String code
String type
The instance type of the instance.
String imageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> ipV4Addresses
The IPv4 addresses associated with the instance.
List<E> ipV6Addresses
The IPv6 addresses associated with the instance.
String keyName
The key name associated with the instance.
String iamInstanceProfileArn
The IAM profile ARN of the instance.
String vpcId
The identifier of the VPC in which the instance was launched.
String subnetId
The identifier of the subnet in which the instance was launched.
String launchedAt
The date/time the instance was launched.
String schemaVersion
The schema version for which a finding is formatted.
String id
The security findings provider-specific identifier for a finding.
String productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
String generatorId
This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
String awsAccountId
The AWS account ID in which a finding is generated.
List<E> types
One or more finding types in the format of 'namespace/category/classifier' that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
String firstObservedAt
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
String lastObservedAt
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
String createdAt
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
String updatedAt
An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Severity severity
A finding's severity.
Integer confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Integer criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
String title
A finding's title.
In this release, Title is a required property.
String description
A finding's description.
In this release, Description is a required property.
Remediation remediation
An data type that describes the remediation options for a finding.
String sourceUrl
A URL that links to a page about the current finding in the security findings provider's solution.
Map<K,V> productFields
A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
Map<K,V> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malware
A list of malware related to a finding.
Network network
The details of network-related information about a finding.
ProcessDetails process
The details of process-related information about a finding.
List<E> threatIntelIndicators
Threat intel details related to a finding.
List<E> resources
A set of resource data types that describe the resources to which the finding refers.
Compliance compliance
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
String verificationState
Indicates the veracity of a finding.
String workflowState
The workflow state of a finding.
String recordState
The record state of a finding.
List<E> relatedFindings
A list of related findings.
Note note
A user-defined note added to a finding.
List<E> productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
List<E> awsAccountId
The AWS account ID in which a finding is generated.
List<E> id
The security findings provider-specific identifier for a finding.
List<E> generatorId
This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
List<E> type
A finding type in the format of 'namespace/category/classifier' that classifies a finding.
List<E> firstObservedAt
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
List<E> lastObservedAt
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
List<E> createdAt
An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
List<E> updatedAt
An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
List<E> severityProduct
The native severity as defined by the security findings provider's solution that generated the finding.
List<E> severityNormalized
The normalized severity of a finding.
List<E> severityLabel
The label of a finding's severity.
List<E> confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
List<E> criticality
The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
List<E> title
A finding's title.
List<E> description
A finding's description.
List<E> recommendationText
The recommendation of what to do about the issue described in a finding.
List<E> sourceUrl
A URL that links to a page about the current finding in the security findings provider's solution.
List<E> productFields
A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
List<E> productName
The name of the solution (product) that generates findings.
List<E> companyName
The name of the findings provider (company) that owns the solution (product) that generates findings.
List<E> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malwareName
The name of the malware that was observed.
List<E> malwareType
The type of the malware that was observed.
List<E> malwarePath
The filesystem path of the malware that was observed.
List<E> malwareState
The state of the malware that was observed.
List<E> networkDirection
Indicates the direction of network traffic associated with a finding.
List<E> networkProtocol
The protocol of network-related information about a finding.
List<E> networkSourceIpV4
The source IPv4 address of network-related information about a finding.
List<E> networkSourceIpV6
The source IPv6 address of network-related information about a finding.
List<E> networkSourcePort
The source port of network-related information about a finding.
List<E> networkSourceDomain
The source domain of network-related information about a finding.
List<E> networkSourceMac
The source media access control (MAC) address of network-related information about a finding.
List<E> networkDestinationIpV4
The destination IPv4 address of network-related information about a finding.
List<E> networkDestinationIpV6
The destination IPv6 address of network-related information about a finding.
List<E> networkDestinationPort
The destination port of network-related information about a finding.
List<E> networkDestinationDomain
The destination domain of network-related information about a finding.
List<E> processName
The name of the process.
List<E> processPath
The path to the process executable.
List<E> processPid
The process ID.
List<E> processParentPid
The parent process ID.
List<E> processLaunchedAt
The date/time that the process was launched.
List<E> processTerminatedAt
The date/time that the process was terminated.
List<E> threatIntelIndicatorType
The type of a threat intel indicator.
List<E> threatIntelIndicatorValue
The value of a threat intel indicator.
List<E> threatIntelIndicatorCategory
The category of a threat intel indicator.
