLaunchedAt
The date/time the instance was launched.
List<E> resourceAwsS3BucketOwnerId
The canonical user ID of the owner of the S3 bucket.
List<E> resourceAwsS3BucketOwnerName
The display name of the owner of the S3 bucket.
List<E> resourceAwsIamAccessKeyUserName
The user associated with the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyStatus
The status of the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyCreatedAt
The creation date/time of the IAM access key related to a finding.
List<E> resourceContainerName
The name of the container related to a finding.
List<E> resourceContainerImageId
The identifier of the image related to a finding.
List<E> resourceContainerImageName
The name of the image related to a finding.
List<E> resourceContainerLaunchedAt
The date/time that the container was started.
List<E> resourceDetailsOther
The details of a resource that doesn't have a specific subfield for the resource type defined.
List<E> complianceStatus
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.
List<E> verificationState
The veracity of a finding.
List<E> workflowState
The workflow state of a finding.
List<E> recordState
The updated record state for the finding.
List<E> relatedFindingsProductArn
The ARN of the solution that generated a related finding.
List<E> relatedFindingsId
The solution-generated identifier for a related finding.
List<E> noteText
The text of a note.
List<E> noteUpdatedAt
The timestamp of when the note was updated.
List<E> noteUpdatedBy
The principal that created a note.
List<E> keyword
A keyword for a finding.
List<E> findings
A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format.
String status
The result of a compliance check.
String actionTargetArn
The ARN for the custom action target.
String name
The name of the custom insight to create.
AwsSecurityFindingFilters filters
One or more attributes used to filter the findings included in the insight. Only findings that match the criteria defined in the filters are included in the insight.
String groupByAttribute
The attribute used as the aggregator to group related findings for the insight.
String insightArn
The ARN of the insight created.
String actionTargetArn
The ARN of the custom action target to delete.
String actionTargetArn
The ARN of the custom action target that was deleted.
String insightArn
The ARN of the insight to delete.
String insightArn
The ARN of the insight that was deleted.
String hubArn
The ARN of the Hub resource to retrieve.
String productSubscriptionArn
The ARN of the integrated product to disable the integration for.
String productArn
The ARN of the product to enable the integration for.
String productSubscriptionArn
The ARN of your subscription to the product to enable integrations for.
List<E> standardsSubscriptionArns
A list of the standards subscription ARNs for the standards to retrieve.
String nextToken
Paginates results. On your first call to the GetEnabledStandards operation, set the value of this
parameter to NULL. For subsequent calls to the operation, fill nextToken in the request
with the value of nextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of results to return in the response.
AwsSecurityFindingFilters filters
The findings attributes used to define a condition to filter the findings returned.
List<E> sortCriteria
Findings attributes used to sort the list of findings returned.
String nextToken
Paginates results. On your first call to the GetFindings operation, set the value of this parameter
to NULL. For subsequent calls to the operation, fill nextToken in the request with the
value of nextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of findings to return.
String insightArn
The ARN of the insight whose results you want to see.
InsightResults insightResults
The insight results returned by the operation.
List<E> insightArns
The ARNs of the insights that you want to describe.
String nextToken
Paginates results. On your first call to the GetInsights operation, set the value of this parameter
to NULL. For subsequent calls to the operation, fill nextToken in the request with the
value of nextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of items that you want in the response.
Integer invitationsCount
The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.
Invitation master
A list of details about the Security Hub master account for the current member account.
String insightArn
The ARN of a Security Hub insight.
String name
The name of a Security Hub insight.
AwsSecurityFindingFilters filters
One or more attributes used to filter the findings included in the insight. Only findings that match the criteria defined in the filters are included in the insight.
String groupByAttribute
The attribute that the insight's findings are grouped by. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
String insightArn
The ARN of the insight whose results are returned by the GetInsightResults operation.
String groupByAttribute
The attribute that the findings are grouped by for the insight whose results are returned by the
GetInsightResults operation.
List<E> resultValues
The list of insight result values returned by the GetInsightResults operation.
String code
String code
String code
String accountId
The account ID of the Security Hub master account that the invitation was sent from.
String invitationId
The ID of the invitation sent to the member account.
Date invitedAt
The timestamp of when the invitation was sent.
String memberStatus
The current status of the association between member and master accounts.
String cidr
A finding's CIDR value.
String value
A value for the keyword.
String code
String nextToken
Paginates results. On your first call to the ListEnabledProductsForImport operation, set the value
of this parameter to NULL. For subsequent calls to the operation, fill nextToken in the
request with the value of NextToken from the previous response to continue listing data.
Integer maxResults
The maximum number of items that you want in the response.
Integer maxResults
The maximum number of items that you want in the response.