List<E> threatIntelIndicatorLastObservedAt
The date/time of the last observation of a threat intel indicator.
List<E> threatIntelIndicatorSource
The source of the threat intel.
List<E> threatIntelIndicatorSourceUrl
The URL for more details from the source of the threat intel.
List<E> resourceType
Specifies the type of the resource for which details are provided.
List<E> resourceId
The canonical identifier for the given resource type.
List<E> resourcePartition
The canonical AWS partition name to which the region is assigned.
List<E> resourceRegion
The canonical AWS external region name where this resource is located.
List<E> resourceTags
A list of AWS tags associated with a resource at the time the finding was processed.
List<E> resourceAwsEc2InstanceType
The instance type of the instance.
List<E> resourceAwsEc2InstanceImageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> resourceAwsEc2InstanceIpV4Addresses
The IPv4 addresses associated with the instance.
List<E> resourceAwsEc2InstanceIpV6Addresses
The IPv6 addresses associated with the instance.
List<E> resourceAwsEc2InstanceKeyName
The key name associated with the instance.
List<E> resourceAwsEc2InstanceIamInstanceProfileArn
The IAM profile ARN of the instance.
List<E> resourceAwsEc2InstanceVpcId
The identifier of the VPC in which the instance was launched.
List<E> resourceAwsEc2InstanceSubnetId
The identifier of the subnet in which the instance was launched.
List<E> resourceAwsEc2InstanceLaunchedAt
The date/time the instance was launched.
List<E> resourceAwsS3BucketOwnerId
The canonical user ID of the owner of the S3 bucket.
List<E> resourceAwsS3BucketOwnerName
The display name of the owner of the S3 bucket.
List<E> resourceAwsIamAccessKeyUserName
The user associated with the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyStatus
The status of the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyCreatedAt
The creation date/time of the IAM access key related to a finding.
List<E> resourceContainerName
The name of the container related to a finding.
List<E> resourceContainerImageId
The identifier of the image related to a finding.
List<E> resourceContainerImageName
The name of the image related to a finding.
List<E> resourceContainerLaunchedAt
The date/time that the container was started.
List<E> resourceDetailsOther
The details of a resource that does not have a specific sub-field for the resource type defined.
List<E> complianceStatus
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
List<E> verificationState
Indicates the veracity of a finding.
List<E> workflowState
The workflow state of a finding.
List<E> recordState
The updated record state for the finding.
List<E> relatedFindingsProductArn
The ARN of the solution that generated a related finding.
List<E> relatedFindingsId
The solution-generated identifier for a related finding.
List<E> noteText
The text of a note.
List<E> noteUpdatedAt
The timestamp of when the note was updated.
List<E> noteUpdatedBy
The principal that created a note.
List<E> keyword
A keyword for a finding.
String status
Indicates the result of a compliance check.
String name
The user-defined name that identifies the insight that you want to create.
AwsSecurityFindingFilters filters
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
String groupByAttribute
The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
String insightArn
The ARN Of the created insight.
String insightArn
The ARN of the insight that you want to delete.
String insightArn
The ARN of the insight that was deleted.
String productSubscriptionArn
The ARN of a resource that represents your subscription to a supported product.
String productArn
The ARN of the product that generates findings that you want to import into Security Hub.
String productSubscriptionArn
The ARN of a resource that represents your subscription to the product that generates the findings that you want to import into Security Hub.
List<E> standardsSubscriptionArns
The list of standards subscription ARNS that you want to list and describe.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the GetEnabledStandards operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Integer maxResults
Indicates the maximum number of items that you want in the response.
AwsSecurityFindingFilters filters
A collection of attributes that is use for querying findings.
List<E> sortCriteria
A collection of attributes used for sorting findings.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the GetFindings operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Integer maxResults
Indicates the maximum number of items that you want in the response.
String insightArn
The ARN of the insight whose results you want to see.
InsightResults insightResults
The insight results returned by the operation.
List<E> insightArns
The ARNS of the insights that you want to describe.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the GetInsights operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Integer maxResults
Indicates the maximum number of items that you want in the response.
Integer invitationsCount
The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.
Invitation master
A list of details about the Security Hub master account for the current member account.
String insightArn
The ARN of a Security Hub insight.
String name
The name of a Security Hub insight.
AwsSecurityFindingFilters filters
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
String groupByAttribute
The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
String insightArn
The ARN of the insight whose results are returned by the GetInsightResults operation.
String groupByAttribute
The attribute by which the findings are grouped for the insight's whose results are returned by the GetInsightResults operation.
List<E> resultValues
The list of insight result values returned by the GetInsightResults operation.
String code
String code
String code
String accountId
The account ID of the master Security Hub account who sent the invitation.
String invitationId
The ID of the invitation sent by the master Security Hub account.
Date invitedAt
The timestamp of when the invitation was sent.
String memberStatus
The current relationship status between the inviter and invitee accounts.
String cidr
Finding's CIDR value.
String value
A value for the keyword.
String code
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the ListEnabledProductsForImport operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Integer maxResults
Indicates the maximum number of items that you want in the response.
Integer maxResults
Indicates the maximum number of items that you want in the response.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the ListInvitations operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Boolean onlyAssociated
Specifies what member accounts the response includes based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED. If onlyAssociated is set to FALSE, the response includes all existing member accounts.
Integer maxResults
Indicates the maximum number of items that you want in the response.
String nextToken
Paginates results. Set the value of this parameter to NULL on your first call to the ListMembers operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String accountId
The AWS account ID of a Security Hub member account.
String email
The email of a Security Hub member account.
String masterId
The AWS account ID of the master Security Hub account to this member account.
String memberStatus
The status of the relationship between the member account and its master account.
Date invitedAt
Time stamp at which the member account was invited to Security Hub.
Date updatedAt
Time stamp at which this member account was updated.
String direction
Indicates the direction of network traffic associated with a finding.
String protocol
The protocol of network-related information about a finding.
String sourceIpV4
The source IPv4 address of network-related information about a finding.
String sourceIpV6
The source IPv6 address of network-related information about a finding.
Integer sourcePort
The source port of network-related information about a finding.
String sourceDomain
The source domain of network-related information about a finding.
String sourceMac
The source media access control (MAC) address of network-related information about a finding.
String destinationIpV4
The destination IPv4 address of network-related information about a finding.
String destinationIpV6
The destination IPv6 address of network-related information about a finding.
Integer destinationPort
The destination port of network-related information about a finding.
String destinationDomain
The destination domain of network-related information about a finding.
Double gte
Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Double lte
Represents the "less than equal" condition to be applied to a single field when querying for findings.
Double eq
Represents the "equal to" condition to be applied to a single field when querying for findings.
String name
The name of the process.
String path
The path to the process executable.
Integer pid
The process ID.
Integer parentPid
The parent process ID.
String launchedAt
The date/time that the process was launched.
String terminatedAt
The date/time that the process was terminated.
Recommendation recommendation
Provides a recommendation on how to remediate the issue identified within a finding.
String type
Specifies the type of the resource for which details are provided.
String id
The canonical identifier for the given resource type.
String partition
The canonical AWS partition name to which the region is assigned.
String region
The canonical AWS external region name where this resource is located.
Map<K,V> tags
A list of AWS tags associated with a resource at the time the finding was processed.
ResourceDetails details
Provides additional details about the resource.
String code
AwsEc2InstanceDetails awsEc2Instance
The details of an AWS EC2 instance.
AwsS3BucketDetails awsS3Bucket
The details of an AWS S3 Bucket.
AwsIamAccessKeyDetails awsIamAccessKey
AWS IAM access key details related to a finding.
ContainerDetails container
Container details related to a finding.
Map<K,V> other
The details of a resource that does not have a specific sub-field for the resource type defined.
String code
String standardsSubscriptionArn
The ARN of a resource that represents your subscription to a supported standard.
String standardsArn
The ARN of a standard.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
Map<K,V> standardsInput
String standardsStatus
The standard's status.
String type
The type of a threat intel indicator.
String value
The value of a threat intel indicator.
String category
The category of a threat intel indicator.
String lastObservedAt
The date/time of the last observation of a threat intel indicator.
String source
The source of the threat intel.
String sourceUrl
The URL for more details from the source of the threat intel.
AwsSecurityFindingFilters filters
A collection of attributes that specify what findings you want to update.
NoteUpdate note
The updated note for the finding.
String recordState
The updated record state for the finding.
String insightArn
The ARN of the insight that you want to update.
String name
The updated name for the insight.
AwsSecurityFindingFilters filters
The updated filters that define this insight.
String groupByAttribute
The updated GroupBy attribute that defines this insight.
Copyright © 2019. All rights reserved.