String nextToken
Paginates results. On your first call to the ListInvitations operation, set the value of this
parameter to NULL. For subsequent calls to the operation, fill nextToken in the request
with the value of NextToken from the previous response to continue listing data.
Boolean onlyAssociated
Specifies which member accounts the response includes based on their relationship status with the master account.
The default value is TRUE. If onlyAssociated is set to TRUE, the response
includes member accounts whose relationship status with the master is set to ENABLED or
DISABLED. If onlyAssociated is set to FALSE, the response includes all
existing member accounts.
Integer maxResults
The maximum number of items that you want in the response.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the
ListMembers operation. For subsequent calls to the operation, fill nextToken in the
request with the value of nextToken from the previous response to continue listing data.
String resourceArn
The ARN of the resource to retrieve tags for.
String accountId
The AWS account ID of the member account.
String email
The email address of the member account.
String masterId
The AWS account ID of the Security Hub master account associated with this member account.
String memberStatus
The status of the relationship between the member account and its master account.
Date invitedAt
A timestamp for the date and time when the invitation was sent to the member account.
Date updatedAt
The timestamp for the date and time when the member account was updated.
String direction
The direction of network traffic associated with a finding.
String protocol
The protocol of network-related information about a finding.
String sourceIpV4
The source IPv4 address of network-related information about a finding.
String sourceIpV6
The source IPv6 address of network-related information about a finding.
Integer sourcePort
The source port of network-related information about a finding.
String sourceDomain
The source domain of network-related information about a finding.
String sourceMac
The source media access control (MAC) address of network-related information about a finding.
String destinationIpV4
The destination IPv4 address of network-related information about a finding.
String destinationIpV6
The destination IPv6 address of network-related information about a finding.
Integer destinationPort
The destination port of network-related information about a finding.
String destinationDomain
The destination domain of network-related information about a finding.
Double gte
The greater-than-equal condition to be applied to a single field when querying for findings.
Double lte
The less-than-equal condition to be applied to a single field when querying for findings.
Double eq
The equal-to condition to be applied to a single field when querying for findings.
String name
The name of the process.
String path
The path to the process executable.
Integer pid
The process ID.
Integer parentPid
The parent process ID.
String launchedAt
The date/time that the process was launched.
String terminatedAt
The date and time when the process was terminated.
String productArn
The ARN assigned to the product.
String productName
The name of the product.
String companyName
The name of the company that provides the product.
String description
A description of the product.
List<E> categories
The categories assigned to the product.
String marketplaceUrl
The URL for the page that contains more information about the product.
String activationUrl
The URL used to activate the product.
String productSubscriptionResourcePolicy
The resource policy associated with the product.
Recommendation recommendation
A recommendation on the steps to take to remediate the issue identified by a finding.
String type
The type of the resource that details are provided for.
String id
The canonical identifier for the given resource type.
String partition
The canonical AWS partition name that the Region is assigned to.
String region
The canonical AWS external Region name where this resource is located.
Map<K,V> tags
A list of AWS tags associated with a resource at the time the finding was processed.
ResourceDetails details
Additional details about the resource related to a finding.
String code
AwsEc2InstanceDetails awsEc2Instance
Details about an Amazon EC2 instance related to a finding.
AwsS3BucketDetails awsS3Bucket
Details about an Amazon S3 Bucket related to a finding.
AwsIamAccessKeyDetails awsIamAccessKey
Details about an IAM access key related to a finding.
ContainerDetails container
Details about a container resource related to a finding.
Map<K,V> other
Details about a resource that doesn't have a specific type defined.
String code
String standardsSubscriptionArn
The ARN of a resource that represents your subscription to a supported standard.
String standardsArn
The ARN of a standard.
In this release, Security Hub supports only the CIS AWS Foundations standard, which uses the following ARN:
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
Map<K,V> standardsInput
A key-value pair of input for the standard.
String standardsStatus
The status of the standards subscription.
String standardsArn
The ARN of the standard that you want to enable.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
Map<K,V> standardsInput
A key-value pair of input for the standard.
String type
The type of a threat intel indicator.
String value
The value of a threat intel indicator.
String category
The category of a threat intel indicator.
String lastObservedAt
The date and time when the most recent instance of a threat intel indicator was observed.
String source
The source of the threat intel indicator.
String sourceUrl
The URL to the page or site where you can get more information about the threat intel indicator.
AwsSecurityFindingFilters filters
A collection of attributes that specify which findings you want to update.
NoteUpdate note
The updated note for the finding.
String recordState
The updated record state for the finding.
String insightArn
The ARN of the insight that you want to update.
String name
The updated name for the insight.
AwsSecurityFindingFilters filters
The updated filters that define this insight.
String groupByAttribute
The updated GroupBy attribute that defines this insight.
Copyright © 2019. All rights reserved.